Cache API: Validate cache key in WP_Object_Cache methods.

Some plugins may call the `wp_cache_*()` functions with an empty string, `false`, or `null` as cache key, usually as a result of not checking the return value of another function that's used as the key. Previously, this was silently failing, leading to odd behavior at best and often breakage due to key collisions. A valid cache key must be either an integer number or a non-empty string. This commit introduces a quick type check on the given cache keys and adds a `_doing_it_wrong()` message that should help plugin developers to notice these issues quicker. Includes: * A check in `update_user_caches()` and `clean_user_cache()` to make sure user email is not empty before being cached or removed from cache, as it is technically possible to create a user with empty email via `wp_insert_user()`. * Some minor cleanup in unit tests where the email was passed to `wp_insert_user()` incorrectly or was unintentionally reset. Props tillkruess, malthert, dd32, spacedmonkey, flixos90, peterwilsoncc, SergeyBiryukov. Fixes #56198. git-svn-id: https://develop.svn.wordpress.org/trunk@53818 602fd350-edb4-49c9-b593-d223f7449a82
2026-06-28 14:20:15 +00:00 · 2022-08-03 14:34:58 +00:00
parent ec70b4caee
commit ad93e6387c
5 changed files with 81 additions and 8 deletions
--- a/src/wp-includes/class-wp-object-cache.php
+++ b/src/wp-includes/class-wp-object-cache.php
@@ -129,6 +129,43 @@ class WP_Object_Cache {
 		unset( $this->$name );
 	}

+	/**
+	 * Serves as a utility function to determine whether a key is valid.
+	 *
+	 * @since 6.1.0
+	 *
+	 * @param int|string $key Cache key to check for validity.
+	 * @return bool Whether the key is valid.
+	 */
+	protected function is_valid_key( $key ) {
+		if ( is_int( $key ) ) {
+			return true;
+		}
+
+		if ( is_string( $key ) && trim( $key ) !== '' ) {
+			return true;
+		}
+
+		$type = gettype( $key );
+
+		if ( ! function_exists( '__' ) ) {
+			wp_load_translations_early();
+		}
+
+		$message = is_string( $key )
+			? __( 'Cache key must not be an empty string.' )
+			/* translators: %s: The type of the given cache key. */
+			: sprintf( __( 'Cache key must be integer or non-empty string, %s given.' ), $type );
+
+		_doing_it_wrong(
+			sprintf( '%s::%s', __CLASS__, debug_backtrace( DEBUG_BACKTRACE_IGNORE_ARGS, 2 )[1]['function'] ),
+			$message,
+			'6.1.0'
+		);
+
+		return false;
+	}
+
 	/**
 	 * Serves as a utility function to determine whether a key exists in the cache.
 	 *
@@ -163,6 +200,10 @@ class WP_Object_Cache {
 			return false;
 		}

+		if ( ! $this->is_valid_key( $key ) ) {
+			return false;
+		}
+
 		if ( empty( $group ) ) {
 			$group = 'default';
 		}
@@ -216,6 +257,10 @@ class WP_Object_Cache {
 	 * @return bool True if contents were replaced, false if original value does not exist.
 	 */
 	public function replace( $key, $data, $group = 'default', $expire = 0 ) {
+		if ( ! $this->is_valid_key( $key ) ) {
+			return false;
+		}
+
 		if ( empty( $group ) ) {
 			$group = 'default';
 		}
@@ -245,14 +290,19 @@ class WP_Object_Cache {
 	 * more for cache plugins which use files.
 	 *
 	 * @since 2.0.0
+	 * @since 6.1.0 Returns false if cache key is invalid.
 	 *
 	 * @param int|string $key    What to call the contents in the cache.
 	 * @param mixed      $data   The contents to store in the cache.
 	 * @param string     $group  Optional. Where to group the cache contents. Default 'default'.
 	 * @param int        $expire Optional. Not used.
-	 * @return true Always returns true.
+	 * @return bool True if contents were set, false if key is invalid.
 	 */
 	public function set( $key, $data, $group = 'default', $expire = 0 ) {
+		if ( ! $this->is_valid_key( $key ) ) {
+			return false;
+		}
+
 		if ( empty( $group ) ) {
 			$group = 'default';
 		}
@@ -310,6 +360,10 @@ class WP_Object_Cache {
 	 * @return mixed|false The cache contents on success, false on failure to retrieve contents.
 	 */
 	public function get( $key, $group = 'default', $force = false, &$found = null ) {
+		if ( ! $this->is_valid_key( $key ) ) {
+			return false;
+		}
+
 		if ( empty( $group ) ) {
 			$group = 'default';
 		}
@@ -368,6 +422,10 @@ class WP_Object_Cache {
 	 * @return bool True on success, false if the contents were not deleted.
 	 */
 	public function delete( $key, $group = 'default', $deprecated = false ) {
+		if ( ! $this->is_valid_key( $key ) ) {
+			return false;
+		}
+
 		if ( empty( $group ) ) {
 			$group = 'default';
 		}
@@ -416,6 +474,10 @@ class WP_Object_Cache {
 	 * @return int|false The item's new value on success, false on failure.
 	 */
 	public function incr( $key, $offset = 1, $group = 'default' ) {
+		if ( ! $this->is_valid_key( $key ) ) {
+			return false;
+		}
+
 		if ( empty( $group ) ) {
 			$group = 'default';
 		}
@@ -455,6 +517,10 @@ class WP_Object_Cache {
 	 * @return int|false The item's new value on success, false on failure.
 	 */
 	public function decr( $key, $offset = 1, $group = 'default' ) {
+		if ( ! $this->is_valid_key( $key ) ) {
+			return false;
+		}
+
 		if ( empty( $group ) ) {
 			$group = 'default';
 		}