Facebook  Twitter 

SMFHacks.com

+-

SMFHacks.com

+- User Information

Welcome, Guest.
Please login or register.
 
 
 
Forgot your password?

+- Forum Stats

Members
Total Members: 4255
Latest: andreios
New This Month: 3
New This Week: 1
New Today: 0
Stats
Total Posts: 43259
Total Topics: 7518
Most Online Today: 177
Most Online Ever: 2482
(April 09, 2011, 07:02:45 pm)
Users Online
Members: 0
Guests: 188
Total: 188

Author Topic: unserialize vs. safe_unserialize  (Read 6483 times)

0 Members and 1 Guest are viewing this topic.

Offline shuban

  • Hero Member
  • *****
  • Posts: 665
    • View Profile
    • Biology Forums
unserialize vs. safe_unserialize
« on: September 30, 2016, 08:06:11 am »
I've looked at the new update from 2.0.11 to 2.0.12 and have noticed many changes from unserialize to safe_unserialize. Is safe_unserialize an SMF function, or a PHP function?

In addition, will you be releasing one for 1.x?

Offline SMFHacks

  • Administrator
  • Hero Member
  • *****
  • Posts: 16436
    • View Profile
Re: unserialize vs. safe_unserialize
« Reply #1 on: September 30, 2016, 09:20:59 am »
That is a smf function. I don't agree with how it handles it. It limits serialization to files under 4096 bytes in cache. Which causes it not to cache stuff.  I changed that in my 2.0.12 update that I did to my sites.
Get your Forum Ranked! at https://www.forumrankings.net - find out how your forum compares with others!

Like What I do? Support me at https://www.patreon.com/vbgamer45/

Offline shuban

  • Hero Member
  • *****
  • Posts: 665
    • View Profile
    • Biology Forums
Re: unserialize vs. safe_unserialize
« Reply #2 on: September 30, 2016, 09:35:52 am »
Yeah, you're right. Safe_unserialize is an smf function.

Are you saying that it's better to keep it as serialize rather than unserialize?

Offline SMFHacks

  • Administrator
  • Hero Member
  • *****
  • Posts: 16436
    • View Profile
Re: unserialize vs. safe_unserialize
« Reply #3 on: September 30, 2016, 09:39:53 am »
I like the old version of safe_unserialize better than the new version.
Get your Forum Ranked! at https://www.forumrankings.net - find out how your forum compares with others!

Like What I do? Support me at https://www.patreon.com/vbgamer45/

Offline shuban

  • Hero Member
  • *****
  • Posts: 665
    • View Profile
    • Biology Forums
Re: unserialize vs. safe_unserialize
« Reply #4 on: September 30, 2016, 09:41:23 am »
I like the old version of safe_unserialize better than the new version.

I didn't realize they switched the code for safe_serialize.

To understand, if all instances of serialize are replaced with safe_serialize, what's the purpose of the serialize function? Is serialize a php function or SMF function?

Offline SMFHacks

  • Administrator
  • Hero Member
  • *****
  • Posts: 16436
    • View Profile
Re: unserialize vs. safe_unserialize
« Reply #5 on: September 30, 2016, 09:46:56 am »
safe_serialize just does some checks that serialize is called after that so it still uses that.
Get your Forum Ranked! at https://www.forumrankings.net - find out how your forum compares with others!

Like What I do? Support me at https://www.patreon.com/vbgamer45/
Agree Agree x 1 View List

Offline shuban

  • Hero Member
  • *****
  • Posts: 665
    • View Profile
    • Biology Forums
Re: unserialize vs. safe_unserialize
« Reply #6 on: September 30, 2016, 09:48:33 am »
Makes total sense, thank you for clarifying

Offline shuban

  • Hero Member
  • *****
  • Posts: 665
    • View Profile
    • Biology Forums
Re: unserialize vs. safe_unserialize
« Reply #7 on: September 30, 2016, 10:32:22 am »
Can we expect an update from you, SMFHacks, for smf 1.x?

I have gone ahead and made all the changes that fit SMF 1.x, but I'm still skeptical.

One recurring edit that I couldn't replicate was $modSettings['attachmentUploadDir']

What's up with that?

Offline SMFHacks

  • Administrator
  • Hero Member
  • *****
  • Posts: 16436
    • View Profile
Re: unserialize vs. safe_unserialize
« Reply #8 on: September 30, 2016, 10:38:09 am »
It's pretty much http://www.smfhacks.com/index.php?action=downloads;sa=view;down=182 that update

Serialization issue is not really exploitable since the SMF code base is not OOP.
Get your Forum Ranked! at https://www.forumrankings.net - find out how your forum compares with others!

Like What I do? Support me at https://www.patreon.com/vbgamer45/
Informative Informative x 1 View List

Offline shuban

  • Hero Member
  • *****
  • Posts: 665
    • View Profile
    • Biology Forums
Re: unserialize vs. safe_unserialize
« Reply #9 on: September 30, 2016, 10:53:13 am »
Thanks, but I think you missed Who.php and Themes.php

Update - this was applied on my forum a while back - I mistakened it for the new update
« Last Edit: September 30, 2016, 10:57:33 am by shuban »

 

+- Recent Topics

No thumbnails on new uploads by SMFHacks
March 27, 2024, 02:10:41 pm

Display the Contact Page for guests by SMFHacks
March 27, 2024, 10:55:43 am

is it possible to add support for odysee.com by fvlog19
March 21, 2024, 08:47:51 am

Request for admin notification by davejo
March 10, 2024, 01:31:59 am

I need help with torrent upload by Ineedsmfhelp
March 09, 2024, 10:01:13 pm

an idea for new mod (( content type with different display )) by SMFHacks
February 27, 2024, 01:36:27 pm

[Mod] RSS Feed Poster by SMFHacks
February 27, 2024, 11:57:18 am

find duplicate pictures by fvlog19
February 14, 2024, 02:22:40 pm

Error uploading video. by SMFHacks
February 08, 2024, 02:04:16 pm

Gallery icon as last added image by fvlog19
February 01, 2024, 01:04:56 pm

Powered by EzPortal