id,summary,reporter,owner,description,type,status,priority,milestone,component,version,severity,resolution,keywords,cc,focuses 48508,User cache needs to be cleaned after updating user_activation_key via wpdb,david.binda,,"The r45716 has replaced direct SQL query for getting `user_activation_key` for `get_user_by` function call. However, it `get_user_by` takes advantage of cache and may return a cached user object. In case a WP install is using a persistent cache backend (memcache, redis ...), a direct update of `user_activation_key` via `$wpdb->update` (eg.: done by a plugin), would not invalidate the cache, and newly added activation key would then get rejected as invalid. There are some plugins / pieces of code out there, which are performing the direct SQL update and which might stop working under mentioned conditions (persistent cache backend). Eg.: * https://plugins.trac.wordpress.org/browser/bnfw/tags/1.7.5/includes/overrides.php#L97 * https://plugins.trac.wordpress.org/browser/sailthru-widget/tags/3.3.0/sailthru_mail.php#L115 * https://github.com/haekalby/fkp/blob/442fec37333faba4e1a84a346ca5384bee54138/wp-content/themes/forumengine/includes/core/class-email-confirmation.php#L92 * https://github.com/localymine/medican/blob/da89cb3354c3fe6139caa562a7063dae870cf4da/wp-content/themes/medican-child/woocommerce/myaccount/resetpassword.php#L13 A hotfix for the issue in affected plugins/code would be to call `clean_user_cache` function or use the `get_password_reset_key` function or `wp_update_user`, which, since r45714, uses `wp_update_user`, and thus is properly clearing the caches.",defect (bug),new,normal,Awaiting Review,Users,,normal,,,,