WordPress.org

Make WordPress Core

Opened 2 years ago

Last modified 2 years ago

#23017 new defect (bug)

Support for fatal errors on XML-RPC

Reported by: koke Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 3.5
Component: XML-RPC Keywords: mobile has-patch
Focuses: Cc:

Description

Similar to #16748, when a fatal error occurs, PHP will output some HTML code which at best is confusing for XML-RPC clients.

Using the shutdown action, we could die more gracefully and return a XML-RPC formatted error

Attachments (2)

23017.diff (920 bytes) - added by koke 2 years ago.
23017-set-error-handler.diff (968 bytes) - added by beaucollins 2 years ago.

Download all attachments as: .zip

Change History (10)

@koke2 years ago

comment:1 @koke2 years ago

Not sure if the attached patch would be the best implementation, but it's a starting point

comment:2 @daniloercoli2 years ago

  • Cc ercoli@… added

comment:3 @sirzooro2 years ago

  • Cc sirzooro added

+1 for this.

PHP error should be reported in debug environment only - otherwise this is a potential security issue. Please check if WP_DEBUG is set to true; if not, return some generic error message like "WP internal error" instead.

comment:4 @redsweater2 years ago

Very cool idea. I'm definitely excited by anything that would improve the verbosity of errors when connecting via XMLRPC.

sirzooro: Would it be possible to set this up so it reports the PHP error only when the XMLRPC client has authenticated? The vast majority of error-prone activity occurs only after the user has authenticated, where it would make sense to allow verbose error messages to be conveyed to the user through XMLRPC. In this case, I don't think it would be a security issue to pass that along, at least for most WordPress configurations. Perhaps it could be limited to specific user roles.

comment:5 @SergeyBiryukov2 years ago

  • Version changed from trunk to 3.5

comment:6 @beaucollins2 years ago

Similarly, perhaps we can have the wp_xmlrpc_server use set_error_handler to prevent all non-fatal errors from being dumped to stdout in the event that PHP is configured to report errors to STDOUT.

comment:7 @beaucollins2 years ago

  • Cc beaucollins added
Note: See TracTickets for help on using tickets.