Title: maybe_serialize() allows corrupted data?
Last modified: August 19, 2016

---

# maybe_serialize() allows corrupted data?

 *  [Peter Butler](https://wordpress.org/support/users/peterebutler/)
 * (@peterebutler)
 * [16 years, 11 months ago](https://wordpress.org/support/topic/maybe_serialize-allows-corrupted-data/)
 * I ran into an issue recently where a plugin which stored all of its values in
   a serialized array in a single option blew up on me, which nearly caused the 
   loss of lots of precious info. It looks like someone managed to get a single 
   quote into a field stored by this plugin (it stores various user info), and the
   whole thing went down in flames.
 * I recognize that the plugin author probably should have done some escaping before
   it got sent into the option, but it seems like wordpress should probably handle
   this as a last resort before it gets put into the database?
 * I happened upon this fix:
 * [http://davidwalsh.name/php-serialize-unserialize-issues](http://davidwalsh.name/php-serialize-unserialize-issues)
 * although I havent tested it out yet. Does anybody have any advice on how to handle
   this?

The topic ‘maybe_serialize() allows corrupted data?’ is closed to new replies.

## Tags

 * [array](https://wordpress.org/support/topic-tag/array/)
 * [corrupt](https://wordpress.org/support/topic-tag/corrupt/)

 * 0 replies
 * 1 participant
 * Last reply from: [Peter Butler](https://wordpress.org/support/users/peterebutler/)
 * Last activity: [16 years, 11 months ago](https://wordpress.org/support/topic/maybe_serialize-allows-corrupted-data/)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics