WordPress.org

Make WordPress Core

Opened 3 months ago

Last modified 5 weeks ago

#47985 new enhancement

Site Health: log errors to public file

Reported by: afragen Owned by:
Milestone: 5.4 Priority: normal
Severity: normal Version:
Component: Site Health Keywords: has-patch dev-feedback
Focuses: Cc:
PR Number:

Description

As mentioned in #47046 just because WP_DEBUG_LOG is true doesn't mean the file is publicly viewable.

Obviously viewable files are in the ABSPATH usually in wp-content somewhere. A simple test against ABSPATH could be used to move the error from critical to recommended. It still shows as a potential problem but possibly not as severe as an average user might infer.

Attachments (4)

47985.diff (415 bytes) - added by afragen 3 months ago.
test error_log file path to ABSPATH
47985.2.diff (421 bytes) - added by afragen 2 months ago.
improved logic
47985.3.diff (632 bytes) - added by afragen 7 weeks ago.
more specific patch refresh
screenshot_02.png (84.6 KB) - added by afragen 7 weeks ago.
screenshot with patch applied. WP_DEBUG is true and WP_DEBUG_LOG is true

Download all attachments as: .zip

Change History (23)

@afragen
3 months ago

test error_log file path to ABSPATH

This ticket was mentioned in Slack in #core by afragen. View the logs.


2 months ago

#2 @afragen
2 months ago

  • Milestone changed from Awaiting Review to 5.3

This ticket was mentioned in Slack in #core-site-health by afragen. View the logs.


2 months ago

This ticket was mentioned in Slack in #core by afragen. View the logs.


2 months ago

#5 @afragen
2 months ago

  • Keywords dev-feedback added

The patch is pretty straightforward. What it really needs is a #committer to see if the logic is sound.

#6 @Clorith
2 months ago

There's no way to reliably know if a path is accessible to others in any way, so I stand by my previous opinion that if logging is enabled, it should alert the user, they are the only ones that can know if it's available or not.

#7 @afragen
2 months ago

@Clorith my thought was that if the log is not in the normal flow of the WordPress structure then the notification should be less severe.

If the log isn’t in the normal WordPress flow it would be much more difficult to randomly find it.

@afragen
2 months ago

improved logic

This ticket was mentioned in Slack in #core-site-health by afragen. View the logs.


2 months ago

This ticket was mentioned in Slack in #hosting-community by miss_jwo. View the logs.


2 months ago

This ticket was mentioned in Slack in #core by afragen. View the logs.


2 months ago

#11 @mikeschroder
2 months ago

@miss_jwo reached out in #hosting_community for feedback -- putting that in here as well, so it's easier to find:

I think it’s a good idea to alert folks if they have logging enabled, whether or not the log is public, since a log filling up disk is a real concern, if they’re not handling rotation and such.
It’s possible that it’ll slow down the site due to writes, too.

#12 @afragen
2 months ago

@mikeschroder it does register an alert. It simply changes the alert from critical to recommended.

#13 @afragen
2 months ago

  • Milestone changed from 5.3 to 5.4

This ticket was mentioned in Slack in #hosting-community by jadonn. View the logs.


8 weeks ago

This ticket was mentioned in Slack in #hosting-community by mike. View the logs.


7 weeks ago

#16 @mikeschroder
7 weeks ago

@afragen Is there a place where I could see what the severity change would look like in practice? What would it mean for users to change it?

@afragen
7 weeks ago

more specific patch refresh

@afragen
7 weeks ago

screenshot with patch applied. WP_DEBUG is true and WP_DEBUG_LOG is true

#17 @afragen
7 weeks ago

@mikeschroder I discovered that the previous patch didn't work as expected. I've updated the patch to be as specific as possible. The screenshot is what happens when the patch is applied and WP_DEBUG and WP_DEBUG_LOG are both true if the log is outside of ABSPATH.

Otherwise the error shows as critical.

Version 0, edited 7 weeks ago by afragen (next)

This ticket was mentioned in Slack in #hosting-community by amykamala. View the logs.


6 weeks ago

This ticket was mentioned in Slack in #core-site-health by afragen. View the logs.


5 weeks ago

Note: See TracTickets for help on using tickets.