rss cache should be stored, flushed and accessed properly

  • jihymas

    (@jihymas)


    15 years, 8 months ago

    I am most unhappy with the manner in which the rss feeds are cached in wp-includes/rss.php.

    The cache is stored in the wp_options table. I consider it poor practice to use a semi-permanent table as a cache. One consequence of this poor practice is the necessity of storing a timestamp for the cached record separately from the record itself (with a “_ts” suffix to the field value).

    Another consequence is that the cache cannot be properly flushed, since – as far as I can tell – the filename of the cached item must be known in order to call check_cache().

    Since the cache is not properly flushed, an unnecessary vulnerability has been built into WordPress. The “rss_XXX” entry in the ‘option_name’ field of the ‘wp_options’ table has been used to hide hacking.

    If rss caching is considered desirable, it should be done in a dedicated table that is flushed regularly.

    Additionally, it is poor practice to allow non-dedicated functions to access the database directly. There should be a suite of functions that wrap database access which call the database info on the fly from wp-config, to help enforce their exclusive access. This compartmentalization will aid debugging and improve security.

Viewing 1 replies (of 1 total)
  • Moderator Samuel Wood (Otto)

    (@otto42)

    WordPress.org Admin

    15 years, 8 months ago

    I know, it’s frustrating as hell to me too. I agree entirely, and I’ve complained about this before. The current feed-reading and parsing capabilities built into WordPress are just awful.

    However, it’s the current opinion of many of the lead devs that those functional bits are mainly only there for the dashboard stuff (which displays the latest WP news and gets the incoming links from google and so on). So as long as those bits work, they’re disinclined to replace the thing with something better.

    However, 2.7 holds some promise. There’s a new http reading library being built, for getting remote data. It seems likely (to me, anyway) that the use of Snoopy/Magpie may therefore be scrapped to add in something more actively maintained (I’m still hoping for SimplePie), and thus this may all be improved in the future. I wouldn’t hold my breath or anything, but I think some of them are coming around. 🙂

    As for all the database stuff, a lot of that direct access stuff is legacy code. It’s slowly being removed, version by version, as there’s a lot of new wrapper functions to handle that sort of thing now.

Viewing 1 replies (of 1 total)
  • The topic ‘rss cache should be stored, flushed and accessed properly’ is closed to new replies.