Make WordPress Core

Opened 6 years ago

Closed 5 years ago

Last modified 5 years ago

#45888 closed enhancement (invalid)

Provide Opt-Out for WSOD Protection

Reported by: timothyblynjacobs's profile TimothyBlynJacobs Owned by: timothyblynjacobs's profile TimothyBlynJacobs
Milestone: Priority: normal
Severity: major Version: 5.1
Component: Site Health Keywords: has-patch servehappy
Focuses: Cc:

Description

[44524] introduced WSOD protection. Security related plugins need a way to opt-out of this behavior.

Without an opt-out mechanism, a fatal error caused by an edge case can be used to completely disable security protections provided by a plugin. Even if that fatal error is not preventing the user from logging into or accessing their site. This opens up a wide surface for attackers to bypass security protections provided by plugins.

A drop-in was added in the WSOD protection, but another plugin shouldn't be adding or modifying a drop-in unless that is its main purpose.

Instead, plugins should be able to opt-out by specifying a plugin header. For instance Allow Pausing: false.

There were concerns about providing a way for plugins to opt-out. But if the original intention of WSOD protection is to allow people to safely upgrade PHP versions without worrying about crashing their site, then it stands to reason that the majority of the offending plugins won't have specified this header since they haven't updated their codebases in quite some time.

Another concern was that "proper" plugins shouldn't be causing fatal errors. This is untenable. Any plugin of substantial size can have fatal errors. Particularly when there are millions of different ways WordPress sites can be configured.

I was requested to upload a PR to GitHub: https://github.com/wp-core-php/wordpress-develop/pull/4

Attachments (1)

44458.diff (6.7 KB) - added by TimothyBlynJacobs 6 years ago.

Download all attachments as: .zip

Change History (14)

This ticket was mentioned in Slack in #core-php by timothybjacobs. View the logs.


6 years ago

#2 @pento
6 years ago

  • Milestone changed from Awaiting Review to 5.1

Adding to 5.1 milestone for consideration.

This ticket was mentioned in Slack in #core by flixos90. View the logs.


6 years ago

#4 @flixos90
6 years ago

  • Keywords servehappy added

This ticket was mentioned in Slack in #core-php by flixos90. View the logs.


6 years ago

#6 @flixos90
6 years ago

  • Owner set to TimothyBlynJacobs
  • Status changed from new to assigned

This ticket was mentioned in Slack in #core-php by schlessera. View the logs.


6 years ago

This ticket was mentioned in Slack in #core by timothybjacobs. View the logs.


6 years ago

#9 @flixos90
6 years ago

  • Milestone changed from 5.1 to 5.2

#10 @flixos90
5 years ago

  • Milestone changed from 5.2 to 5.3

#11 @flixos90
5 years ago

  • Milestone 5.3 deleted
  • Resolution set to invalid
  • Status changed from assigned to closed

This ticket is based on the old fatal error recovery mode implementation and will be covered as part of #46130.

This ticket was mentioned in Slack in #core-php by timothybjacobs. View the logs.


5 years ago

#13 @spacedmonkey
5 years ago

  • Component changed from Bootstrap/Load to Site Health
Note: See TracTickets for help on using tickets.