[wp-trac] [WordPress Trac] #27162: Don't store admin messages in transients
WordPress Trac
noreply at wordpress.org
Thu Feb 20 02:52:24 UTC 2014
#27162: Don't store admin messages in transients
----------------------------+-----------------------------
Reporter: rmccue | Owner:
Type: defect (bug) | Status: new
Priority: low | Milestone: Awaiting Review
Component: Administration | Version:
Severity: normal | Keywords:
Focuses: administration |
----------------------------+-----------------------------
The settings errors API (`add_settings_error`/`get_settings_errors`) in
core uses transients to store messages across requests. Unfortunately,
this is a misuse of transients, as [http://journal.ryanmccue.info/296
/youre-using-transients-wrong/ transients are not guaranteed to exist] for
any length of time.
I've noticed this issue appear in two separate scenarios:
* When flushing the cache (after a deploy, e.g.): If you happen to flush
the object cache between a `add_settings_error` call and the next page
load, the message will disappear forever
* When disabling caching for testing purposes, the error will never be
set/read (depending on how you disable it)
----
There's a few options I can see to fix this:
* Store them in options/usermeta: This keeps all the logic on the backend,
but causes potentially costly writes to the database
* Store them in cookies (session data): This avoids the database write,
but means we have to send extra data via the HTTP server, which might be
filtering cookies (inbound and outbound). It also means we need to set a
hash using a secret key to avoid allowing users to edit their cookies.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/27162>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list