WordPress.org
Get WordPress

Make WordPress Core


Ignore:
Timestamp:
04/06/2014 06:47:46 PM (11 years ago)
Author:
ocean90
Message:

WP_Widget: Introduce is_preview() method.

With the Widget Customizer it's possible that previewed widgets can leak data outside of Customizer, when the widget uses the cache API.
The Customizer calls the regular update callback which should already refresh the cache. Since cache additions aren't blocked yet the cache can be filled with preview data.
To prevent this issue WP_Widget::is_preview() will return true, when $wp_customize->is_preview() returns true. If is_preview() is true, cache additions are suspended via wp_suspend_cache_addition(). Make sure your object cache drop-in has implemented wp_suspend_cache_addition().

is_preview() can/should also be used inside WP_Widget::widget(), see WP_Widget_Recent_Posts or WP_Widget_Recent_Comments for examples.

For more info see IRC logs: http://irclogs.wordpress.org/chanlog.php?channel=wordpress-dev&day=2014-04-02&sort=asc#m824279

props westonruter.
fixes #27538.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/wp-includes/default-widgets.php

    r27697 r27966  
    661661
    662662    function widget($args, $instance) {
    663         $cache = wp_cache_get('widget_recent_posts', 'widget');
    664 
    665         if ( !is_array($cache) )
     663        $cache = array();
     664        if ( ! $this->is_preview() ) {
     665            $cache = wp_cache_get( 'widget_recent_posts', 'widget' );
     666        }
     667
     668        if ( ! is_array( $cache ) ) {
    666669            $cache = array();
    667 
    668         if ( ! isset( $args['widget_id'] ) )
     670        }
     671
     672        if ( ! isset( $args['widget_id'] ) ) {
    669673            $args['widget_id'] = $this->id;
     674        }
    670675
    671676        if ( isset( $cache[ $args['widget_id'] ] ) ) {
     
    724729        endif;
    725730
    726         $cache[$args['widget_id']] = ob_get_flush();
    727         wp_cache_set('widget_recent_posts', $cache, 'widget');
     731        if ( ! $this->is_preview() ) {
     732            $cache[ $args['widget_id'] ] = ob_get_flush();
     733            wp_cache_set( 'widget_recent_posts', $cache, 'widget' );
     734        } else {
     735            ob_flush();
     736        }
    728737    }
    729738
     
    808817        global $comments, $comment;
    809818
    810         $cache = wp_cache_get('widget_recent_comments', 'widget');
    811 
    812         if ( ! is_array( $cache ) )
     819        $cache = array();
     820        if ( ! $this->is_preview() ) {
     821            $cache = wp_cache_get('widget_recent_comments', 'widget');
     822        }
     823        if ( ! is_array( $cache ) ) {
    813824            $cache = array();
     825        }
    814826
    815827        if ( ! isset( $args['widget_id'] ) )
     
    866878
    867879        echo $output;
    868         $cache[$args['widget_id']] = $output;
    869         wp_cache_set('widget_recent_comments', $cache, 'widget');
     880
     881        if ( ! $this->is_preview() ) {
     882            $cache[ $args['widget_id'] ] = $output;
     883            wp_cache_set( 'widget_recent_comments', $cache, 'widget' );
     884        }
    870885    }
    871886
Note: See TracChangeset for help on using the changeset viewer.