diff --git a/config/global.ini.php b/config/global.ini.php
index 2a2daf136708f2fe7b6ddc948bf28cdced91eb5a..87f204e57c2ecb0a4e64567bd93f704854ce58ad 100644
--- a/config/global.ini.php
+++ b/config/global.ini.php
@@ -465,7 +465,8 @@ enable_trusted_host_check = 1
; The release server is an essential part of the Piwik infrastructure/ecosystem
; to provide the latest software version.
-latest_version_url = http://builds.piwik.org/piwik.zip
+latest_version_url = https://builds.piwik.org/piwik.zip
+latest_beta_version_url = https://builds.piwik.org/piwik-%s.zip
; The API server is an essential part of the Piwik infrastructure/ecosystem to
; provide services to Piwik installations, e.g., getLatestVersion and
diff --git a/plugins/CoreUpdater/Controller.php b/plugins/CoreUpdater/Controller.php
index 90b0d13aa5578bc0001197c543dd8334b38702ad..ca72b62ac013caeb0a683daa4a924ac8441d299c 100644
--- a/plugins/CoreUpdater/Controller.php
+++ b/plugins/CoreUpdater/Controller.php
@@ -48,7 +48,8 @@ class Controller extends \Piwik\Plugin\Controller
protected static function getLatestZipUrl($newVersion)
{
if (@Config::getInstance()->Debug['allow_upgrades_to_beta']) {
- return 'http://builds.piwik.org/piwik-' . $newVersion . '.zip';
+ $url = Config::getInstance()->General['latest_beta_version_url'];
+ return sprintf($url, $newVersion);
}
return Config::getInstance()->General['latest_version_url'];
}
@@ -426,4 +427,12 @@ class Controller extends \Piwik\Plugin\Controller
return PluginManager::getInstance()->getIncompatiblePlugins($piwikVersion);
}
+ public static function isUpdatingOverHttps()
+ {
+ if (strpos(self::getLatestZipUrl(''), 'https') === false) {
+ return false;
+ }
+
+ return Http::getTransportMethod() === 'curl';
+ }
}
diff --git a/plugins/Installation/SystemCheck.php b/plugins/Installation/SystemCheck.php
index de55506884cf94524cbb531833d21359e8980c0c..93ed1ac75f162843772dda856b6c26beb4468818 100644
--- a/plugins/Installation/SystemCheck.php
+++ b/plugins/Installation/SystemCheck.php
@@ -19,6 +19,7 @@ use Piwik\Filechecks;
use Piwik\Filesystem;
use Piwik\Http;
use Piwik\Piwik;
+use Piwik\Plugins\CoreUpdater;
use Piwik\Plugins\UserCountry\LocationProvider;
use Piwik\SettingsServer;
use Piwik\Url;
@@ -102,6 +103,9 @@ class SystemCheck
$infos['tracker_status'] = Common::getRequestVar('trackerStatus', 0, 'int');
$infos['is_nfs'] = Filesystem::checkIfFileSystemIsNFS();
+
+ $infos['https_update'] = CoreUpdater\Controller::isUpdatingOverHttps();
+
$infos = self::enrichSystemChecks($infos);
return $infos;
diff --git a/plugins/Installation/lang/en.json b/plugins/Installation/lang/en.json
index 9711d997c3a415a96900f2d84c13fdf2f13112df..57abb9c4cfaf5d349fadebc78232b0e8410993b9 100644
--- a/plugins/Installation/lang/en.json
+++ b/plugins/Installation/lang/en.json
@@ -115,6 +115,8 @@
"SystemCheckCronArchiveProcess": "Archive Cron",
"SystemCheckCronArchiveProcessCLI": "Managing processes via CLI",
"SystemCheckPhpSetting": "To prevent some critical issue, you must set the following in your php.ini file: %s",
+ "SystemCheckUpdateHttps": "Update over HTTPS",
+ "SystemCheckUpdateHttpsNotSupported": "Piwik will update without using HTTPS which is insecure. Check that CURL is installed.",
"NotSupported": "not supported",
"Tables": "Creating the Tables",
"TablesCreatedSuccess": "Tables created with success!",
diff --git a/plugins/Installation/templates/_systemCheckSection.twig b/plugins/Installation/templates/_systemCheckSection.twig
index f797d1896959d573a44cbdf1cb22e880159e72db..b56db9b6726e8e6cf2da6b8b8926abc44a610f38 100755
--- a/plugins/Installation/templates/_systemCheckSection.twig
+++ b/plugins/Installation/templates/_systemCheckSection.twig
@@ -356,6 +356,17 @@
</tr>
{% endif %}
+ <tr>
+ <td class="label">{{ 'Installation_SystemCheckUpdateHttps'|translate }}</td>
+ <td>
+ {% if infos.https_update %}
+ {{ ok }}
+ {% else %}
+ {{ warning }} {{ 'Installation_SystemCheckUpdateHttpsNotSupported'|translate }}
+ {% endif %}
+ </td>
+ </tr>
+
</table>
{% include "@Installation/_integrityDetails.twig" %}