Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Rebased download system/environment information #7129
This is a rebased version of #6021 See description there
I have added suggestions by @roland-d and small code style fixes.
referenced this pull request
Jun 5, 2015
@phproberto I get both on json and txt the following error code in the beginning of the files:
@roland-d in my opinion anything that gets private info that may involve security issues should be skipped. I don't see issues with paths relative to system libs. Maybe Phil Taylor (I forgot his github username) can help us here. I'll ping him to see if he can check it.
The %SystemRoot% variable is a special system-wide environment variable found on Windows NT and its derivatives. Its value is the location of the system directory, including the drive and path. E.g c:\windows\system32
The %WINDIR% is where windows is installed, E.g c:\windows
All of the information in your post is available to hackers with a single line of code anyway - so as long as the exporting of this information is restricted to Super Admins, authenticated and logged in, then its no more of a security risk while displaying the data on the site.
Those that argue otherwise, would probably be the people still recommending moving configuration.php outside the public_html folder - doh!
What is done with the information AFTER it is extracted is another matter - when its posted in open forum etc... thats when this becomes a "security" issue.
Knowing these paths for support purposes is not normally needed, what is more important is a check that the path actually exists, and is writable most of the time. One doesn't care where they are configured to point at, one cares if they are useable.
extension_dir should probably never be writable as this is a system folder and not a folder PHP should have access to on a per site basis
Quite frankly if you are having issues with include_path, upload_tmp_dir, and session.save_path then you need a better webhost - these should be set on a hosting level and not messed around with on a per Joomla install level.
I have removed the information that won't help in any way to replicate enviroments. I think is better that we are more restrictive and then wait for someone asking that some information would be useful.
I'd like that a Windows user confirms that there is no private information shared there.
Tested and it works BUT
Thanks for the feedback @brianteeman.
I have rebased the PR against latest staging and based in your comments:
I have tested this item
As those informations are for supporters, some toughts of me as a forum moderator/supporter:
Due to extensions, important infos for supporting are (beside others of course):
Core Components whow are maintained by the core are mostly irrelevant for support. And Modules too, as they 'living' all in their own 'universe', not interfere/manipulate with other extension parts. Templates who are not involved are irrelevant.
But I think that's all stuff for another rainy day
But for the first implementation I would advise to add the publish state at least for plugins and modules, and ordering of the plugins groupwise + ordering ASC
Just my 20 cents. But anyway, it's a helpful feature for the future. Thanks for the work.
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/7129.