From 402461b8b2a78eb225dc403a684163945aa006ae Mon Sep 17 00:00:00 2001 From: Phil Tyler Date: Mon, 15 May 2023 09:45:04 -0700 Subject: [PATCH 1/7] Prepare 1.4.3-dev --- README.md | 4 +++- readme.txt | 4 +++- wp-redis.php | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 4fd8a53..caa0f1b 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ **Tags:** cache, plugin, redis **Requires at least:** 3.0.1 **Tested up to:** 6.2 -**Stable tag:** 1.4.2 +**Stable tag:** 1.4.3-dev **License:** GPLv2 or later **License URI:** http://www.gnu.org/licenses/gpl-2.0.html @@ -104,6 +104,8 @@ There's a known issue with WordPress `alloptions` cache design. Specifically, a ## Changelog ## +### Latest ### + ### 1.4.2 (May 15, 2023) ### * Bug fix: Removes exception loop caused by `esc_html` in `_exception_handler()` [[421](https://github.com/pantheon-systems/wp-redis/pull/421)] diff --git a/readme.txt b/readme.txt index b71c011..5bd6de9 100644 --- a/readme.txt +++ b/readme.txt @@ -3,7 +3,7 @@ Contributors: getpantheon, danielbachhuber, mboynes, Outlandish Josh, jspellman, Tags: cache, plugin, redis Requires at least: 3.0.1 Tested up to: 6.2 -Stable tag: 1.4.2 +Stable tag: 1.4.3-dev License: GPLv2 or later License URI: http://www.gnu.org/licenses/gpl-2.0.html @@ -102,6 +102,8 @@ There's a known issue with WordPress `alloptions` cache design. Specifically, a == Changelog == += Latest = + = 1.4.2 (May 15, 2023) = * Bug fix: Removes exception loop caused by `esc_html` in `_exception_handler()` [[421](https://github.com/pantheon-systems/wp-redis/pull/421)] diff --git a/wp-redis.php b/wp-redis.php index 58f3d1c..13d1a55 100644 --- a/wp-redis.php +++ b/wp-redis.php @@ -3,7 +3,7 @@ * Plugin Name: WP Redis * Plugin URI: http://github.com/pantheon-systems/wp-redis/ * Description: WordPress Object Cache using Redis. Requires the PhpRedis extension (https://github.com/phpredis/phpredis). - * Version: 1.4.2 + * Version: 1.4.3-dev * Author: Pantheon, Josh Koenig, Matthew Boynes, Daniel Bachhuber, Alley Interactive * Author URI: https://pantheon.io/ */ From 69c194fe4f3929eaafad5baae0e8b374ebb3771f Mon Sep 17 00:00:00 2001 From: Tim Nolte Date: Mon, 5 Jun 2023 11:23:33 -0400 Subject: [PATCH 2/7] fix: Fixes assumption that CACHE_PORT & CACHE_PASSWORD are Set. (#360) * fix: Fixes assumption that CACHE_PORT & CACHE_PASSWORD are Set. * Fixes #359 * Falls back on port 6379 if the CACHE_PORT is not configured. * Doesn't require a CACHE_PASSWORD to be set when it isn't used, or can't be. * Improves code quality by reducing Redis default port & databasei duplicate values to a share variables. * Fixes invalid code changes made in PR [#400 ](https://github.com/pantheon-systems/wp-redis/pull/400) to the core plugin connectivity testing that prevent connectivty checks if the port/password/database aren't explicitly defined. * update changelog --------- Co-authored-by: Chris Reynolds --- README.md | 3 ++- object-cache.php | 21 ++++++++++++--------- readme.txt | 3 ++- wp-redis.php | 8 ++++---- 4 files changed, 20 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index caa0f1b..820297a 100644 --- a/README.md +++ b/README.md @@ -104,7 +104,8 @@ There's a known issue with WordPress `alloptions` cache design. Specifically, a ## Changelog ## -### Latest ### +### 1.4.3-dev ### +* Bug fix: Fixes assumption that CACHE_PORT & CACHE_PASSWORD are Set. [[428](https://github.com/pantheon-systems/wp-redis/pull/428)] (props @timnolte) ### 1.4.2 (May 15, 2023) ### * Bug fix: Removes exception loop caused by `esc_html` in `_exception_handler()` [[421](https://github.com/pantheon-systems/wp-redis/pull/421)] diff --git a/object-cache.php b/object-cache.php index 05c6526..d2f3ced 100644 --- a/object-cache.php +++ b/object-cache.php @@ -1238,20 +1238,25 @@ public function