A way to store values in $_ENV but not $_SERVER

[benjaminkohl]

It was brought to our attention that the $_SERVER super global's contents are dumped to the browser console when a particular CMS is in development mode. While we only do this on the dev site, we'd still like to keep our DB credentials out of the browser console.

Is there a way to make dotenv put/get from $_ENV entirely and not make any changes to $_SERVER?

[stedaniels]

See #200 this would mitigate this potential vulnerability in the CMS. Hopefully it'll get merged.

[GrahamCampbell]

Done in #300. See https://github.com/vlucas/phpdotenv#loader-customization for an example.