WordPress.org

Make WordPress Core

Opened 6 months ago

Last modified 6 months ago

#51816 new enhancement

Implement auto recovery mode during auto update cron

Reported by: TimothyBlynJacobs Owned by:
Milestone: Future Release Priority: normal
Severity: normal Version:
Component: Site Health Keywords:
Focuses: Cc:

Description (last modified by TimothyBlynJacobs)

We introduced Recovery Mode to allow for a site administrator to access their site backend when a plugin is causing fatal errors. This makes it possible for the user to deactivate the plugin or update the plugin to a fixed version.

With the introduction of opt-in plugin auto updates in 5.5, it would be nice if we could ensure that a site could still autoupdate, even if one of its plugin was causing fatal errors.

This would need to happen without user interaction, otherwise the user could just use Recovery Mode themselves manually.

One of the reasons Recovery Mode is a manual process is to make sure we don't fail open and disable a plugin that was providing protections of some kind to their site. As such, we'd need to make sure that this auto recovery mode would only allow a very limited amount of code to run.

This could probably be all of cron, but I think it'd be good to try to further lock it down to when the automatic updater cron action is running.

One way to do this would be in WP_Recovery_Mode::handle_error to check wp_doing_cron() and if so to trigger another spawn_cron but with a recovery mode token appended that could only be utilized when wp_doing_cron(). That way it wouldn't be exposed if a site was using the alternate cron setup.

This wouldn't work for setups that are using a custom cron runner, or using WP CLI to trigger cron jobs. But I think it would be possible to make work for users who are pinging wp-cron.php manually.

Change History (2)

This ticket was mentioned in Slack in #core by timothybjacobs. View the logs.


6 months ago

#2 @TimothyBlynJacobs
6 months ago

  • Description modified (diff)
Note: See TracTickets for help on using tickets.