From 57ea8de183868cbb5c3b199d8e3d1ce2ac285306 Mon Sep 17 00:00:00 2001
From: Thomas Steur <thomas.steur@gmail.com>
Date: Thu, 7 May 2015 21:33:13 +0000
Subject: [PATCH] if a GET piwik.php is done without any parameter, still
return a HTTP 200
---
core/Tracker/Response.php | 15 +++++++++++----
tests/PHPUnit/Integration/TrackerTest.php | 1 -
tests/PHPUnit/System/TrackerResponseTest.php | 15 +++++++++++++--
3 files changed, 24 insertions(+), 7 deletions(-)
diff --git a/core/Tracker/Response.php b/core/Tracker/Response.php
index 3edd2b27c6..e4f2f7d5ae 100644
--- a/core/Tracker/Response.php
+++ b/core/Tracker/Response.php
@@ -74,7 +74,9 @@ class Response
$this->outputApiResponse($tracker);
Common::printDebug("Logging disabled, display transparent logo");
} elseif (!$tracker->hasLoggedRequests()) {
- Common::sendResponseCode(400);
+ if (!$this->isHttpGetRequest() || !empty($_GET) || !empty($_POST)) {
+ Common::sendResponseCode(400);
+ }
Common::printDebug("Empty request => Piwik page");
echo "<a href='/'>Piwik</a> is a free/libre web <a href='http://piwik.org'>analytics</a> that lets you keep control of your data.";
} else {
@@ -100,15 +102,20 @@ class Response
private function outputAccessControlHeaders()
{
- $requestMethod = isset($_SERVER['REQUEST_METHOD']) ? $_SERVER['REQUEST_METHOD'] : 'GET';
-
- if ($requestMethod !== 'GET') {
+ if (!$this->isHttpGetRequest()) {
$origin = isset($_SERVER['HTTP_ORIGIN']) ? $_SERVER['HTTP_ORIGIN'] : '*';
Common::sendHeader('Access-Control-Allow-Origin: ' . $origin);
Common::sendHeader('Access-Control-Allow-Credentials: true');
}
}
+ private function isHttpGetRequest()
+ {
+ $requestMethod = isset($_SERVER['REQUEST_METHOD']) ? $_SERVER['REQUEST_METHOD'] : 'GET';
+
+ return strtoupper($requestMethod) === 'GET';
+ }
+
private function getOutputBuffer()
{
return ob_get_contents();
diff --git a/tests/PHPUnit/Integration/TrackerTest.php b/tests/PHPUnit/Integration/TrackerTest.php
index 260e8d721b..300e26f664 100644
--- a/tests/PHPUnit/Integration/TrackerTest.php
+++ b/tests/PHPUnit/Integration/TrackerTest.php
@@ -19,7 +19,6 @@ use Piwik\Tests\Framework\TestCase\IntegrationTestCase;
use Piwik\Tracker;
use Piwik\Tracker\RequestSet;
use Piwik\Tracker\Request;
-use Piwik\Translate;
class TestTracker extends Tracker
{
diff --git a/tests/PHPUnit/System/TrackerResponseTest.php b/tests/PHPUnit/System/TrackerResponseTest.php
index 16ab4a4e01..337aceb30c 100755
--- a/tests/PHPUnit/System/TrackerResponseTest.php
+++ b/tests/PHPUnit/System/TrackerResponseTest.php
@@ -94,10 +94,21 @@ class TrackerResponseTest extends SystemTestCase
$this->assertResponseCode(400, $url . '1'); // has to be 16 char, but is 17 now
}
- public function test_response_ShouldReturnPiwikMessage_InCaseOfEmptyRequest()
+ // See https://github.com/piwik/piwik/issues/7850 piwik.php is used by plugins and monitoring systems to test for Piwik installation.
+ // it is important to return a 200 if someone does a GET request with no parameters
+ public function test_response_ShouldReturnPiwikMessageWithHttp200_InCaseOfEmptyGETRequest()
{
$url = Fixture::getTrackerUrl();
- $this->assertResponseCode(400, $url);
+ $this->assertResponseCode(200, $url);
+
+ $expected = "<a href='/'>Piwik</a> is a free/libre web <a href='http://piwik.org'>analytics</a> that lets you keep control of your data.";
+ $this->assertHttpResponseText($expected, $url);
+ }
+
+ public function test_response_ShouldReturnPiwikMessageWithHttp400_InCaseOfInvalidRequestOrIfNothingIsTracked()
+ {
+ $url = Fixture::getTrackerUrl();
+ $this->assertResponseCode(400, $url . '?rec=1');
$expected = "<a href='/'>Piwik</a> is a free/libre web <a href='http://piwik.org'>analytics</a> that lets you keep control of your data.";
$this->assertHttpResponseText($expected, $url);
--
GitLab