WordPress.org

Make WordPress Core

Opened 10 years ago

Closed 10 years ago

Last modified 9 years ago

#18593 closed defect (bug) (invalid)

WP Object Cache global can be easily hijacked, so some functions return fatal errors

Reported by: wonderboymusic Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.3
Component: Cache API Keywords: has-patch
Focuses: Cc:

Description

I noticed this when uploading images in Multisite mode with Memcached WP Object Cache backend installed - cache methods produce fatal errors because the $wp_object_cache global var has been hijacked and the competing class doesn't implement the same methods as the built-in WP cache class

A good long-term solution would be to require any WP Object Cache class to implement the same interface (fat chance), so in the meantime, I have hardened all of the cache functions so they can't call a method that the referenced at runtime WP_Object_Cache class doesn't have

Attachments (1)

harden-cache.diff (2.4 KB) - added by wonderboymusic 10 years ago.
Patch for this ticket

Download all attachments as: .zip

Change History (4)

@wonderboymusic
10 years ago

Patch for this ticket

#1 follow-up: @dd32
10 years ago

I would argue that this is part of the life of using "advanced dropins" - to ensure that they're kept up to date when you upgrade core.

All the methods/functions which you've patched here, are ideally, a "core functionality" of the class and are required.. When new functionality is introduced, the best has been done to prevent fataling completely: through the usage of function_exists().

If anything, My only thought here is that dropins should have some kind of update notification - perhaps tied into a plugin, like most caching plugins do.

#2 @ryan
10 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed

Alternative caches should be using object-cache.php thus avoiding cache.php being loaded at all.

The Memcached and APC backends maintained by myself and Mark do have the same public interfaces as core. Direct access through $wp_object_cache is not public, but we generally try to keep that API in sync too. If there are bugs here, let's fix them in memcached and apc.

Last edited 10 years ago by ryan (previous) (diff)

#3 in reply to: ↑ 1 @mikeschinkel
9 years ago

  • Cc mikeschinkel@… added

Replying to dd32:

I would argue that this is part of the life of using "advanced dropins" - to ensure that they're kept up to date when you upgrade core.

Related #21412

Note: See TracTickets for help on using tickets.