diff options
author | Thomas Steur <tsteur@users.noreply.github.com> | 2018-09-24 01:06:50 +0300 |
---|---|---|
committer | diosmosis <diosmosis@users.noreply.github.com> | 2018-09-24 01:06:50 +0300 |
commit | af9f44ced0a8d2e703584eaaffc210f2a1a30187 (patch) | |
tree | fe82361c4afad9ea4847d2879851be2f579b1807 | |
parent | cf203be455df68192580bd7363886d5604abae80 (diff) |
Fix fatal when multiple sites are requested in referrers API report (#13439)
* Fix fatal when multiple sites are requested in referrers API report
* add more checks
-rw-r--r-- | plugins/Actions/API.php | 34 | ||||
-rw-r--r-- | plugins/Annotations/API.php | 8 | ||||
-rw-r--r-- | plugins/CustomVariables/API.php | 4 | ||||
-rw-r--r-- | plugins/Goals/API.php | 3 | ||||
-rw-r--r-- | plugins/Referrers/API.php | 30 | ||||
-rw-r--r-- | plugins/Referrers/tests/System/ApiTest.php | 10 | ||||
-rw-r--r-- | plugins/Referrers/tests/System/expected/test_allSites__Referrers.getAll_year.xml | 6 | ||||
-rw-r--r-- | plugins/Referrers/tests/System/expected/test_allSites__Referrers.getReferrerType_year.xml | 6 | ||||
-rw-r--r-- | plugins/VisitFrequency/API.php | 1 |
9 files changed, 99 insertions, 3 deletions
diff --git a/plugins/Actions/API.php b/plugins/Actions/API.php index 2f23b98156..1b3cf888c5 100644 --- a/plugins/Actions/API.php +++ b/plugins/Actions/API.php @@ -91,6 +91,8 @@ class API extends \Piwik\Plugin\API public function getPageUrls($idSite, $period, $date, $segment = false, $expanded = false, $idSubtable = false, $depth = false, $flat = false) { + Piwik::checkUserHasViewAccess($idSite); + $dataTable = Archive::createDataTableFromArchive('Actions_actions_url', $idSite, $period, $date, $segment, $expanded, $flat, $idSubtable, $depth); $this->filterActionsDataTable($dataTable); @@ -121,6 +123,8 @@ class API extends \Piwik\Plugin\API */ public function getPageUrlsFollowingSiteSearch($idSite, $period, $date, $segment = false, $expanded = false, $idSubtable = false) { + Piwik::checkUserHasViewAccess($idSite); + $dataTable = $this->getPageUrls($idSite, $period, $date, $segment, $expanded, $idSubtable); $this->keepPagesFollowingSearch($dataTable); return $dataTable; @@ -138,6 +142,8 @@ class API extends \Piwik\Plugin\API */ public function getPageTitlesFollowingSiteSearch($idSite, $period, $date, $segment = false, $expanded = false, $idSubtable = false) { + Piwik::checkUserHasViewAccess($idSite); + $dataTable = $this->getPageTitles($idSite, $period, $date, $segment, $expanded, $idSubtable); $this->keepPagesFollowingSearch($dataTable); return $dataTable; @@ -163,6 +169,8 @@ class API extends \Piwik\Plugin\API */ public function getEntryPageUrls($idSite, $period, $date, $segment = false, $expanded = false, $idSubtable = false) { + Piwik::checkUserHasViewAccess($idSite); + $dataTable = $this->getPageUrls($idSite, $period, $date, $segment, $expanded, $idSubtable); $this->filterNonEntryActions($dataTable); return $dataTable; @@ -174,6 +182,8 @@ class API extends \Piwik\Plugin\API */ public function getExitPageUrls($idSite, $period, $date, $segment = false, $expanded = false, $idSubtable = false) { + Piwik::checkUserHasViewAccess($idSite); + $dataTable = $this->getPageUrls($idSite, $period, $date, $segment, $expanded, $idSubtable); $this->filterNonExitActions($dataTable); return $dataTable; @@ -181,6 +191,8 @@ class API extends \Piwik\Plugin\API public function getPageUrl($pageUrl, $idSite, $period, $date, $segment = false) { + Piwik::checkUserHasViewAccess($idSite); + $callBackParameters = array('Actions_actions_url', $idSite, $period, $date, $segment, $expanded = false, $flat = false, $idSubtable = null); $dataTable = $this->getFilterPageDatatableSearch($callBackParameters, $pageUrl, Action::TYPE_PAGE_URL); $this->addPageProcessedMetrics($dataTable); @@ -190,6 +202,8 @@ class API extends \Piwik\Plugin\API public function getPageTitles($idSite, $period, $date, $segment = false, $expanded = false, $idSubtable = false, $flat = false) { + Piwik::checkUserHasViewAccess($idSite); + $dataTable = Archive::createDataTableFromArchive('Actions_actions', $idSite, $period, $date, $segment, $expanded, $flat, $idSubtable); $this->filterActionsDataTable($dataTable); @@ -204,6 +218,8 @@ class API extends \Piwik\Plugin\API public function getEntryPageTitles($idSite, $period, $date, $segment = false, $expanded = false, $idSubtable = false) { + Piwik::checkUserHasViewAccess($idSite); + $dataTable = $this->getPageTitles($idSite, $period, $date, $segment, $expanded, $idSubtable); $this->filterNonEntryActions($dataTable); return $dataTable; @@ -216,6 +232,8 @@ class API extends \Piwik\Plugin\API public function getExitPageTitles($idSite, $period, $date, $segment = false, $expanded = false, $idSubtable = false) { + Piwik::checkUserHasViewAccess($idSite); + $dataTable = $this->getPageTitles($idSite, $period, $date, $segment, $expanded, $idSubtable); $this->filterNonExitActions($dataTable); return $dataTable; @@ -223,6 +241,8 @@ class API extends \Piwik\Plugin\API public function getPageTitle($pageName, $idSite, $period, $date, $segment = false) { + Piwik::checkUserHasViewAccess($idSite); + $callBackParameters = array('Actions_actions', $idSite, $period, $date, $segment, $expanded = false, $flat = false, $idSubtable = null); $dataTable = $this->getFilterPageDatatableSearch($callBackParameters, $pageName, Action::TYPE_PAGE_TITLE); $this->addPageProcessedMetrics($dataTable); @@ -232,6 +252,8 @@ class API extends \Piwik\Plugin\API public function getDownloads($idSite, $period, $date, $segment = false, $expanded = false, $idSubtable = false, $flat = false) { + Piwik::checkUserHasViewAccess($idSite); + $dataTable = Archive::createDataTableFromArchive('Actions_downloads', $idSite, $period, $date, $segment, $expanded, $flat, $idSubtable); $this->filterActionsDataTable($dataTable); return $dataTable; @@ -239,6 +261,8 @@ class API extends \Piwik\Plugin\API public function getDownload($downloadUrl, $idSite, $period, $date, $segment = false) { + Piwik::checkUserHasViewAccess($idSite); + $callBackParameters = array('Actions_downloads', $idSite, $period, $date, $segment, $expanded = false, $flat = false, $idSubtable = null); $dataTable = $this->getFilterPageDatatableSearch($callBackParameters, $downloadUrl, Action::TYPE_DOWNLOAD); $this->filterActionsDataTable($dataTable); @@ -247,6 +271,8 @@ class API extends \Piwik\Plugin\API public function getOutlinks($idSite, $period, $date, $segment = false, $expanded = false, $idSubtable = false, $flat = false) { + Piwik::checkUserHasViewAccess($idSite); + $dataTable = Archive::createDataTableFromArchive('Actions_outlink', $idSite, $period, $date, $segment, $expanded, $flat, $idSubtable); $this->filterActionsDataTable($dataTable); return $dataTable; @@ -254,6 +280,8 @@ class API extends \Piwik\Plugin\API public function getOutlink($outlinkUrl, $idSite, $period, $date, $segment = false) { + Piwik::checkUserHasViewAccess($idSite); + $callBackParameters = array('Actions_outlink', $idSite, $period, $date, $segment, $expanded = false, $flat = false, $idSubtable = null); $dataTable = $this->getFilterPageDatatableSearch($callBackParameters, $outlinkUrl, Action::TYPE_OUTLINK); $this->filterActionsDataTable($dataTable); @@ -262,6 +290,8 @@ class API extends \Piwik\Plugin\API public function getSiteSearchKeywords($idSite, $period, $date, $segment = false) { + Piwik::checkUserHasViewAccess($idSite); + $dataTable = $this->getSiteSearchKeywordsRaw($idSite, $period, $date, $segment); $dataTable->deleteColumn(PiwikMetrics::INDEX_SITE_SEARCH_HAS_NO_RESULT); $this->filterActionsDataTable($dataTable); @@ -289,6 +319,8 @@ class API extends \Piwik\Plugin\API public function getSiteSearchNoResultKeywords($idSite, $period, $date, $segment = false) { + Piwik::checkUserHasViewAccess($idSite); + $dataTable = $this->getSiteSearchKeywordsRaw($idSite, $period, $date, $segment); // Delete all rows that have some results $dataTable->filter('ColumnCallbackDeleteRow', @@ -316,6 +348,8 @@ class API extends \Piwik\Plugin\API */ public function getSiteSearchCategories($idSite, $period, $date, $segment = false) { + Piwik::checkUserHasViewAccess($idSite); + Actions::checkCustomVariablesPluginEnabled(); $customVariables = APICustomVariables::getInstance()->getCustomVariables($idSite, $period, $date, $segment, $expanded = false, $_leavePiwikCoreVariables = true); diff --git a/plugins/Annotations/API.php b/plugins/Annotations/API.php index 5c74534db6..136b4ececd 100644 --- a/plugins/Annotations/API.php +++ b/plugins/Annotations/API.php @@ -41,9 +41,9 @@ class API extends \Piwik\Plugin\API */ public function add($idSite, $date, $note, $starred = 0) { + $this->checkUserCanAddNotesFor($idSite); $this->checkSingleIdSite($idSite, $extraMessage = "Note: Cannot add one note to multiple sites."); $this->checkDateIsValid($date); - $this->checkUserCanAddNotesFor($idSite); // add, save & return a new annotation $annotations = new AnnotationList($idSite); @@ -127,9 +127,10 @@ class API extends \Piwik\Plugin\API */ public function deleteAll($idSite) { - $this->checkSingleIdSite($idSite, $extraMessage = "Note: Cannot delete annotations from multiple sites."); Piwik::checkUserHasSuperUserAccess(); + $this->checkSingleIdSite($idSite, $extraMessage = "Note: Cannot delete annotations from multiple sites."); + $annotations = new AnnotationList($idSite); // remove the notes & save the list @@ -152,9 +153,10 @@ class API extends \Piwik\Plugin\API */ public function get($idSite, $idNote) { - $this->checkSingleIdSite($idSite, $extraMessage = "Note: Specify only one site ID when getting ONE note."); Piwik::checkUserHasViewAccess($idSite); + $this->checkSingleIdSite($idSite, $extraMessage = "Note: Specify only one site ID when getting ONE note."); + // get single annotation $annotations = new AnnotationList($idSite); return $annotations->get($idSite, $idNote); diff --git a/plugins/CustomVariables/API.php b/plugins/CustomVariables/API.php index 65b3ad1067..c332060129 100644 --- a/plugins/CustomVariables/API.php +++ b/plugins/CustomVariables/API.php @@ -60,6 +60,8 @@ class API extends \Piwik\Plugin\API */ public function getCustomVariables($idSite, $period, $date, $segment = false, $expanded = false, $_leavePiwikCoreVariables = false, $flat = false) { + Piwik::checkUserHasViewAccess($idSite); + $dataTable = $this->getDataTable($idSite, $period, $date, $segment, $expanded, $flat, $idSubtable = null); if ($dataTable instanceof DataTable @@ -105,6 +107,8 @@ class API extends \Piwik\Plugin\API */ public function getCustomVariablesValuesFromNameId($idSite, $period, $date, $idSubtable, $segment = false, $_leavePriceViewedColumn = false) { + Piwik::checkUserHasViewAccess($idSite); + $dataTable = $this->getDataTable($idSite, $period, $date, $segment, $expanded = false, $flat = false, $idSubtable); if (!$_leavePriceViewedColumn) { diff --git a/plugins/Goals/API.php b/plugins/Goals/API.php index 072f1b9b8e..5fbe256698 100644 --- a/plugins/Goals/API.php +++ b/plugins/Goals/API.php @@ -86,6 +86,9 @@ class API extends \Piwik\Plugin\API $cacheId = self::getCacheId($idSite); $cache = $this->getGoalsInfoStaticCache(); if (!