Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Vanilla Statistics seriously broken

strtfrstrtfr New
edited September 2013 in Vanilla 2.0 - 2.8

Vanilla Statistics is seriously broken in vanilla-core-2-0-18-8.

When I try to re-register the API KEY the following error message is displayed:
API Status
Problem with credentials.

If I dig through the source the config.php -> $Configuration['Garden']['InstallationSecret'] is not correctly read, since this piece of code returns null.

in class.statistics.php line 689

// If we don't have a secret, we cannot verify anyway
$VanillaSecret = Gdn::InstallationSecret();
if (is_null($VanillaSecret))
  return NULL;

A $Configuration['Garden']['InstallationSecret'] is present in my config file.

Curl is enabled and working.


  • Options

    @strtfr said:
    $VanillaSecret = Gdn::InstallationSecret();

    Good debugging so far, now digg into that InstallationSecret function

    There's a really helpful function. It's decho or echod which helps you show variables in nice formatted way

    There was an error rendering this rich post.

  • Options

    @UnderDog decho() indeed.

    I really do not get how this function operates or is fired in the system.

    in at line 334

       public static function InstallationSecret($SetInstallationSecret = NULL) {
          static $InstallationSecret = FALSE;
          if (!is_null($SetInstallationSecret)) {
             if ($SetInstallationSecret !== FALSE) {
                SaveToConfig ('Garden.InstallationSecret', $SetInstallationSecret);
             } else {
             $InstallationSecret = $SetInstallationSecret;
          if ($InstallationSecret === FALSE)
             $InstallationSecret = C('Garden.InstallationSecret', NULL);
         decho($InstallationSecret);  //debug
          return $InstallationSecret;

    If I add the decho, multiple dumps are being made on a page refresh. So it is fired multiple times.

    NULL NULL NULL string(40) "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxetc" string(40) "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxetc"

    If I change anything in code, like hardcoding the secret or remove the validation check, the system goes haywire. Unfortunately it is a feature not a core functionality, so I will just disable it before it devours my time. :)

  • Options

    Can you open a bug report on Github? Tell the bug number in this thread please

    There was an error rendering this rich post.

  • Options

    @UnderDog. I will open a bug report on GitHub. I still do not haven an account, but this is a good reason to do so. I will check for a week if the feature suddenly starts working. Else I will update when the bug number is known. According to this seems like a re-occuring problem.

Sign In or Register to comment.