WordPress.org

Make WordPress Core

Opened 19 months ago

Closed 17 months ago

Last modified 14 months ago

#45888 closed enhancement (invalid)

Provide Opt-Out for WSOD Protection

Reported by: TimothyBlynJacobs Owned by: TimothyBlynJacobs
Milestone: Priority: normal
Severity: major Version: 5.1
Component: Site Health Keywords: has-patch servehappy
Focuses: Cc:

Description

[44524] introduced WSOD protection. Security related plugins need a way to opt-out of this behavior.

Without an opt-out mechanism, a fatal error caused by an edge case can be used to completely disable security protections provided by a plugin. Even if that fatal error is not preventing the user from logging into or accessing their site. This opens up a wide surface for attackers to bypass security protections provided by plugins.

A drop-in was added in the WSOD protection, but another plugin shouldn't be adding or modifying a drop-in unless that is its main purpose.

Instead, plugins should be able to opt-out by specifying a plugin header. For instance Allow Pausing: false.

There were concerns about providing a way for plugins to opt-out. But if the original intention of WSOD protection is to allow people to safely upgrade PHP versions without worrying about crashing their site, then it stands to reason that the majority of the offending plugins won't have specified this header since they haven't updated their codebases in quite some time.

Another concern was that "proper" plugins shouldn't be causing fatal errors. This is untenable. Any plugin of substantial size can have fatal errors. Particularly when there are millions of different ways WordPress sites can be configured.

I was requested to upload a PR to GitHub: https://github.com/wp-core-php/wordpress-develop/pull/4

Attachments (1)

44458.diff (6.7 KB) - added by TimothyBlynJacobs 19 months ago.

Download all attachments as: .zip

Change History (14)

This ticket was mentioned in Slack in #core-php by timothybjacobs. View the logs.


19 months ago

#2 @pento
19 months ago

  • Milestone changed from Awaiting Review to 5.1

Adding to 5.1 milestone for consideration.

This ticket was mentioned in Slack in #core by flixos90. View the logs.


19 months ago

#4 @flixos90
19 months ago

  • Keywords servehappy added

This ticket was mentioned in Slack in #core-php by flixos90. View the logs.


19 months ago

#6 @flixos90
19 months ago

  • Owner set to TimothyBlynJacobs
  • Status changed from new to assigned

This ticket was mentioned in Slack in #core-php by schlessera. View the logs.


19 months ago

This ticket was mentioned in Slack in #core by timothybjacobs. View the logs.


19 months ago

#9 @flixos90
19 months ago

  • Milestone changed from 5.1 to 5.2

#10 @flixos90
17 months ago

  • Milestone changed from 5.2 to 5.3

#11 @flixos90
17 months ago

  • Milestone 5.3 deleted
  • Resolution set to invalid
  • Status changed from assigned to closed

This ticket is based on the old fatal error recovery mode implementation and will be covered as part of #46130.

This ticket was mentioned in Slack in #core-php by timothybjacobs. View the logs.


17 months ago

#13 @spacedmonkey
14 months ago

  • Component changed from Bootstrap/Load to Site Health
Note: See TracTickets for help on using tickets.