From 980ac3aeaa50eb7a14b473534861a69324f36c2e Mon Sep 17 00:00:00 2001
From: Thomas Steur <thomas.steur@googlemail.com>
Date: Sat, 13 Sep 2014 15:29:58 +0200
Subject: [PATCH] refs #4996 allow only hosts of siteIds that are present in
the URL and do not allow known hosts automatically both to prevent issues on
shared Piwik instances
---
core/Tracker.php | 20 +++++++++++++-------
misc/internal-docs/content-tracking.md | 1 +
2 files changed, 14 insertions(+), 7 deletions(-)
diff --git a/core/Tracker.php b/core/Tracker.php
index a690a31225..4497ec0b99 100644
--- a/core/Tracker.php
+++ b/core/Tracker.php
@@ -929,6 +929,10 @@ class Tracker
return;
}
+ if (empty($this->requests)) {
+ return;
+ }
+
$redirectUrl = $this->getRedirectUrl();
$host = Url::getHostFromUrl($redirectUrl);
@@ -936,8 +940,15 @@ class Tracker
return;
}
- $model = new Model();
- $siteIds = $model->getSitesId();
+ $siteIds = array();
+
+ foreach ($this->requests as $request) {
+ $siteIds[] = (int) $request['idsite'];
+ }
+
+ $siteIds = array_unique($siteIds);
+
+ $model = new Model();
foreach ($siteIds as $siteId) {
$siteUrls = $model->getSiteUrlsFromId($siteId);
@@ -946,11 +957,6 @@ class Tracker
Url::redirectToUrl($redirectUrl);
}
}
-
- $trustedHosts = Url::getTrustedHosts();
- if (Url::isHostInUrls($host, $trustedHosts)) {
- Url::redirectToUrl($redirectUrl);
- }
}
diff --git a/misc/internal-docs/content-tracking.md b/misc/internal-docs/content-tracking.md
index 0f7c8aa5f9..9a3d6f8cd8 100644
--- a/misc/internal-docs/content-tracking.md
+++ b/misc/internal-docs/content-tracking.md
@@ -431,6 +431,7 @@ Nothing special here I think. We would probably automatically detect the type of
## TODO
* Would content impressions be tracked in overlay session?
* Overlay session should not trigger a content impression
+* Cache allowed site urls for redirects
* Test scroll event in ie9, ie10, ie11, opera
* Run JS tests in ff3, ie7, ie8, ie9, ie11, android, iphone, ms phone
* Write UI test
--
GitLab