Load SAFE_MODE config from envvar (#2169)

* Properly load `SAFE_MODE` config from environment variable
* Closes #2168

CTFd/config.ini

@@ -193,6 +193,11 @@ SQLALCHEMY_MAX_OVERFLOW =
 # https://flask-sqlalchemy.palletsprojects.com/en/2.x/config/#configuration-keys
 SQLALCHEMY_POOL_PRE_PING =
 
+# SAFE_MODE
+# If SAFE_MODE is enabled, CTFd will not load any plugins which may alleviate issues preventing CTFd from starting
+# Defaults to false
+SAFE_MODE =
+
 [oauth]
 # OAUTH_CLIENT_ID
 # Register an event at https://majorleaguecyber.org/ and use the Client ID here

CTFd/config.py

@@ -195,6 +195,8 @@ class ServerConfig(object):
 
     HTML_SANITIZATION: bool = process_boolean_str(empty_str_cast(config_ini["optional"]["HTML_SANITIZATION"], default=False))
 
+    SAFE_MODE: bool = process_boolean_str(empty_str_cast(config_ini["optional"]["SAFE_MODE"], default=False))
+
     if DATABASE_URL.startswith("sqlite") is False:
         SQLALCHEMY_ENGINE_OPTIONS = {
             "max_overflow": int(empty_str_cast(config_ini["optional"]["SQLALCHEMY_MAX_OVERFLOW"], default=20)),  # noqa: E131

CTFd/plugins/__init__.py

@@ -202,6 +202,8 @@ def init_plugins(app):
             module = importlib.import_module(module, package="CTFd.plugins")
             module.load(app)
             print(" * Loaded module, %s" % module)
+    else:
+        print("SAFE_MODE is enabled. Skipping plugin loading.")
 
     app.jinja_env.globals.update(get_admin_plugin_menu_bar=get_admin_plugin_menu_bar)
     app.jinja_env.globals.update(get_user_page_menu_bar=get_user_page_menu_bar)