[wp-trac] [WordPress Trac] #43358: The theme/plugin editor sandbox does not play well with PHP sessions
WordPress Trac
noreply at wordpress.org
Wed Mar 4 14:27:04 UTC 2020
#43358: The theme/plugin editor sandbox does not play well with PHP sessions
----------------------------+-----------------------------
Reporter: bruandet | Owner: SergeyBiryukov
Type: defect (bug) | Status: accepted
Priority: normal | Milestone: 5.5
Component: Administration | Version: 4.9.4
Severity: normal | Resolution:
Keywords: has-patch | Focuses:
----------------------------+-----------------------------
Changes (by SergeyBiryukov):
* keywords: dev-feedback => has-patch
* milestone: Future Release => 5.5
Comment:
Replying to [comment:2 donmhico]:
> Adding `session_write_close()` before the first `wp_remote_get()`
specifically here - https://core.trac.wordpress.org/browser/trunk/src/wp-
admin/includes/file.php#L554 - fixes the issue for the Plugin and Theme
editor. However it does not fix the issue found in Site Health checks.
>
> Do you guys think that closing the session during the Site Health checks
is the proper solution? It feels kinda hacky if you ask me. Any other
ideas / approach?
Agreed. Closing the session seems appropriate for plugin/theme editor, but
not for Site Health checks. If there's an issue with these checks, there's
likely an actual issue with loopback requests, REST API, etc.
Ideally, Site Health should detect an active PHP session and provide a
more specific message than just requests timing out. Looks like this is
already discussed in #47320 though, so let's just fix the plugin/theme
editor here.
[attachment:"43358.diff"] works in my testing.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43358#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list