JWT secret outside <?php> - Githubissues

sbpp / sourcebans-pp

Admin, ban, and comms management system for the Source engine

https://sbpp.github.io/

Creative Commons Attribution Share Alike 4.0 International

328 stars 174 forks source link

JWT secret outside <?php> #903

Open Dragonisser opened 1 year ago

Dragonisser commented 1 year ago

What are the steps to reproduce this issue?

Run upgrade.php
Go to root page

What happens?

For some reason the "define" was added outside the <?php> and was shown publicly to everyone on the root page.

<?php
....
if(!defined('IN_SB')){echo 'You should not be here. Only follow links!';die();}
...
//define('DEVELOPER_MODE', true);           // Use if you want to show debugmessages
//define('SB_MEM', '128M');                 // Override php memory limit, if isn't enough (Banlist is just a blank page)
?>define('SB_SECRET_KEY', ''); //Secret for JWT

What were you expecting to happen?

Its like all the other "define"

Any other comments?

Not entirely what i expected to see. Is there any way to regenerate the secret?

What versions of software are you using?

Operating System: ubuntu 20.04.3 SourceBans++ Version: 1.7 (latest) PHP Version: 8.1

Dragonisser commented 1 year ago

Checking the config templates and going back all versions to 1.6.0 i cant find the closing tag of the <?php> anywhere in the template. Not entirely sure why its in there but that explains why it broke like this.

Issue is therefore not entirely relevant, just for a few that added or autocompleted the closing tag.