#30519 closed defect (bug) (invalid)
Ignore wp-config.php in core.svn/core.git repos
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | normal | Version: | |
| Component: | Build/Test Tools | Keywords: | close |
| Focuses: | Cc: |
Description
Currently wp-config.php is not ignored in both core.git.wordpress.org and core.svn.wordpress.org repo's.
Including this would ensure wp-config.php is not accidentally committed to anyone's SVN checkout, Git clone of git://core.git.wordpress.org/ or GitHub forks of the mirror https://github.com/wordpress/wordpress mimicking the existing behaviour for the "develop" repo's.
To patch:
- Add
svn:ignorepropertywp-config.phpto the SVNcore.svn.wordpress.orgrepo - Add a new
.gitignorefile to the/srcfolder of the develop repo https://core.trac.wordpress.org/browser/trunk/src
File contents of new .gitignore file:
# gitignore file for WordPress Build # Configuration files with possibly sensitive information wp-config.php
Consideration: Should we also ignore .htaccess and other .gitignore files? See develop src here?
ToDo Note (Separate from any patch on this ticket): When bundling ZIP packages for releases the .gitignore file should not be included in any ZIP package.
See also: Slack discussion https://wordpress.slack.com/archives/core/p1417048473004442
My inclination is to say that anyone smart enough to run their WP installation from a checkout of core.svn or core.git should be assumed to be smart enough not to check sensitive files into their repos.
There are also valid setups that involve tracking wp-config.php under version control. On most of my client sites, wp-config.php is a tracked file, which
includes an untracked, environment-specific file with passwords, etc. I generally don't use these build repos to populate client sites, but if I did, I'd have to come up with clunky workarounds if we went with this proposal (*super* clunky workarounds in the case of.gitignore).