[wp-trac] [WordPress Trac] #41999: /wp-includes/theme-compat/embed.php causes unnecessary errors in request log

WordPress Trac noreply at wordpress.org
Thu Jan 4 15:20:19 UTC 2024 

#41999: /wp-includes/theme-compat/embed.php causes unnecessary errors in request
log
-------------------------+----------------------
 Reporter:  arjenlentz   |       Owner:  (none)
     Type:  enhancement  |      Status:  closed
 Priority:  normal       |   Milestone:
Component:  Embeds       |     Version:  4.8.2
 Severity:  normal       |  Resolution:  wontfix
 Keywords:  close        |     Focuses:
-------------------------+----------------------
Changes (by hellofromTonya):

 * status:  new => closed
 * resolution:   => wontfix
 * milestone:  Awaiting Review =>


Comment:

 Hello @arjenlentz,

 Welcome back to WordPress Core. I'm following up on older close candidate
 tickets to help resolve them. For this ticket, I'm closing it as `wontfix`
 (with explanation). However, if there's more information available today
 that can help to further enlighten the use case, risks, and benefits,
 please reopen.

 ''tl;dr''
 IMO this use case seems to be an instance of doing it wrong and the fatal
 error thrown is the expected behavior and outcome.

 ''Longer explanation:''

 >It's being called directly: "GET /wp-includes/theme-compat/embed.php
 HTTP/1.1"
 Of course people shouldn't, but they do, for a purpose: to derive certain
 information or find vulnerabilities.
 >It also clutters error logs, which may cause real errors to get missed.

 The scenario shared is not normal use case, but rather an intentional
 action as noted. Thus, the errors thrown are valid as these fatals prevent
 further processing.

 For example, someone seeking to derive information by directly loading the
 `embed.php` file will get a fatal error at the start of the file's load.
 No information other than a fatal for `get_header()` happens.

 As @swissspidy shared, this is not unique to `embed.php`. Many files are
 not meant to be directly loaded as they have dependencies to other code.
 Loading them before that other code gets loaded will cause a fatal error.

 This particular file is designed in a theme-way, by-design for classic
 themes to model. All the files in the `wp-includes/theme-compat/`
 directory are template files which get loaded into memory when a classic
 theme does not have the file. None are meant to be directly loaded.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/41999#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list