check_client_dependencies() { * with defaults applied. */ public function build_client_parameters( $redis_server ) { + // Default Redis port. + $port = 6379; + // Default Redis database number. + $database = 0; + if ( empty( $redis_server ) ) { // Attempt to automatically load Pantheon's Redis config from the env. if ( isset( $_SERVER['CACHE_HOST'] ) ) { $redis_server = [ 'host' => wp_strip_all_tags( $_SERVER['CACHE_HOST'] ), - 'port' => isset( $_SERVER['CACHE_PORT'] ) ? wp_strip_all_tags( $_SERVER['CACHE_PORT'] ) : 0, - 'auth' => isset( $_SERVER['CACHE_PASSWORD'] ) ? wp_strip_all_tags( $_SERVER['CACHE_PASSWORD'] ) : '', - 'database' => isset( $_SERVER['CACHE_DB'] ) ? wp_strip_all_tags( $_SERVER['CACHE_DB'] ) : 0, + 'port' => isset( $_SERVER['CACHE_PORT'] ) ? wp_strip_all_tags( $_SERVER['CACHE_PORT'] ) : $port, + 'auth' => isset( $_SERVER['CACHE_PASSWORD'] ) ? wp_strip_all_tags( $_SERVER['CACHE_PASSWORD'] ) : null, + 'database' => isset( $_SERVER['CACHE_DB'] ) ? wp_strip_all_tags( $_SERVER['CACHE_DB'] ) : $database, ]; } else { $redis_server = [ 'host' => '127.0.0.1', - 'port' => 6379, - 'database' => 0, + 'port' => $port, + 'database' => $database, ]; } } @@ -1259,8 +1264,6 @@ public function build_client_parameters( $redis_server ) { if ( file_exists( $redis_server['host'] ) && 'socket' === filetype( $redis_server['host'] ) ) { // unix socket connection. // port must be null or socket won't connect. $port = null; - } else { // tcp connection. - $port = ! empty( $redis_server['port'] ) ? $redis_server['port'] : 6379; } $defaults = [ @@ -1470,9 +1473,9 @@ protected function _exception_handler( $exception ) { try { $this->last_triggered_error = 'WP Redis: ' . $exception->getMessage(); // Be friendly to developers debugging production servers by triggering an error. - + // phpcs:ignore WordPress.PHP.DevelopmentFunctions.error_log_trigger_error,WordPress.Security.EscapeOutput.OutputNotEscaped - trigger_error( $this->last_triggered_error, E_USER_WARNING ); + trigger_error( $this->last_triggered_error, E_USER_WARNING ); } catch ( PHPUnit_Framework_Error_Warning $e ) { // phpcs:ignore Generic.CodeAnalysis.EmptyStatement.DetectedCatch // PHPUnit throws an Exception when `trigger_error()` is called. To ensure our tests (which expect Exceptions to be caught) continue to run, we catch the PHPUnit exception and inspect the RedisException message. } diff --git a/readme.txt b/readme.txt index 5bd6de9..2779580 100644 --- a/readme.txt +++ b/readme.txt @@ -102,7 +102,8 @@ There's a known issue with WordPress `alloptions` cache design. Specifically, a == Changelog == -= Latest = += 1.4.3-dev = +* Bug fix: Fixes assumption that CACHE_PORT & CACHE_PASSWORD are Set. [[428](https://github.com/pantheon-systems/wp-redis/pull/428)] (props @tnolte) = 1.4.2 (May 15, 2023) = * Bug fix: Removes exception loop caused by `esc_html` in `_exception_handler()` [[421](https://github.com/pantheon-systems/wp-redis/pull/421)] diff --git a/wp-redis.php b/wp-redis.php index 13d1a55..e420231 100644 --- a/wp-redis.php +++ b/wp-redis.php @@ -38,12 +38,12 @@ function wp_redis_get_info() { if ( empty( $redis_server ) ) { // Attempt to automatically load Pantheon's Redis config from the env. - if ( isset( $_SERVER['CACHE_HOST'] ) && isset( $_SERVER['CACHE_PORT'] ) && isset( $_SERVER['CACHE_PASSWORD'] ) && isset( $_SERVER['CACHE_DB'] ) ) { + if ( isset( $_SERVER['CACHE_HOST'] ) ) { $redis_server = [ 'host' => sanitize_text_field( $_SERVER['CACHE_HOST'] ), - 'port' => sanitize_text_field( $_SERVER['CACHE_PORT'] ), - 'auth' => sanitize_text_field( $_SERVER['CACHE_PASSWORD'] ), - 'database' => sanitize_text_field( $_SERVER['CACHE_DB'] ), + 'port' => isset( $_SERVER['CACHE_PORT'] ) ? sanitize_text_field( $_SERVER['CACHE_PORT'] ) : 6379, + 