From e891b1403b6e917a0d4efc73c1aa275f0d10bbd9 Mon Sep 17 00:00:00 2001
From: mattpiwik <matthieu.aubry@gmail.com>
Date: Sat, 12 Feb 2011 21:25:49 +0000
Subject: [PATCH] Refs #1736 Adding new setting to disable Segmentation for
 Anonymous user, as a preventive measure

git-svn-id: http://dev.piwik.org/svn/trunk@3873 59fd770c-687e-43c8-a1e3-f5a4ff64c105
---
 config/global.ini.php | 4 ++++
 core/Archive.php      | 8 +++++++-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/config/global.ini.php b/config/global.ini.php
index 5bcda4d8f1..d443eca246 100644
--- a/config/global.ini.php
+++ b/config/global.ini.php
@@ -81,6 +81,10 @@ site_selector_max_sites = 10
 ; if set to 1, shows sparklines (evolution graph) in 'All Websites' report (MultiSites plugin)
 show_multisites_sparklines = 1
 
+; if set to 0, the anonymous user will not be able to use the 'segments' parameter in the API request
+; this is useful to prevent full DB access to the anonymous user, or to limit performance usage
+anonymous_user_enable_use_segments_API = 1
+
 ; this action name is used when the URL ends with a slash / 
 ; it is useful to have an actual string to write in the UI
 action_default_name = index
diff --git a/core/Archive.php b/core/Archive.php
index 75f93364ac..369c0029c6 100644
--- a/core/Archive.php
+++ b/core/Archive.php
@@ -157,8 +157,14 @@ abstract class Piwik_Archive
 			$sites = Piwik_Site::getIdSitesFromIdSitesString($idSite);
 		}
 		
-		// @TODO read setting enable segmentation
 		$segment = Piwik_Common::unsanitizeInputValue($segment);
+		if(!Zend_Registry::get('config')->General->anonymous_user_enable_use_segments_API
+			&& !empty($segment))
+		{
+			throw new Exception("The Super User has disabled the use of 'segments' for the anonymous user. 
+									Please log in to use Segmentation in the API.");
+		}
+		
 		$segment = new Piwik_Segment($segment, $idSite);
 		
 		// idSite=1,3 or idSite=all
-- 
GitLab