Make WordPress Core

Opened 5 years ago

Last modified 5 years ago

#47552 new defect (bug)

post_name when inserting is not guaranteed to be unique

Reported by: domslee's profile domslee Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Posts, Post Types Keywords:
Focuses: Cc:

Description

Hi all,

In wp_insert_post, there is a gap between the allocation of the post_name (as wp_unique_post_slug), and the insertion ($wpdb->insert) of the post. This is problematic because another WordPress instance can insert a post with the same post_name in this gap, which would result in two posts being inserted with the same post name

See here for an example: https://github.com/domsleee/wp_insert_post_duplicate

I suppose a solution may be to obtain a table lock, then find a unique slug and insert the post, and then release the table lock... but this doesn't seem very performant. What do you guys think?

Change History (2)

#1 @SergeyBiryukov
5 years ago

  • Component changed from General to Posts, Post Types

#2 @domslee
5 years ago

Should we consider a UNIQUE constraint on (post_name, post_type, post_status)?

Note: See TracTickets for help on using tickets.