Make WordPress Core

Opened 10 years ago

Last modified 21 months ago

#30959 new defect (bug)

race condition in wp_insert_user()

Reported by: hanelyp's profile hanelyp Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.1
Component: Users Keywords:
Focuses: Cc:

Description

Possibility exists for a user record insert between check if a user name already exists and actual database insert. A unique index on wp_users.user_login would prevent this, and allow the code to operate without a separate database query to check for an existing user.

Change History (7)

#1 @SergeyBiryukov
10 years ago

  • Component changed from General to Users

#2 @chriscct7
9 years ago

Related (and possible solution): #33376

#3 @iandunn
2 years ago

#54071 was marked as a duplicate.

#4 @iandunn
2 years ago

#54071 was marked as a duplicate.

#5 @iandunn
2 years ago

It sounds like adding a `UNIQUE` constraint may not be possible for Core.

r36654 added an index, which should mitigate race conditions to some degree. Not entirely, though, since there's a newer report in #54071.

This ticket was mentioned in Slack in #core by ughimire1. View the logs.


21 months ago

#7 @simonbuerger
21 months ago

@iandunn that UNIQUE constraint being discussed is on user_email though, which I understand would break existing installs relying on non-unique emails - but I assume they still have unique user logins. So can there not be a constraint just on user_login?

Note: See TracTickets for help on using tickets.