Add logic to rename insecure CONFIG_PATH
This commit is contained in:
parent
13fb849973
commit
d5d13fa831
1 changed files with 12 additions and 2 deletions
|
@ -104,11 +104,21 @@ class Configuration
|
|||
$config = array();
|
||||
$basePath = PATH . 'cfg' . DIRECTORY_SEPARATOR;
|
||||
$configIni = $basePath . 'conf.ini';
|
||||
$configFile = $basePath . 'conf.php';
|
||||
|
||||
if (getenv('CONFIG_PATH') !== false) {
|
||||
$configFile = getenv('CONFIG_PATH');
|
||||
} else {
|
||||
$configFile = $basePath . 'conf.php';
|
||||
|
||||
// Rename INI files to avoid configuration leakage
|
||||
if (
|
||||
strtolower(substr($configFile, -3, 3)) == 'ini' &&
|
||||
is_readable($configFile) &&
|
||||
is_writable(dirname($configFile))
|
||||
) {
|
||||
$oldConfigFile = $configFile;
|
||||
$configFile = substr($configFile, 0, -3) . 'php';
|
||||
DataStore::prependRename($oldConfigFile, $configFile, ';');
|
||||
}
|
||||
}
|
||||
|
||||
// rename INI files to avoid configuration leakage
|
||||
|
|
Loading…
Reference in a new issue