[#31719] - Disabling features in Joomla global config doesn't remove their credentials from configuration.php
- Closed
- 6 Mar 2022
- Medium
- Build: staging
- # 31719
Steps to reproduce the issue
(I raised this years ago, lets try again)
Configure a Joomla site with SMTP with Authentication credentials, the FTP layer (username and password) and proxy settings (Username and password).
Enjoy your site...
At a time in the future disable to disable these features by setting them to NO in Joomla global config
Click save.
See Configuration saved message
edit /configuration.php
Expected result
That the credentials and any configuration switched to NO is removed (set to default empty string if appropriate) from configuration.php
Actual result
Credentials are still stored, in plain text, in configuration.php even though disabled the feature in Joomla global config, and no longer viewable password in the GUI due to new Password Lock button process.
The "webmaster" is given a false impression and makes the assumption that No = Off = The provided credentials are no longer stored anywhere.
joomla-cms-bot
- | Labels |
Added:
?
|
||
It wasn't ignored it was only out of scope of this PR and actually I think it's a limitation of showon which should be hard to fix globally.
Yes excuses were made last time that it was "hard to fix", doesn't mean it should not be fixed :)
Infact its probably easier to do in PHP right in the code just before creating a JConfig class, a quick test of "off" and delete the other values :)
rdeutz
- | Labels |
Added:
?
|
||
| Status | New | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2022-03-06 22:57:38 |
| Closed_By | ⇒ | PhilETaylor | |
| Labels |
Added:
No Code Attached Yet
bug
Removed: ? ? |
||
Also commented by @bembelimen here #31515 (comment) but they were ignored.