Make WordPress Core

Opened 6 years ago

Closed 4 months ago

#48508 closed defect (bug) (worksforme)

User cache needs to be cleaned after updating user_activation_key via wpdb

Reported by: davidbinda's profile david.binda Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Users Keywords:
Focuses: Cc:

Description

The r45716 has replaced direct SQL query for getting user_activation_key for get_user_by function call. However, it get_user_by takes advantage of cache and may return a cached user object.

In case a WP install is using a persistent cache backend (memcache, redis ...), a direct update of user_activation_key via $wpdb->update (eg.: done by a plugin), would not invalidate the cache, and newly added activation key would then get rejected as invalid.

There are some plugins / pieces of code out there, which are performing the direct SQL update and which might stop working under mentioned conditions (persistent cache backend). Eg.:

A hotfix for the issue in affected plugins/code would be to call clean_user_cache function or use the get_password_reset_key function or wp_update_user, which, since r45714, uses wp_update_user, and thus is properly clearing the caches.

Change History (1)

#1 @johnjamesjacoby
4 months ago

  • Milestone Awaiting Review deleted
  • Resolution set to worksforme
  • Status changed from new to closed

Going to close this ticket as there does not appear to be an opportunity to improve the WordPress core code itself. If I'm incorrect, please feel free to reopen! 😅

Like @davidbinda already mentioned, switching to get_user_by() and wp_update_user () was intentional, and integrating the user cache there means direct database queries elsewhere may have problematic consequences.

When plugins/themes use $wpdb to update database rows directly, they have a responsibility to clean the caches related to their queries at the same time.

(Which caches to clean can be a mystery sometimes, but improved docs & AI tooling is helping with this, etc...)

Note: See TracTickets for help on using tickets.