Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

config.php file overwritten

2»

Comments

  • Were using Vanilla v2.2.1 and for us the above answer doesnt work but is very nearly correct, been scratching my head over this too as we have different DB creds for different environments. The problem with passing TRUE in the following statement:

    Gdn::Config()->Load( $env_config_path, 'Configuration', TRUE );

    ..is that the file you are pointing at ($env_config_path) becomes writeable and your changes will be overwritten any time you save config updates through the dashboard (eg updating routing info). Therefore you cannot pass TRUE if you want the $env_config_path file to stay as it is. A side affect of not passing true is that the config, when written in array format as above or as in the config.php file, is ignored. Therefore the config-development.php file needs to be updated to:

    // config-development.php
    <?php if (!defined('APPLICATION')) exit();
    // Database
    saveToConfig('Database.Name', 'example_forums_development');
    saveToConfig('Database.Host', 'localhost');
    saveToConfig('Database.User', 'root');
    saveToConfig('Database.Password', 'root');

    This may only be an issue with v2.2.1 and not the latest versions, unfortunately at the moment we are stuck on 2.2.1

    Hope this helps and thanks to lvl99 for putting us on the right track!

  • LincLinc Detroit Admin

    @JonTJ said:
    unfortunately at the moment we are stuck on 2.2.1

    I don't know what's stopping you from upgrading, but there is a critical security vulnerability in versions below 2.3.1.

  • JonTJJonTJ New
    edited May 2017

    @Linc thanks for the heads up, were currently bound by the version of PHP on our production servers - we have this issue a lot unfortunately. Are you referring to the PHPMailer vulnerability or are there others as well?

  • LincLinc Detroit Admin

    @JonTJ said:
    Are you referring to the PHPMailer vulnerability or are there others as well?

    The PHPMailer issue is by far the most severe. There are other lesser issues as well, however.

  • @Linc many thanks, we are working toward being able to upgrade. In the meantime we will disable the ability for users to send emails to each other to reduce the risk from the PHPMailer vulnerability.

  • vrijvlindervrijvlinder Papillon-Sauvage MVP

    @JonTJ said:
    @Linc many thanks, we are working toward being able to upgrade. In the meantime we will disable the ability for users to send emails to each other to reduce the risk from the PHPMailer vulnerability.

    That won't keep you safe since the vulnerability is a back door for script injection...

Sign In or Register to comment.