Move reading secret constants into files that need them to prevent crashes when scripts are run by users without permissions to read secrets

This commit is contained in:
Alex Cabal 2022-03-23 13:06:28 -05:00
parent fe93a1184b
commit 0bf50873ac
2 changed files with 7 additions and 2 deletions

View file

@ -37,9 +37,11 @@ const CAPTCHA_IMAGE_HEIGHT = 72;
const CAPTCHA_IMAGE_WIDTH = 230; const CAPTCHA_IMAGE_WIDTH = 230;
const NO_REPLY_EMAIL_ADDRESS = 'admin@standardebooks.org'; const NO_REPLY_EMAIL_ADDRESS = 'admin@standardebooks.org';
// We don't define the email username/password in this file to
// 1) avoid a filesystem read when email isn't being used, and
// 2) allow scripts run by users not in the www-data group to succeed, otherwise they will not be able to open secret files on startup and crash
const POSTMARK_SECRET_FILE_PATH = SITE_ROOT . '/config/secrets/postmarkapp.com';
const EMAIL_SMTP_HOST = 'smtp-broadcasts.postmarkapp.com'; const EMAIL_SMTP_HOST = 'smtp-broadcasts.postmarkapp.com';
define('EMAIL_SMTP_USERNAME', trim(file_get_contents(SITE_ROOT . '/config/secrets/postmarkapp.com')) ?: '');
const EMAIL_SMTP_PASSWORD = EMAIL_SMTP_USERNAME;
const EMAIL_POSTMARK_STREAM_BROADCAST = 'the-standard-ebooks-newsletter'; const EMAIL_POSTMARK_STREAM_BROADCAST = 'the-standard-ebooks-newsletter';
const REST = 0; const REST = 0;

View file

@ -2,6 +2,9 @@
use PHPMailer\PHPMailer\PHPMailer; use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\Exception; use PHPMailer\PHPMailer\Exception;
define('EMAIL_SMTP_USERNAME', trim(file_get_contents(POSTMARK_SECRET_FILE_PATH)) ?: '');
const EMAIL_SMTP_PASSWORD = EMAIL_SMTP_USERNAME;
class Email{ class Email{
public $To = ''; public $To = '';
public $From = ''; public $From = '';