Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade/Install: Roll back a plugin auto-update with a fatal error. #5287

Closed
wants to merge 28 commits into from
Closed

Upgrade/Install: Roll back a plugin auto-update with a fatal error. #5287

wants to merge 28 commits into from

Conversation

costdev
Copy link
Contributor

@costdev costdev commented Sep 23, 2023
edited
Loading

The biggest concern when plugins update automatically is that they may contain a fatal error that crashes a website.

This performs a loopback request to the homepage in an attempt to detect such fatal errors in an active plugin after updating. This ensures that only the plugin's new code has been loaded into memory, and prevents false positives when, for example, a plugin may include a class definition in the main plugin file.

Should a fatal error be detected, the update is restored to the previously installed version.

The loopback request is also performed for the Plugin File Editor and Theme File Editor. However, the implementation here does not distinguish between a failed loopback request and a plugin with no fatal errors, as the aim is to make the best attempt to detect a fatal error.

Additionally, the Site Health error message for the loopback request test states:

Loopback requests are used to run scheduled events, and are also used by the built-in editors for themes and plugins to verify code stability.

So if loopback requests are not possible, automatic updates should not be possible anyway. 🙂

Trac ticket: https://core.trac.wordpress.org/ticket/58281

@afragen
Copy link
Member

afragen commented Sep 23, 2023

@costdev and I have been testing all combinations of plugins, fataling plugin, and themes with this, even @peterwilsoncc's list of plugins.

It tests out great!

@afragen afragen mentioned this pull request Sep 23, 2023
Closed
@costdev costdev force-pushed the rollback_automatic_plugin_updates branch 4 times, most recently from c49a17d to edec89e Compare October 14, 2023 11:22
@github-actions GitHub Actions
Copy link

Test using WordPress Playground

The changes in this pull request can previewed and tested using a WordPress Playground instance.

WordPress Playground is an experimental project that creates a full WordPress instance entirely within the browser.

Some things to be aware of

  • The Plugin and Theme Directories cannot be accessed within Playground.
  • All changes will be lost when closing a tab with a Playground instance.
  • All changes will be lost when refreshing the page.
  • A fresh instance is created each time the link below is clicked.
  • Every time this pull request is updated, a new ZIP file containing all changes is created. If changes are not reflected in the Playground instance,
    it's possible that the most recent build failed, or has not completed. Check the list of workflow runs to be sure.

For more details about these limitations and more, check out the Limitations page in the WordPress Playground documentation.

Test this pull request with WordPress Playground.

@costdev costdev force-pushed the rollback_automatic_plugin_updates branch from 56a2298 to db5b5c4 Compare February 18, 2024 00:05
@WordPress WordPress deleted a comment from github-actions bot Feb 18, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 18, 2024
edited
Loading

The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the props-bot label.

Unlinked Accounts

The following contributors have not linked their GitHub and WordPress.org accounts: @[email protected].

Contributors, please read how to link your accounts to ensure your work is properly credited in WordPress releases.

Core Committers: Use this line as a base for the props when committing in SVN:

Props costdev, johnbillion, mukesh27, afragen, audrasjb, justlevine.

To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook.

@costdev costdev added the props-bot Adding this label triggers the Props Bot workflow for a PR. label Feb 18, 2024
@github-actions github-actions bot removed the props-bot Adding this label triggers the Props Bot workflow for a PR. label Feb 18, 2024
@costdev costdev force-pushed the rollback_automatic_plugin_updates branch from db5b5c4 to d3a1813 Compare March 9, 2024 03:09
afragen
afragen suggested changes Mar 9, 2024
View reviewed changes
src/wp-includes/load.php Outdated Show resolved Hide resolved
@costdev costdev force-pushed the rollback_automatic_plugin_updates branch from 9ff3a78 to 7a8a3f6 Compare April 3, 2024 18:57
afragen
afragen suggested changes Apr 9, 2024
View reviewed changes
Copy link
Member

@afragen afragen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should better integrate without the need to return a WP_Error

src/wp-admin/includes/class-wp-automatic-updater.php Show resolved Hide resolved
audrasjb
audrasjb reviewed Apr 22, 2024
View reviewed changes
Copy link
Contributor

@audrasjb audrasjb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I added a few comments :)

src/wp-admin/includes/class-wp-automatic-updater.php Show resolved Hide resolved
src/wp-admin/includes/class-wp-automatic-updater.php Show resolved Hide resolved
src/wp-admin/includes/class-wp-automatic-updater.php Show resolved Hide resolved
src/wp-admin/includes/class-wp-automatic-updater.php Show resolved Hide resolved
@johnbillion
Copy link
Member

I added some minor code review comments, but in general it's looking good. I'm going to functionally test this over the next few days.

afragen
afragen suggested changes May 8, 2024
View reviewed changes
src/wp-admin/includes/class-wp-automatic-updater.php
Comment on lines +543 to +548
/*
* Avoids a race condition when there are 2 sequential plugins that have fatal errors.
* WP_Automatic_Updater::update() can be called for the second plugin before the first has
* finished checking for fatal errors. This can cause the second plugin's fatal error checking to be skipped,
* and may affect subsequent plugins too.
*/
Copy link
Member

@afragen afragen May 8, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
/*
* Avoids a race condition when there are 2 sequential plugins that have fatal errors.
* WP_Automatic_Updater::update() can be called for the second plugin before the first has
* finished checking for fatal errors. This can cause the second plugin's fatal error checking to be skipped,
* and may affect subsequent plugins too.
*/
/*
* Avoids a race condition when there are 2 sequential plugins that have fatal errors.
* It seems a slight delay is required for the loopback to use the updated plugin code in the request.
* This can cause the second plugin's fatal error checking to be inaccurate,
* and may also affect subsequent plugin checks.
*/

Copy link
Contributor Author

@costdev costdev May 8, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure that documenting what doesn't work is useful here, but posting on the ticket what's been checked and verified is worth doing for posterity. In the code, we should document the reasoning for the sleep, and ensure that we've verified the details as much as we can.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

By all means modify as necessary.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated

@johnbillion
Copy link
Member

What shall we do with all the error_log() calls in this PR? Strip them out?

@costdev
Copy link
Contributor Author

costdev commented May 9, 2024

For debugging purposes, since this is a background task, it would be great if we could put them behind a WP_DEBUG flag so any reported issues can detail where things went wrong, then remove this logging later in the cycle.

@afragen
Copy link
Member

afragen commented May 9, 2024

I say leave them for now for broader testing. Somewhere around beta1 we can put the loopback results behind WP_DEBUG and remove most of the others.

@johnbillion
Copy link
Member

https://core.trac.wordpress.org/changeset/58128 🚀

@bonny bonny mentioned this pull request Aug 2, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@justlevine justlevine justlevine left review comments

@mukeshpanchal27 mukeshpanchal27 mukeshpanchal27 left review comments

@audrasjb audrasjb audrasjb left review comments

@afragen afragen afragen requested changes

@johnbillion johnbillion johnbillion requested changes

@peterwilsoncc peterwilsoncc Awaiting requested review from peterwilsoncc

@getsource getsource Awaiting requested review from getsource

@SergeyBiryukov SergeyBiryukov Awaiting requested review from SergeyBiryukov

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@costdev @afragen @johnbillion @audrasjb @mukeshpanchal27 @justlevine