[wp-trac] [WordPress Trac] #53979: Non-valid plugins should be removed from the 'active_plugins' option
noreply at wordpress.org
Mon Aug 23 14:00:50 UTC 2021
#53979: Non-valid plugins should be removed from the 'active_plugins' option
Reporter: tommusrhodus | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: trunk
Severity: normal | Keywords:
**Issue as found**
Failed auto-update of WooCommerce resulted in an empty `/woocommerce/`
plugin folder, but `woocommerce/woocommerce.php` remaining inside the
`active_plugins` option resulted in a dependent plugin throwing a fatal
error, since its internal checks against the `active_plugins` option still
To recreate this issue, a default install with WooCommerce & WooCommerce
Subscriptions plugins installed is enough. Empty the contents of the
`/woocommerce/` plugin folder to simulate a failed auto-update, there will
now be a fatal error on front-end and admin.
''Note'' that whilst I ran into this issue with WooCommerce & WooCommerce
Subscriptons, this issue could theoretically happen with any plugin and
extension plugin combination that uses the `active_plugins` option to
determine if dependency has been met.
Plugins which fail to validate inside `wp_get_active_and_valid_plugins()`
should also be removed from the `active_plugins` option to avoid further
clashes and potential fatal errors. Currently the function excludes the
plugins from loading, but leaves the plugin key inside the
`active_plugins` option which can be problematic if dependant plugins are
checking that option for the parent plugin key.
Expected outcome would be that a plugin which fails to validate for any
reason should also be removed from the `active plugins` option.
If a plugin fails to validate it should not just be excluded from loading
at runtime, but also its key removed from the `active_plugins` option to
avoid loading attempts in the future, and further issues caused by
dependant plugins. I have tested a patch within
`wp_get_active_and_valid_plugins()` which resolves this, should this bug
report be accepted.
**Acknowledgement of plugin specific issue**
I appreciate that at first glance this appears like a plugin specific
issue in that without the parent / dependant plugin structure using
`active_plugins` as a dependency check then there would be no issue here.
However given the ubiquitous nature of something like WooCommerce and
their [https://docs.woocommerce.com/document/create-a-plugin/] developer
docs pointing toward using `active_plugins` as a dependency check, it's
clear that WordPress users getting a WSoD from a failed plugin update
could be avoided with a core patch.
Ticket URL: <https://core.trac.wordpress.org/ticket/53979>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac