From 8e8969aa9cbeb78fa05155a1eacd13686bd9b34b Mon Sep 17 00:00:00 2001 From: Weston Ruter Date: Tue, 29 Aug 2017 04:09:57 +0000 Subject: [PATCH] Customize: Prevent potential cache corruption when finding a secondary changeset post by UUID. Props dlh. Fixes #41738. git-svn-id: https://develop.svn.wordpress.org/trunk@41321 602fd350-edb4-49c9-b593-d223f7449a82 --- src/wp-includes/class-wp-customize-manager.php | 2 +- tests/phpunit/tests/customize/manager.php | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/src/wp-includes/class-wp-customize-manager.php b/src/wp-includes/class-wp-customize-manager.php index 710c85ef10..b14b1e0db8 100644 --- a/src/wp-includes/class-wp-customize-manager.php +++ b/src/wp-includes/class-wp-customize-manager.php @@ -816,7 +816,7 @@ final class WP_Customize_Manager { if ( ! empty( $changeset_post_query->posts ) ) { // Note: 'fields'=>'ids' is not being used in order to cache the post object as it will be needed. $changeset_post_id = $changeset_post_query->posts[0]->ID; - wp_cache_set( $this->_changeset_uuid, $changeset_post_id, $cache_group ); + wp_cache_set( $uuid, $changeset_post_id, $cache_group ); return $changeset_post_id; } diff --git a/tests/phpunit/tests/customize/manager.php b/tests/phpunit/tests/customize/manager.php index 8737a21d57..559371d58c 100644 --- a/tests/phpunit/tests/customize/manager.php +++ b/tests/phpunit/tests/customize/manager.php @@ -303,6 +303,9 @@ class Tests_WP_Customize_Manager extends WP_UnitTestCase { $wp_customize = new WP_Customize_Manager(); $this->assertNull( $wp_customize->find_changeset_post_id( wp_generate_uuid4() ) ); $this->assertEquals( $post_id, $wp_customize->find_changeset_post_id( $uuid ) ); + + // Verify that the found post ID was cached under the given UUID, not the manager's UUID. + $this->assertNotEquals( $post_id, $wp_customize->find_changeset_post_id( $wp_customize->changeset_uuid() ) ); } /**