Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/matomo-org/matomo.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Steur <tsteur@users.noreply.github.com>2018-09-24 01:06:50 +0300
committerdiosmosis <diosmosis@users.noreply.github.com>2018-09-24 01:06:50 +0300
commitaf9f44ced0a8d2e703584eaaffc210f2a1a30187 (patch)
treefe82361c4afad9ea4847d2879851be2f579b1807
parentcf203be455df68192580bd7363886d5604abae80 (diff)
Fix fatal when multiple sites are requested in referrers API report (#13439)
* Fix fatal when multiple sites are requested in referrers API report * add more checks
Diffstat
-rw-r--r--plugins/Actions/API.php34
-rw-r--r--plugins/Annotations/API.php8
-rw-r--r--plugins/CustomVariables/API.php4
-rw-r--r--plugins/Goals/API.php3
-rw-r--r--plugins/Referrers/API.php30
-rw-r--r--plugins/Referrers/tests/System/ApiTest.php10
-rw-r--r--plugins/Referrers/tests/System/expected/test_allSites__Referrers.getAll_year.xml6
-rw-r--r--plugins/Referrers/tests/System/expected/test_allSites__Referrers.getReferrerType_year.xml6
-rw-r--r--plugins/VisitFrequency/API.php1
9 files changed, 99 insertions, 3 deletions
diff --git a/plugins/Actions/API.php b/plugins/Actions/API.php
index 2f23b98156..1b3cf888c5 100644
--- a/plugins/Actions/API.php
+++ b/plugins/Actions/API.php
@@ -91,6 +91,8 @@ class API extends \Piwik\Plugin\API
public function getPageUrls($idSite, $period, $date, $segment = false, $expanded = false, $idSubtable = false,
$depth = false, $flat = false)
{
+ Piwik::checkUserHasViewAccess($idSite);
+
$dataTable = Archive::createDataTableFromArchive('Actions_actions_url', $idSite, $period, $date, $segment, $expanded, $flat, $idSubtable, $depth);
$this->filterActionsDataTable($dataTable);
@@ -121,6 +123,8 @@ class API extends \Piwik\Plugin\API
*/
public function getPageUrlsFollowingSiteSearch($idSite, $period, $date, $segment = false, $expanded = false, $idSubtable = false)
{
+ Piwik::checkUserHasViewAccess($idSite);
+
$dataTable = $this->getPageUrls($idSite, $period, $date, $segment, $expanded, $idSubtable);
$this->keepPagesFollowingSearch($dataTable);
return $dataTable;
@@ -138,6 +142,8 @@ class API extends \Piwik\Plugin\API
*/
public function getPageTitlesFollowingSiteSearch($idSite, $period, $date, $segment = false, $expanded = false, $idSubtable = false)
{
+ Piwik::checkUserHasViewAccess($idSite);
+
$dataTable = $this->getPageTitles($idSite, $period, $date, $segment, $expanded, $idSubtable);
$this->keepPagesFollowingSearch($dataTable);
return $dataTable;
@@ -163,6 +169,8 @@ class API extends \Piwik\Plugin\API
*/
public function getEntryPageUrls($idSite, $period, $date, $segment = false, $expanded = false, $idSubtable = false)
{
+ Piwik::checkUserHasViewAccess($idSite);
+
$dataTable = $this->getPageUrls($idSite, $period, $date, $segment, $expanded, $idSubtable);
$this->filterNonEntryActions($dataTable);
return $dataTable;
@@ -174,6 +182,8 @@ class API extends \Piwik\Plugin\API
*/
public function getExitPageUrls($idSite, $period, $date, $segment = false, $expanded = false, $idSubtable = false)
{
+ Piwik::checkUserHasViewAccess($idSite);
+
$dataTable = $this->getPageUrls($idSite, $period, $date, $segment, $expanded, $idSubtable);
$this->filterNonExitActions($dataTable);
return $dataTable;
@@ -181,6 +191,8 @@ class API extends \Piwik\Plugin\API
public function getPageUrl($pageUrl, $idSite, $period, $date, $segment = false)
{
+ Piwik::checkUserHasViewAccess($idSite);
+
$callBackParameters = array('Actions_actions_url', $idSite, $period, $date, $segment, $expanded = false, $flat = false, $idSubtable = null);
$dataTable = $this->getFilterPageDatatableSearch($callBackParameters, $pageUrl, Action::TYPE_PAGE_URL);
$this->addPageProcessedMetrics($dataTable);
@@ -190,6 +202,8 @@ class API extends \Piwik\Plugin\API
public function getPageTitles($idSite, $period, $date, $segment = false, $expanded = false, $idSubtable = false, $flat = false)
{
+ Piwik::checkUserHasViewAccess($idSite);
+
