[wp-trac] [WordPress Trac] #47320: Site Health: Call to API with $_COOKIE and PHPSESSID

WordPress Trac noreply at wordpress.org
Sun May 19 11:31:13 UTC 2019


#47320: Site Health: Call to API with $_COOKIE and PHPSESSID
----------------------------+-----------------------------
 Reporter:  matthieumota    |      Owner:  (none)
     Type:  defect (bug)    |     Status:  new
 Priority:  normal          |  Milestone:  Awaiting Review
Component:  Administration  |    Version:  5.2
 Severity:  trivial         |   Keywords:
  Focuses:                  |
----------------------------+-----------------------------
 We can see on base code
 (https://core.trac.wordpress.org/browser/branches/5.2/src/wp-
 admin/includes/class-wp-site-health.php?rev=45347#L1648) that complete
 $_COOKIE are parsed to api call for check on site health. Not worries but
 $_COOKIE contains PHPSESSID key.

 The PHP script in curl waits for the session to free itself from the first
 script that calls the API. This causes a timeout with CURL.

 Many solutions to resolve that, unset PHPSESSID from cURL call or use
 https://php.net/manual/en/function.session-write-close.php to end session
 before cURL call.

 Bug is also present on
 https://core.trac.wordpress.org/browser/branches/5.2/src/wp-admin/includes
 /class-wp-site-health-auto-updates.php?rev=45347#L93 and
 https://core.trac.wordpress.org/browser/branches/5.2/src/wp-admin/includes
 /class-wp-site-health.php?rev=45347#L1943

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/47320>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list