Were using Vanilla v2.2.1 and for us the above answer doesnt work but is very nearly correct, been scratching my head over this too as we have different DB creds for different environments. The problem with passing TRUE in the following statement:
..is that the file you are pointing at ($env_config_path) becomes writeable and your changes will be overwritten any time you save config updates through the dashboard (eg updating routing info). Therefore you cannot pass TRUE if you want the $env_config_path file to stay as it is. A side affect of not passing true is that the config, when written in array format as above or as in the config.php file, is ignored. Therefore the config-development.php file needs to be updated to:
@Linc thanks for the heads up, were currently bound by the version of PHP on our production servers - we have this issue a lot unfortunately. Are you referring to the PHPMailer vulnerability or are there others as well?
@Linc many thanks, we are working toward being able to upgrade. In the meantime we will disable the ability for users to send emails to each other to reduce the risk from the PHPMailer vulnerability.
@JonTJ said: @Linc many thanks, we are working toward being able to upgrade. In the meantime we will disable the ability for users to send emails to each other to reduce the risk from the PHPMailer vulnerability.
That won't keep you safe since the vulnerability is a back door for script injection...
Comments
Were using Vanilla v2.2.1 and for us the above answer doesnt work but is very nearly correct, been scratching my head over this too as we have different DB creds for different environments. The problem with passing
TRUE
in the following statement:Gdn::Config()->Load( $env_config_path, 'Configuration', TRUE );
..is that the file you are pointing at (
$env_config_path
) becomes writeable and your changes will be overwritten any time you save config updates through the dashboard (eg updating routing info). Therefore you cannot passTRUE
if you want the$env_config_path
file to stay as it is. A side affect of not passing true is that the config, when written in array format as above or as in the config.php file, is ignored. Therefore the config-development.php file needs to be updated to:This may only be an issue with v2.2.1 and not the latest versions, unfortunately at the moment we are stuck on 2.2.1
Hope this helps and thanks to lvl99 for putting us on the right track!
I don't know what's stopping you from upgrading, but there is a critical security vulnerability in versions below 2.3.1.
@Linc thanks for the heads up, were currently bound by the version of PHP on our production servers - we have this issue a lot unfortunately. Are you referring to the PHPMailer vulnerability or are there others as well?
The PHPMailer issue is by far the most severe. There are other lesser issues as well, however.
@Linc many thanks, we are working toward being able to upgrade. In the meantime we will disable the ability for users to send emails to each other to reduce the risk from the PHPMailer vulnerability.
That won't keep you safe since the vulnerability is a back door for script injection...
❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