Make WordPress Core

Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#22072 closed defect (bug) (fixed)

get_adjacent_post_rel_link() Can poison the post cache

Reported by: mdawaffe Owned by: nacin
Milestone: 3.5 Priority: normal
Severity: normal Version: 3.4
Component: Cache API Keywords: has-patch
Focuses: Cc:


get_adjacent_post_rel_link() does:

if ( empty($post->post_title) )
    $post->post_title = $previous ? __('Previous Post') : __('Next Post');
$title = apply_filters('the_title', $title, $post->ID);
$link .= "' href='" . get_permalink($post) . "' />\n";

If the post cache gets cleared during the_title filter (or any of the several other hooks that are run but are not shown above), the modified $post object will be cached as modified during get_permalink()'s call to get_post().

This can only happen in WordPress <= 3.4.  In WordPress 3.5, get_post() has been rewritten in such a way this cache poisoning is no longer possible. I think this fix was at least in part accidental, though, and probably not very robust.

We shouldn't be setting $post->post_title.  We should set an intermediary variable instead.

Patch and simple test script (not a unit test) attached.

Attachments (2)

22072.diff (753 bytes) - added by mdawaffe 3 years ago.
22072-test.php (1.7 KB) - added by mdawaffe 3 years ago.

Download all attachments as: .zip

Change History (4)

3 years ago

3 years ago

#1 @nacin
3 years ago

  • Owner set to nacin
  • Resolution set to fixed
  • Status changed from new to closed

In [22095]:

Do not modify the post object in get_adjacent_post_rel_link(). Prior to 3.5 this could have poisioned the post's cache. props mdawaffe, fixes #22072.

#2 @SergeyBiryukov
3 years ago

  • Milestone changed from Awaiting Review to 3.5
Note: See TracTickets for help on using tickets.