WordPress.org

Make WordPress Core

Opened 2 years ago

Closed 2 years ago

Last modified 2 years ago

#22072 closed defect (bug) (fixed)

get_adjacent_post_rel_link() Can poison the post cache

Reported by: mdawaffe Owned by: nacin
Milestone: 3.5 Priority: normal
Severity: normal Version: 3.4
Component: Cache API Keywords: has-patch
Focuses: Cc:

Description

get_adjacent_post_rel_link() does:

if ( empty($post->post_title) )
    $post->post_title = $previous ? __('Previous Post') : __('Next Post');
...
$title = apply_filters('the_title', $title, $post->ID);
...
$link .= "' href='" . get_permalink($post) . "' />\n";

If the post cache gets cleared during the_title filter (or any of the several other hooks that are run but are not shown above), the modified $post object will be cached as modified during get_permalink()'s call to get_post().

This can only happen in WordPress <= 3.4.  In WordPress 3.5, get_post() has been rewritten in such a way this cache poisoning is no longer possible. I think this fix was at least in part accidental, though, and probably not very robust.

We shouldn't be setting $post->post_title.  We should set an intermediary variable instead.

Patch and simple test script (not a unit test) attached.

Attachments (2)

22072.diff (753 bytes) - added by mdawaffe 2 years ago.
22072-test.php (1.7 KB) - added by mdawaffe 2 years ago.

Download all attachments as: .zip

Change History (4)

@mdawaffe2 years ago

@mdawaffe2 years ago

comment:1 @nacin2 years ago

  • Owner set to nacin
  • Resolution set to fixed
  • Status changed from new to closed

In [22095]:

Do not modify the post object in get_adjacent_post_rel_link(). Prior to 3.5 this could have poisioned the post's cache. props mdawaffe, fixes #22072.

comment:2 @SergeyBiryukov2 years ago

  • Milestone changed from Awaiting Review to 3.5
Note: See TracTickets for help on using tickets.