Make WordPress Core

Opened 4 years ago

#48508 new defect (bug)

User cache needs to be cleaned after updating user_activation_key via wpdb

Reported by: davidbinda's profile david.binda Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Users Keywords:
Focuses: Cc:

Description

The r45716 has replaced direct SQL query for getting user_activation_key for get_user_by function call. However, it get_user_by takes advantage of cache and may return a cached user object.

In case a WP install is using a persistent cache backend (memcache, redis ...), a direct update of user_activation_key via $wpdb->update (eg.: done by a plugin), would not invalidate the cache, and newly added activation key would then get rejected as invalid.

There are some plugins / pieces of code out there, which are performing the direct SQL update and which might stop working under mentioned conditions (persistent cache backend). Eg.:

A hotfix for the issue in affected plugins/code would be to call clean_user_cache function or use the get_password_reset_key function or wp_update_user, which, since r45714, uses wp_update_user, and thus is properly clearing the caches.

Change History (0)

Note: See TracTickets for help on using tickets.