#29576 closed defect (bug) (invalid)
reset_password / wp_set_password does not clean user cache, only deletes one group of cache
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | normal | Version: | 3.9.2 |
| Component: | Users | Keywords: | |
| Focuses: | Cc: |
Description
When a user resets their password, it runs wp_set_password( $new_pass, $user->ID ); which does a wpdb update query to the user's password and then a single cache delete of wp_cache_delete($user_id, 'users');
Shouldn't it be clean_user_cache( $user_id ) instead?
Change History (5)
#2
@
10 years ago
- Component changed from General to Users
- Keywords needs-patch needs-unit-tests added
- Milestone changed from Awaiting Review to 4.1
I'm kind of surprised this has existed unreported for so long.
#3
@
10 years ago
Me too, I saw it and just assumed I was wrong, and then I was dumb and tried using get_user_by and validating the password from the object directly instead of other functions for that, which led me to this interesting find :)
#4
@
10 years ago
- Milestone 4.1 deleted
- Resolution set to invalid
- Status changed from new to closed
This isn't a bug.
The userlogins, useremail, and userslugs buckets only hold a reference from the login, email, and nicename to the user ID. The found ID is then pulled from the main users bucket.
All that is changing here with the direct update query is user_pass and user_activation_key. Both of them are only relevant to the users bucket, and that's the bucket that is cleared.
That's not to say we shouldn't use the API, but since all it'd trigger is some unnecessary deletes, it's not something we need to do. If it ain't broke...
Found this when using get_user_by( 'email', $email ) and saw get_user_by pulls user objects from caches userlogins / useremail etc