'auth' => isset( $_SERVER['CACHE_PASSWORD'] ) ? sanitize_text_field( $_SERVER['CACHE_PASSWORD'] ) : null, + 'database' => isset( $_SERVER['CACHE_DB'] ) ? sanitize_text_field( $_SERVER['CACHE_DB'] ) : 0, ]; } else { $redis_server = [ From bf8e124b0648c2fbc9a5947fd4fc29090893ca6b Mon Sep 17 00:00:00 2001 From: Phil Tyler Date: Tue, 6 Jun 2023 15:14:56 -0700 Subject: [PATCH 3/7] Adjust CONTRIBUTING Guidelines (#427) Co-authored-by: Ryan Wagner --- CONTRIBUTING.md | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 9383386..dec78be 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -14,7 +14,7 @@ We prefer to squash commits (i.e. avoid merge PRs) from a feature branch into `d `default` should be stable and usable, though possibly a few commits ahead of the public release on wp.org. -The `release` branch matches the latest stable release deployed to [wp.org](wp.org). +The `release` branch matches the latest stable release deployed to [wp.org](https://wordpress.org/). ## Testing @@ -33,13 +33,13 @@ The behat tests require a Pantheon site with Redis enabled. Once you've created 1. From `default`, checkout a new branch `release_X.Y.Z`. 1. Make a release commit: - * Drop the `-dev` from the version number in `README.md`, `readme.txt`, and `wp-redis.php`. - * Update the "Latest" heading in the changelog to the new version number with the date + * In `README.md`, `readme.txt`, and `wp-redis.php`, remove the `-dev` from the version number. For the README files. the version number must be updated both at the top of the document as well as the changelog. + * Add the date to the `** X.Y.X **` heading in the changelogs in README.md, readme.txt, and any other appropriate location. * Commit these changes with the message `Release X.Y.Z` * Push the release branch up. 1. Open a Pull Request to merge `release_X.Y.Z` into `release`. Your PR should consist of all commits to `default` since the last release, and one commit to update the version number. The PR name should also be `Release X.Y.Z`. 1. After all tests pass and you have received approval from a [CODEOWNER](./CODEOWNERS), merge the PR into `release`. "Rebase and merge" is preferred in this case. _Never_ squash to `release`. -1. Pull `release` locally, create a new tag (based on version number from previous steps), and push up. The tag should _only_ be the version number. It _should not_ be prefixed `v` (i.e. `X.Y.Z`, not `vX.Y.X`). +1. Locally, pull the `release` branch, create a new tag (based on version number from previous steps), and push up. The tag should _only_ be the version number. It _should not_ be prefixed `v` (i.e. `X.Y.Z`, not `vX.Y.X`). * `git tag X.Y.Z` * `git push --tags` 1. Confirm that the necessary assets are present in the newly created tag, and test on a WP install if desired. @@ -47,10 +47,12 @@ The behat tests require a Pantheon site with Redis enabled. Once you've created 1. Wait for the [_Release wp-redis plugin to wp.org_ action](https://github.com/pantheon-systems/wp-redis/actions/workflows/wordpress-plugin-deploy.yml) to finish deploying to the WordPress.org plugin repository. If all goes well, users with SVN commit access for that plugin will receive an emailed diff of changes. 1. Check WordPress.org: Ensure that the changes are live on [the plugin repository](https://wordpress.org/plugins/wp-redis/). This may take a few minutes. 1. Following the release, prepare the next dev version with the following steps: - * `git checkout develop` - * `git rebase master` + * `git checkout release` + * `git pull origin release` + * `git checkout default` + * `git rebase release` * Update the version number in all locations, incrementing the version by one patch version, and add the `-dev` flag (e.g. after releasing `1.2.3`, the new verison will be `1.2.4-dev`) - * Add a new `** Latest **` heading to the changelog + * Add a new `** X.Y.X-dev **` heading to the changelog * `git add -A .