Dealing with aliases and environment variables containing special characters ($, @) #3769
Comments
|
This seems like a duplicate of #3700, which we fixed in 3.1.4. That You sure you’re actually running 3.1.7? Check line 85 of Line 85 in d7d9166 If not, there may have been an issue when updating previously. Try nuking your If it does, then maybe it’s a opcache issue? |
|
You're right! After further inspection, it looks like this is specifically affecting my S3 Volumes rather than all of them as I previously thought. It looks like S3's Volume.php is still using parseEnv without silencing exceptions: Craft::parseEnv($this->cfDistributionId),I'm guessing this was just introduced as a bug with the release of 1.1.1 Edit Edit 2 craftcms/cms/src/web/twig/variables/Cp.php:333 foreach (array_keys($_ENV) as $var) {
$envSuggestions[] = [
'name' => '$' . $var,
'hint' => $security->redactIfSensitive($var, Craft::getAlias(getenv($var)))
];
} |
|
Ahhh, thanks for looking into it! Just fixed that for the next release. You can patch your install to get the fix now by changing your "require": {
"craftcms/cms": "dev-develop#0bf918445ea2db832bdbd843705dfc08d05a678d as 3.1.7",
"...": "..."
}Then run |
Description
We store our database credentials, among other things, in the environment and use auto-generated passwords. This has caused an issue with the move to autosuggest fields and the use of environment variables/aliases in the CP since frequently, our passwords contain or even start with "@" or "$". This causes a pretty nasty error in the CP displaying the password in question:
I'm not sure what the best way around this is, but disallowing these characters in passwords/forcing people to change passwords to less secure ones doesn't feel like the right approach.
Steps to reproduce
Additional info
The text was updated successfully, but these errors were encountered: