Article about .env files

[voronkovich]

User description

For: joomla/joomla-cms#45523

This is an updated version of #432

---

PR Type

Documentation

---

Description

• Adds a comprehensive article explaining .env files and environment variables.

• Documents how to configure Joomla using environment variables.

• Provides code examples for both PHP and .env usage.

• Highlights best practices and references for further reading.

---

Changes walkthrough 📝

	Relevant files
Documentation	dotenv.md New documentation article on dotenv and environment variables docs/general-concepts/dotenv.md Introduces a new article detailing .env files and their purpose. Explains how Joomla supports configuration via environment variables. Includes practical code examples and references to best practices. Adds tips and info boxes for user guidance. +68/-0

---

Need help?

Type /help how to ... in the comments thread for any questions about Qodo Merge usage.

Check out the documentation for more information.

[qodo-merge-pro]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪

🧪 No relevant tests

🔒 No security concerns identified

⚡ Recommended focus areas for review Inconsistent Naming The article uses different naming conventions for environment variables. In the examples, both camelCase (JOOMLA_SITE_NAME) and snake_case (JOOMLA_ERROR_REPORTING) are used. Consistency should be verified. JOOMLA_DEBUG=true JOOMLA_ERROR_REPORTING=maximum JOOMLA_SITE_NAME='My Cool Site' Missing Security Context While the article mentions that environment variables enhance security, it doesn't provide guidance on securing .env files themselves or warn about not committing them to version control. Using environment variables allows developers to separate configuration from code, making it easier to manage different environments without modifying the application's source code. This approach enhances security because sensitive information, like database passwords, can be excluded from version control systems.

[qodo-merge-pro]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
General	Fix environment variable format Remove quotes around the site name value. In .env files, quotes are typically treated as part of the value rather than string delimiters, which could cause unexpected behavior when the value is used. docs/general-concepts/dotenv.md [46-50] ```env title=".env" JOOMLA_DEBUG=true JOOMLA_ERROR_REPORTING=maximum -JOOMLA_SITE_NAME='My Cool Site' +JOOMLA_SITE_NAME=My Cool Site - [ ] **Apply / Chat** <!-- /improve --apply_suggestion=0 --> <details><summary>Suggestion importance[1-10]: 7</summary> __ Why: Good catch - quotes in `.env` files are typically treated as literal characters rather than string delimiters, which could cause unexpected behavior when `JOOMLA_SITE_NAME` is used. </details></details></td><td align=center>Medium </td></tr><tr><td> <details><summary>Add error handling</summary> ___ **Add error handling for environment variable access. Direct access to <br>superglobals can cause undefined index errors if the environment variable <br>doesn't exist. Use isset() checks or null coalescing operators for safer access.** [docs/general-concepts/dotenv.md [23-25]](https://github.com/joomla/Manual/pull/480/files#diff-a6da5b2d9feb0c624c74763e893ca70d110f89bf6299534b4696f6d477831e6eR23-R25) ```diff -$foo = $_SERVER['FOO']; -$bar = $_ENV['BAR']; -$baz = getenv('BAZ'); +$foo = $_SERVER['FOO'] ?? null; +$bar = $_ENV['BAR'] ?? null; +$baz = getenv('BAZ') ?: null; Apply / Chat Suggestion importance[1-10]: 4 __ Why: While technically correct, adding error handling complicates simple documentation examples meant for illustrative purposes. The basic examples are appropriate for introductory documentation.	Low
	More