Bug #93844

LocalConfiguration.php is modified just visiting the Install Tool

Added by Christian Toffolo 4 months ago. Updated 4 months ago.

Must have
Target version:
Start date:
Due date:
% Done:


Estimated time:
TYPO3 Version:
PHP Version:
Is Regression:
Sprint Focus:


Having these 2 lines in typo3conf/AdditionalConfiguration.php:

$GLOBALS['TYPO3_CONF_VARS']['BE']['debug'] = '2';
$GLOBALS['TYPO3_CONF_VARS']['EXTENSIONS']['backend']['test'] = 'test';

and just visiting the Install Tool, causes the value of the second line to be written back to LocalConfiguration.php

This can produce unexpected results in production for an extension configuration intended only in development.


Updated by Daniel Siepmann 4 months ago

I can confirm with 10.4.14. But in my case the value is just written in case the key does not exist in LocalConfiguration.php. If it exists, but value is different, nothing happens. Maybe that helps to find the cause.


Updated by Christian Kuhn 4 months ago

Unable to reproduce with core v10 and master (instance without many fancy extensions).
This is probably not the SilentConfigurationUpgradeService: Operations in there avoid AdditionalConfiguration, but it still would be interesting on what actually causes this.

As side note: Using AdditionalConfiguration has no great core support and is risky for the install tool in general since install tool by definition can't handle arbitrary code people hack into this file. Considering the fact this is early bootstrap, it's an additional risk for system stability, especially when upgrading.
I remember a strong warning about this file but can't find it anymore ... the docs should be adapted accordingly.
Also see my comment on https://forge.typo3.org/issues/93818#note-1 on how this could be improved so this file could be dropped in most if not all cases.

Also available in: Atom PDF