Update Piwik using HTTPS + add a system check

- Piwik will update over HTTPS if curl is supported - the system check verifies that updating over HTTPS is supported (= curl supported)

Update Piwik using HTTPS + add a system check
1202d1a4 · Matthieu Napoli · a24a01ee · 1202d1a4 · 1202d1a4 · 1202d1a4
--- a/config/global.ini.php
+++ b/config/global.ini.php
@@ -465,7 +465,8 @@ enable_trusted_host_check = 1
 ; The release server is an essential part of the Piwik infrastructure/ecosystem
 ; to provide the latest software version.
-latest_version_url = http://builds.piwik.org/piwik.zip
+latest_version_url = https://builds.piwik.org/piwik.zip
+latest_beta_version_url = https://builds.piwik.org/piwik-%s.zip
 ; The API server is an essential part of the Piwik infrastructure/ecosystem to
 ; provide services to Piwik installations, e.g., getLatestVersion and

--- a/plugins/CoreUpdater/Controller.php
+++ b/plugins/CoreUpdater/Controller.php
@@ -48,7 +48,8 @@ class Controller extends \Piwik\Plugin\Controller
    protected static function getLatestZipUrl($newVersion)
    {
        if (@Config::getInstance()->Debug['allow_upgrades_to_beta']) {
-            return 'http://builds.piwik.org/piwik-' . $newVersion . '.zip';
+            $url = Config::getInstance()->General['latest_beta_version_url'];
+            return sprintf($url, $newVersion);
        }
        return Config::getInstance()->General['latest_version_url'];
    }
@@ -426,4 +427,12 @@ class Controller extends \Piwik\Plugin\Controller
        return PluginManager::getInstance()->getIncompatiblePlugins($piwikVersion);
    }
+    public static function isUpdatingOverHttps()
+    {
+        if (strpos(self::getLatestZipUrl(''), 'https') === false) {
+            return false;
+        }
+        return Http::getTransportMethod() === 'curl';
+    }
 }
--- a/plugins/Installation/SystemCheck.php
+++ b/plugins/Installation/SystemCheck.php
@@ -19,6 +19,7 @@ use Piwik\Filechecks;
 use Piwik\Filesystem;
 use Piwik\Http;
 use Piwik\Piwik;
+use Piwik\Plugins\CoreUpdater;
 use Piwik\Plugins\UserCountry\LocationProvider;
 use Piwik\SettingsServer;
 use Piwik\Url;
@@ -102,6 +103,9 @@ class SystemCheck
        $infos['tracker_status'] = Common::getRequestVar('trackerStatus', 0, 'int');
        $infos['is_nfs'] = Filesystem::checkIfFileSystemIsNFS();
+        $infos['https_update'] = CoreUpdater\Controller::isUpdatingOverHttps();
        $infos = self::enrichSystemChecks($infos);
        return $infos;

--- a/plugins/Installation/lang/en.json
+++ b/plugins/Installation/lang/en.json
@@ -115,6 +115,8 @@
        "SystemCheckCronArchiveProcess": "Archive Cron",
        "SystemCheckCronArchiveProcessCLI": "Managing processes via CLI",
        "SystemCheckPhpSetting": "To prevent some critical issue, you must set the following in your php.ini file: %s",
+        "SystemCheckUpdateHttps": "Update over HTTPS",
+        "SystemCheckUpdateHttpsNotSupported": "Piwik will update without using HTTPS which is insecure. Check that CURL is installed.",
        "NotSupported": "not supported",
        "Tables": "Creating the Tables",
        "TablesCreatedSuccess": "Tables created with success!",

--- a/plugins/Installation/templates/_systemCheckSection.twig
+++ b/plugins/Installation/templates/_systemCheckSection.twig
@@ -356,6 +356,17 @@
        </tr>
    {% endif %}
+    <tr>
+        <td class="label">{{ 'Installation_SystemCheckUpdateHttps'|translate }}</td>
+        <td>
+            {% if infos.https_update %}
+                {{ ok }}
+            {% else %}
+                {{ warning }} {{ 'Installation_SystemCheckUpdateHttpsNotSupported'|translate }}
+            {% endif %}
+        </td>
+    </tr>
 </table>
 {% include "@Installation/_integrityDetails.twig" %}