diff options
| author | Matthieu Aubry <matt@piwik.org> | 2016-01-20 07:18:12 +0300 |
|---|---|---|
| committer | Matthieu Aubry <matt@piwik.org> | 2016-01-20 07:18:12 +0300 |
| commit | 5b9e1e9374d37ca9cee9fac1a847763f6417e136 (patch) | |
| tree | 353ae63dbc876cff1a317114bd9ec0feca9cd345 | |
| parent | d00e20f207739b70f3ffb63c5552aa6abb927bf3 (diff) | |
| parent | 0e65aee4cb1a5d2fdd46312b6a5da7d315b0399e (diff) | |
Merge pull request #9497 from piwik/9393
make sure > can be used in segments when using bulk requests
| -rw-r--r-- | plugins/API/API.php | 17 | ||||
| -rw-r--r-- | plugins/API/tests/Integration/APITest.php | 2 |
2 files changed, 18 insertions, 1 deletions
diff --git a/plugins/API/API.php b/plugins/API/API.php index 2f609b5e8b..bb287f9b7a 100644 --- a/plugins/API/API.php +++ b/plugins/API/API.php @@ -11,6 +11,7 @@ namespace Piwik\Plugins\API; use Piwik\API\Proxy; use Piwik\API\Request; use Piwik\Columns\Dimension; +use Piwik\Common; use Piwik\Config; use Piwik\Container\StaticContainer; use Piwik\DataTable; @@ -484,7 +485,21 @@ class API extends \Piwik\Plugin\API $result = array(); foreach ($urls as $url) { - $req = new Request($url . '&format=php&serialize=0'); + $params = Request::getRequestArrayFromString($url . '&format=php&serialize=0'); + + if (isset($params['urls']) && $params['urls'] == $urls) { + // by default 'urls' is added to $params as Request::getRequestArrayFromString adds all $_GET/$_POST + // default parameters + unset($params['urls']); + } + + if (!empty($params['segment']) && strpos($url, 'segment=') > -1) { + // only unsanitize input when segment is actually present in URL, not when it was used from + // $defaultRequest in Request::getRequestArrayFromString from $_GET/$_POST + $params['segment'] = urlencode(Common::unsanitizeInputValue($params['segment'])); + } + + $req = new Request($params); $result[] = $req->process(); } return $result; diff --git a/plugins/API/tests/Integration/APITest.php b/plugins/API/tests/Integration/APITest.php index 2362bebdf2..c60f1769ab 100644 --- a/plugins/API/tests/Integration/APITest.php +++ b/plugins/API/tests/Integration/APITest.php @@ -59,6 +59,7 @@ class APITest extends IntegrationTestCase "method%3dVisitsSummary.get%26token_auth%3d$token%26idSite%3d1%26date%3d2015-01-26%26period%3dday", "method%3dVisitsSummary.get%26idSite%3d1%26date%3d2015-01-26%26period%3dday", "method%3dVisitsSummary.get%26idSite%3d1%26token_auth%3danonymous%26date%3d2015-01-26%26period%3dday", + "method%3dVisitsSummary.get%26token_auth%3d$token%26idSite%3d1%26date%3d2015-01-26%26period%3dday%26segment%3dvisitDuration%3d%3d30%3bactions%3e2", ); $response = $this->api->getBulkRequest($urls); @@ -67,6 +68,7 @@ class APITest extends IntegrationTestCase $this->assertSame(0, $response[1]['nb_visits']); $this->assertResponseIsPermissionError($response[2]); $this->assertResponseIsPermissionError($response[3]); + $this->assertResponseIsSuccess($response[4]); } private function assertResponseIsPermissionError($response) |