[wp-trac] [WordPress Trac] #52226: PHP 8 issue: Fatal error when error_reporting is disabled

WordPress Trac noreply at wordpress.org
Tue Jan 5 06:47:15 UTC 2021 

#52226: PHP 8 issue: Fatal error when error_reporting is disabled
--------------------------+------------------------------
 Reporter:  fijisunshine  |       Owner:  (none)
     Type:  defect (bug)  |      Status:  new
 Priority:  normal        |   Milestone:  Awaiting Review
Component:  Security      |     Version:  5.6
 Severity:  normal        |  Resolution:
 Keywords:  php8          |     Focuses:
--------------------------+------------------------------

Comment (by ayeshrajans):

 Thanks for creating this issue, @fijisunshine - it indeed brings more
 attention than the forum.

 I find it interesting that `error_reporting` function is disabled. While
 it can enable error reporting, it could also be used to hide them. I also
 think the _display_ of errors is information exposure vulnerability - not
 the fact that they are reported and logged. But I'm digressing.

 The fatal errors are because in PHP 8.0, disabled function are not
 registered at all, and allows to be redeclared as well. See
 [https://php.watch/versions/8.0/disable_functions-redeclare PHP 8.0:
 Disabled functions behave as if they do not exist].

 Redeclaring a dummy function for disabled functions is only possible in
 PHP 8.0 as well.

 Patch above by @peterwilsoncc looks great, although I wonder if we could
 use `ini_set` as a fall-back , provided it's available:
 {{{#!php
 <?php
 /*
  * The error_reporting() function can be disabled in php.ini and may be
 done so for
  * security purposes. On systems with this function disabled it's best to
 add a dummy
  * function to the wp-config.php file but as this call to the function is
 run prior
  * to wp-config.php loading, it is wrapped in a function_exists() check.
  */
 if ( function_exists( 'error_reporting' ) ) {
         error_reporting( E_CORE_ERROR | E_CORE_WARNING | E_COMPILE_ERROR |
 E_ERROR | E_WARNING | E_PARSE | E_USER_ERROR | E_USER_WARNING |
 E_RECOVERABLE_ERROR );
 }
 elseif ( function_exists( 'ini_set' ) ) {
         ini_set( 'error_reporting',  E_CORE_ERROR | E_CORE_WARNING |
 E_COMPILE_ERROR | E_ERROR | E_WARNING | E_PARSE | E_USER_ERROR |
 E_USER_WARNING | E_RECOVERABLE_ERROR );
 }
 }}}

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/52226#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list