Blog Documentation Try Vanilla Cloud
Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Options

Vanilla Statistics seriously broken

strtfrstrtfr New
edited September 2013 in Vanilla 2.0 - 2.8

Vanilla Statistics is seriously broken in vanilla-core-2-0-18-8.

When I try to re-register the API KEY the following error message is displayed:
API Status
Problem with credentials.

If I dig through the source the config.php -> $Configuration['Garden']['InstallationSecret'] is not correctly read, since this piece of code returns null.

in class.statistics.php line 689

// If we don't have a secret, we cannot verify anyway
$VanillaSecret = Gdn::InstallationSecret();
if (is_null($VanillaSecret))
  return NULL;

A $Configuration['Garden']['InstallationSecret'] is present in my config file.

Curl is enabled and working.

Comments

  • Options
    UnderDogUnderDog MVP

    @strtfr said:
    $VanillaSecret = Gdn::InstallationSecret();

    Good debugging so far, now digg into that InstallationSecret function

    There's a really helpful function. It's decho or echod which helps you show variables in nice formatted way

    There was an error rendering this rich post.

  • Options
    strtfrstrtfr New

    @UnderDog decho() indeed.

    I really do not get how this function operates or is fired in the system.

    in class.gdn.php at line 334

       public static function InstallationSecret($SetInstallationSecret = NULL) {
      static $InstallationSecret = FALSE;
      if (!is_null($SetInstallationSecret)) {
         if ($SetInstallationSecret !== FALSE) {
            SaveToConfig ('Garden.InstallationSecret', $SetInstallationSecret);
         } else {
            RemoveFromConfig('Garden.InstallationSecret');
         }
         $InstallationSecret = $SetInstallationSecret;
      }

      if ($InstallationSecret === FALSE)
         $InstallationSecret = C('Garden.InstallationSecret', NULL);
     decho($InstallationSecret);  //debug
      return $InstallationSecret;
   }

    If I add the decho, multiple dumps are being made on a page refresh. So it is fired multiple times.

    NULL NULL NULL string(40) "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxetc" string(40) "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxetc"

    If I change anything in code, like hardcoding the secret or remove the validation check, the system goes haywire. Unfortunately it is a feature not a core functionality, so I will just disable it before it devours my time. :)

  • Options
    UnderDogUnderDog MVP

    Can you open a bug report on Github? Tell the bug number in this thread please

    There was an error rendering this rich post.

  • Options
    strtfrstrtfr New

    @UnderDog. I will open a bug report on GitHub. I still do not haven an account, but this is a good reason to do so. I will check for a week if the feature suddenly starts working. Else I will update when the bug number is known. According to Vanillaforums.org this seems like a re-occuring problem.

Sign In or Register to comment.