Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Possible infinite loop in profile_update hook #800

Closed
Zae opened this issue Jul 28, 2020 · 3 comments · Fixed by #802
Closed

Possible infinite loop in profile_update hook #800

Zae opened this issue Jul 28, 2020 · 3 comments · Fixed by #802

Comments

@Zae
Copy link

Zae commented Jul 28, 2020

Description

When logging in with the auth0 plugin I expect to be able to login, however we've noticed since updating to Auth0 v4, that some users are getting out of memory issues when logging in. It seems that for some users an infinite loops triggers that causes PHP to crash eventually.

Reproduction

I don't know the full details to reproduce yet, however I seem to have fixed it for us by commenting out a bit of code.

It seems that the function wp_auth0_profile_change_email listens to the profile_update hook. Which in turn call the method update_email in the class WP_Auth0_Profile_Change_Email.

This method calls remove_action('profile_update') explicitly to stop infinite loops, however that does not seem to work. I think this might be because there are now 2 functions listening for profile_update, the method in this class listens to it after being called for the first time and the function wp_auth0_profile_change_email I mentioned before.

// Remove this method from profile_update, which is called by wp_update_user, to avoid an infinite loop.
remove_action( 'profile_update', [ $this, __FUNCTION__ ], 100 );

I think this might be a refactoring bug, before this class registered it's own profile_update hook but in v4 that wp_auth0_profile_change_email function was added. The remove_action that should stop infinite loops does not deregister the new wp_auth0_profile_change_email function that calls WP_Auth0_Profile_Change_Email, only it's own function, which I think is wrong.

For now I completely commented out the wp_auth0_profile_change_email function and do an early return in WP_Auth0_Profile_Change_Email::update_email to make sure it doesn't run.

(partial) STACKTRACE

wp-content/plugins/auth0/lib/profile/WP_Auth0_Profile_Change_Email.php:94
wp-content/plugins/auth0/WP_Auth0.php:441
wp-includes/class-wp-hook.php:287
wp-includes/class-wp-hook.php:311
wp-includes/plugin.php:478
wp-includes/user.php:1876
wp-includes/user.php:1995
wp-content/plugins/auth0/lib/profile/WP_Auth0_Profile_Change_Email.php:94

Environment

Wordpress: 5.4.2
Login by Auth0: 4.1.0
@saltukalakus
Copy link

This issue is also tracked in a support ticket (SF 00463569). Just FYI.

@saltukalakus
Copy link

Hi @joshcanhelp do you think the provided information is sufficient to work on the issue?

@joshcanhelp
Copy link
Contributor

@Zae - Apologies for the long delay here. I think you're spot-on with the root cause here and we'll get that fixed and released as soon as possible.

@joshcanhelp joshcanhelp mentioned this issue Sep 24, 2020
Merged
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 19, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix potential infinite loop on email update auth0/wordpress
3 participants
@Zae @saltukalakus @joshcanhelp