Commit b65bb536 authored by Adrian Rossouw's avatar Adrian Rossouw

Moved the environment hiding logic to the config files process method, and...

Moved the environment hiding logic to the config files process method, and have the http service OPT IN to use the cloaking.
parent 05f65d6b
......@@ -19,6 +19,13 @@ class provisionService_http_apache extends provisionService_http {
$this->server->setProperty('web_ports', array(80));
}
/**
* Apache uses mod_env to cloak the database credentials in settings.php.
*/
function cloaked_db_creds() {
return TRUE;
}
/**
* Pass some extra paths to the config file classes, which specify the server relative paths
* for use in the filename() methods.
......
......@@ -98,6 +98,13 @@ class provisionService_http extends provisionService {
return TRUE;
}
/**
* Support the ability to cloak the database credentials using environment variables.
*/
function cloaked_db_creds() {
return FALSE;
}
/**
* Return a list of servers that will need database access.
*/
......
......@@ -136,7 +136,7 @@ function provision_drupal_sync_site() {
* because the modules might provide additional information about the site.
*/
function _provision_drupal_create_settings_file() {
$config = new provisionConfig_drupal_settings(d()->name);
$config = new provisionConfig_drupal_settings(d()->name, drush_get_context('site'));
$config->write();
provision_drupal_sync_site();
}
......@@ -144,6 +144,7 @@ function _provision_drupal_create_settings_file() {
class provisionConfig_drupal_settings extends provisionConfig {
public $template = 'provision_drupal_settings.tpl.php';
public $description = 'Drupal settings.php file';
public $creds = array();
protected $mode = 0440;
function filename() {
......@@ -154,6 +155,11 @@ class provisionConfig_drupal_settings extends provisionConfig {
if (drush_drupal_major_version() >= 7) {
$this->data['db_type'] = ($this->data['db_type'] == 'mysqli') ? 'mysql' : $this->data['db_type'];
}
$cloaked = $this->owner->service('http')->cloaked_db_creds();
foreach (array('db_type', 'db_user', 'db_passwd', 'db_host', 'db_name') as $key) {
$this->creds[$key] = ($cloaked) ? "\$_SERVER[{$key}]" : urldecode($this->data[$key]);
}
$this->data['extra_config'] = "# Extra configuration from modules:\n";
$this->data['extra_config'] .= join("\n", drush_command_invoke_all('provision_drupal_config', d()->uri, $this->data));
......
......@@ -9,18 +9,18 @@
* This is a security measure implemented by the Aegir project.
*/
$databases['default']['default'] = array(
'driver' => urldecode($_SERVER['db_type']),
'database' => urldecode($_SERVER['db_name']),
'username' => urldecode($_SERVER['db_user']),
'password' => urldecode($_SERVER['db_passwd']),
'host' => urldecode($_SERVER['db_host']),
'driver' => "<?php print $this->creds['db_type']; ?>",
'database' => "<?php print $this->creds['db_name']; ?>",
'username' => "<?php print $this->creds['db_user']; ?>",
'password' => "<?php print $this->creds['db_passwd']; ?>",
'host' => <?php print $this->creds['db_host']; ?>,
);
$db_url = "<?php print strtr("%db_type://%db_user:%db_passwd@%db_host/%db_name", array(
'%db_type' => '$_SERVER[db_type]',
'%db_user' => '$_SERVER[db_user]',
'%db_passwd' => '$_SERVER[db_passwd]',
'%db_host' => '$_SERVER[db_host]',
'%db_name' => '$_SERVER[db_name]')); ?>";
'%db_type' => $this->creds['db_type'],
'%db_user' => $this->creds['db_user'],
'%db_passwd' => $this->creds['db_passwd'],
'%db_host' => $this->creds['db_host'],
'%db_name' => $this->creds['db_name'])); ?>";
$profile = "<?php print $this->profile ?>";
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment