@tsteur opened this Pull Request on September 11th 2019 Member

Currently, we allow to put a bootstrap.php file into the root directory of Matomo and then load it as first thing. This allows for example the configuration of a few things that are needed to be set BEFORE we load any config. Such as

  • PIWIK_USER_PATH constant
  • Usage of config cache
  • etc.

This works nicely. The problem is when you would like to use Matomo for example as a submodule, or install it through composer, etc... then having a file in Matomo directory doesn't do the trick and you need to have the bootstrap file outside the Matomo directory.

That's why I'm now looking for ../matomo_bootstrap.php. It's not ideal cause what if the next person wants to have it at ../../../matomo_bootstrap.php etc. Ideally there be an environment variable. However, the project I'm working on I cannot make use of environment variables.

I will try to workaround it by putting all files into a new endpoint like my_index.php which then includes matomo_bootstrap.php and matomo/index.php for example but likely this won't work since Matomo will then not know the correct paths anymore...

Also we cannot look for ../bootstrap.php btw since someone might actually use that file for a completely different project and we don't want to load any file by accident that does not belong to Matomo.

Update: I couldn't find a workaround for this because otherwise Matomo gets completely confused with paths etc when embedding Matomo eg in a file index.php by doing like matomo/index.php and as I can't use environment variables or anything else will need this solution. Also I noticed that with such a solution we risk that Matomo thinks it is uninstalled and this be a security issue. An attacker could install Matomo using the attacker's DB credentials and this way get super user access which allows to install plugins etc.

This Pull Request was closed on September 16th 2019
Powered by GitHub Issue Mirror