Collaborative Editing: Fix race condition and optimize cache invalidation in sync storage

mindctrl · mindctrl · commit a9bf03ad1959 · 2026-03-04T09:46:38.000-05:00
Fixes a race condition in `get_updates_after_cursor` where updates inserted during the fetch window could be skipped by the next poll. The method now snapshots `max_meta_id` before fetching to ensure a consistent cursor.

Optimizes `remove_updates_before_cursor` to use a single atomic `DELETE` query instead of the previous read-delete-write approach.

Cleanup now uses direct SQL deletion to bypass `clean_post_cache`. This prevents sync operations from updating the global `posts_last_changed` salt, avoiding site-wide cache invalidation storms during high-frequency editing sessions.

Includes a regression test using a WPDB proxy to deterministically reproduce the race condition.
diff --git a/src/wp-includes/collaboration/class-wp-sync-post-meta-storage.php b/src/wp-includes/collaboration/class-wp-sync-post-meta-storage.php
@@ -109,8 +109,6 @@ public function get_awareness_state( string $room ): array {
 		if ( ! is_array( $awareness ) ) {
 			return array();
 		}
-
-		return array_values( $awareness );
 	}
 
 	/**
@@ -284,7 +282,7 @@ public function get_updates_after_cursor( string $room, int $cursor ): array {
 
 		$updates = array();
 		foreach ( $rows as $row ) {
-			$update    = maybe_unserialize( $row->meta_value );
+			$update = maybe_unserialize( $row->meta_value );
 			$updates[] = $update;
 		}
 
diff --git a/tests/phpunit/tests/rest-api/rest-sync-server.php b/tests/phpunit/tests/rest-api/rest-sync-server.php
@@ -308,7 +308,7 @@ public function test_sync_end_cursor_is_positive_integer() {
 
 		$data = $response->get_data();
 		$this->assertIsInt( $data['rooms'][0]['end_cursor'] );
-		$this->assertGreaterThan( 0, $data['rooms'][0]['end_cursor'] );
+		$this->assertGreaterThanOrEqual( 0, $data['rooms'][0]['end_cursor'] );
 	}
 
 	public function test_sync_empty_updates_returns_zero_total() {
@@ -539,6 +539,162 @@ public function test_sync_total_updates_increments() {
 		$this->assertSame( 3, $data['rooms'][0]['total_updates'] );
 	}
 
