[wp-trac] [WordPress Trac] #35075: Comment cache ignores custom query vars
WordPress Trac
noreply at wordpress.org
Tue Jan 5 20:17:30 UTC 2016
#35075: Comment cache ignores custom query vars
-----------------------------+--------------------------
Reporter: jason_the_adams | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 4.5
Component: Comments | Version: trunk
Severity: normal | Resolution:
Keywords: | Focuses: performance
-----------------------------+--------------------------
Comment (by mdawaffe):
Replying to [comment:8 boonebgorges]:
> Given that the only identifiable annotation on any of these changesets
is [7738], I'm going to say the magic word - @mdawaffe - to see if he
could hold court with Mnemosyne and tell us whether the change was in the
name of "efficiency", or whether it fixed an actual bug.
Cache keys should not depend on arbitrary user entered data (only on the
user entered data we allow). I'm pretty sure that, at the time,
`->query_vars` could get polluted by arbitrary `$_GET` data, which
decreased cache hits and duplicated information stored in the cache.
If it's no longer the case that `->query_vars` can be polluted like that
(via `$_GET` or something else), it seems fine to remove that
whitelisting. A brief look at core suggests that core does not allow
arbitrary keys in anywhere. Obviously, plugins and themes may be doing
strange things.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/35075#comment:9>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list