[buddypress-trac] [BuddyPress Trac] #7401: Wrong user data leak with external object cache
buddypress-trac
noreply at wordpress.org
Wed Dec 21 02:42:05 UTC 2016
#7401: Wrong user data leak with external object cache
------------------------------+---------------------------
Reporter: m_uysl | Owner: boonebgorges
Type: defect (bug) | Status: closed
Priority: normal | Milestone: 2.8
Component: Extended Profile | Version: 2.0
Severity: normal | Resolution: fixed
Keywords: has-patch commit |
------------------------------+---------------------------
Changes (by boonebgorges):
* owner: => boonebgorges
* status: new => closed
* resolution: => fixed
Comment:
In [changeset:"11316"]:
{{{
#!CommitTicketReference repository="" revision="11316"
XProfile: More consistent cache behavior when fetching user data.
* Inside of a profile group loop (`BP_XProfile_Group::get()`), don't fetch
user data when pulling up `BP_XProfile_Field` objects. In the absence of
finer-grained information about users, fetching a field object grabs the
data associated with the logged-in user. But in many cases, the logged-in
user is irrelevant to the fields being looped over, so there's no benefit
to pulling up this data. (When necessary - `fetch_data` - the data is
queried separately, later in the `get()` method.)
* When caching database misses for a data query (because the specifed user
doesn't have anything filled in for the given field), store the `field_id`
and `user_id` properties on the cached object. This ensures that values
are properly associated with their fields when being displayed.
These changes resolve an issue where cached data for the logged-in user
can be shown erroneously on another user's profile, when the other user
doesn't have a value for a given field.
Props m_uysl, r-a-y.
See #6091. Fixes #7401.
}}}
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/7401#comment:6>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list