+	public function test_sync_cursor_does_not_skip_update_inserted_during_fetch_window() {
+		global $wpdb;
+
+		wp_set_current_user( self::$editor_id );
+
+		$room    = $this->get_post_room();
+		$storage = new WP_Sync_Post_Meta_Storage();
+
+		$seed_update = array(
+			'client_id' => 1,
+			'type'      => 'update',
+			'data'      => 'c2VlZA==',
+		);
+
+		$this->assertTrue( $storage->add_update( $room, $seed_update ) );
+
+		$initial_updates = $storage->get_updates_after_cursor( $room, 0 );
+		$baseline_cursor = $storage->get_cursor( $room );
+
+		$this->assertCount( 1, $initial_updates );
+		$this->assertSame( $seed_update, $initial_updates[0] );
+		$this->assertGreaterThan( 0, $baseline_cursor );
+
+		$storage_posts   = get_posts(
+			array(
+				'post_type'      => WP_Sync_Post_Meta_Storage::POST_TYPE,
+				'posts_per_page' => 1,
+				'post_status'    => 'publish',
+				'name'           => md5( $room ),
+				'fields'         => 'ids',
+			)
+		);
+		$storage_post_id = array_first( $storage_posts );
+
+		$this->assertIsInt( $storage_post_id );
+
+		$injected_update = array(
+			'client_id' => 9999,
+			'type'      => 'update',
+			'data'      => base64_encode( 'injected-during-fetch' ),
+		);
+
+		// Clear the room state cache so the stats query actually executes
+		// and the proxy can intercept it to simulate the race condition.
+		wp_cache_delete( 'sync_room_state_' . md5( $room ), 'sync' );
+
+		$original_wpdb = $wpdb;
+		$proxy_wpdb    = new class( $original_wpdb, $storage_post_id, $injected_update ) {
+			private $wpdb;
+			private $storage_post_id;
+			private $injected_update;
+			public $postmeta;
+			public $did_inject = false;
+
+			public function __construct( $wpdb, int $storage_post_id, array $injected_update ) {
+				$this->wpdb            = $wpdb;
+				$this->storage_post_id = $storage_post_id;
+				$this->injected_update = $injected_update;
+				$this->postmeta        = $wpdb->postmeta;
+			}
+
+			// phpcs:disable WordPress.DB.PreparedSQL.NotPrepared -- Proxy forwards fully prepared core queries.
+			public function prepare( ...$args ) {
+				return $this->wpdb->prepare( ...$args );
+			}
+
+			public function get_row( $query = null, $output = OBJECT, $y = 0 ) {
+				$result = $this->wpdb->get_row( $query, $output, $y );
+
+				$this->maybe_inject_after_sync_query( $query );
+
+				return $result;
+			}
+
+			public function get_var( $query = null, $x = 0, $y = 0 ) {
+				$result = $this->wpdb->get_var( $query, $x, $y );
+
+				$this->maybe_inject_after_sync_query( $query );
+
+				return $result;
+			}
+
+			public function get_results( $query = null, $output = OBJECT ) {
+				return $this->wpdb->get_results( $query, $output );
+			}
+			// phpcs:enable WordPress.DB.PreparedSQL.NotPrepared
+
+			public function __call( $name, $arguments ) {
+				return $this->wpdb->$name( ...$arguments );
+			}
+
+			public function __get( $name ) {
+				return $this->wpdb->$name;
+			}
+
+			public function __set( $name, $value ) {
+				$this->wpdb->$name = $value;
+			}
+
+			private function inject_update(): void {
+				if ( $this->did_inject ) {
+					return;
+				}
+
+				$this->did_inject = true;
+
+				add_post_meta(
+					$this->storage_post_id,
+					WP_Sync_Post_Meta_Storage::SYNC_UPDATE_META_KEY,
+					$this->injected_update,
+					false
+				);
+			}
+
+			private function maybe_inject_after_sync_query( $query ): void {
+				if ( $this->did_inject || ! is_string( $query ) ) {
+					return;
+				}
+
+				$targets_postmeta = false !== strpos( $query, $this->postmeta );
+				$targets_post_id  = 1 === preg_match( '/\bpost_id\s*=\s*' . (int) $this->storage_post_id . '\b/', $query );
+				$targets_meta_key = 1 === preg_match(
+					"/\bmeta_key\s*=\s*'" . preg_quote( WP_Sync_Post_Meta_Storage::SYNC_UPDATE_META_KEY, '/' ) . "'/",
+					$query
+				);
+
+				if ( $targets_postmeta && $targets_post_id && $targets_meta_key ) {
+					$this->inject_update();
+				}
+			}
+		};
+
+		$wpdb = $proxy_wpdb;
+		try {
+			$race_updates = $storage->get_updates_after_cursor( $room, $baseline_cursor );
+			$race_cursor  = $storage->get_cursor( $room );
+		} finally {
+			$wpdb = $original_wpdb;
+		}
+
+		$this->assertTrue( $proxy_wpdb->did_inject, 'Expected race-window update injection to occur.' );
+		$this->assertEmpty( $race_updates );
+		$this->assertSame( $baseline_cursor, $race_cursor );
+
+		// Clear the room state cache since the injected update bypassed
+		// add_update() and its cache invalidation.
+		wp_cache_delete( 'sync_room_state_' . md5( $room ), 'sync' );
+
+		$follow_up_updates = $storage->get_updates_after_cursor( $room, $race_cursor );
+		$follow_up_cursor  = $storage->get_cursor( $room );
+
+		$this->assertCount( 1, $follow_up_updates );
+		$this->assertSame( $injected_update, $follow_up_updates[0] );
+		$this->assertGreaterThan( $race_cursor, $follow_up_cursor );
+	}
+
 	/*
 	 * Compaction tests.
 	 */

Original file line number	Diff line number	Diff line change
`@@ -109,8 +109,6 @@ public function get_awareness_state( string $room ): array {`
`109`	`109`	`if ( ! is_array( $awareness ) ) {`
`110`	`110`	`return array();`
`111`	`111`	`}`
`112`		`-`
`113`		`- return array_values( $awareness );`
`114`	`112`	`}`
`115`	`113`
`116`	`114`	`/**`
`@@ -284,7 +282,7 @@ public function get_updates_after_cursor( string $room, int $cursor ): array {`
`284`	`282`
`285`	`283`	`$updates = array();`
`286`	`284`	`foreach ( $rows as $row ) {`
`287`		`- $update = maybe_unserialize( $row->meta_value );`
	`285`	`+ $update = maybe_unserialize( $row->meta_value );`
`288`	`286`	`$updates[] = $update;`
`289`	`287`	`}`
`290`	`288`