Bug #19975
closedDeleted and spammed sites are still able to create and trigger scheduled tasks
0%
Description
When I was looking into #19971 to trim down the Cavalvade scheduled tasks, I noticed that deleted sites such as admissions.commons.gc.cuny.edu or sites marked as spam are still able to create and trigger scheduled tasks.
We should prevent scheduled tasks from being created for deleted / spammed sites.
Updated by Raymond Hoh about 1 month ago
On production, I've put in place a potential fix for this.
After this line in wp-content/mu-plugins/cavalcade.php, I've added the following:
// If site is deleted or is spam, do not allow any job from this site.
$site = get_site();
if ( 1 === (int) $site->deleted || 1 === (int) $site->spam ) {
return true;
}
I've also added a clause to omit 'delete_expired_transients' jobs here :
// Remove expired transients task as we're using an object cache. case 'delete_expired_transients' :
This task is for sites without an object cache , but it always runs even if an object cache is in use: https://github.com/WordPress/WordPress/blob/cca720266b967b233232d0033abe7526fe261f86/wp-admin/admin.php#L106-L109. Since we're running an object cache, should be safe to ignore this job.
I will probably commit these changes later today.
Last night, the Cavalcade queue was pretty much gone, but as of now, the lag is about 12 mins. Will look to see what else we can do.
Updated by Raymond Hoh about 1 month ago
- Status changed from New to Resolved
I've committed the deleted and spammed site scheduled task fix in https://github.com/cuny-academic-commons/cac/commit/079427af4c3610557828755daae1661e4dfa44a6 and the 'delete_expired_transients' task fix in https://github.com/cuny-academic-commons/cac/commit/2d33c873914cdf4a5e90296370d55261a9699fcd.
This is deployed on production. Just checked the Cavalcade queue and the lag at the moment is less than a minute.