[wp-trac] [WordPress Trac] #61055: wp_update_plugins irregular transient handling.
WordPress Trac
noreply at wordpress.org
Tue Apr 23 05:39:54 UTC 2024
#61055: wp_update_plugins irregular transient handling.
--------------------------+-----------------------------
Reporter: Cybr | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: trunk
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
When creating `$updates` in `wp_update_plugins()`,
[https://github.com/WordPress/wordpress-develop/blob/6.5.2/src/wp-
includes/update.php#L335-L339 its properties are populated immediately].
However, one property is missing, which is used later: `checked`.
When hooking into `pre_set_site_transient_update_plugins`, the `checked`
property will be available sporadically because of this, depending on
whether the `$time_not_changed && ! $extra_stats`
[https://github.com/WordPress/wordpress-develop/blob/6.5.2/src/wp-
includes/update.php#L365-L369 branch is executed or not].
Another noteworthy issue with this function is that its implementation of
`set_site_transient( 'update_plugins', ... );` uses both the values
`$current` and `$updates`. They store [https://github.com/WordPress
/wordpress-develop/blob/6.5.2/src/wp-includes/update.php#L331-L335
different objects] at different times ([https://github.com/WordPress
/wordpress-develop/blob/6.5.2/src/wp-includes/update.php#L393 1],
[https://github.com/WordPress/wordpress-develop/blob/6.5.2/src/wp-
includes/update.php#L567 2]).
Prepopulating both values with the same object properties would help
prevent object-typing issues.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/61055>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list