$dataTable = Archive::createDataTableFromArchive('Actions_actions', $idSite, $period, $date, $segment, $expanded, $flat, $idSubtable);
$this->filterActionsDataTable($dataTable);
@@ -204,6 +218,8 @@ class API extends \Piwik\Plugin\API
public function getEntryPageTitles($idSite, $period, $date, $segment = false, $expanded = false,
$idSubtable = false)
{
+ Piwik::checkUserHasViewAccess($idSite);
+
$dataTable = $this->getPageTitles($idSite, $period, $date, $segment, $expanded, $idSubtable);
$this->filterNonEntryActions($dataTable);
return $dataTable;
@@ -216,6 +232,8 @@ class API extends \Piwik\Plugin\API
public function getExitPageTitles($idSite, $period, $date, $segment = false, $expanded = false,
$idSubtable = false)
{
+ Piwik::checkUserHasViewAccess($idSite);
+
$dataTable = $this->getPageTitles($idSite, $period, $date, $segment, $expanded, $idSubtable);
$this->filterNonExitActions($dataTable);
return $dataTable;
@@ -223,6 +241,8 @@ class API extends \Piwik\Plugin\API
public function getPageTitle($pageName, $idSite, $period, $date, $segment = false)
{
+ Piwik::checkUserHasViewAccess($idSite);
+
$callBackParameters = array('Actions_actions', $idSite, $period, $date, $segment, $expanded = false, $flat = false, $idSubtable = null);
$dataTable = $this->getFilterPageDatatableSearch($callBackParameters, $pageName, Action::TYPE_PAGE_TITLE);
$this->addPageProcessedMetrics($dataTable);
@@ -232,6 +252,8 @@ class API extends \Piwik\Plugin\API
public function getDownloads($idSite, $period, $date, $segment = false, $expanded = false, $idSubtable = false, $flat = false)
{
+ Piwik::checkUserHasViewAccess($idSite);
+
$dataTable = Archive::createDataTableFromArchive('Actions_downloads', $idSite, $period, $date, $segment, $expanded, $flat, $idSubtable);
$this->filterActionsDataTable($dataTable);
return $dataTable;
@@ -239,6 +261,8 @@ class API extends \Piwik\Plugin\API
public function getDownload($downloadUrl, $idSite, $period, $date, $segment = false)
{
+ Piwik::checkUserHasViewAccess($idSite);
+
$callBackParameters = array('Actions_downloads', $idSite, $period, $date, $segment, $expanded = false, $flat = false, $idSubtable = null);
$dataTable = $this->getFilterPageDatatableSearch($callBackParameters, $downloadUrl, Action::TYPE_DOWNLOAD);
$this->filterActionsDataTable($dataTable);
@@ -247,6 +271,8 @@ class API extends \Piwik\Plugin\API
public function getOutlinks($idSite, $period, $date, $segment = false, $expanded = false, $idSubtable = false, $flat = false)
{
+ Piwik::checkUserHasViewAccess($idSite);
+
$dataTable = Archive::createDataTableFromArchive('Actions_outlink', $idSite, $period, $date, $segment, $expanded, $flat, $idSubtable);
$this->filterActionsDataTable($dataTable);
return $dataTable;
@@ -254,6 +280,8 @@ class API extends \Piwik\Plugin\API
public function getOutlink($outlinkUrl, $idSite, $period, $date, $segment = false)
{
+ Piwik::checkUserHasViewAccess($idSite);
+
$callBackParameters = array('Actions_outlink', $idSite, $period, $date, $segment, $expanded = false, $flat = false, $idSubtable = null);
$dataTable = $this->getFilterPageDatatableSearch($callBackParameters, $outlinkUrl, Action::TYPE_OUTLINK);
$this->filterActionsDataTable($dataTable);
@@ -262,6 +290,8 @@ class API extends \Piwik\Plugin\API
public function getSiteSearchKeywords($idSite, $period, $date, $segment = false)
{
+ Piwik::checkUserHasViewAccess($idSite);
+
$dataTable = $this->getSiteSearchKeywordsRaw($idSite, $period, $date, $segment);
$dataTable->deleteColumn(PiwikMetrics::INDEX_SITE_SEARCH_HAS_NO_RESULT);
$this->filterActionsDataTable($dataTable);
@@ -289,6 +319,8 @@ class API extends \Piwik\Plugin\API
public function getSiteSearchNoResultKeywords($idSite, $period, $date, $segment = false)
{
+ Piwik::checkUserHasViewAccess($idSite);
+
$dataTable = $this->getSiteSearchKeywordsRaw($idSite, $period, $date, $segment);
// Delete all rows that have some results
$dataTable->filter('ColumnCallbackDeleteRow',
