diff options
| author | Ashleigh Pearson <ashleigh.pearson.nz@gmail.com> | 2016-01-20 00:29:45 +0300 |
|---|---|---|
| committer | Ashleigh Pearson <ashleigh.pearson.nz@gmail.com> | 2016-01-20 00:29:45 +0300 |
| commit | 0c8b27b83d4cfb9309e517329369196187004023 (patch) | |
| tree | 9f48a1bcf47457cb7091b4755101e67e54f9856b /core/Plugin/ControllerAdmin.php | |
| parent | cc04bfee6f6553966c1cd26bd2007b58b8615051 (diff) | |
Show a warning when Piwik is used as a SuperUser via HTTP #9305
Diffstat (limited to 'core/Plugin/ControllerAdmin.php')
| -rw-r--r-- | core/Plugin/ControllerAdmin.php | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/core/Plugin/ControllerAdmin.php b/core/Plugin/ControllerAdmin.php index 8e4715cfb9..37ce526b8b 100644 --- a/core/Plugin/ControllerAdmin.php +++ b/core/Plugin/ControllerAdmin.php @@ -21,6 +21,7 @@ use Piwik\Tracker\TrackerConfig; use Piwik\Url; use Piwik\Version; use Piwik\View; +use Piwik\ProxyHttp; /** * Base class of plugin controllers that provide administrative functionality. @@ -86,6 +87,31 @@ abstract class ControllerAdmin extends Controller self::setBasicVariablesAdminView($view); } + private static function notifyIfURLIsNotSecure() + { + $isURLSecure = ProxyHttp::isHttps(); + if ($isURLSecure) { + return; + } + + if (!Piwik::hasUserSuperUserAccess()) { + return; + } + + $message = Piwik::translate('General_CurrentlyUsingUnsecureHttp'); + + $message .= " "; + + $message .= Piwik::translate('General_ReadThisToLearnMore', + array('<a rel="noreferrer" target="_blank" href="https://piwik.org/faq/how-to/faq_91/">', '</a>') + ); + + $notification = new Notification($message); + $notification->context = Notification::CONTEXT_WARNING; + $notification->raw = true; + Notification\Manager::notify('ControllerAdmin_HttpIsUsed', $notification); + } + /** * @ignore */ @@ -104,6 +130,7 @@ abstract class ControllerAdmin extends Controller } } + private static function notifyIfEAcceleratorIsUsed() { $isEacceleratorUsed = ini_get('eaccelerator.enable'); @@ -195,6 +222,7 @@ abstract class ControllerAdmin extends Controller { self::notifyWhenTrackingStatisticsDisabled(); self::notifyIfEAcceleratorIsUsed(); + self::notifyIfURLIsNotSecure(); $view->topMenu = MenuTop::getInstance()->getMenu(); $view->userMenu = MenuUser::getInstance()->getMenu(); |