[wp-trac] [WordPress Trac] #46608: Being in recovery mode is easy to not realise you are in it
WordPress Trac
noreply at wordpress.org
Fri Mar 22 15:48:03 UTC 2019
#46608: Being in recovery mode is easy to not realise you are in it
-----------------------------------+------------------------------
Reporter: karmatosed | Owner: (none)
Type: enhancement | Status: new
Priority: high | Milestone: Awaiting Review
Component: General | Version:
Severity: normal | Resolution:
Keywords: needs-design-feedback | Focuses:
-----------------------------------+------------------------------
Comment (by TimothyBlynJacobs):
Thank you for these explorations!
> Is there any downside to being in recovery mode?
I would say there isn't a significant downside to being in recovery mode.
The possible concern in my mind would be if they were on a shared
computer. Someone might be able to bypass a security related plugin by
causing it to fatal, making it easier to login since the recovery mode
cookie would still be there. But being in recovery mode shouldn't be used
as a substitute for any auth checks.
Outside of being on a shared computer, the worst that could happen is a
plugin gets unexpectedly paused for causing a fatal error. Since this is
local to the current user, it shouldn't be a significant issue, but it
isn't ideal.
-----
One advantage of having it in the menu bar is it could be something
visible on the front end of the site. Additionally, right now if a plugin
is paused on the front end, the user won't see any notice until they go
back into the admin. This isn't there in core at the moment, but
conceivably, we could add a notification of some kind to the admin bar
that a plugin was just paused, or have a quick way of displaying all the
paused plugins. Of course, the admin bar isn't showing on the front-end
for all sites, but I think it might be worth exploring forcing the admin
bar to display when in recovery mode.
An additional note is that recovery mode isn't cleared when the user logs
out. If it did, it'd be difficult to test/reproduce errors that occur
during the login process ( which is one of the most important actions ).
--
Ticket URL: <https://core.trac.wordpress.org/ticket/46608#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list