@@ -316,6 +348,8 @@ class API extends \Piwik\Plugin\API
*/
public function getSiteSearchCategories($idSite, $period, $date, $segment = false)
{
+ Piwik::checkUserHasViewAccess($idSite);
+
Actions::checkCustomVariablesPluginEnabled();
$customVariables = APICustomVariables::getInstance()->getCustomVariables($idSite, $period, $date, $segment, $expanded = false, $_leavePiwikCoreVariables = true);
diff --git a/plugins/Annotations/API.php b/plugins/Annotations/API.php
index 5c74534db6..136b4ececd 100644
--- a/plugins/Annotations/API.php
+++ b/plugins/Annotations/API.php
@@ -41,9 +41,9 @@ class API extends \Piwik\Plugin\API
*/
public function add($idSite, $date, $note, $starred = 0)
{
+ $this->checkUserCanAddNotesFor($idSite);
$this->checkSingleIdSite($idSite, $extraMessage = "Note: Cannot add one note to multiple sites.");
$this->checkDateIsValid($date);
- $this->checkUserCanAddNotesFor($idSite);
// add, save & return a new annotation
$annotations = new AnnotationList($idSite);
@@ -127,9 +127,10 @@ class API extends \Piwik\Plugin\API
*/
public function deleteAll($idSite)
{
- $this->checkSingleIdSite($idSite, $extraMessage = "Note: Cannot delete annotations from multiple sites.");
Piwik::checkUserHasSuperUserAccess();
+ $this->checkSingleIdSite($idSite, $extraMessage = "Note: Cannot delete annotations from multiple sites.");
+
$annotations = new AnnotationList($idSite);
// remove the notes & save the list
@@ -152,9 +153,10 @@ class API extends \Piwik\Plugin\API
*/
public function get($idSite, $idNote)
{
- $this->checkSingleIdSite($idSite, $extraMessage = "Note: Specify only one site ID when getting ONE note.");
Piwik::checkUserHasViewAccess($idSite);
+ $this->checkSingleIdSite($idSite, $extraMessage = "Note: Specify only one site ID when getting ONE note.");
+
// get single annotation
$annotations = new AnnotationList($idSite);
return $annotations->get($idSite, $idNote);
diff --git a/plugins/CustomVariables/API.php b/plugins/CustomVariables/API.php
index 65b3ad1067..c332060129 100644
--- a/plugins/CustomVariables/API.php
+++ b/plugins/CustomVariables/API.php
@@ -60,6 +60,8 @@ class API extends \Piwik\Plugin\API
*/
public function getCustomVariables($idSite, $period, $date, $segment = false, $expanded = false, $_leavePiwikCoreVariables = false, $flat = false)
{
+ Piwik::checkUserHasViewAccess($idSite);
+
$dataTable = $this->getDataTable($idSite, $period, $date, $segment, $expanded, $flat, $idSubtable = null);
if ($dataTable instanceof DataTable
@@ -105,6 +107,8 @@ class API extends \Piwik\Plugin\API
*/
public function getCustomVariablesValuesFromNameId($idSite, $period, $date, $idSubtable, $segment = false, $_leavePriceViewedColumn = false)
{
+ Piwik::checkUserHasViewAccess($idSite);
+
$dataTable = $this->getDataTable($idSite, $period, $date, $segment, $expanded = false, $flat = false, $idSubtable);
if (!$_leavePriceViewedColumn) {
diff --git a/plugins/Goals/API.php b/plugins/Goals/API.php
index 072f1b9b8e..5fbe256698 100644
--- a/plugins/Goals/API.php
+++ b/plugins/Goals/API.php
@@ -86,6 +86,9 @@ class API extends \Piwik\Plugin\API
$cacheId = self::getCacheId($idSite);
$cache = $this->getGoalsInfoStaticCache();
if (!$cache->contains($cacheId)) {
+ // note: the reason this is secure is because the above cache is a static cache and cleared after each request
+ // if we were to use a different cache that persists the result, this would not be secure because when a
+ // result is in the cache, it would just return the result
$idSite = Site::getIdSitesFromIdSitesString($idSite);
if (empty($idSite)) {
diff --git a/plugins/Referrers/API.php b/plugins/Referrers/API.php
index a475d02e82..ea12f4758c 100644
--- a/plugins/Referrers/API.php
+++ b/plugins/Referrers/API.php
@@ -15,6 +15,7 @@ use Piwik\Common;
use Piwik\DataTable;
use Piwik\Date;
use Piwik\Piwik;
+use Piwik\Site;
/**
* The Referrers API lets you access reports about Websites, Search engines, Keywords, Campaigns used to access your website.
