diff options
author | Thomas Steur <tsteur@users.noreply.github.com> | 2016-12-01 03:46:49 +0300 |
---|---|---|
committer | Matthieu Aubry <mattab@users.noreply.github.com> | 2016-12-01 03:46:49 +0300 |
commit | 48c8ca9e4da5a01695aa3c0d49d301ce35b3d35d (patch) | |
tree | 3b02ec7fd3a717878f78e6284c45581dd2013dd9 /core/Tracker/Request.php | |
parent | 107147670f46b234afadefe82e0c384b10c41279 (diff) |
Tracking API: when overriding the request datetime with an invalid token_auth, don't track the request (#10899)
* refs #10890 ignore tracking requests with custom timestamp, accept timestamps up to 1 day in past, added config for timestamps that require auth
* fix test
* update travis yml
* update travis
* update travis
* fix test
* added changelog entry
* .travis.yml file is out of date, auto-updating .travis.yml file.
* .travis.yml file is out of date, auto-updating .travis.yml file.
* .travis.yml file is out of date, auto-updating .travis.yml file.
* .travis.yml file is out of date, auto-updating .travis.yml file.
* .travis.yml file is out of date, auto-updating .travis.yml file.
* .travis.yml file is out of date, auto-updating .travis.yml file.
* New config.ini.php setting: `tracking_requests_require_authentication_when_custom_timestamp_newer_than`
Diffstat (limited to 'core/Tracker/Request.php')
-rw-r--r-- | core/Tracker/Request.php | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/core/Tracker/Request.php b/core/Tracker/Request.php index 8ad254f96b..948d41da9c 100644 --- a/core/Tracker/Request.php +++ b/core/Tracker/Request.php @@ -54,7 +54,7 @@ class Request const UNKNOWN_RESOLUTION = 'unknown'; - const CUSTOM_TIMESTAMP_DOES_NOT_REQUIRE_TOKENAUTH_WHEN_NEWER_THAN = 14400; // 4 hours + private $customTimestampDoesNotRequireTokenauthWhenNewerThan; /** * @param $params @@ -70,6 +70,7 @@ class Request $this->tokenAuth = $tokenAuth; $this->timestamp = time(); $this->isEmptyRequest = empty($params); + $this->customTimestampDoesNotRequireTokenauthWhenNewerThan = (int) TrackerConfig::getConfigValue('tracking_requests_require_authentication_when_custom_timestamp_newer_than'); // When the 'url' and referrer url parameter are not given, we might be in the 'Simple Image Tracker' mode. // The URL can default to the Referrer, which will be in this case @@ -465,13 +466,14 @@ class Request // If timestamp in the past, token_auth is required $timeFromNow = $this->timestamp - $cdt; - $isTimestampRecent = $timeFromNow < self::CUSTOM_TIMESTAMP_DOES_NOT_REQUIRE_TOKENAUTH_WHEN_NEWER_THAN; + $isTimestampRecent = $timeFromNow < $this->customTimestampDoesNotRequireTokenauthWhenNewerThan; if (!$isTimestampRecent) { if (!$this->isAuthenticated()) { - Common::printDebug(sprintf("Custom timestamp is %s seconds old, requires &token_auth...", $timeFromNow)); + $message = sprintf("Custom timestamp is %s seconds old, requires &token_auth...", $timeFromNow); + Common::printDebug($message); Common::printDebug("WARN: Tracker API 'cdt' was used with invalid token_auth"); - return false; + throw new InvalidRequestParameterException($message); } } |