[wp-trac] [WordPress Trac] #49953: Xdebug not working out of the box

WordPress Trac noreply at wordpress.org
Thu Jul 9 01:58:22 UTC 2020

#49953: Xdebug not working out of the box
 Reporter:  Jules Colle       |       Owner:  (none)
     Type:  defect (bug)      |      Status:  new
 Priority:  normal            |   Milestone:  5.5
Component:  Build/Test Tools  |     Version:  5.3
 Severity:  normal            |  Resolution:
 Keywords:  has-patch         |     Focuses:

Comment (by pento):

 This has the potential to introduce interesting security vulnerabilities,
 I don't think it should be enabled by default.

 Off the top of my head:
 - Some Travis PHPUnit tests run with Xdebug enabled. Would this allow
 remote connections to the Travis job, potentially exposing encrypted keys?
 - Xdebug allows arbitrary code execution, if other people are able to
 connect to someone's development environment (for example, if it's exposed
 to the local network at a contributor day, or they use a forwarding
 service like ngrok), this could very easily open a contributor's computer
 to attack.

 I'd be more comfortable with enabling this if it can reliably restrict who
 it connects to.

Ticket URL: <https://core.trac.wordpress.org/ticket/49953#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list