#62047 closed defect (bug) (duplicate)
check if ini_set is available to prevent Fatal Errors
Reported by: | maltfield | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | |
Component: | General | Keywords: | has-patch |
Focuses: | Cc: |
Description (last modified by )
There is a bug in wordpress that prevents users from logging-in if their PHP server was hardened following common best-practices
ini_set( 'display_errors', 1 );
This line causes a PHP Fatal error on hardened systems with the ini_set
function disabled.
PHP Fatal error: Uncaught Error: Call to undefined function ini_set() in /mnt/hetznerVol3/high_priority/www/html/wordpress/htdocs/wp-includes/load.php:600
Why this matters
For security reasons, orgs frequently configure php.ini
to be hardened by adding many dangerous functions to the disable_functions
variable in the php.ini
file. For example, it's common to disable the 'exec' function
disable_functions = exec
Of course, if a php script could modify the php configuration, then it would defeat any hardening done by setting disable_functions
. As such, it's common to add ini_set
to the disable_functions
disable_functions = exec, ini_set
Solution
To fix the PHP Fatal error, wordpres should always check to see if the ini_set
function exists before attempting to call it
if( function_exists( 'ini_set') ){ ini_set( 'display_errors', 1 ); }
Change History (5)
#2
@
3 months ago
- Description modified (diff)
- Milestone Awaiting Review deleted
- Resolution set to duplicate
- Status changed from new to closed
This looks like a duplicate of #48693
#3
@
3 months ago
@swissspidy I'm not sure this is a duplicate. #48693 is a low-priority issue asking to cleanup log messages.
This ticket is similar, but it's a higher-priority asking to fix PHP Fatal Errors, which break whole websites.
#4
@
3 months ago
It's literally about the same thing, in the same wp_debug_mode()
function.
The only difference is that prior to PHP 8 this triggered warnings, but starting with PHP 8 this triggers a fatal error.
Let's continue the discussion there :-)
This ticket was mentioned in PR #7352 on WordPress/wordpress-develop by maltfield.
3 months ago
#5
- Keywords has-patch added
meta: how the heck can I edit the OP of this ticket to fix syntax, etc?