Merge branch '3.x-dev' into 4.x-dev

6 files changed, 78 insertions, 26 deletions

diff --git a/core/DeviceDetector/DeviceDetectorFactory.php b/core/DeviceDetector/DeviceDetectorFactory.php
index a10c06092b..6aa340e639 100644
--- a/core/DeviceDetector/DeviceDetectorFactory.php
+++ b/core/DeviceDetector/DeviceDetectorFactory.php
@@ -10,6 +10,7 @@ namespace Piwik\DeviceDetector;
 
 use DeviceDetector\DeviceDetector;
 use Piwik\Common;
+use Piwik\Container\StaticContainer;
 
 class DeviceDetectorFactory
 {
@@ -51,7 +52,7 @@ class DeviceDetectorFactory
     {
         $deviceDetector = new DeviceDetector($userAgent);
         $deviceDetector->discardBotInformation();
-        $deviceDetector->setCache(new DeviceDetectorCache(86400));
+        $deviceDetector->setCache(StaticContainer::get('DeviceDetector\Cache\Cache'));
         $deviceDetector->parse();
         return $deviceDetector;
     }
diff --git a/core/Nonce.php b/core/Nonce.php
index 9f5a9091bc..ef0b09bf21 100644
--- a/core/Nonce.php
+++ b/core/Nonce.php
@@ -127,28 +127,35 @@ class Nonce
     public static function getAcceptableOrigins()
     {
         $host = Url::getCurrentHost(null);
-        $port = '';
-
-        // parse host:port
-        if (preg_match('/^([^:]+):([0-9]+)$/D', $host, $matches)) {
-            $host = $matches[1];
-            $port = $matches[2];
-        }
 
         if (empty($host)) {
             return array();
         }
 
-        // standard ports
-        $origins = array(
-            'http://' . $host,
-            'https://' . $host,
-        );
-
-        // non-standard ports
-        if (!empty($port) && $port != 80 && $port != 443) {
-            $origins[] = 'http://' . $host . ':' . $port;
+        // parse host:port
+        if (preg_match('/^([^:]+):([0-9]+)$/D', $host, $matches)) {
+            $host = $matches[1];
+            $port = $matches[2];
+            $origins = array(
+                'http://' . $host,
+                'https://' . $host,
+            );
+            if ($port != 443) {
+                $origins[] = 'http://' . $host .':' . $port;
+            }
             $origins[] = 'https://' . $host . ':' . $port;
+        } elseif (Config::getInstance()->General['force_ssl']) {
+            $origins = array(
+                'https://' . $host,
+                'https://' . $host . ':443',
+            );
+        } else {
+            $origins = array(
+                'http://' . $host,
+                'https://' . $host,
+                'http://' . $host . ':80',
+                'https://' . $host . ':443',
+            );
         }
 
         return $origins;
diff --git a/core/Option.php b/core/Option.php
index be6bdef8f4..4b9fc05985 100644
--- a/core/Option.php
+++ b/core/Option.php
@@ -49,10 +49,11 @@ class Option
     }
 
     /**
-     * Returns option values for options whose names are like a given pattern.
+     * Returns option values for options whose names are like a given pattern. Only `%` is supported as part of the
+     * pattern.
      *
      * @param string $namePattern The pattern used in the SQL `LIKE` expression
-     *                            used to SELECT options.
+     *                            used to SELECT options.`'%'` characters should be used as wildcard. Underscore match is not supported.
      * @return array Array mapping option names with option values.
      */
     public static function getLike($namePattern)
@@ -85,10 +86,10 @@ class Option
     }
 
     /**
-     * Deletes all options that match the supplied pattern.
+     * Deletes all options that match the supplied pattern. Only `%` is supported as part of the
+     * pattern.
      *
-     * @param string $namePattern Pattern of key to match. `'%'` characters should be used as wildcards, and literal
-     *                            `'_'` characters should be escaped.
+     * @param string $namePattern Pattern of key to match. `'%'` characters should be used as wildcard. Underscore match is not supported.
      * @param string $value If supplied, options will be deleted only if their value matches this value.
      */
     public static function deleteLike($namePattern, $value = null)
@@ -231,6 +232,8 @@ class Option
     protected function deleteNameLike($name, $value = null)
     {
         $name   = $this->trimOptionNameIfNeeded($name);
+        $name = $this->getNameForLike($name);
+
         $sql    = 'DELETE FROM `' . Common::prefixTable('option') . '` WHERE option_name LIKE ?';
         $bind[] = $name;
 
