[wp-trac] [WordPress Trac] #12839: Should sandbox themes on activate to prevent fatal errors

WordPress Trac noreply at wordpress.org
Tue Dec 8 02:14:12 UTC 2015 

#12839: Should sandbox themes on activate to prevent fatal errors
-------------------------+-----------------------------
 Reporter:  dd32         |       Owner:
     Type:  enhancement  |      Status:  new
 Priority:  normal       |   Milestone:  Future Release
Component:  Themes       |     Version:  3.0
 Severity:  normal       |  Resolution:
 Keywords:  needs-patch  |     Focuses:
-------------------------+-----------------------------

Comment (by dd32):

 We don't need to worry about any theme settings really, that's all either
 handled up the stack, or something we don't need to worry about.

 The way the plugins sandbox works is as follows:
  - You hit the Activation URL
  - A redirect is issued to a failed-activation step
  - The plugin is included, activation functions are run
  - The plugin is marked as activated in the database
  - A redirect is issued to the successful-activation step, overriding the
 previous failure step.

 That works pretty well, and could also be done for themes. The problem we
 face today is that with the REST API and other AJAX endpoints, the HTTP
 redirection flow can't really be used as it's probably not available
 (Can't perform redirects like that during a REST API call for example, nor
 from the CLI)

 One option that has been brought up for the upgraders at least, is to
 perform a HTTP callback to various locations (Front page, Admin page, REST
 API) to ensure that none of those pages are fataling and are still
 accessible. That has other downsides though (failing requests, Load-
 balanced/proxied sites, etc) not being handled well.

 The way forward isn't exactly "do this", it's rather, "here's the issues,
 now we need to find a solution that takes it all into account". Even if it
 doesn't protect against the REST API/CLI in the first iteration, it's a
 step forward.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/12839#comment:7>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list