WordPress.org

Make WordPress Core

Opened 10 months ago

Closed 10 months ago

Last modified 6 months ago

#46141 closed task (blessed) (fixed)

Revert PHP error recovery

Reported by: pento Owned by: flixos90
Milestone: 5.1 Priority: highest omg bbq
Severity: blocker Version: 5.1
Component: Site Health Keywords: servehappy has-patch
Focuses: Cc:
PR Number:

Description

While the WSOD protection and error recovery is super cool, it requires fairly substantial changes (eg, #46130) to address potential security issues.

The direction that #46130 is promising, but it's very late in the release cycle to be making this big a change in behaviour.

To give it an appropriate amount of time to soak, I'm proposing reverting the WSOD protection and error recovery behaviour from trunk, and trying again in WordPress 5.2.

Attachments (1)

46141.diff (54.9 KB) - added by flixos90 10 months ago.

Download all attachments as: .zip

Change History (10)

#1 @pento
10 months ago

Important note: the existence of this ticket doesn't imply that a decision has been made. As beta 3 has been delayed to allow for this discussion, I'd like to minimise any further delays: once a decision has been made, we can commit the appropriate patches, and move on with releasing beta 3.

#2 @pento
10 months ago

  • Keywords servehappy added

#3 @pento
10 months ago

  • Owner changed from pento to flixos90

@flixos90
10 months ago

#4 @flixos90
10 months ago

  • Keywords has-patch added

As mentioned already on Slack, I agree we should take the extra time to polish this feature and mitigate the security concerns, which is the goal of #46130. 46141.diff reverts the feature, while keeping some of the more generic fixes and improvements made for its support in place (e.g. better compatibility of wp_die(), wp_using_themes() function).

#5 @flixos90
10 months ago

  • Resolution set to fixed
  • Status changed from assigned to closed

In 44717:

Bootstrap/Load: Revert fatal error recovery mechanism from 5.1 to polish for 5.2.

Due to the high number of follow-up tickets and associated security concerns, it was decided to reschedule the fatal error recovery feature for WordPress 5.2, in order to address these issues properly. The feature will continue to be developed, with iterations being merged into trunk early in the 5.2 release cycle.

Fixes #46141. See #44458, #45932, #45940, #46038, #46047, #46068.

#6 @spacedmonkey
10 months ago

@flixos90 I know you have reverted this, but we could put the php-error.php drop-in back in?

#7 @flixos90
10 months ago

@spacedmonkey Why? It's not used as long as the WSOD protection isn't there.

#8 @spacedmonkey
10 months ago

This functionality is broken up into two pieces in my mind.

  1. The detection of errors and pausing of plugins / themes.
  2. A message that is displayed to users when the error handles.

Yes, I understand that the error detection and pausing has some security issues. But the displaying of errors could possiblity go in as a different commit. This stop users from seeing a WSOD and with the drop in add functionality to alert maintainer of site.

#9 @spacedmonkey
6 months ago

  • Component changed from Bootstrap/Load to Site Health
Note: See TracTickets for help on using tickets.