[wp-trac] [WordPress Trac] #58903: set_transient() allows invalid transient name

WordPress Trac noreply at wordpress.org
Tue Jul 25 19:33:18 UTC 2023 

#58903: set_transient() allows invalid transient name
--------------------------------+-----------------------------
 Reporter:  jeremyescott        |      Owner:  (none)
     Type:  defect (bug)        |     Status:  new
 Priority:  normal              |  Milestone:  Awaiting Review
Component:  Options, Meta APIs  |    Version:  trunk
 Severity:  normal              |   Keywords:
  Focuses:                      |
--------------------------------+-----------------------------
 Due to a typo/bug in my plugin code, I found that WordPress accepts empty
 strings, null, and false for the `$transient` arg, aka: the transient
 name, in `set_transient()` function which creates transients in the
 options database with values of simply `_transient_` and
 `_transient_timeout_`.

 That said... the transient created with an empty string continued to work
 (could be set and get and deleted). Because the typo in my code referenced
 a variable that held the transient name but was empty, the get, set, and
 delete function calls worked (annoyingly).

 I did observer two issues...

 1. In the event two developers cause the same mistake/error, their
 transients will collide with each other.

 2. More importantly, I observed the empty string transient will not be
 cleaned up by the delete_expired_transients routine. (The Transients
 Manager plugin must use delete_expired_transients() as it could not delete
 the transient either.) I will submit a second ticket for this issue.

 Upon review of the set_transient() and add_option() code, I observed
 several opportunities to improve, including:

 - return false for empty $transient value
 - return false for bool, non-scalar $transient values
 - cast $transient as string
 - return false for strings with more than 172 characters

 These false returns will guide developers to fix issues with malformed
 $transient names.

 I have a pull request to github ready to follow this ticket.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/58903>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list