Make WordPress Core


Ignore:
Timestamp:
08/03/2022 02:34:58 PM (23 months ago)
Author:
SergeyBiryukov
Message:

Cache API: Validate cache key in WP_Object_Cache methods.

Some plugins may call the wp_cache_*() functions with an empty string, false, or null as cache key, usually as a result of not checking the return value of another function that's used as the key.

Previously, this was silently failing, leading to odd behavior at best and often breakage due to key collisions.

A valid cache key must be either an integer number or a non-empty string.

This commit introduces a quick type check on the given cache keys and adds a _doing_it_wrong() message that should help plugin developers to notice these issues quicker.

Includes:

  • A check in update_user_caches() and clean_user_cache() to make sure user email is not empty before being cached or removed from cache, as it is technically possible to create a user with empty email via wp_insert_user().
  • Some minor cleanup in unit tests where the email was passed to wp_insert_user() incorrectly or was unintentionally reset.

Props tillkruess, malthert, dd32, spacedmonkey, flixos90, peterwilsoncc, SergeyBiryukov.
Fixes #56198.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/tests/phpunit/tests/user.php

    r53698 r53818  
    20112011            'ID'         => $create_user,
    20122012            'user_login' => 'test_user',
     2013            'user_email' => 'user@example.com',
    20132014            'meta_input' => array(
    20142015                'test_meta_key' => 'test_meta_updated',
Note: See TracChangeset for help on using the changeset viewer.