[wp-trac] [WordPress Trac] #51857: Add rollback for failed plugin/theme updates

Tue Sep 7 00:28:46 UTC 2021

#51857: Add rollback for failed plugin/theme updates
----------------------------------------------+-----------------------
 Reporter:  pbiron                            |       Owner:  pbiron
     Type:  enhancement                       |      Status:  reopened
 Priority:  normal                            |   Milestone:  5.9
Component:  Upgrade/Install                   |     Version:
 Severity:  normal                            |  Resolution:
 Keywords:  early has-patch has-testing-info  |     Focuses:
----------------------------------------------+-----------------------

Comment (by SergeyBiryukov):

 Replying to [comment:113 afragen]:
 > {{{$disabled                   = explode( ',',
 ini_get('disable_functions') );}}}
 > {{{$available_space       = ! in_array( 'disk_free_space', $disabled,
 true ) ? (int) disk_free_space( WP_CONTENT_DIR . '/upgrade/' ) : false;}}}

 I wanted to see whether we have a precedent of checking the
 `disable_functions` setting this way in core.

 We do in `apache_mod_loaded()` for `phpinfo()` as of [29330] / #26772, but
 that appears to be the only instance. As noted in comment:3:ticket:42085,
 this seems a bit redundant and a simple `function_exists()` check should
 suffice.

 Per the [https://www.php.net/manual/en/function.function-exists.php#67947
 comments in the PHP manual], `function_exists()` should return `false` for
 functions disabled via `disable_functions` setting.

 As also noted in comment:3:ticket:42085, it is possible for the
 `function_exists()` check to return `true` if Suhosin is in use. However,
 that would be an edge case, as Suhosin was only officially available for
 PHP 5.4 to 5.6, and its development was discontinued in 2015.

 It's also worth noting that as of PHP 8, disabled functions can be
 redeclared. Unless the function is redeclared, `function_exists()` still
 returns `false`.

 It looks like most of the other instances in core where we need to check
 for a function that might be disabled just use a simple
 `function_exists()` check:
 * `wp_is_ini_value_changeable()` takes this approach for `ini_get_all()`
 in [38431] / #37680.
 * Site Health also uses this approach for `ini_get()` in [48535] / #50038.

 Related: #33112, #37680, #37978, #48693, #52226.

 So I would suggest just using a `function_exists()` check here as well,
 optionally combined with the error suppression operator just in case:
 {{{
 // Sometimes `disk_free_space()` is disabled via the `disable_functions`
 option for "security purposes".
 if ( function_exists( 'disk_free_space' ) ) {
         $available_space = (int) @disk_free_space( WP_CONTENT_DIR .
 '/upgrade/' );
 } else {
         $available_space = false;
 }
 }}}
 This works in my testing on PHP 5.6 to 8.1.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/51857#comment:116>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform