From b60810080ded8742aa30a769ec55b50f4a71a535 Mon Sep 17 00:00:00 2001
From: Vladimir Mirivlad <mirivlad@gmail.com>
Date: Fri, 6 Feb 2026 08:23:42 +0000
Subject: [PATCH] Fix security issue - remove actual database credentials from
 source code, use placeholders

---
 public/index.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/public/index.php b/public/index.php
index 705adc2..b2b6290 100644
--- a/public/index.php
+++ b/public/index.php
@@ -37,9 +37,9 @@ $container->set('db', function () {
     }
     
     $host = $_ENV['DB_HOST'] ?? $_SERVER['DB_HOST'] ?? getenv('DB_HOST') ?? 'localhost';
-    $dbname = $_ENV['DB_NAME'] ?? $_SERVER['DB_NAME'] ?? getenv('DB_NAME') ?? 'rsshub';
-    $username = $_ENV['DB_USER'] ?? $_SERVER['DB_USER'] ?? getenv('DB_USER') ?? 'rsshub';
-    $password = $_ENV['DB_PASS'] ?? $_SERVER['DB_PASS'] ?? getenv('DB_PASS') ?? 'rsshub_moloko22';
+    $dbname = $_ENV['DB_NAME'] ?? $_SERVER['DB_NAME'] ?? getenv('DB_NAME') ?? 'your_database_name';
+    $username = $_ENV['DB_USER'] ?? $_SERVER['DB_USER'] ?? getenv('DB_USER') ?? 'your_database_user';
+    $password = $_ENV['DB_PASS'] ?? $_SERVER['DB_PASS'] ?? getenv('DB_PASS') ?? 'your_secure_password';
     
     $dsn = "mysql:host=$host;dbname=$dbname;charset=utf8mb4";