WordPress.org

Make WordPress Core

Opened 10 months ago

Last modified 5 months ago

#24635 new enhancement

update_user_caches() should support accepting a WP_User instance

Reported by: dd32 Owned by:
Milestone: Future Release Priority: normal
Severity: normal Version: 3.0
Component: Users Keywords: has-patch 3.7-early needs-unit-tests
Focuses: Cc:

Description

At present update_user_caches($user) blindly stores the value from $user into the object cache.
Although core only ever passes the raw data from wp_users into this function, due to the naming of it, and the phpdoc, plugin devs may pass a WP_User instance to the function.

The result is that a WP_User instance is stored within the object cache rather than stdClass of a wp_users row as expected.
For most intents this causes little issue, the function and cache still work, so the developer will see no side effects.

But this has the cause that when that user's data is retrieved from the cache, the original WP_User object is restored -- including all meta keys that were stored in it, If one of those meta keys is a serialized object which calls a not-yet-loaded function, it can cause the request to fatal error. It's a pretty specific issue, but can simply be avoided by never storing a WP_User instance in the cache.

Attached patch simply tests for the data and acts appropriately. mostly untested.

Attachments (1)

24635.diff (726 bytes) - added by dd32 10 months ago.

Download all attachments as: .zip

Change History (8)

dd3210 months ago

comment:1 dd3210 months ago

PHPDoc untouched, Worth noting that clean_user_cache() accepts int|WP_User, which is why both of those branches were added to this function.

comment:2 nacin9 months ago

  • Keywords 3.7-early added
  • Milestone changed from Awaiting Review to Future Release
  • Version changed from trunk to 3.0

comment:3 wonderboymusic9 months ago

  • Milestone changed from Future Release to 3.7

these are all marked 3.7-early

comment:4 ryan9 months ago

Is $user = $user->data necessary? It seems the first conditional would results in $user being WP_User and the second in stdClass.

Version 0, edited 9 months ago by ryan (next)

comment:5 follow-up: ryan9 months ago

Is $user = $user->data necessary?

comment:6 in reply to: ↑ 5 nacin7 months ago

  • Keywords needs-unit-tests added
  • Milestone changed from 3.7 to 3.8

Replying to ryan:

Is $user = $user->data necessary?

Yeah, that's the operative part of the patch. It's the underlying stdClass DB row that we want to store in the cache.

This needs tests, I'd say.

comment:7 nacin5 months ago

  • Milestone changed from 3.8 to Future Release
  • Type changed from defect (bug) to enhancement

Still needs unit tests, and is an enhancement.

Note: See TracTickets for help on using tickets.