#65058 closed defect (bug) (fixed)
Abilities API: Catch exceptions thrown by ability callbacks
| Reported by: |
|
Owned by: |
|
|---|---|---|---|
| Milestone: | 7.0 | Priority: | normal |
| Severity: | normal | Version: | 6.9 |
| Component: | Abilities API | Keywords: | abilities-api has-patch has-unit-tests commit dev-reviewed |
| Focuses: | Cc: |
Description
Originally reported at https://github.com/WordPress/ai/issues/392.
Description
When testing the Core AI feature in WordPress 7.0 RC, I encountered an issue while regenerating a post title.
Actual behavior:
A network error occurs:
cURL error 28: Operation timed out after 30006 milliseconds with 0 bytes received
In the browser console:
A 500 Internal Server Error is logged
The response unexpectedly includes the entire HTML of the page
Also noticed:
wp.abilities.executeAbility is unavailable. Falling back to REST.
Why this is an issue:
Returning full HTML in API response may indicate improper error handling
Could expose unintended data or create debugging/security concerns
Additional Notes:
Issue seems related to the request sent to:
https://router.huggingface.co/v1/chat/completions
Possibly caused by API timeout, but response handling appears incorrect
Step-by-step reproduction instructions
- Created a new post
- Entered blog title and content
- Clicked on “Re-generate” title option
- Checked the console log
Environment info
WordPress Version: 7.0 RC (Beta)
Feature: Core AI (Title Generation)
Browser: Chrome (latest)
Setup: Local/Development environment
Change History (10)
This ticket was mentioned in PR #11544 on WordPress/wordpress-develop by @gziolo.
4 weeks ago
#1
- Keywords has-patch has-unit-tests added
#4
@
4 weeks ago
Self-assigning for review and commi, but I'd like to get another committer to review this as well since we're in RC.
This ticket was mentioned in Slack in #core-ai by gziolo. View the logs.
4 weeks ago
#6
@
3 weeks ago
- Keywords dev-reviewed added; dev-feedback removed
https://github.com/WordPress/wordpress-develop/pull/11544 looks good to go. Thanks @gziolo!
#7
@
3 weeks ago
Patch Testing Report
Patch Tested: https://github.com/WordPress/wordpress-develop/pull/11544
Environment
Playground
WordPress: 7.0-RC2
PHP: 7.4.33
Server: nginx/1.29.4
Browser: Chrome
OS: macOS
Result:
The patch is working fine, and no console errors appear when generating the title. ✅
Screenshot:
Before fix: https://www.awesomescreenshot.com/image/59847079?key=4dfc4a8276de7c09255c6494d9b332e3
After fix: https://www.awesomescreenshot.com/image/59847180?key=b07e03ee3043738e9b1ee6a9832eca8b
## Summary
When an ability's
execute_callbackorpermission_callbackthrows an uncaught exception, it propagates throughWP_Ability::execute()and the REST run controller, causing WordPress to render an HTML fatal error page with a 500 status instead of a JSON error response.This was first reported via the Core AI feature plugin when an AI connector's HTTP request to a remote provider timed out after 30 seconds — the underlying client threw a
ServerException, which surfaced to the browser as a full HTML page inside the REST response, breaking client-side error handling.See https://github.com/WordPress/ai/issues/392 for the original report and root-cause analysis.
## Fix
WP_Ability::invoke_callback()now catches anyThrowableraised by the callback and converts it to aWP_Errorwith codeability_callback_exception. Becauseinvoke_callback()is shared betweendo_execute()andcheck_permissions(), both callback types are protected by a single change, and the existingis_wp_error()handling inexecute()surfaces the error to the caller unchanged.## Test plan
execute_callbackthat throws — expectsWP_Errorwith codeability_callback_exception.permission_callbackthat throws viacheck_permissions()directly — same code, same behavior.🤖 Generated with Claude Code