Opened 5 weeks ago
Last modified 5 weeks ago
#63280 new defect (bug)
wp-settings- and wp-settings-time- cookies set on every admin request if user settings empty
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Awaiting Review | Priority: | normal |
| Severity: | trivial | Version: | |
| Component: | Users | Keywords: | has-patch |
| Focuses: | Cc: |
Description
if the WP user settings are empty, WordPress will set the wp-settings-time- on every admin request again and again, and also tries to delete the wp-settings- cookie, since PHP treats setcookie with empty value as expired cookie, ignoring the provided expiration.
This behavior was different in PHP<7 and still incorrectly documented https://github.com/php/doc-en/issues/4614
Other places that use that cookie already have this correctly implemented though:
https://github.com/WordPress/wordpress-develop/blame/trunk/src/wp-includes/option.php#L1917
https://github.com/WordPress/wordpress-develop/blob/trunk/src/wp-includes/pluggable.php#L1145
Just setting the value to a space, like it's done in the other places, ensures it will not try to delete/set the cookie(s) on every request, but validation still works, since spaces are removed before comparison with option value.
Change History (1)
This ticket was mentioned in PR #8690 on WordPress/wordpress-develop by @kkmuffme.
5 weeks ago
#1
- Keywords has-patch added
…on every request, if settings are empty
Trac ticket: https://core.trac.wordpress.org/ticket/63280