#45888 closed enhancement (invalid)
Provide Opt-Out for WSOD Protection
Reported by: | TimothyBlynJacobs | Owned by: | TimothyBlynJacobs |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | major | Version: | 5.1 |
Component: | Site Health | Keywords: | has-patch servehappy |
Focuses: | Cc: |
Description
[44524] introduced WSOD protection. Security related plugins need a way to opt-out of this behavior.
Without an opt-out mechanism, a fatal error caused by an edge case can be used to completely disable security protections provided by a plugin. Even if that fatal error is not preventing the user from logging into or accessing their site. This opens up a wide surface for attackers to bypass security protections provided by plugins.
A drop-in was added in the WSOD protection, but another plugin shouldn't be adding or modifying a drop-in unless that is its main purpose.
Instead, plugins should be able to opt-out by specifying a plugin header. For instance Allow Pausing: false
.
There were concerns about providing a way for plugins to opt-out. But if the original intention of WSOD protection is to allow people to safely upgrade PHP versions without worrying about crashing their site, then it stands to reason that the majority of the offending plugins won't have specified this header since they haven't updated their codebases in quite some time.
Another concern was that "proper" plugins shouldn't be causing fatal errors. This is untenable. Any plugin of substantial size can have fatal errors. Particularly when there are millions of different ways WordPress sites can be configured.
I was requested to upload a PR to GitHub: https://github.com/wp-core-php/wordpress-develop/pull/4
Attachments (1)
Change History (14)
This ticket was mentioned in Slack in #core-php by timothybjacobs. View the logs.
6 years ago
This ticket was mentioned in Slack in #core by flixos90. View the logs.
6 years ago
This ticket was mentioned in Slack in #core-php by flixos90. View the logs.
6 years ago
This ticket was mentioned in Slack in #core-php by schlessera. View the logs.
6 years ago
This ticket was mentioned in Slack in #core by timothybjacobs. View the logs.
6 years ago
#11
@
5 years ago
- Milestone 5.3 deleted
- Resolution set to invalid
- Status changed from assigned to closed
This ticket is based on the old fatal error recovery mode implementation and will be covered as part of #46130.
Adding to 5.1 milestone for consideration.