WordPress.org

Ready to get started?Download WordPress

Forums

WP Slimstat
[resolved] error 'misconfigured setting' when wp-config.php outside wp root (13 posts)

  1. pixolin
    Member
    Posted 1 year ago #

    I love slimstat, but think I stumbled over a bug today:

    With line 4 of wp-slimstat-js.php you set the path to wp-config.phg using $wp_root_folder = '../../..'; which may work fine in a standard wordpress installation, but not if you follow good practice for hardening wordpress, which also suggests to move wp-config.php outside your htdocs folder.

    May I suggest you use lines 26 to 34 of wp-load.php which retrieves wp-config.php from the wordpress-folder, or – if missing – from the folder above.

    Editing the plugin manually as your comment in wp-slimstat-js.php line 3/6 suggests is undesirable.

    Is there any particular reason that you do direct mysql_connects instead of using the $wpdb object?

    "Tanti Saluti", pixolin

    http://wordpress.org/extend/plugins/wp-slimstat/

  2. camu
    Member
    Plugin Author

    Posted 1 year ago #

    Hi there,

    thank you for pointing this out. According to the lines of code you referenced, wp-config could be moved to the parent folder, so my code should be looking there as well:

    if ( file_exists( ABSPATH . 'wp-config.php') ) {
    
    	/** The config file resides in ABSPATH */
    	require_once( ABSPATH . 'wp-config.php' );
    
    } elseif ( file_exists( dirname(ABSPATH) . '/wp-config.php' ) && ! file_exists( dirname(ABSPATH) . '/wp-settings.php' ) ) {
    
    	/** The config file resides one level above ABSPATH but is not part of another install */
    	require_once( dirname(ABSPATH) . '/wp-config.php' );
    
    } else {
    
    	// A config file doesn't exist

    I will modify wp-slimstat-js.php to keep this exception in account.

    The reason why I don't load the ENTIRE WordPress engine to execute just a couple of queries is quite evident: performance ;)

    Ciao,
    Camu

    PS: a vote for my plugin would be a nice way to say thank you.

  3. pixolin
    Member
    Posted 1 year ago #

    Thanks for your kind attention.

    Oh, and regarding the vote: been there, done that (a while ago already).
    Keep up the good work!

    Ciao, pixolin.

  4. camu
    Member
    Plugin Author

    Posted 1 year ago #

    A fix has already been added to 2.8.7 :)

    Cheers,
    Camu

  5. thob
    Member
    Posted 1 year ago #

    Hi,

    my config.php is pointing to the actual configuration file like so

    <?php
    include('/is/htdocs/w.../px7g.php');
    ?>

    seems to create Error parsing wp-config with slimstat.

    Any cure for that?

  6. camu
    Member
    Plugin Author

    Posted 1 year ago #

    Hi Thob,

    in your case you will need to point wp-slimstat-js.php to the REAL config file, basically where the DB access params are defined. You will have to edit it every time you update WP SlimStat (I'm working on a way to avoid that, though).

    Cheers,
    Camu

    PS: a vote for my plugin would be a nice way to say thank you.

  7. thob
    Member
    Posted 1 year ago #

    thanks! - will do :)

  8. thob
    Member
    Posted 1 year ago #

    Hmm, the file is in a parallel directory like 5 up and then into a dir that's parallel to www. How would I write it?

    Thanks

  9. camu
    Member
    Plugin Author

    Posted 1 year ago #

    Use .. for each folder up ;)

    Let's say you have slimstat in

    /home/www/wp-content/plugins/wp-slimstat

    and your wp-config is in

    /home/www/config/wp-config.php

    Then you need to go 3 up and 1 down:

    ../../../config

    Hopefully your file is called wp-config.php :D

    If it's not, you will have to further edit the code of my file to make it work for you.

    I will add this to the next release (only if you are willing to change your vote from 4 to 5 stars hehe... just kidding).

    Cheers,
    Camu

  10. thob
    Member
    Posted 1 year ago #

    it's named differently ;-) what else do I have to edit then?

  11. camu
    Member
    Plugin Author

    Posted 1 year ago #

    I'm wondering why anyone would have such a non-standard environment. What are the benefits of this approach? Once I get access to the first file, I know where to find the second, no matter how you call it :)

    Anyway, a solution to your problem will be implemented soon.

    Stay tuned and thanks for your vote!
    Camu

  12. thob
    Member
    Posted 1 year ago #

    If I remember correctly it was a security advice. But you are right one leads to the other

    btw: you got 5* for excellent product & support :-)

    Update: here is the post about moving the configuration file

  13. camu
    Member
    Plugin Author

    Posted 1 year ago #

    Thank you for the reference, much appreciated. I am implementing the workaround, which basically will allow you to write the path to your wp-config in a file within your wp-content folder. WP SlimStat will search for that file, and use the path to locate your wp-config :) And even if you update WP SlimStat, your file won't be overwritten.

    Cool?

    Camu

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic