function menu_link_save(&$item, $existing_item = array(), $parent_candidates = array()) {
  // …
  if (isset($item['mlid'])) {
    if (!$existing_item) {
      $existing_item = db_query('SELECT * FROM {menu_links} WHERE mlid = :mlid', array('mlid' => $item['mlid']))->fetchAssoc();
    }
    if ($existing_item) {
      $existing_item['options'] = unserialize($existing_item['options']);
    }
  }
  // …

If I pass in as the second parameter a menu item as loaded from menu_link_load(), with the options value already unserialized, "Warning: unserialize() expects parameter 1 to be string, array given in menu_link_save()" results. (It looks like it's not really necessary to pass in the menu item when updating it, but what the heck, it saves a redundant query.)

Unintentionally evil patch file size FTW.

CommentFileSizeAuthor
unserialize-notice-in-menu_link_save.patch666 bytesGarrett Albright

Comments

Status: Needs review » Needs work

The last submitted patch, unserialize-notice-in-menu_link_save.patch, failed testing.

steinmb’s picture

steinmb commented
Version: 7.14 » 7.x-dev

Status: Needs work » Closed (outdated)

Automatically closed because Drupal 7 security and bugfix support has ended as of 5 January 2025. If the issue verifiably applies to later versions, please reopen with details and update the version.