Opened 12 years ago
Closed 5 years ago
#23017 closed defect (bug) (fixed)
Support for fatal errors on XML-RPC
Reported by: | koke | Owned by: | |
---|---|---|---|
Milestone: | 5.2 | Priority: | normal |
Severity: | normal | Version: | 3.5 |
Component: | XML-RPC | Keywords: | has-patch |
Focuses: | Cc: |
Description
Similar to #16748, when a fatal error occurs, PHP will output some HTML code which at best is confusing for XML-RPC clients.
Using the shutdown
action, we could die more gracefully and return a XML-RPC formatted error
Attachments (2)
Change History (12)
#3
@
12 years ago
- Cc sirzooro added
+1 for this.
PHP error should be reported in debug environment only - otherwise this is a potential security issue. Please check if WP_DEBUG
is set to true
; if not, return some generic error message like "WP internal error" instead.
#4
@
12 years ago
Very cool idea. I'm definitely excited by anything that would improve the verbosity of errors when connecting via XMLRPC.
sirzooro: Would it be possible to set this up so it reports the PHP error only when the XMLRPC client has authenticated? The vast majority of error-prone activity occurs only after the user has authenticated, where it would make sense to allow verbose error messages to be conveyed to the user through XMLRPC. In this case, I don't think it would be a security issue to pass that along, at least for most WordPress configurations. Perhaps it could be limited to specific user roles.
#6
@
12 years ago
Similarly, perhaps we can have the wp_xmlrpc_server use set_error_handler to prevent all non-fatal errors from being dumped to stdout in the event that PHP is configured to report errors to STDOUT.
Not sure if the attached patch would be the best implementation, but it's a starting point