[wp-trac] [WordPress Trac] #57000: wp_usermeta table is emptied because of a wrong query being executed

WordPress Trac noreply at wordpress.org
Fri Nov 4 12:49:28 UTC 2022 

#57000: wp_usermeta table is emptied because of a wrong query being executed
--------------------------+-----------------------------
 Reporter:  jannesmannes  |      Owner:  (none)
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  Database      |    Version:  6.0.3
 Severity:  normal        |   Keywords:
  Focuses:                |
--------------------------+-----------------------------
 On one website we encounter a very strange error. This SQL query is
 executed by the `delete_meta` function:


 {{{
 DELETE FROM wp_usermeta WHERE umeta_id IN(
 umeta_id,user_id,meta_key,meta_value )
 }}}

 This query empties the wp_usermeta table completely. We have tried to
 reproduce the error in a local development environment, but it is very
 hard to do so.

 In the `delete_meta` function the `\wpdb::check_safe_collation` and
 `\wpdb::get_table_charset` methods are called, in which the query `SHOW
 FULL COLUMNS FROM wp_usermeta` is executed.

 Apparently, in some occasions the next query fails, but the
 `\wpdb::$last_result` is not flushed, which then still contains the result
 of the `SHOW FULL COLUMNS FROM wp_usermeta` query (the column names).

 The result is returned to the `$meta_ids` variable in the
 `delete_metadata` and is then used in the delete query.

 The back trace of the function call is: shutdown_action_hook,
 do_action('shutdown'), WP_Hook->do_action, WP_Hook->apply_filters,
 ITSEC_Lib_User_Activity->update_last_seen, delete_user_meta, delete_meta

 I am reporting the issue here because I believe it is not related to the
 iThemes Security plugin but to WordPress itself.

 The only possible reason this happens I can think of, it that
 `\wpdb::$ready` is false, because in that case `\wpdb::query` returns
 false without flushing the last result:

 {{{
 public function query( $query ) {
         if ( ! $this->ready ) {
                 $this->check_current_query = true;
                 return false;
         }

         // ...
 }
 }}}

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/57000>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list