Beware of logic that outputs stuff during 'shutdown' filter processing

[bobbingwide]

I have a trace plugin that hooks into the 'shutdown' action. When the request is NOT an AJAX request, it's programmed to output some information back to the requester.

Even though I've added some code to stop it doing this when WP_JSON is defined I haven't yet fixed the problem. I've only caught some of the instances where the logic should not be run.

The end result is that my WP-CLI cache file for api/oauth1- has been 'infected' with this output. The "secret" field in OAuthToken starts off OK, but the output from the trace routine has been appended to it. So instead of being 48 bytes it's 324 bytes. AND this causes a problem for the next request since it creates the wrong value for the $key used to create the oauth_signature.

Can anyone advise one or more fixes for this problem that will a) work for me b) work for anyone else who's attempting something similar.

Options include:

• Knowing what to check for during 'shutdown' processing.
• Sanitizing the fields before serializing them into the cache

[johnbillion]

I had a similar problem for a while in Query Monitor. I solved it by only outputting QM data on shutdown if one of the wp_footer, admin_footer, or login_footer actions had fired.

Ref: https://github.com/johnbillion/query-monitor/blob/2.7.1/dispatchers/Html.php#L271-L287

[bobbingwide]

Thanks John. I might try that approach as well.