WordPress.org

Make WordPress Core

Opened 3 months ago

Closed 3 months ago

#41738 closed defect (bug) (fixed)

Customize: Potential cache corruption when finding changeset post by UUID

Reported by: dlh Owned by: westonruter
Milestone: 4.9 Priority: normal
Severity: normal Version: 4.7
Component: Customize Keywords: has-patch has-unit-tests
Focuses: Cc:

Description

WP_Customize_Manager::find_changeset_post_id() accepts any $uuid, but it uses the UUID assigned to the manager as the key when caching the found post ID.

The attached patch updates the tests for find_changeset_post_id() to demonstrate the issue and includes a fix.

Note that it would also be possible to fix this bug as part of #40527, for which I almost have a patch. But I'm filing this ticket separately in case #40527 doesn't happen as soon as planned for whatever reason.

Attachments (1)

41738.diff (1.3 KB) - added by dlh 3 months ago.

Download all attachments as: .zip

Change History (3)

@dlh
3 months ago

#1 @westonruter
3 months ago

  • Keywords has-unit-tests added
  • Milestone changed from Awaiting Review to 4.9
  • Owner set to westonruter
  • Status changed from new to accepted

#2 @westonruter
3 months ago

  • Resolution set to fixed
  • Status changed from accepted to closed

In 41321:

Customize: Prevent potential cache corruption when finding a secondary changeset post by UUID.

Props dlh.
Fixes #41738.

Note: See TracTickets for help on using tickets.