@@ -244,9 +247,19 @@ class Option
         $this->clearCache();
     }
 
+    private function getNameForLike($name)
+    {
+        $name = str_replace('\_', '###NOREPLACE###', $name);
+        $name = str_replace('_', '\_', $name);
+        $name = str_replace( '###NOREPLACE###', '\_', $name);
+        return $name;
+    }
+
     protected function getNameLike($name)
     {
         $name = $this->trimOptionNameIfNeeded($name);
+        $name = $this->getNameForLike($name);
+
         $sql  = 'SELECT option_name, option_value FROM `' . Common::prefixTable('option') . '` WHERE option_name LIKE ?';
         $bind = array($name);
         $rows = Db::fetchAll($sql, $bind);
diff --git a/core/Tracker/Request.php b/core/Tracker/Request.php
index 57458fa000..98133e4319 100644
--- a/core/Tracker/Request.php
+++ b/core/Tracker/Request.php
@@ -208,7 +208,7 @@ class Request
                 return true;
             }
         }
-        
+
         Piwik::postEvent('Request.initAuthenticationObject');
 
         /** @var \Piwik\Auth $auth */
@@ -541,7 +541,7 @@ class Request
         return Common::getRequestVar('ua', $default, 'string', $this->params);
     }
 
-    protected function shouldUseThirdPartyCookie()
+    public function shouldUseThirdPartyCookie()
     {
         return (bool)Config::getInstance()->Tracker['use_third_party_id_cookie'];
     }
@@ -567,6 +567,10 @@ class Request
             return;
         }
 
+        if (\Piwik\Tracker\IgnoreCookie::isIgnoreCookieFound()) {
+            return;
+        }
+
         $cookie = $this->makeThirdPartyCookieUID();
         $idVisitor = bin2hex($idVisitor);
         $cookie->set(0, $idVisitor);
@@ -631,7 +635,7 @@ class Request
         $found = false;
 
         if (TrackerConfig::getConfigValue('enable_userid_overwrites_visitorid')) {
-            // If User ID is set it takes precedence 
+            // If User ID is set it takes precedence
             $userId = $this->getForcedUserId();
             if ($userId) {
                 $userIdHashed = $this->getUserIdHashed($userId);
diff --git a/core/Tracker/Settings.php b/core/Tracker/Settings.php
index 656d07dcca..74a66d0c65 100644
--- a/core/Tracker/Settings.php
+++ b/core/Tracker/Settings.php
@@ -57,6 +57,17 @@ class Settings // TODO: merge w/ visitor recognizer or make it it's own service.
             $os = empty($os['short_name']) ? 'UNK' : $os['short_name'];
         }
 
+        $client = $deviceDetector->getClient();
+        if (!empty($client['name']) && $client['name'] === 'Internet Explorer') {
+            // we assume cookies are disabled... when in tracker cookies are disabled, this ensures when upgrading to this version
+            // that no fingerprint changes in the 30min window during the upgrade...
+            // We don't include it anymore as it otherwise may cause new visits to be created when switching between
+            // cookies disabled and enabled in IE11 or older. Before Matomo 3.13.7 when cookies were disabled, then
+            // this value was set to 0. For people with cookies enabled the fingerprint is not as relevant as the visitorId
+            // is used to identify a visitor
+            $plugin_Cookie = '0';
+        }
+
         $browserLang = substr($request->getBrowserLanguage(), 0, 20); // limit the length of this string to match db
         $trackerConfig = Config::getInstance()->Tracker;
 
diff --git a/core/Tracker/Visit.php b/core/Tracker/Visit.php
index 738f734f16..61c5893455 100644
--- a/core/Tracker/Visit.php
+++ b/core/Tracker/Visit.php
@@ -561,10 +561,26 @@ class Visit implements VisitInterface
      */
     private function setIdVisitorForExistingVisit($valuesToUpdate)
     {
-        // Might update the idvisitor when it was forced or overwritten for this visit
         if (strlen($this->visitProperties->getProperty('idvisitor')) == Tracker::LENGTH_BINARY_ID) {
             $valuesToUpdate['idvisitor'] = $this->visitProperties->getProperty('idvisitor');
         }
+        
+        $visitorId = $this->request->getVisitorId();
+        if ($visitorId && strlen($visitorId) === Tracker::LENGTH_BINARY_ID) {
+            // Might update the idvisitor when it was forced or overwritten for this visit
+            $valuesToUpdate['idvisitor'] = $this->request->getVisitorId(); 
+        }
+
+        if (TrackerConfig::getConfigValue('enable_userid_overwrites_visitorid')) {
+            // User ID takes precedence and overwrites idvisitor value
+            $userId = $this->request->getForcedUserId();
+            if ($userId) {
+                $userIdHash = $this->request->getUserIdHashed($userId);
+                $binIdVisitor = Common::hex2bin($userIdHash);
+                $this->visitProperties->setProperty('idvisitor', $binIdVisitor);
+                $valuesToUpdate['idvisitor'] = $binIdVisitor;
+            }
+        }
 
         if (TrackerConfig::getConfigValue('enable_userid_overwrites_visitorid')) {
             // User ID takes precedence and overwrites idvisitor value