Merge pull request #6671 from piwik/6661

Throw HTTP 400 error when idsite is invalid
author: Thomas Steur <tsteur@users.noreply.github.com> 2014-11-16 22:36:55 +0300
committer: Thomas Steur <tsteur@users.noreply.github.com> 2014-11-16 22:36:55 +0300
commit: 0d967aa37142e388f06d490421acb516a28999a2 (patch)
tree: 12f9c802732a5378391d38daf3460e795bcbbb38 /core
parent: 678b7eabb1498b600b8be244b6c8ec0337c12911 (diff)
parent: 332af2a3085cf3b35815d1f4b55f9059a627819a (diff)
7 files changed, 92 insertions, 27 deletions
diff --git a/core/Common.php b/core/Common.php
index a3e7515a24..9bb4108739 100644
--- a/core/Common.php
+++ b/core/Common.php
@@ -1150,6 +1150,48 @@ class Common
     }
 
     /**
+     * Sends the given response code if supported.
+     *
+     * @param int $code  Eg 204
+     *
+     * @throws Exception
+     */
+    public static function sendResponseCode($code)
+    {
+        $messages = array(
+            200 => 'Ok',
+            204 => 'No Response',
+            301 => 'Moved Permanently',
+            302 => 'Found',
+            304 => 'Not Modified',
+            400 => 'Bad Request',
+            401 => 'Unauthorized',
+            403 => 'Forbidden',
+            404 => 'Not Found',
+            500 => 'Internal Server Error'
+        );
+
+        if (!array_key_exists($code, $messages)) {
+            throw new Exception('Response code not supported: ' . $code);
+        }
+
+        if (strpos(PHP_SAPI, '-fcgi') === false) {
+            $key = $_SERVER['SERVER_PROTOCOL'];
+
+            if (strlen($key) > 15 || empty($key)) {
+                $key = 'HTTP/1.1';
+            }
+
+        } else {
+            // FastCGI
+            $key = 'Status:';
+        }
+
+        $message = $messages[$code];
+        Common::sendHeader($key . ' ' . $code . ' ' . $message);
+    }
+
+    /**
      * Returns the ID of the current LocationProvider (see UserCountry plugin code) from
      * the Tracker cache.
      */
diff --git a/core/Exception/InvalidRequestParameterException.php b/core/Exception/InvalidRequestParameterException.php
new file mode 100644
index 0000000000..13ead2e716
--- /dev/null
+++ b/core/Exception/InvalidRequestParameterException.php
@@ -0,0 +1,13 @@
+<?php
+/**
+ * Piwik - free/libre analytics platform
+ *
+ * @link http://piwik.org
+ * @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later
+ *
+ */
+namespace Piwik\Exception;
+
+class InvalidRequestParameterException extends Exception
+{
+}
+\ No newline at end of file
diff --git a/core/Exception/UnexpectedWebsiteFoundException.php b/core/Exception/UnexpectedWebsiteFoundException.php
new file mode 100644
index 0000000000..68178d8599
--- /dev/null
+++ b/core/Exception/UnexpectedWebsiteFoundException.php
@@ -0,0 +1,13 @@
+<?php
+/**
+ * Piwik - free/libre analytics platform
+ *
+ * @link http://piwik.org
+ * @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later
+ *
+ */
+namespace Piwik\Exception;
+
+class UnexpectedWebsiteFoundException extends Exception
+{
+}
+\ No newline at end of file
diff --git a/core/ProxyHttp.php b/core/ProxyHttp.php
index 69f7144b44..b2939e9a39 100644
--- a/core/ProxyHttp.php
+++ b/core/ProxyHttp.php
@@ -66,7 +66,7 @@ class ProxyHttp
     {
         // if the file cannot be found return HTTP status code '404'
         if (!file_exists($file)) {
-            self::setHttpStatus('404 Not Found');
+            Common::sendResponseCode(404);
             return;
         }
 
@@ -87,7 +87,7 @@ class ProxyHttp
 
         // Return 304 if the file has not modified since
         if ($modifiedSince === $lastModified) {
-            self::setHttpStatus('304 Not Modified');
+            Common::sendResponseCode(304);
             return;
         }
 
@@ -158,7 +158,7 @@ class ProxyHttp
         }
 
         if (!_readfile($file, $byteStart, $byteEnd)) {
-            self::setHttpStatus('505 Internal server error');
+            Common::sendResponseCode(500);
         }
     }
 
@@ -220,24 +220,6 @@ class ProxyHttp
     }
 
     /**
-     * Set response header, e.g., HTTP/1.0 200 Ok
-     *
-     * @param string $status Status
-     * @return bool
-     */
-    protected static function setHttpStatus($status)
-    {
-        if (strpos(PHP_SAPI, '-fcgi') === false) {
-            $key = $_SERVER['SERVER_PROTOCOL'];
-        } else {
-            // FastCGI
-            $key = 'Status:';
-        }
-
-        Common::sendHeader($key . ' ' . $status);
-    }
-
-    /**
      * Returns a formatted Expires HTTP header for a certain number of days in the future. The result
      * can be used in a call to `header()`.
      */
diff --git a/core/Site.php b/core/Site.php
index 96b7316b76..deefbd4911 100644
--- a/core/Site.php
+++ b/core/Site.php
@@ -10,6 +10,7 @@
 namespace Piwik;
 
 use Exception;
+use Piwik\Exception\UnexpectedWebsiteFoundException;
 use Piwik\Plugins\SitesManager\API;
 
