get_adjacent_post_rel_link() Can poison the post cache

[mdawaffe]

get_adjacent_post_rel_link() does:

if ( empty($post->post_title) )
    $post->post_title = $previous ? __('Previous Post') : __('Next Post');
...
$title = apply_filters('the_title', $title, $post->ID);
...
$link .= "' href='" . get_permalink($post) . "' />\n";

If the post cache gets cleared during the_title filter (or any of the several other hooks that are run but are not shown above), the modified $post object will be cached as modified during get_permalink()'s call to get_post().

This can only happen in WordPress <= 3.4.  In WordPress 3.5, get_post() has been rewritten in such a way this cache poisoning is no longer possible. I think this fix was at least in part accidental, though, and probably not very robust.

We shouldn't be setting $post->post_title.  We should set an intermediary variable instead.

Patch and simple test script (not a unit test) attached.

[nacin]

In [22095]:

Do not modify the post object in get_adjacent_post_rel_link(). Prior to 3.5 this could have poisioned the post's cache. props mdawaffe, fixes #22072.