[Bug] Configured plugin settings show as default value in config file page

[sapajune]

What happened?

When configuring plugin settings they seem to override default values in config file page. The configured value is displayed as default and the default value is not visible at all.

In some cases this may expose sensitive information in the UI. For example, if Redis password is configured in QueuedTracking plugin it is displayed as default value in plaintext even if it is a password field.

What should happen?

The configured value should be displayed appropriately in it's own column and the default should display the actual default.

How can this be reproduced?

1. Install a plugin.
2. Configure plugin setting via UI (or config.ini.php).
3. Go to "Config file" page and look for the corresponding setting.

Matomo version

5.2.0

PHP version

8.3.15

Server operating system

AlmaLinux 9, Matomo in docker container

What browsers are you seeing the problem on?

Chrome

Computer operating system

Windows 10

Relevant log output

Validations

• Read our Contributing Guidelines.
• Follow our Security Policy.
• Check that there isn't already an issue that reports the same bug to avoid creating duplicates.
• The provided steps to reproduce is a minimal reproducible of the Bug.

[randy-innocraft]

Hi @sapajune. Thank you for creating the issue and bringing this to our attention, that's very appreciated. We have reviewed and triaged the problem internally, and we have confirmed it is an issue. Our team will prioritise this, and we will update you on the progress here when we have an update to share. If you have any further information or questions, please feel free to add them here.