Make WordPress Core

Opened 22 months ago

Last modified 6 weeks ago

#43358 accepted defect (bug)

The theme/plugin editor sandbox does not play well with PHP sessions

Reported by: bruandet Owned by: SergeyBiryukov
Milestone: 5.4 Priority: normal
Severity: normal Version: 4.9.4
Component: Administration Keywords:
Focuses: Cc:
PR Number:


The theme/plugin editor sandbox does not work with some plugins (or themes) using PHP sessions. Because of the session exclusive lock, cURL will time out when attempting to connect back to the site and the request will fail.
Checking if a session was started and then calling session_write_close() before the first wp_remote_get() call in wp-admin/includes/file.php seems to solve the issue.

Attachments (1)

session-site-health-bug.php (71 bytes) - added by vjik 6 weeks ago.
Simple plugin for reproducing the problem

Download all attachments as: .zip

Change History (2)

#1 @SergeyBiryukov
6 weeks ago

  • Milestone changed from Awaiting Review to 5.4
  • Owner set to SergeyBiryukov
  • Status changed from new to accepted

@vjik reported that this issue also affects Site Health checks, specifically causing these warnings:

  • The REST API encountered an error
  • Your site could not complete a loopback request

6 weeks ago

Simple plugin for reproducing the problem

Note: See TracTickets for help on using tickets.