[wp-trac] [WordPress Trac] #15058: Validate option and transient name lengths
WordPress Trac
wp-trac at lists.automattic.com
Thu Oct 7 15:37:46 UTC 2010
#15058: Validate option and transient name lengths
--------------------------+-------------------------------------------------
Reporter: chrisbliss18 | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Validation | Version: 3.1
Severity: normal | Keywords: has-patch
--------------------------+-------------------------------------------------
The option_name column in the options table holds up to 64 characters yet
there aren't any length checks to ensure that the length isn't exceeded.
This leads to all sorts of odd behavior as the name will be truncated to
fit, saving the option but not allowing it to be retrieved with the same
name.
This issue affects all uses of the options system. A particular annoyance
is transients. A transient that doesn't expire has a max name length of 53
characters yet a transient that does expire has a max name length of 45
characters. When attempting to save an expiring transient of name length
between 46 and 53 characters, the transient will store but will be deleted
before being used when get_transient is called due to the missing
_transient_timeout_ option (since it was too long).
The core issues are that the functions don't return any type of failure
condition on names that are too long and no warning is created. So, I've
created a patch that addresses both of these issues.
The patch shows an example of how option and transient name length
validation can be added. In order to allow users to modify the option_name
column length, a new constant, WP_OPTION_LENGTH, is created with a default
value of 64. This constant is checked for all length validation.
This is simply an example of how I'd like the validation to function. I'm
not attached to the wording of the warnings or the name of the constant.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/15058>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list