Use expirable key/value for entity autocomplete

Created on 21 August 2019, over 5 years ago
Updated 31 August 2024, 4 months ago

Back in #2490420: EntityAutocomplete element settings allows sql injection and for arbitrary user-supplied data to be passed into unserialize() β†’ , settings started being stored in key-value and although there was a bit of discussion there about doing expiration, going for the less complicated method of having no expiration was chosen in order to more quickly release the fix.

Fast forward to present day. 82% of the data in our key_value table is the entity_autocomplete collection. We're talking millions upon millions of rows (gigabytes of information), most of which will never be touched again and will never be cleaned up. And this is only a 2-year old website where virtually all of the traffic is authenticated.

Permanent retention of this data is not sustainable. Even if a relatively high threshold is chosen for the expiry, it would still be preferable to keeping them in perpetuity.

πŸ› Bug report
Status

Needs work

Version

11.0 πŸ”₯

Component
EntityΒ  β†’

Last updated about 16 hours ago

Created by

πŸ‡ΊπŸ‡ΈUnited States kevin.dutra

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Production build 0.71.5 2024