From e06a8109d08f8e60c5e00b91508039262eac02f3 Mon Sep 17 00:00:00 2001
From: Michael Snoyman <michael@snoyman.com>
Date: Mon, 24 Aug 2015 11:55:41 +0300
Subject: [PATCH] Do not parse string environment variables into
 numbers/booleans #1061

---
 yesod/ChangeLog.md             |  4 ++++
 yesod/Yesod/Default/Config2.hs | 18 +++++++++++++++---
 yesod/yesod.cabal              |  2 +-
 3 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/yesod/ChangeLog.md b/yesod/ChangeLog.md
index 39d09923..25746eda 100644
--- a/yesod/ChangeLog.md
+++ b/yesod/ChangeLog.md
@@ -1,3 +1,7 @@
+## 1.4.2
+
+* Do not parse string environment variables into numbers/booleans [#1061](https://github.com/yesodweb/yesod/issues/1061)
+
 ## 1.4.1
 
 Provide the `Yesod.Default.Config2` module, for use by newer scaffoldings.
diff --git a/yesod/Yesod/Default/Config2.hs b/yesod/Yesod/Default/Config2.hs
index f9fb2f2d..fed812b9 100644
--- a/yesod/Yesod/Default/Config2.hs
+++ b/yesod/Yesod/Default/Config2.hs
@@ -69,11 +69,23 @@ applyEnvValue requireEnv' env =
     goV (String t1) = fromMaybe (String t1) $ do
         t2 <- T.stripPrefix "_env:" t1
         let (name, t3) = T.break (== ':') t2
+            mdef = fmap parseValue $ T.stripPrefix ":" t3
         Just $ case H.lookup name env of
-            Just val -> parseValue val
+            Just val ->
+                -- If the default value parses as a String, we treat the
+                -- environment variable as a raw value and do not parse it.
+                -- This means that things like numeric passwords just work.
+                -- However, for originally numerical or boolean values (e.g.,
+                -- port numbers), we still perform a normal YAML parse.
+                --
+                -- For details, see:
+                -- https://github.com/yesodweb/yesod/issues/1061
+                case mdef of
+                    Just (String _) -> String val
+                    _ -> parseValue val
             Nothing ->
-                case T.stripPrefix ":" t3 of
-                    Just val | not requireEnv' -> parseValue val
+                case mdef of
+                    Just val | not requireEnv' -> val
                     _ -> Null
     goV v = v
 
diff --git a/yesod/yesod.cabal b/yesod/yesod.cabal
index 83755d2a..a9149f9a 100644
--- a/yesod/yesod.cabal
+++ b/yesod/yesod.cabal
@@ -1,5 +1,5 @@
 name:            yesod
-version:         1.4.1.5
+version:         1.4.2
 license:         MIT
 license-file:    LICENSE
 author:          Michael Snoyman <michael@snoyman.com>