#18593 closed defect (bug) (invalid)
WP Object Cache global can be easily hijacked, so some functions return fatal errors
Reported by: | wonderboymusic | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 3.3 |
Component: | Cache API | Keywords: | has-patch |
Focuses: | Cc: |
Description
I noticed this when uploading images in Multisite mode with Memcached WP Object Cache backend installed - cache methods produce fatal errors because the $wp_object_cache global var has been hijacked and the competing class doesn't implement the same methods as the built-in WP cache class
A good long-term solution would be to require any WP Object Cache class to implement the same interface (fat chance), so in the meantime, I have hardened all of the cache functions so they can't call a method that the referenced at runtime WP_Object_Cache class doesn't have
Attachments (1)
Change History (4)
#1
follow-up:
↓ 3
@
13 years ago
I would argue that this is part of the life of using "advanced dropins" - to ensure that they're kept up to date when you upgrade core.
All the methods/functions which you've patched here, are ideally, a "core functionality" of the class and are required.. When new functionality is introduced, the best has been done to prevent fataling completely: through the usage of function_exists().
If anything, My only thought here is that dropins should have some kind of update notification - perhaps tied into a plugin, like most caching plugins do.
#2
@
13 years ago
- Milestone Awaiting Review deleted
- Resolution set to invalid
- Status changed from new to closed
Alternative caches should be using object-cache.php thus avoiding cache.php being loaded at all.
The Memcached and APC backends maintained by myself and Mark do have the same public interfaces as core. Direct access through $wp_object_cache is not public, but we generally try to keep that API in sync too. If there are bugs here, let's fix them in memcached and apc.
Patch for this ticket