fix: send 500 response code on critical errors#10579
Conversation
|
Hi @shivamdev-lgtm! 👋 Thank you for your contribution to WordPress! 💖 It looks like this is your first pull request to No one monitors this repository for new pull requests. Pull requests must be attached to a Trac ticket to be considered for inclusion in WordPress Core. To attach a pull request to a Trac ticket, please include the ticket's full URL in your pull request description. Pull requests are never merged on GitHub. The WordPress codebase continues to be managed through the SVN repository that this GitHub repository mirrors. Please feel free to open pull requests to work on any contribution you are making. More information about how GitHub pull requests can be used to contribute to WordPress can be found in the Core Handbook. Please include automated tests. Including tests in your pull request is one way to help your patch be considered faster. To learn about WordPress' test suites, visit the Automated Testing page in the handbook. If you have not had a chance, please review the Contribute with Code page in the WordPress Core Handbook. The Developer Hub also documents the various coding standards that are followed:
Thank you, |
|
The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the Core Committers: Use this line as a base for the props when committing in SVN: To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook. |
Test using WordPress PlaygroundThe changes in this pull request can previewed and tested using a WordPress Playground instance. WordPress Playground is an experimental project that creates a full WordPress instance entirely within the browser. Some things to be aware of
For more details about these limitations and more, check out the Limitations page in the WordPress Playground documentation. |
|
|
||
| $xml = <<<EOD | ||
| <error> | ||
| <code>{$parsed_args['code']}</code> |
There was a problem hiding this comment.
Looks like this change needs to be reverted?
| // Also ensure HTTP 500 if response is already set to 500 (from fatal error handler). | ||
| if ( $is_critical_error || 500 === $parsed_args['response'] ) { | ||
| $parsed_args['response'] = 500; | ||
| if ( function_exists( 'http_response_code' ) ) { |
There was a problem hiding this comment.
When would this function ever not exist?
| // Also ensure HTTP 500 if response is already set to 500 (from fatal error handler). | ||
| if ( $is_critical_error || 500 === $parsed_args['response'] ) { | ||
| $parsed_args['response'] = 500; | ||
| if ( function_exists( 'http_response_code' ) ) { |
There was a problem hiding this comment.
It seems weird to set $parsed_args['response'] = 500; if it's already set that way, as per the check on the line above.
|
|
||
| // Ensure HTTP 500 status code for critical errors, even if headers were already sent. | ||
| $is_critical_error = false; | ||
| if ( function_exists( 'is_wp_error' ) && is_wp_error( $message ) ) { |
There was a problem hiding this comment.
Is this function_exists check necessary? It's defined in load.php, which is loaded before this file.
References:
wordpress-develop/src/wp-settings.php
Line 37 in 2929fe2
wordpress-develop/src/wp-settings.php
Line 117 in 2929fe2
| $error_code = $message->get_error_code(); | ||
| $is_critical_error = ( 'internal_server_error' === $error_code ); |
There was a problem hiding this comment.
No need to save the error code as a variable since it's only used once.
| $error_code = $message->get_error_code(); | |
| $is_critical_error = ( 'internal_server_error' === $error_code ); | |
| $is_critical_error = ( 'internal_server_error' === $message->get_error_code() ); |
|
|
||
| // Ensure HTTP 500 status code for critical errors, even if headers were already sent. | ||
| $is_critical_error = false; | ||
| if ( is_wp_error( $message ) ) { |
There was a problem hiding this comment.
All of the function_exists() checks above for __() and esc_url() make me think that actually we should maybe not assume that is_wp_error() exists. In any case, it isn't necessary:
| if ( is_wp_error( $message ) ) { | |
| if ( $message instanceof WP_Error ) { |
There was a problem hiding this comment.
Pull request overview
Updates the default wp_die() HTML handler to force an HTTP 500 status code when handling “critical”/internal server error scenarios.
Changes:
- Adds “critical error” detection in
_default_wp_die_handler()based oncode/response(and attemptedWP_Error) inputs. - Forces the computed
wp_die()response to 500 and callshttp_response_code(500)for critical errors.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| if ( $message instanceof WP_Error ) { | ||
| $is_critical_error = $message->get_error_code(); | ||
| } elseif ( 'internal_server_error' === $parsed_args['code'] || 500 === $parsed_args['response'] ) { | ||
| $is_critical_error = true; | ||
| } |
There was a problem hiding this comment.
$message instanceof WP_Error can fatally error if WP_Error is not loaded yet (wp-settings.php loads wp-includes/functions.php before wp-includes/class-wp-error.php). Also, _wp_die_process_input() typically converts a WP_Error message into a string before this handler runs, so this branch is usually unreachable. Consider removing the instanceof check and relying on $parsed_args['code']/$parsed_args['response'], or guard it with class_exists( 'WP_Error' ) before using instanceof.
There was a problem hiding this comment.
This is not entirely correct. If WP_Error does not exist, no fatal error occurs. See https://3v4l.org/uCFvc#veol
There was a problem hiding this comment.
https://github.com/shivamdev-lgtm/wordpress-develop/blob/756e1d67fd188e35f6b6b04c8df61a0a25d420e5/src/wp-includes/functions.php#L4317-L4318 Since WP_Error is getting converted here, removing the redundant check and simplifying the logic a bit
|
|
||
| if ( $is_critical_error ) { | ||
| $parsed_args['response'] = 500; | ||
| http_response_code( 500 ); |
There was a problem hiding this comment.
http_response_code( 500 ) is executed unconditionally when $is_critical_error is true. If headers have already been sent, this can emit a PHP warning (and still cannot change the response code). To avoid noisy warnings/regressions, only call this when ! headers_sent() (or drop it and rely on the existing status_header() call inside the ! headers_sent() block).
| http_response_code( 500 ); | |
| if ( ! headers_sent() ) { | |
| http_response_code( 500 ); | |
| } |
|
@shivamdev-lgtm are you able to address the remaining review comments? |
|
Yes I'll take it up tomorrow @mindctrl |
|
@mindctrl I have fixed the rest of the comments. Please take a look |
| $message .= "\n<p><a href='javascript:history.back()'>$back_text</a></p>"; | ||
| } | ||
|
|
||
| // Ensure HTTP 500 status code for critical errors. |
There was a problem hiding this comment.
Maybe replace "Ensure" with "Enforce"?
Trac: https://core.trac.wordpress.org/ticket/64256