Make WordPress Core

Opened 3 years ago

Last modified 5 weeks ago

#23017 new defect (bug)

Support for fatal errors on XML-RPC

Reported by: koke Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 3.5
Component: XML-RPC Keywords: has-patch dev-feedback
Focuses: Cc:


Similar to #16748, when a fatal error occurs, PHP will output some HTML code which at best is confusing for XML-RPC clients.

Using the shutdown action, we could die more gracefully and return a XML-RPC formatted error

Attachments (2)

23017.diff (920 bytes) - added by koke 3 years ago.
23017-set-error-handler.diff (968 bytes) - added by beaucollins 3 years ago.

Download all attachments as: .zip

Change History (11)

@koke3 years ago

comment:1 @koke3 years ago

Not sure if the attached patch would be the best implementation, but it's a starting point

comment:2 @daniloercoli3 years ago

  • Cc ercoli@… added

comment:3 @sirzooro3 years ago

  • Cc sirzooro added

+1 for this.

PHP error should be reported in debug environment only - otherwise this is a potential security issue. Please check if WP_DEBUG is set to true; if not, return some generic error message like "WP internal error" instead.

comment:4 @redsweater3 years ago

Very cool idea. I'm definitely excited by anything that would improve the verbosity of errors when connecting via XMLRPC.

sirzooro: Would it be possible to set this up so it reports the PHP error only when the XMLRPC client has authenticated? The vast majority of error-prone activity occurs only after the user has authenticated, where it would make sense to allow verbose error messages to be conveyed to the user through XMLRPC. In this case, I don't think it would be a security issue to pass that along, at least for most WordPress configurations. Perhaps it could be limited to specific user roles.

comment:5 @SergeyBiryukov3 years ago

  • Version changed from trunk to 3.5

comment:6 @beaucollins3 years ago

Similarly, perhaps we can have the wp_xmlrpc_server use set_error_handler to prevent all non-fatal errors from being dumped to stdout in the event that PHP is configured to report errors to STDOUT.

comment:7 @beaucollins3 years ago

  • Cc beaucollins added

comment:9 @chriscct75 weeks ago

  • Keywords dev-feedback added; mobile removed
Note: See TracTickets for help on using tickets.