#46141 closed task (blessed) (fixed)
Revert PHP error recovery
Reported by: | pento | Owned by: | flixos90 |
---|---|---|---|
Milestone: | 5.1 | Priority: | highest omg bbq |
Severity: | blocker | Version: | 5.1 |
Component: | Site Health | Keywords: | servehappy has-patch |
Focuses: | Cc: |
Description
While the WSOD protection and error recovery is super cool, it requires fairly substantial changes (eg, #46130) to address potential security issues.
The direction that #46130 is promising, but it's very late in the release cycle to be making this big a change in behaviour.
To give it an appropriate amount of time to soak, I'm proposing reverting the WSOD protection and error recovery behaviour from trunk
, and trying again in WordPress 5.2.
Attachments (1)
Change History (10)
#4
@
6 years ago
- Keywords has-patch added
As mentioned already on Slack, I agree we should take the extra time to polish this feature and mitigate the security concerns, which is the goal of #46130. 46141.diff reverts the feature, while keeping some of the more generic fixes and improvements made for its support in place (e.g. better compatibility of wp_die()
, wp_using_themes()
function).
#6
@
6 years ago
@flixos90 I know you have reverted this, but we could put the php-error.php drop-in back in?
#8
@
6 years ago
This functionality is broken up into two pieces in my mind.
- The detection of errors and pausing of plugins / themes.
- A message that is displayed to users when the error handles.
Yes, I understand that the error detection and pausing has some security issues. But the displaying of errors could possiblity go in as a different commit. This stop users from seeing a WSOD and with the drop in add functionality to alert maintainer of site.
Important note: the existence of this ticket doesn't imply that a decision has been made. As beta 3 has been delayed to allow for this discussion, I'd like to minimise any further delays: once a decision has been made, we can commit the appropriate patches, and move on with releasing beta 3.