To reproduce:
- Install drupal 8.x but create the settings.php using `touch settings.php` instead of copying the example.
- Enter database connection details.
- Watch it break.
Result:
The database array is written to the file without enclosing <?php tags, causing the array to echo to the browser at the top of every page and may pose an additional security risk.
(sorry if this is a dupe; I looked around a bit and couldn't find another)
Postponed: needs info
9.5
It makes Drupal less vulnerable to abuse or misuse. Note, this is the preferred tag, though the Security tag has a large body of issues tagged to it. Do NOT publicly disclose security vulnerabilities; contact the security team instead. Anyone (whether security team or not) can apply this tag to security improvements that do not directly present a vulnerability e.g. hardening an API to add filtering to reduce a common mistake in contributed modules.
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
Wonder if this is still a desired featured for D10+?
There has been no discussion here for many years an no response to the latest query. Therefor, I am closing this issue.
If there is interest in this re-open the issue and add a comment. Or open a new issue and reference this one.