plaidpowered

There’s long discussions on the PHP set_error_handler documentation comments about this, and at least one super long Stack Overflow thread, PHP simply doesn’t seem designed to provide the info we need unless Xdebug is installed. By the time the error gets to the error handler callback, the backtrace has already been lost. Makes it real fun to track down deprecation warnings in production…

Thanks for replying, if someday I find a solution (probably won’t until the PHP function itself changes) I’ll be sure to let you know.

Closing, because while looking for an alternative solution I discovered the extraordinary complexity of such a request and I wonder if it’s even possible. Nevermind!

I just wanted to follow up to mention that my concluding paragraph is slightly misleading, the problem really doesn’t have much to do with PHP 8 besides the most recent version of guzzlehttp/psr requiring it. The real problem is a conflict between different versions of composer packages being loaded by multiple plugins, and really the only way to solve that is to use something like scoper.

The most recent, 4.15.3

Ah excellent – I didn’t realize there was a github or I would have reported over there. Following now.

Thanks for the help, yeah it’s a very specific set of circumstances that have to happen for this issue to occur.

Indeed. And considering people have been reporting this problem for over 6 months, and the fix is ridiculously easy, I am forced to assume the developer has abandoned this project. I’ve forked it to fix the issue:

https://github.com/plaidpowered/force-regenerate-thumbnails

No, I never did find any best practices or guides. OAuth was too complicated for our implementation, so we ended up with a custom implementation that works on top of the “Application passwords” plugin.

Essentially, a login request is sent to the WP REST server with a username/password in plaintext, the RESTful endpoint then returns an application password that is stored on the device. The application password is then used to authenticate all other API calls. All requests are encrypted over HTTPS, so in theory, this should be secure. But HTTPS is not infallible, and I’d love to entertain other ideas or improvements.