Tracking API: when overriding the request datetime with an invalid token_auth, don't track the request (#10899)

* refs #10890 ignore tracking requests with custom timestamp, accept timestamps up to 1 day in past, added config for timestamps that require auth

* fix test

* update travis yml

* update travis

* update travis

* fix test

* added changelog entry

* .travis.yml file is out of date, auto-updating .travis.yml file.

* .travis.yml file is out of date, auto-updating .travis.yml file.

* .travis.yml file is out of date, auto-updating .travis.yml file.

* .travis.yml file is out of date, auto-updating .travis.yml file.

* .travis.yml file is out of date, auto-updating .travis.yml file.

* .travis.yml file is out of date, auto-updating .travis.yml file.

* New config.ini.php setting: `tracking_requests_require_authentication_when_custom_timestamp_newer_than`

1 files changed, 5 insertions, 0 deletions

diff --git a/config/global.ini.php b/config/global.ini.php
index a12a5947ad..1b03d9a088 100644
--- a/config/global.ini.php
+++ b/config/global.ini.php
@@ -697,6 +697,11 @@ bulk_requests_use_transaction = 1
 ; DO NOT USE THIS SETTING ON PUBLIC PIWIK SERVERS
 tracking_requests_require_authentication = 1
 
+; By default, Piwik accepts only tracking requests for up to 1 day in the past. For tracking requests with a custom date
+; date is older than 1 day, Piwik requires an authenticated tracking requests. By setting this config to another value
+; You can change how far back Piwik will track your requests without authentication. The configured value is in seconds.
+tracking_requests_require_authentication_when_custom_timestamp_newer_than = 86400;
+
 [Segments]
 ; Reports with segmentation in API requests are processed in real time.
 ; On high traffic websites it is recommended to pre-process the data