[wp-trac] [WordPress Trac] #53989: Needs a filter to disable loopback request in plugin and theme file editor
WordPress Trac
noreply at wordpress.org
Sat Mar 11 04:39:43 UTC 2023
#53989: Needs a filter to disable loopback request in plugin and theme file editor
-----------------------------+------------------------------
Reporter: ooqwqoo | Owner: (none)
Type: feature request | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Filesystem API | Version: 5.8
Severity: normal | Resolution:
Keywords: close | Focuses:
-----------------------------+------------------------------
Changes (by costdev):
* keywords: => close
Comment:
Hi @ooqwqoo, welcome to Trac and thanks for opening this ticket!
While a filter would be quite straightforward to add, it's a safety
measure against mistakes that could cause a fatal error on a website.
If someone is editing a theme or plugin file using the editor, this
suggests that they don't have any other means of accessing the file, such
as FTP, SSH or a webhost's file manager.
Should a fatal error occur, this would leave the user stuck for how to
proceed, and potentially incurring costs to pay a developer to resolve the
issue, or losing revenue if they run an eCommerce website.
For that reason, I don't think we should add such a filter to WordPress to
make this scenario easier to achieve, and think we should close this
ticket as `wontfix`.
It is possible to use the `pre_http_request` filter to detect a scrape,
return an appropriate value to fake the result, and avoid making the
loopback's http request. Should someone wish to prevent loopbacks, they
could write the code to do this for their site(s).
For now, I'll add `close` to indicate current feedback on the idea of
introducing such a filter so that other contributors can offer their
thoughts.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/53989#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list