$cache->contains($cacheId)) { + // note: the reason this is secure is because the above cache is a static cache and cleared after each request + // if we were to use a different cache that persists the result, this would not be secure because when a + // result is in the cache, it would just return the result $idSite = Site::getIdSitesFromIdSitesString($idSite); if (empty($idSite)) { diff --git a/plugins/Referrers/API.php b/plugins/Referrers/API.php index a475d02e82..ea12f4758c 100644 --- a/plugins/Referrers/API.php +++ b/plugins/Referrers/API.php @@ -15,6 +15,7 @@ use Piwik\Common; use Piwik\DataTable; use Piwik\Date; use Piwik\Piwik; +use Piwik\Site; /** * The Referrers API lets you access reports about Websites, Search engines, Keywords, Campaigns used to access your website. @@ -67,6 +68,10 @@ class API extends \Piwik\Plugin\API public function getReferrerType($idSite, $period, $date, $segment = false, $typeReferrer = false, $idSubtable = false, $expanded = false) { + Piwik::checkUserHasViewAccess($idSite); + + $this->checkSingleSite($idSite, 'getReferrerType'); + // if idSubtable is supplied, interpret idSubtable as referrer type and return correct report if ($idSubtable !== false) { $result = false; @@ -122,11 +127,23 @@ class API extends \Piwik\Plugin\API return $dataTable; } + private function checkSingleSite($idSite, $method) + { + $idSites = Site::getIdSitesFromIdSitesString($idSite); + + if (count($idSites) > 1) { + throw new Exception("Referrers.$method with multiple sites is not supported (yet)."); + } + } + /** * Returns a report that shows */ public function getAll($idSite, $period, $date, $segment = false) { + Piwik::checkUserHasViewAccess($idSite); + + $this->checkSingleSite($idSite, 'getAll'); $dataTable = $this->getReferrerType($idSite, $period, $date, $segment, $typeReferrer = false, $idSubtable = false, $expanded = true); if ($dataTable instanceof DataTable\Map) { @@ -142,6 +159,8 @@ class API extends \Piwik\Plugin\API public function getKeywords($idSite, $period, $date, $segment = false, $expanded = false, $flat = false) { + Piwik::checkUserHasViewAccess($idSite); + $dataTable = Archive::createDataTableFromArchive(Archiver::KEYWORDS_RECORD_NAME, $idSite, $period, $date, $segment, $expanded, $flat); if ($flat) { @@ -227,6 +246,7 @@ class API extends \Piwik\Plugin\API public function getSearchEnginesFromKeywordId($idSite, $period, $date, $idSubtable, $segment = false) { + Piwik::checkUserHasViewAccess($idSite); $dataTable = $this->getDataTable(Archiver::KEYWORDS_RECORD_NAME, $idSite, $period, $date, $segment, $expanded = false, $idSubtable); $keywords = $this->getKeywords($idSite, $period, $date, $segment); $keyword = $keywords->getRowFromIdSubDataTable($idSubtable)->getColumn('label'); @@ -240,6 +260,7 @@ class API extends \Piwik\Plugin\API public function getSearchEngines($idSite, $period, $date, $segment = false, $expanded = false, $flat = false) { + Piwik::checkUserHasViewAccess($idSite); $dataTable = Archive::createDataTableFromArchive(Archiver::SEARCH_ENGINES_RECORD_NAME, $idSite, $period, $date, $segment, $expanded, $flat); if ($flat) { @@ -258,6 +279,7 @@ class API extends \Piwik\Plugin\API public function getKeywordsFromSearchEngineId($idSite, $period, $date, $idSubtable, $segment = false) { + Piwik::checkUserHasViewAccess($idSite); $dataTable = $this->getDataTable(Archiver::SEARCH_ENGINES_RECORD_NAME, $idSite, $period, $date, $segment, $expanded = false, $idSubtable); // get the search engine and create the URL to the search result page @@ -274,6 +296,7 @@ class API extends \Piwik\Plugin\API public function getCampaigns($idSite, $period, $date, $segment = false, $expanded = false) { + Piwik::checkUserHasViewAccess($idSite); $dataTable = $this->getDataTable(Archiver::CAMPAIGNS_RECORD_NAME, $idSite, $period, $date, $segment, $expanded); $dataTable->filter('AddSegmentByLabel', array('referrerName')); @@ -284,6 +307,7 @@ class API extends \Piwik\Plugin\API public function getKeywordsFromCampaignId($idSite, $period, $date, $idSubtable, $segment = false) { + Piwik::checkUserHasViewAccess($idSite); $campaigns = $this->getCampaigns($idSite, $period, $date, $segment); $campaigns->applyQueuedFilters(); $campaign = $campaigns->getRowFromIdSubDataTable($idSubtable)->getColumn('label'); @@ -296,6 +320,7 @@ class API extends \Piwik\Plugin\API public function getWebsites($idSite, $period, $date, $segment = false, $expanded = false, $flat = false) { + Piwik::checkUserHasViewAccess($idSite); $dataTable = Archive::createDataTableFromArchive(Archiver::WEBSITES_RECORD_NAME, $idSite, $period, $date, $segment, $expanded, $flat, $idSubtable = null); if ($flat) { @@ -309,6 +334,7 @@ class API extends \Piwik\Plugin\API public function getUrlsFromWebsiteId($idSite, $period, $date, $idSubtable, $segment = false) { + Piwik::checkUserHasViewAccess($idSite); $dataTable = $this->getDataTable(Archiver::WEBSITES_RECORD_NAME, $idSite, $period, $date, $segment, $expanded = false, $idSubtable); $dataTable->filter('Piwik\Plugins\Referrers\DataTable\Filter\UrlsFromWebsiteId'); $dataTable->filter('AddSegmentByLabel', array('referrerUrl')); @@ -330,6 +356,8 @@ class API extends \Piwik\Plugin\API */ public function getSocials($idSite, $period, $date, $segment = false, $expanded = false, $flat = false) { + Piwik::checkUserHasViewAccess($idSite); + $dataTable = Archive::createDataTableFromArchive(Archiver::SOCIAL_NETWORKS_RECORD_NAME, $idSite, $period, $date, $segment, $expanded, $flat); $dataTable->filter('ColumnCallbackAddMetadata', array('label', 'url', function ($name) { @@ -430,6 +458,8 @@ class API extends \Piwik\Plugin\API */ public function getUrlsForSocial($idSite, $period, $date, $segment = false, $idSubtable = false) { + Piwik::checkUserHasViewAccess($idSite); + $dataTable = $this->getDataTable(Archiver::SOCIAL_NETWORKS_RECORD_NAME, $idSite, $period, $date, $segment, $expanded = true, $idSubtable); if (!$idSubtable) { diff --git a/plugins/Referrers/tests/System/ApiTest.php b/plugins/Referrers/tests/System/ApiTest.php index 3e2d1f7e4b..e8e3a77012 100644 --- a/plugins/Referrers/tests/System/ApiTest.php +++ b/plugins/Referrers/tests/System/ApiTest.php @@ -66,6 +66,16 @@ class ApiTest extends SystemTestCase ], ]; + $apiToTest[] = [ + array('Referrers.getAll', 'Referrers.getReferrerType'), + [ + 'idSite' => 'all', + 'date' => '2010-01-01', + 'periods' => 'year', + 'testSuffix' => 'allSites', + ], + ]; + return $apiToTest; } diff --git a/plugins/Referrers/tests/System/expected/test_allSites__Referrers.getAll_year.xml b/plugins/Referrers/tests/System/expected/test_allSites__Referrers.getAll_year.xml new file mode 100644 index 0000000000..d97a29fa31 --- /dev/null +++ b/plugins/Referrers/tests/System/expected/test_allSites__Referrers.getAll_year.xml @@ -0,0 +1,6 @@ +<?xml version="1.0" encoding="utf-8" ?> +<result> + <error message="Referrers.getAll with multiple sites is not supported (yet). + + --> To temporarily debug this error further, set const PIWIK_PRINT_ERROR_BACKTRACE=true; in index.php" /> +</result>
\ No newline at end of file diff --git a/plugins/Referrers/tests/System/expected/test_allSites__Referrers.getReferrerType_year.xml b/plugins/Referrers/tests/System/expected/test_allSites__Referrers.getReferrerType_year.xml new file mode 100644 index 0000000000..b63e8a27bf --- /dev/null +++ b/plugins/Referrers/tests/System/expected/test_allSites__Referrers.getReferrerType_year.xml @@ -0,0 +1,6 @@ +<?xml version="1.0" encoding="utf-8" ?> +<result> + <error message="Referrers.getReferrerType with multiple sites is not supported (yet). + + --> To temporarily debug this error further, set const PIWIK_PRINT_ERROR_BACKTRACE=true; in index.php" /> +</result>
\ No newline at end of file diff --git a/plugins/VisitFrequency/API.php b/plugins/VisitFrequency/API.php index 550212d9e3..891258a9ef 100644 --- a/plugins/VisitFrequency/API.php +++ b/plugins/VisitFrequency/API.php @@ -35,6 +35,7 @@ class API extends \Piwik\Plugin\API */ public function get($idSite, $period, $date, $segment = false, $columns = false) { + Piwik::checkUserHasViewAccess($idSite); $segment = $this->appendReturningVisitorSegment($segment); $this->unprefixColumns($columns); |