-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bootstrap/Load: Refactor debug.log handling for enhanced protection and usability #6164
base: trunk
Are you sure you want to change the base?
Bootstrap/Load: Refactor debug.log handling for enhanced protection and usability #6164
Conversation
The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the Core Committers: Use this line as a base for the props when committing in SVN:
To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook. |
a3ce0d2
to
8dd023d
Compare
…nd usability This commit addresses concerns related to the /wp-content/debug.log file being publicly accessible, which may contain sensitive information in some circumstances. To mitigate this risk, a randomly generated string is now appended to the debug log filename. Additionally, the debug logs have been relocated to a dedicated directory for improved organization and convenience. These changes enhance both the protection and usability of the debug.log subsystem.
8dd023d
to
a16aef7
Compare
Test using WordPress PlaygroundThe changes in this pull request can previewed and tested using a WordPress Playground instance. WordPress Playground is an experimental project that creates a full WordPress instance entirely within the browser. Some things to be aware of
For more details about these limitations and more, check out the Limitations page in the WordPress Playground documentation. |
Instead of generating a new debug log for every request, maybe we could use a deterministic, unique filename based on that site's salts? If the debug log file is persistent, I think there's no need for the |
This commit appends a hashed version of WP_CACHE_KEY_SALT to the debug.log file name, stores debug.log as a hidden file (.debug-[random-string].log) and removes the use of a debug directory from the earlier commit.
@Luc45 Thank you for your feedback. I have made the suggested changes. |
This commit addresses concerns related to the /wp-content/debug.log file being publicly accessible, which may contain sensitive information in some circumstances. To mitigate this risk, a randomly generated string is now appended to the debug log filename. The debug.log file has also been prefixed with a dot, to make it a hidden file.
These changes enhance both the protection and usability of the debug.log subsystem.
Trac ticket: https://core.trac.wordpress.org/ticket/60611
This Pull Request is for code review only. Please keep all other discussion in the Trac ticket. Do not merge this Pull Request. See GitHub Pull Requests for Code Review in the Core Handbook for more details.