WordPress and Suppressed Errors

One of the errors found by the Error Reporting plugin was an E_WARNING thrown by the constant() function. Upon investigation, it was discovered that the core file had the function call prefixed with the "@" error control operator. The log file also contained a few database function errors. The corresponding lines for those were found to have the error control operator prefixed to the calls as well.

Curious, I decided to see just how often error suppression was used in WordPress core files. After what proved to be a tedious undertaking, the error control operator was found in 53 files, including 26 under the wp-admin folder, and occurred anywhere from only once up to 146 times per file. No doubt, as the search was not thorough, some were not found.

What does the PHP documentation have to say? From Error Control Operators:

Warning
Currently the "@" error-control operator prefix will even disable error reporting for critical errors that will terminate script execution. Among other things, this means that if you use "@" to suppress errors from a certain function and either it isn't available or has been mistyped, the script will die right there with no indication as to why.

I imagine that if any of the core files caused such an event, there would be a large number of "I get a blank screen" complaints almost as soon as a version was released. Still, the number of variables, objects, PHP functions and WordPress functions is quite extensive.

I agree that it is better to suppress errors than to show them in a live blog. They would only confuse most visitors, and there's no need to help the script kiddies. And I also agree that although it might be preferrable to deal with errors in a better fashion, it is not always possible, especially as WordPress still supports PHP version 4. Yet, I can't help but think that in some cases at least, the code could be written differently without the need to suppress an error. I also have mixed feelings about the use of them in files under the wp-admin folder. On the one hand, presumably only an authorized admin would see them, and could benefit from seeing them, if and when they happened. On the other hand, every level of security, even by obscurity, is a good thing.

@$_GET['attachment_id']
@$_GET['m']
@$_GET['p']
@$_GET['page_id']
@$_POST['_page']
@$_POST['_per_page']
@$_POST['_total']
@$_POST['_url']
@$call['class']
@$datefunc
@$desc
@$fd
@$kellogs
@$mail
@$phpmailer->Send
@$widgets['dashboard_incoming_links']
@$widgets['dashboard_secondary']
@chdir
@chgrp
@chmod
@chown
@closedir
@constant
@copy
@count
@crc32
@date_default_timezone_set
@define
@dir
@dl
@each
@error_log
@exif_read_data
@extract
@fclose
@fetch_feed
@fflush
@fgets
@file
@file_exists
@file_get_contents
@fileatime
@filegroup
@filemtime
@fileowner
@fileperms
@filesize
@fopen
@fputs
@fread
@fseek
@fsockopen
@ftell
@ftp_chdir
@ftp_chmod
@ftp_connect
@ftp_delete
@ftp_fget
@ftp_fput
@ftp_login
@ftp_pasv
@ftp_pwd
@ftp_rawlist
@ftp_rmdir
@ftp_site
@ftp_ssl_connect
@func_get_arg
@func_num_args
@fwrite
@get_magic_quotes_runtime
@getcwd
@gethostbyaddr
@gethostbyname
@getimagesize
@gzclose
@gzdeflate
@gzinflate
@gzopen
@gzputs
@gzread
@gzwrite
@header
@html_entity_decode
@htmlspecialchars
@http_chunked_decode
@http_request
@iconv
@include
@include_once
@ini_get
@ini_set
@is_dir
@is_file
@is_link
@is_readable
@is_uploaded_file
@is_writable
@isset
@mb_convert_encoding
@mb_internal_encoding
@mkdir
@mktime
@move_uploaded_file
@mysql_connect
@mysql_fetch_field
@mysql_fetch_object
@mysql_free_result
@mysql_num_fields
@mysql_query
@mysql_select_db
@ob_end_flush
@opendir
@openssl_pkcs7_sign
@parse_url
@preg_match
@readdir
@rename
@rewind
@rmdir
@set_magic_quotes_runtime
@set_time_limit
@socket_bind
@socket_close
@socket_connect
@socket_create
@socket_getsockname
@socket_listen
@socket_read
@socket_set_option
@socket_write
@ssh2_auth_password
@ssh2_auth_pubkey_file
@ssh2_connect
@ssh2_sftp_rename
@stat
@stream_set_timeout
@strpos
@substr
@touch
@unlink
@unpack
@unserialize
@vsprintf
@wp_mail
@wp_read_image_metadata
@xml_parser_create
Technorati Tags: ,

2 Comments

  1. Posted September 5, 2009 at 1:39 am | Permalink

    Hi,

    Thanks for the article…I have been having issue of blank screen for a while now…If I do not have any plugins on my wp 2.8 then it works…but if I enable some plugins like supercache, related posts the it starts giving blank pages for tag pages…Only Tag pages not categories nor single pages. I am using Thesis framework and have been unable to resolve this issue for last 3 months.
    Please help

  2. Posted September 5, 2009 at 1:43 pm | Permalink

    Hi arun,

    If you try a different theme do you still have the same problem? If not, contacting the theme author and asking for support is probably your best bet.

    You could also try my Error Reporting plugin set to include the wp-contents folder. Then you may be able to spot the cause and fix it.