 /**
@@ -95,7 +96,7 @@ class Site
     protected static function setSite($idSite, $infoSite)
     {
         if (empty($idSite) || empty($infoSite)) {
-            throw new Exception("An unexpected website was found, check idSite in the request.");
+            throw new UnexpectedWebsiteFoundException("An unexpected website was found, check idSite in the request.");
         }
 
         /**
diff --git a/core/Tracker.php b/core/Tracker.php
index a84afd9632..d6b2d9236f 100644
--- a/core/Tracker.php
+++ b/core/Tracker.php
@@ -9,6 +9,8 @@
 namespace Piwik;
 
 use Exception;
+use Piwik\Exception\InvalidRequestParameterException;
+use Piwik\Exception\UnexpectedWebsiteFoundException;
 use Piwik\Plugins\PrivacyManager\Config as PrivacyManagerConfig;
 use Piwik\Plugins\SitesManager\SiteUrls;
 use Piwik\Tracker\Cache;
@@ -412,15 +414,16 @@ class Tracker
      *
      * @param Exception $e
      * @param bool $authenticated
+     * @param int  $statusCode eg 500
      */
-    protected function exitWithException($e, $authenticated = false)
+    protected function exitWithException($e, $authenticated = false, $statusCode = 500)
     {
         if ($this->hasRedirectUrl()) {
             $this->performRedirectToUrlIfSet();
             exit;
         }
 
-        Common::sendHeader('HTTP/1.1 500 Internal Server Error');
+        Common::sendResponseCode($statusCode);
         error_log(sprintf("Error in Piwik (tracker): %s", str_replace("\n", " ", $this->getMessageFromException($e))));
 
         if ($this->usingBulkTracking) {
@@ -456,6 +459,7 @@ class Tracker
         } else {
             $this->sendResponse();
         }
+
         die(1);
         exit;
     }
@@ -666,7 +670,8 @@ class Tracker
         $request = $_GET + $_POST;
 
         if (array_key_exists('send_image', $request) && $request['send_image'] === '0') {
-            Common::sendHeader("HTTP/1.1 204 No Response");
+            Common::sendResponseCode(204);
+
             return;
         }
 
@@ -841,6 +846,12 @@ class Tracker
             } else {
                 Common::printDebug("The request is invalid: empty request, or maybe tracking is disabled in the config.ini.php via record_statistics=0");
             }
+        } catch (UnexpectedWebsiteFoundException $e) {
+            Common::printDebug("Exception: " . $e->getMessage());
+            $this->exitWithException($e, $isAuthenticated, 400);
+        } catch (InvalidRequestParameterException $e) {
+            Common::printDebug("Exception: " . $e->getMessage());
+            $this->exitWithException($e, $isAuthenticated, 400);
         } catch (DbException $e) {
             Common::printDebug("Exception: " . $e->getMessage());
             $this->exitWithException($e, $isAuthenticated);
diff --git a/core/Tracker/Request.php b/core/Tracker/Request.php
index b733ae30ea..bc70513216 100644
--- a/core/Tracker/Request.php
+++ b/core/Tracker/Request.php
@@ -12,6 +12,9 @@ use Exception;
 use Piwik\Common;
 use Piwik\Config;
 use Piwik\Cookie;
+use Piwik\Exception\InvalidRequestParameterException;
+use Piwik\Exception\InvalidVisitorIdException;
+use Piwik\Exception\UnexpectedWebsiteFoundException;
 use Piwik\IP;
 use Piwik\Network\IPUtils;
 use Piwik\Piwik;
@@ -390,7 +393,7 @@ class Request
         Piwik::postEvent('Tracker.Request.getIdSite', array(&$idSite, $this->params));
 
         if ($idSite <= 0) {
-            throw new Exception('Invalid idSite: \'' . $idSite . '\'');
+            throw new UnexpectedWebsiteFoundException('Invalid idSite: \'' . $idSite . '\'');
         }
 
         return $idSite;
@@ -523,7 +526,7 @@ class Request
             $idVisitor = $this->getForcedVisitorId();
             if (!empty($idVisitor)) {
                 if (strlen($idVisitor) != Tracker::LENGTH_HEX_ID_STRING) {
-                    throw new Exception("Visitor ID (cid) $idVisitor must be " . Tracker::LENGTH_HEX_ID_STRING . " characters long");
+                    throw new InvalidRequestParameterException("Visitor ID (cid) $idVisitor must be " . Tracker::LENGTH_HEX_ID_STRING . " characters long");
                 }
                 Common::printDebug("Request will be recorded for this idvisitor = " . $idVisitor);
                 $found = true;
author	Thomas Steur <tsteur@users.noreply.github.com>	2014-11-16 22:36:55 +0300
committer	Thomas Steur <tsteur@users.noreply.github.com>	2014-11-16 22:36:55 +0300
commit	0d967aa37142e388f06d490421acb516a28999a2 (patch)
tree	12f9c802732a5378391d38daf3460e795bcbbb38 /core
parent	678b7eabb1498b600b8be244b6c8ec0337c12911 (diff)
parent	332af2a3085cf3b35815d1f4b55f9059a627819a (diff)