standardebooks/web
1
0
Fork 0
mirror of https://github.com/standardebooks/web.git synced 2025-07-16 11:26:37 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Move reading secret constants into files that need them to prevent crashes when scripts are run by users without permissions to read secrets

Browse source
This commit is contained in:
Alex Cabal 2022-03-23 13:06:28 -05:00
parent fe93a1184b
commit 0bf50873ac
2 changed files with 7 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

6
lib/Constants.php
View file

@ -37,9 +37,11 @@ const CAPTCHA_IMAGE_HEIGHT = 72;
const CAPTCHA_IMAGE_WIDTH = 230;
const NO_REPLY_EMAIL_ADDRESS = 'admin@standardebooks.org';
// We don't define the email username/password in this file to
// 1) avoid a filesystem read when email isn't being used, and
// 2) allow scripts run by users not in the www-data group to succeed, otherwise they will not be able to open secret files on startup and crash
const POSTMARK_SECRET_FILE_PATH = SITE_ROOT . '/config/secrets/postmarkapp.com';
const EMAIL_SMTP_HOST = 'smtp-broadcasts.postmarkapp.com';
define('EMAIL_SMTP_USERNAME', trim(file_get_contents(SITE_ROOT . '/config/secrets/postmarkapp.com')) ?: '');
const EMAIL_SMTP_PASSWORD = EMAIL_SMTP_USERNAME;
const EMAIL_POSTMARK_STREAM_BROADCAST = 'the-standard-ebooks-newsletter';
const REST = 0;

3
lib/Email.php
View file

@ -2,6 +2,9 @@
use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\Exception;
define('EMAIL_SMTP_USERNAME', trim(file_get_contents(POSTMARK_SECRET_FILE_PATH)) ?: '');
const EMAIL_SMTP_PASSWORD = EMAIL_SMTP_USERNAME;
class Email{
public $To = '';
public $From = '';