diff options
author | Matthieu Aubry <matt@piwik.org> | 2015-06-23 08:49:46 +0300 |
---|---|---|
committer | Matthieu Aubry <matt@piwik.org> | 2015-06-23 08:49:46 +0300 |
commit | 68dec5f3214859819e8e7be55749f19120c26973 (patch) | |
tree | 837704a45e4656e97f2494901ee8a263976f4939 | |
parent | 159c27743126ec843eb5b800c3e1f80e8a3cd661 (diff) | |
parent | 657af7b9da99649a794207cbcc9e97546e13e846 (diff) |
Merge pull request #8182 from piwik/disallow_api
Disallow api content to be loaded within Piwik
-rw-r--r-- | plugins/CoreHome/javascripts/broadcast.js | 7 | ||||
m--------- | tests/UI/expected-ui-screenshots | 0 | ||||
-rw-r--r-- | tests/UI/specs/UIIntegration_spec.js | 16 |
3 files changed, 23 insertions, 0 deletions
diff --git a/plugins/CoreHome/javascripts/broadcast.js b/plugins/CoreHome/javascripts/broadcast.js index 5ada120a6b..51b2a8a64d 100644 --- a/plugins/CoreHome/javascripts/broadcast.js +++ b/plugins/CoreHome/javascripts/broadcast.js @@ -416,6 +416,13 @@ var broadcast = { ); } + if(broadcast.getParamValue('module', urlAjax) == 'API') { + broadcast.lastUrlRequested = null; + $('#content').html("Loading content from the API and displaying it within Piwik is not allowed."); + piwikHelper.hideAjaxLoading(); + return false; + } + piwikHelper.hideAjaxError('loadingError'); piwikHelper.showAjaxLoading(); $('#content').empty(); diff --git a/tests/UI/expected-ui-screenshots b/tests/UI/expected-ui-screenshots -Subproject f1bfc39f183ac0e6f42baadafbbba97fbe923ad +Subproject af24e3ad1b0dda0f0cd506792921bf5ece6aae4 diff --git a/tests/UI/specs/UIIntegration_spec.js b/tests/UI/specs/UIIntegration_spec.js index 84cb8d9bb7..a9aa8337b8 100644 --- a/tests/UI/specs/UIIntegration_spec.js +++ b/tests/UI/specs/UIIntegration_spec.js @@ -333,6 +333,20 @@ describe("UIIntegrationTest", function () { // TODO: Rename to Piwik? }, done); }); + // Do not allow API response to be displayed + it('should not allow to widgetize an API call', function (done) { + expect.screenshot('widgetize_apidisallowed').to.be.captureSelector('#content', function (page) { + page.load("?" + widgetizeParams + "&" + generalParams + "&moduleToWidgetize=API&actionToWidgetize=index&method=SitesManager.getImageTrackingCode&piwikUrl=test"); + }, done); + }); + + it('should not display API response in the content', function (done) { + expect.screenshot('menu_apidisallowed').to.be.captureSelector('#content', function (page) { + page.load("?" + urlBase + "#" + generalParams + "&module=API&action=SitesManager.getImageTrackingCode"); + }, done); + }); + + // Ecommerce it('should load the ecommerce overview page', function (done) { expect.screenshot('ecommerce_overview').to.be.captureSelector('.pageWrap,.expandDataTableFooterDrawer', function (page) { page.load("?" + urlBase + "#" + generalParams + "&module=Ecommerce&action=ecommerceReport&idGoal=ecommerceOrder"); @@ -599,4 +613,6 @@ describe("UIIntegrationTest", function () { // TODO: Rename to Piwik? page.load("?module=CoreAdminHome&action=optOut&language=en"); }, done); }); + + });
\ No newline at end of file |