@@ -67,6 +68,10 @@ class API extends \Piwik\Plugin\API
public function getReferrerType($idSite, $period, $date, $segment = false, $typeReferrer = false,
$idSubtable = false, $expanded = false)
{
+ Piwik::checkUserHasViewAccess($idSite);
+
+ $this->checkSingleSite($idSite, 'getReferrerType');
+
// if idSubtable is supplied, interpret idSubtable as referrer type and return correct report
if ($idSubtable !== false) {
$result = false;
@@ -122,11 +127,23 @@ class API extends \Piwik\Plugin\API
return $dataTable;
}
+ private function checkSingleSite($idSite, $method)
+ {
+ $idSites = Site::getIdSitesFromIdSitesString($idSite);
+
+ if (count($idSites) > 1) {
+ throw new Exception("Referrers.$method with multiple sites is not supported (yet).");
+ }
+ }
+
/**
* Returns a report that shows
*/
public function getAll($idSite, $period, $date, $segment = false)
{
+ Piwik::checkUserHasViewAccess($idSite);
+
+ $this->checkSingleSite($idSite, 'getAll');
$dataTable = $this->getReferrerType($idSite, $period, $date, $segment, $typeReferrer = false, $idSubtable = false, $expanded = true);
if ($dataTable instanceof DataTable\Map) {
@@ -142,6 +159,8 @@ class API extends \Piwik\Plugin\API
public function getKeywords($idSite, $period, $date, $segment = false, $expanded = false, $flat = false)
{
+ Piwik::checkUserHasViewAccess($idSite);
+
$dataTable = Archive::createDataTableFromArchive(Archiver::KEYWORDS_RECORD_NAME, $idSite, $period, $date, $segment, $expanded, $flat);
if ($flat) {
@@ -227,6 +246,7 @@ class API extends \Piwik\Plugin\API
public function getSearchEnginesFromKeywordId($idSite, $period, $date, $idSubtable, $segment = false)
{
+ Piwik::checkUserHasViewAccess($idSite);
$dataTable = $this->getDataTable(Archiver::KEYWORDS_RECORD_NAME, $idSite, $period, $date, $segment, $expanded = false, $idSubtable);
$keywords = $this->getKeywords($idSite, $period, $date, $segment);
$keyword = $keywords->getRowFromIdSubDataTable($idSubtable)->getColumn('label');
@@ -240,6 +260,7 @@ class API extends \Piwik\Plugin\API
public function getSearchEngines($idSite, $period, $date, $segment = false, $expanded = false, $flat = false)
{
+ Piwik::checkUserHasViewAccess($idSite);
$dataTable = Archive::createDataTableFromArchive(Archiver::SEARCH_ENGINES_RECORD_NAME, $idSite, $period, $date, $segment, $expanded, $flat);
if ($flat) {
@@ -258,6 +279,7 @@ class API extends \Piwik\Plugin\API
public function getKeywordsFromSearchEngineId($idSite, $period, $date, $idSubtable, $segment = false)
{
+ Piwik::checkUserHasViewAccess($idSite);
$dataTable = $this->getDataTable(Archiver::SEARCH_ENGINES_RECORD_NAME, $idSite, $period, $date, $segment, $expanded = false, $idSubtable);
// get the search engine and create the URL to the search result page
@@ -274,6 +296,7 @@ class API extends \Piwik\Plugin\API
public function getCampaigns($idSite, $period, $date, $segment = false, $expanded = false)
{
+ Piwik::checkUserHasViewAccess($idSite);
$dataTable = $this->getDataTable(Archiver::CAMPAIGNS_RECORD_NAME, $idSite, $period, $date, $segment, $expanded);
$dataTable->filter('AddSegmentByLabel', array('referrerName'));
@@ -284,6 +307,7 @@ class API extends \Piwik\Plugin\API
public function getKeywordsFromCampaignId($idSite, $period, $date, $idSubtable, $segment = false)
{
+ Piwik::checkUserHasViewAccess($idSite);
$campaigns = $this->getCampaigns($idSite, $period, $date, $segment);
$campaigns->applyQueuedFilters();
$campaign = $campaigns->getRowFromIdSubDataTable($idSubtable)->getColumn('label');
@@ -296,6 +320,7 @@ class API extends \Piwik\Plugin\API
public function getWebsites($idSite, $period, $date, $segment = false, $expanded = false, $flat = false)
{
+ Piwik::checkUserHasViewAccess($idSite);