` * `git commit -m "Prepare X.Y.X-dev"` - * `git push origin develop` + * `git push origin default` From 724845783cc3370ff55ef1fd81b07118068cb8e2 Mon Sep 17 00:00:00 2001 From: J Ryan Wagner Date: Fri, 23 Jun 2023 10:58:03 -0400 Subject: [PATCH 4/7] [CMSP-459] Updates behat tests and behaviors. (#430) * Updates behat tests and behaviors. * Updates behat tests and behaviors. * port diff from #426 * tabs to spaces * don't enable redis as part of the prepare step we end up making a dozen differnet enable redis requests and inevitably a lot of those fail because there are so many happening simultaneously (assumption). It's okay to just enable it and leave it on, rather than turning it on and off. --------- Co-authored-by: Ryan Wagner Co-authored-by: Chris Reynolds --- behat.yml | 3 +- bin/behat-prepare.sh | 3 -- composer.json | 4 +++ .../bootstrap/WpRedisFeatureContext.php | 35 +++++++++++++++++++ tests/behat/load-wp.feature | 1 + tests/behat/wp-redis.feature | 8 ++++- 6 files changed, 49 insertions(+), 5 deletions(-) create mode 100644 tests/behat/features/bootstrap/WpRedisFeatureContext.php diff --git a/behat.yml b/behat.yml index ff5ce58..12dad86 100644 --- a/behat.yml +++ b/behat.yml @@ -3,10 +3,11 @@ default: suites: default: paths: - - tests/behat + - tests/behat/ contexts: - Behat\MinkExtension\Context\MinkContext - PantheonSystems\PantheonWordPressUpstreamTests\Behat\AdminLogIn + - behat\features\bootstrap\WpRedisFeatureContext extensions: Behat\MinkExtension: # base_url set by ENV diff --git a/bin/behat-prepare.sh b/bin/behat-prepare.sh index 71d377c..5ba9ad9 100755 --- a/bin/behat-prepare.sh +++ b/bin/behat-prepare.sh @@ -30,9 +30,6 @@ set -ex terminus env:create $TERMINUS_SITE.dev $TERMINUS_ENV terminus env:wipe $SITE_ENV --yes -# Enable Redis -terminus redis:enable $TERMINUS_SITE - ### # Get all necessary environment details. ### diff --git a/composer.json b/composer.json index 9bc37b1..a5f0929 100644 --- a/composer.json +++ b/composer.json @@ -28,5 +28,9 @@ "allow-plugins": { "dealerdirect/phpcodesniffer-composer-installer": true } + }, + "autoload": { + "psr-4": { "behat\\features\\bootstrap\\": "tests/behat/features/bootstrap/" } } + } diff --git a/tests/behat/features/bootstrap/WpRedisFeatureContext.php b/tests/behat/features/bootstrap/WpRedisFeatureContext.php new file mode 100644 index 0000000..16cc68f --- /dev/null +++ b/tests/behat/features/bootstrap/WpRedisFeatureContext.php @@ -0,0 +1,35 @@ + Date: Fri, 23 Jun 2023 10:58:58 -0600 Subject: [PATCH 5/7] [CMSP-459] bugfix: re-add missing else (#437) * re-add missing else * use the already-defined value of $port instead of hard-coding * remove ternary in favor of elseif --- object-cache.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/object-cache.php b/object-cache.php index d2f3ced..73f1ebb 100644 --- a/object-cache.php +++ b/object-cache.php @@ -1264,6 +1264,8 @@ public function build_client_parameters( $redis_server ) { if ( file_exists( $redis_server['host'] ) && 'socket' === filetype( $redis_server['host'] ) ) { // unix socket connection. // port must be null or socket won't connect. $port = null; + } elseif ( ! empty( $redis_server['port'] ) ) { // tcp connection. + $port = $redis_server['port']; } $defaults = [ From 16f20bda88837d1ccaa013f94f95c327bd9a0f5f Mon Sep 17 00:00:00 2001 From: Chris Reynolds Date: Fri, 23 Jun 2023 11:14:41 -0600 Subject: [PATCH 6/7] add wporg validator action (#435) * add wporg validator action * fix wporg validation steps * ignore unescaped echo * separate multiple rules with comma * ignore unescaped exit output * update changelog --- .github/workflows/wporg-validator.yml | 13 +++++++++++++ README.md | 1 + cli.php | 2 +- object-cache.php | 2 +- readme.txt | 3 ++- 5 files changed, 18 insertions(+), 3 deletions(-) create mode 100644 .github/workflows/wporg-validator.yml diff --git a/.github/workflows/wporg-validator.yml b/.github/workflows/wporg-validator.yml new file mode 100644 index 0000000..e1dd30f --- /dev/null +++ b/.github/workflows/wporg-validator.yml @@ -0,0 +1,13 @@ +# On push, run the action-wporg-validator workflow. +name: WP.org Validator +on: [push] +jobs: + wporg-validation: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: WP.org Validator + uses: pantheon-systems/action-wporg-validator@1.0.0 + with: + type: plugin diff --git a/README.md b/README.md index 820297a..e25712a 100644 --- a/README.md +++ b/README.md @@ -106,6 +106,7 @@ There's a known issue with WordPress `alloptions` cache design. Specifically, a ### 1.4.3-dev ### * Bug fix: Fixes assumption that CACHE_PORT & CACHE_PASSWORD are Set. [[428](https://github.com/pantheon-systems/wp-redis/pull/428)] (props @timnolte) +* Adds WP.org validation GitHub action [[#435](https://github.com/pantheon-systems/wp-redis/pull/435)] ### 1.4.2 (May 15, 2023) ### * Bug fix: Removes exception loop caused by `esc_html` in `_exception_handler()` [[421](https://github.com/pantheon-systems/wp-redis/pull/421)] diff --git a/cli.php b/cli.php index bfb2e03..a183635 100644 --- a/cli.php +++ b/cli.php @@ -41,7 +41,7 @@ public function cli() { $cmd = WP_CLI\Utils\esc_cmd( 'redis-cli -h %s -p %s -a %s -n %s', $redis_server['host'], $redis_server['port'], $redis_server['auth'], $redis_server['database'] ); $process = WP_CLI\Utils\proc_open_compat( $cmd, [ STDIN, STDOUT, STDERR ], $pipes ); $r = proc_close( $process ); - exit( (int) $r ); + exit( (int) $r ); // phpcs:ignore WordPressDotOrg.sniffs.OutputEscaping.UnescapedOutputParameter } /** diff --git a/object-cache.php b/object-cache.php index 73f1ebb..78b04fb 100644 --- a/object-cache.php +++ b/object-cache.php @@ -986,7 +986,7 @@ public function stats() { $out[] = '
  • Group: ' . esc_html( $group ) . ' - ( ' . number_format( strlen( serialize( $cache ) ) / 1024, 2 ) . 'k )
  • '; } $out[] = ''; - echo implode( PHP_EOL, $out ); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped + echo implode( PHP_EOL, $out ); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped,WordPressDotOrg.sniffs.OutputEscaping.UnescapedOutputParameter } /** diff --git a/readme.txt b/readme.txt index 2779580..08fcb5b 100644 --- a/readme.txt +++ b/readme.txt @@ -104,6 +104,7 @@ There's a known issue with WordPress `alloptions` cache design. Specifically, a = 1.4.3-dev = * Bug fix: Fixes assumption that CACHE_PORT & CACHE_PASSWORD are Set. [[428](https://github.com/pantheon-systems/wp-redis/pull/428)] (props @tnolte) +* Adds WP.org validation GitHub action [[#435](https://github.com/pantheon-systems/wp-redis/pull/435)] = 1.4.2 (May 15, 2023) = * Bug fix: Removes exception loop caused by `esc_html` in `_exception_handler()` [[421](https://github.com/pantheon-systems/wp-redis/pull/421)] @@ -240,4 +241,4 @@ There's a known issue with WordPress `alloptions` cache design. Specifically, a == Upgrade Notice == = 1.4.0 = -WP Redis 1.4.0 adds support for the `flush_runtime` and `flush_group` functions. If you've copied `object-cache.php` and made your own changes, be sure to copy these additions over as well. \ No newline at end of file +WP Redis 1.4.0 adds support for the `flush_runtime` and `flush_group` functions. If you've copied `object-cache.php` and made your own changes, be sure to copy these additions over as well. From c3a5242bd2b06358caffdc3139a3f5571a2103f8 Mon Sep 17 00:00:00 2001 From: Tim Nolte Date: Fri, 23 Jun 2023 14:08:19 -0400 Subject: [PATCH 7/7] fix: Fixes incorrect order of array_replace_recursive arguments & other issues (#434) * fix: Fixes incorrect order of array_replace_recursive arguments & other issues * Fixes #433 * Fixes #432 * Fixes #431 * Further clean-up & standardization between object-cache.php & wp-redis.php. * Fixes incorrect order of array_replace_recursive arguments. * Addresses issue with port still not being null for socket connections due to defaults array_repalce_recursive use. * fix: Fixes sanitization methods and linting issues * Adjusts some items to use type-based sanitization. * Adds linting expection handling with comments for cases that require it. * fix: Removes invalid change made in #437 * Reverts this incorrect change that was made due to the incorrect use of `array_replace_recursive()`. * update changelog * Update wp-redis.php * update language in changelogs * fix missing closing ) --------- Co-authored-by: Chris Reynolds Co-authored-by: Phil Tyler --- README.md | 3 +++ object-cache.php | 17 ++++++++++------- readme.txt | 3 +++ wp-redis.php | 24 +++++++++++++++++------- 4 files changed, 33 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index e25712a..d245c43 100644 --- a/README.md +++ b/README.md @@ -107,6 +107,9 @@ There's a known issue with WordPress `alloptions` cache design. Specifically, a ### 1.4.3-dev ### * Bug fix: Fixes assumption that CACHE_PORT & CACHE_PASSWORD are Set. [[428](https://github.com/pantheon-systems/wp-redis/pull/428)] (props @timnolte) * Adds WP.org validation GitHub action [[#435](https://github.com/pantheon-systems/wp-redis/pull/435)] +* Bug fix: Fixes incorrect order of `array_replace_recursive` and other issues [[434](https://github.com/pantheon-systems/wp-redis/pull/434)] (props @timnolte) +* Bug fix: Replace use of wp_strip_all_tags in object-cache.php [[434](https://github.com/pantheon-systems/wp-redis/pull/434)] (props @timnolte) +* Bug fix: Don't strip tags from the cache password. [[434](https://github.com/pantheon-systems/wp-redis/pull/434)] (props @timnolte) ### 1.4.2 (May 15, 2023) ### * Bug fix: Removes exception loop caused by `esc_html` in `_exception_handler()` [[421](https://github.com/pantheon-systems/wp-redis/pull/421)] diff --git a/object-cache.php b/object-cache.php index 78b04fb..f2fd428 100644 --- a/object-cache.php +++ b/object-cache.php @@ -1247,10 +1247,14 @@ public function build_client_parameters( $redis_server ) { // Attempt to automatically load Pantheon's Redis config from the env. if ( isset( $_SERVER['CACHE_HOST'] ) ) { $redis_server = [ - 'host' => wp_strip_all_tags( $_SERVER['CACHE_HOST'] ), - 'port' => isset( $_SERVER['CACHE_PORT'] ) ? wp_strip_all_tags( $_SERVER['CACHE_PORT'] ) : $port, - 'auth' => isset( $_SERVER['CACHE_PASSWORD'] ) ? wp_strip_all_tags( $_SERVER['CACHE_PASSWORD'] ) : null, - 'database' => isset( $_SERVER['CACHE_DB'] ) ? wp_strip_all_tags( $_SERVER['CACHE_DB'] ) : $database, + // Don't use WP methods to sanitize the host due to plugin loading issues with other caching methods. + // @phpcs:ignore WordPressVIPMinimum.Functions.StripTags.StripTagsOneParameter,WordPress.Security.ValidatedSanitizedInput.InputNotSanitized + 'host' => strip_tags( $_SERVER['CACHE_HOST'] ), + 'port' => ! empty( $_SERVER['CACHE_PORT'] ) ? intval( $_SERVER['CACHE_PORT'] ) : $port, + // Don't attempt to sanitize passwords as this can break authentication. + // @phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized + 'auth' => ! empty( $_SERVER['CACHE_PASSWORD'] ) ? $_SERVER['CACHE_PASSWORD'] : null, + 'database' => ! empty( $_SERVER['CACHE_DB'] ) ? intval( $_SERVER['CACHE_DB'] ) : $database, ]; } else { $redis_server = [ @@ -1263,9 +1267,8 @@ public function build_client_parameters( $redis_server ) { if ( file_exists( $redis_server['host'] ) && 'socket' === filetype( $redis_server['host'] ) ) { // unix socket