Dear WordPress, why do you hate me?
Late last week I was working on updating a custom module that I had developed a while back, when adding all the “correct” looking functions and hooks to make the update work (a simple options page for storing system wide settings) every update to any setting in the Admin backend failed with the same “error” screen.
Even after setting WP_DEBUG to true, the same “friendly” error message continued to show up. I have worked with many different CMS’s and application platforms that have the idea of a friendly error screen, but they also have the ability to turn it off for debugging and development purposes. It seems WordPress does not have this same ability. So my question is, why have the WP_DEBUG setting if it does not turn off ALL friendly error messages?
Everything I read online pointed to the nonce being incorrect, but because I was using add_settings_section and add_settings_field functions to create the options page, it seemed unlikely that this could be the error (WordPress generates the nonce field for you when calling do_settings_sections, etc. to render from the above hooks).
After some more investigation, I found another piece of code in another plugin that was the issue and it was indeed an issue with the nonce being validated. Take a look and tell me if you see the issue.
Do you see the issue? The nonce is correct, and using the form that calls this code works as well. What is happening here is that it is checking ALL POST requests (in the Admin pages that is) and if the submit button name is “submit”, which is all of the out of the box and WordPress generated submit buttons, then it will validate the specific nonce field “mycustom_nonce” while the plugin is activated, which should and does throw errors. Just by changing the order of the checks everything goes back to working as intended.
I understand that there was “bad code” that was causing the issue with WordPress, and that is not my overall gripe. I should have a way to disable the friendly error messages for debugging and have WordPress tell me something like: “The nonce field ‘mycusom_nonce’ could not be validated at /path/to/plugin/file/plugin.php on line 123”. With a “good” error message like that I could have saved a lot of time and known exactly what and where the issue was. Almost every other CMS like system I have worked with (Drupal, SharePoint, etc.) has this ability and helps developers with troubleshooting these “gotcha” issues.
Hopefully this helps someone else that may come across this kind of issue. I will investigate further to see if I can work with WordPress to provide better, developer friendly error messages (that can be enabled with a configuration file or setting). Or maybe there is a way that I am just not aware of, and if so I will share that out as I think there are many developers out there that have this same issue, from time to time.
Ok, rant-ish is over, thanks again for reading!
