[wp-trac] [WordPress Trac] #48508: User cache needs to be cleaned after updating user_activation_key via wpdb
WordPress Trac
noreply at wordpress.org
Wed Nov 6 10:27:32 UTC 2019
#48508: User cache needs to be cleaned after updating user_activation_key via wpdb
--------------------------+-----------------------------
Reporter: david.binda | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Users | Version:
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
The r45716 has replaced direct SQL query for getting `user_activation_key`
for `get_user_by` function call. However, it `get_user_by` takes advantage
of cache and may return a cached user object.
In case a WP install is using a persistent cache backend (memcache, redis
...), a direct update of `user_activation_key` via `$wpdb->update` (eg.:
done by a plugin), would not invalidate the cache, and newly added
activation key would then get rejected as invalid.
There are some plugins / pieces of code out there, which are performing
the direct SQL update and which might stop working under mentioned
conditions (persistent cache backend). Eg.:
*
https://plugins.trac.wordpress.org/browser/bnfw/tags/1.7.5/includes/overrides.php#L97
* https://plugins.trac.wordpress.org/browser/sailthru-
widget/tags/3.3.0/sailthru_mail.php#L115
*
https://github.com/haekalby/fkp/blob/442fec37333faba4e1a84a346ca5384bee54138
/wp-content/themes/forumengine/includes/core/class-email-
confirmation.php#L92
*
https://github.com/localymine/medican/blob/da89cb3354c3fe6139caa562a7063dae870cf4da
/wp-content/themes/medican-
child/woocommerce/myaccount/resetpassword.php#L13
A hotfix for the issue in affected plugins/code would be to call
`clean_user_cache` function or use the `get_password_reset_key` function
or `wp_update_user`, which, since r45714, uses `wp_update_user`, and thus
is properly clearing the caches.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/48508>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list