connection. // port must be null or socket won't connect. + unset( $redis_server['port'] ); $port = null; - } elseif ( ! empty( $redis_server['port'] ) ) { // tcp connection. - $port = $redis_server['port']; } $defaults = [ @@ -1277,7 +1280,7 @@ public function build_client_parameters( $redis_server ) { // 1s timeout, 100ms delay between reconnections. // merging the defaults with the original $redis_server enables any custom parameters to get sent downstream to the redis client. - return array_replace_recursive( $redis_server, $defaults ); + return array_replace_recursive( $defaults, $redis_server ); } /** diff --git a/readme.txt b/readme.txt index 08fcb5b..8f25348 100644 --- a/readme.txt +++ b/readme.txt @@ -105,6 +105,9 @@ There's a known issue with WordPress `alloptions` cache design. Specifically, a = 1.4.3-dev = * Bug fix: Fixes assumption that CACHE_PORT & CACHE_PASSWORD are Set. [[428](https://github.com/pantheon-systems/wp-redis/pull/428)] (props @tnolte) * Adds WP.org validation GitHub action [[#435](https://github.com/pantheon-systems/wp-redis/pull/435)] +* Bug fix: Fixes incorrect order of `array_replace_recursive` and other issues [[434](https://github.com/pantheon-systems/wp-redis/pull/434)] (props @timnolte) +* Bug fix: Replace use of wp_strip_all_tags in object-cache.php [[434](https://github.com/pantheon-systems/wp-redis/pull/434)] (props @timnolte) +* Bug fix: Don't strip tags from the cache password. [[434](https://github.com/pantheon-systems/wp-redis/pull/434)] (props @timnolte) = 1.4.2 (May 15, 2023) = * Bug fix: Removes exception loop caused by `esc_html` in `_exception_handler()` [[421](https://github.com/pantheon-systems/wp-redis/pull/421)] diff --git a/wp-redis.php b/wp-redis.php index e420231..dde161f 100644 --- a/wp-redis.php +++ b/wp-redis.php @@ -35,21 +35,29 @@ */ function wp_redis_get_info() { global $wp_object_cache, $redis_server; + // Default Redis port. + $port = 6379; + // Default Redis database number. + $database = 0; if ( empty( $redis_server ) ) { // Attempt to automatically load Pantheon's Redis config from the env. if ( isset( $_SERVER['CACHE_HOST'] ) ) { $redis_server = [ - 'host' => sanitize_text_field( $_SERVER['CACHE_HOST'] ), - 'port' => isset( $_SERVER['CACHE_PORT'] ) ? sanitize_text_field( $_SERVER['CACHE_PORT'] ) : 6379, - 'auth' => isset( $_SERVER['CACHE_PASSWORD'] ) ? sanitize_text_field( $_SERVER['CACHE_PASSWORD'] ) : null, - 'database' => isset( $_SERVER['CACHE_DB'] ) ? sanitize_text_field( $_SERVER['CACHE_DB'] ) : 0, + // Don't use WP methods to sanitize the host due to plugin loading issues with other caching methods. + // @phpcs:ignore WordPressVIPMinimum.Functions.StripTags.StripTagsOneParameter,WordPress.Security.ValidatedSanitizedInput.InputNotSanitized + 'host' => strip_tags( $_SERVER['CACHE_HOST'] ), + 'port' => ! empty( $_SERVER['CACHE_PORT'] ) ? intval( $_SERVER['CACHE_PORT'] ) : $port, + // Don't attempt to sanitize passwords as this can break authentication. + // @phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized + 'auth' => ! empty( $_SERVER['CACHE_PASSWORD'] ) ? $_SERVER['CACHE_PASSWORD'] : null, + 'database' => ! empty( $_SERVER['CACHE_DB'] ) ? intval( $_SERVER['CACHE_DB'] ) : $database, ]; } else { $redis_server = [ 'host' => '127.0.0.1', - 'port' => 6379, - 'database' => 0, + 'port' => $port, + 'database' => $database, ]; } } @@ -73,7 +81,9 @@ function wp_redis_get_info() { } else { $uptime_in_days .= ' days'; } - $database = ! empty( $redis_server['database'] ) ? $redis_server['database'] : 0; + if ( ! empty( $redis_server['database'] ) ) { + $database = $redis_server['database']; + } $key_count = 0; if ( isset( $info[ 'db' . $database ] ) && preg_match( '#keys=([\d]+)#', $info[ 'db' . $database ], $matches ) ) { $key_count = $matches[1];