[wp-trac] [WordPress Trac] #12839: Should sandbox themes on activate to prevent fatal errors
WordPress Trac
noreply at wordpress.org
Tue Dec 8 06:46:45 UTC 2015
#12839: Should sandbox themes on activate to prevent fatal errors
-------------------------+-----------------------------
Reporter: dd32 | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Future Release
Component: Themes | Version: 3.0
Severity: normal | Resolution:
Keywords: needs-patch | Focuses:
-------------------------+-----------------------------
Comment (by nikolov.tmw):
Replying to [comment:7 dd32]:
> We don't need to worry about any theme settings really, that's all
either handled up the stack, or something we don't need to worry about.
I thought that's the case, but wanted to double-check.
> The way the plugins sandbox works is as follows:
> - You hit the Activation URL
> - A redirect is issued to a failed-activation step
> - The plugin is included, activation functions are run
> - The plugin is marked as activated in the database
> - A redirect is issued to the successful-activation step, overriding
the previous failure step.
>
> That works pretty well, and could also be done for themes.
However, I anticipate that a single request won't be a viable option for
themes. The problem I see is that while multiple plugins can be active, we
can't(shouldn't) have multiple themes active in the same request. Hence
why we first do a request to the sandboxing URL and if that succeeds, we
do a request to the activation URL, where all of the flips and switches
are currently being taken care of.
> One option that has been brought up for the upgraders at least, is to
perform a HTTP callback to various locations (Front page, Admin page, REST
API) to ensure that none of those pages are fataling and are still
accessible. That has other downsides though (failing requests, Load-
balanced/proxied sites, etc) not being handled well.
I did think about HTTP callbacks as well, but there are definitely cases
where those would fail(besides the points you brought, it can also fail if
you're working on a remote server that doesn't have a DNS record, ie using
your hosts file).
Ok, I'll work on a patch in the following week or so. It definitely won't
be able to handle either the REST API, or the CLI, but it will work from
the UI. Once we have that in place, we can think of possible ways to make
the activation work for the API and CLI.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/12839#comment:8>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list