WordPress.org

Make WordPress Core

Opened 6 months ago

Closed 5 months ago

#41048 closed defect (bug) (fixed)

`WP_oEmbed_Controller::get_proxy_item()` should remove `_wpnonce` from cached `$args`

Reported by: r-a-y Owned by: westonruter
Milestone: 4.8.1 Priority: normal
Severity: normal Version: 4.8
Component: Embeds Keywords: has-patch has-unit-tests commit fixed-major
Focuses: rest-api Cc:

Description

When caching oEmbed proxy requests:
https://github.com/WordPress/WordPress/blob/4.8-branch/wp-includes/class-wp-oembed-controller.php#L159

The following arguments are used to generate the cache key:

Array
(
    [format] => json
    [maxwidth] => 600
    [discover] => 
    [url] => URL
    [_wpnonce] => 94f457a20b
)

_wpnonce is added because of wp.media.view.settings.nonce.wpRestApi.

Since _wpnonce is variable, I think it would make sense to remove the _wpnonce key from the $args array so the cache is more likely to be hit.

It also makes it easier for plugins to reference the oEmbed transient when overriding wp_media_shortcode() for use with the Video Widget.

Attachments (1)

41048.01.patch (479 bytes) - added by r-a-y 6 months ago.
Patched against 4.8 branch

Download all attachments as: .zip

Change History (10)

@r-a-y
6 months ago

Patched against 4.8 branch

#1 @r-a-y
6 months ago

  • Keywords has-patch added

This ticket was mentioned in Slack in #core by r-a-y. View the logs.


5 months ago

#3 @westonruter
5 months ago

The nonce removal is also included on the patch in #41299.

#4 @westonruter
5 months ago

  • Milestone changed from Awaiting Review to 4.8.1

#5 @westonruter
5 months ago

  • Focuses rest-api added

#6 @westonruter
5 months ago

  • Owner set to westonruter
  • Status changed from new to accepted

#7 @westonruter
5 months ago

  • Resolution set to fixed
  • Status changed from accepted to closed

In 41035:

REST API: Remove _wpnonce value from being used in hashed oEmbed proxy cache key.

Amends [40628].
Props r-a-y, westonruter.
See #40450.
Fixes #41048.

#8 @westonruter
5 months ago

  • Component changed from Media to Embeds
  • Keywords has-unit-tests commit fixed-major added
  • Resolution fixed deleted
  • Status changed from closed to reopened

Re-opening for 4.8.1.

#9 @westonruter
5 months ago

  • Resolution set to fixed
  • Status changed from reopened to closed

In 41048:

REST API: Remove _wpnonce value from being used in hashed oEmbed proxy cache key.

Merges [41035] to 4.8 branch.
Amends [40628].
Props r-a-y, westonruter.
See #40450.
Fixes #41048 for 4.8.1.

Note: See TracTickets for help on using tickets.