sourcebans-pp
sourcebans-pp copied to clipboard
sbpp
JWT secret outside <?php>
What are the steps to reproduce this issue?
- Run upgrade.php
- Go to root page
What happens?
For some reason the "define" was added outside the <?php> and was shown publicly to everyone on the root page.
<?php
....
if(!defined('IN_SB')){echo 'You should not be here. Only follow links!';die();}
...
//define('DEVELOPER_MODE', true); // Use if you want to show debugmessages
//define('SB_MEM', '128M'); // Override php memory limit, if isn't enough (Banlist is just a blank page)
?>define('SB_SECRET_KEY', ''); //Secret for JWT
What were you expecting to happen?
Its like all the other "define"
Any other comments?
Not entirely what i expected to see. Is there any way to regenerate the secret?
What versions of software are you using?
Operating System: ubuntu 20.04.3 SourceBans++ Version: 1.7 (latest) PHP Version: 8.1
Checking the config templates and going back all versions to 1.6.0 i cant find the closing tag of the <?php> anywhere in the template. Not entirely sure why its in there but that explains why it broke like this.
Issue is therefore not entirely relevant, just for a few that added or autocompleted the closing tag.