$dataTable = Archive::createDataTableFromArchive(Archiver::WEBSITES_RECORD_NAME, $idSite, $period, $date, $segment, $expanded, $flat, $idSubtable = null);
if ($flat) {
@@ -309,6 +334,7 @@ class API extends \Piwik\Plugin\API
public function getUrlsFromWebsiteId($idSite, $period, $date, $idSubtable, $segment = false)
{
+ Piwik::checkUserHasViewAccess($idSite);
$dataTable = $this->getDataTable(Archiver::WEBSITES_RECORD_NAME, $idSite, $period, $date, $segment, $expanded = false, $idSubtable);
$dataTable->filter('Piwik\Plugins\Referrers\DataTable\Filter\UrlsFromWebsiteId');
$dataTable->filter('AddSegmentByLabel', array('referrerUrl'));
@@ -330,6 +356,8 @@ class API extends \Piwik\Plugin\API
*/
public function getSocials($idSite, $period, $date, $segment = false, $expanded = false, $flat = false)
{
+ Piwik::checkUserHasViewAccess($idSite);
+
$dataTable = Archive::createDataTableFromArchive(Archiver::SOCIAL_NETWORKS_RECORD_NAME, $idSite, $period, $date, $segment, $expanded, $flat);
$dataTable->filter('ColumnCallbackAddMetadata', array('label', 'url', function ($name) {
@@ -430,6 +458,8 @@ class API extends \Piwik\Plugin\API
*/
public function getUrlsForSocial($idSite, $period, $date, $segment = false, $idSubtable = false)
{
+ Piwik::checkUserHasViewAccess($idSite);
+
$dataTable = $this->getDataTable(Archiver::SOCIAL_NETWORKS_RECORD_NAME, $idSite, $period, $date, $segment, $expanded = true, $idSubtable);
if (!$idSubtable) {
diff --git a/plugins/Referrers/tests/System/ApiTest.php b/plugins/Referrers/tests/System/ApiTest.php
index 3e2d1f7e4b..e8e3a77012 100644
--- a/plugins/Referrers/tests/System/ApiTest.php
+++ b/plugins/Referrers/tests/System/ApiTest.php
@@ -66,6 +66,16 @@ class ApiTest extends SystemTestCase
],
];
+ $apiToTest[] = [
+ array('Referrers.getAll', 'Referrers.getReferrerType'),
+ [
+ 'idSite' => 'all',
+ 'date' => '2010-01-01',
+ 'periods' => 'year',
+ 'testSuffix' => 'allSites',
+ ],
+ ];
+
return $apiToTest;
}
diff --git a/plugins/Referrers/tests/System/expected/test_allSites__Referrers.getAll_year.xml b/plugins/Referrers/tests/System/expected/test_allSites__Referrers.getAll_year.xml
new file mode 100644
index 0000000000..d97a29fa31
--- /dev/null
+++ b/plugins/Referrers/tests/System/expected/test_allSites__Referrers.getAll_year.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<result>
+ <error message="Referrers.getAll with multiple sites is not supported (yet).
+
+ --&gt; To temporarily debug this error further, set const PIWIK_PRINT_ERROR_BACKTRACE=true; in index.php" />
+</result> \ No newline at end of file
diff --git a/plugins/Referrers/tests/System/expected/test_allSites__Referrers.getReferrerType_year.xml b/plugins/Referrers/tests/System/expected/test_allSites__Referrers.getReferrerType_year.xml
new file mode 100644
index 0000000000..b63e8a27bf
--- /dev/null
+++ b/plugins/Referrers/tests/System/expected/test_allSites__Referrers.getReferrerType_year.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<result>
+ <error message="Referrers.getReferrerType with multiple sites is not supported (yet).
+
+ --&gt; To temporarily debug this error further, set const PIWIK_PRINT_ERROR_BACKTRACE=true; in index.php" />
+</result> \ No newline at end of file
diff --git a/plugins/VisitFrequency/API.php b/plugins/VisitFrequency/API.php
index 550212d9e3..891258a9ef 100644
--- a/plugins/VisitFrequency/API.php
+++ b/plugins/VisitFrequency/API.php
@@ -35,6 +35,7 @@ class API extends \Piwik\Plugin\API
*/
public function get($idSite, $period, $date, $segment = false, $columns = false)
{
+ Piwik::checkUserHasViewAccess($idSite);
$segment = $this->appendReturningVisitorSegment($segment);
$this->unprefixColumns($columns);
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-27 18:03:10 +0300