diff options
author | Stefan Giehl <stefan@matomo.org> | 2022-02-14 19:43:46 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-02-14 19:43:46 +0300 |
commit | 34e226540e69ab4b6dd82a9024d72782e1ac058a (patch) | |
tree | f7297830e03cbf304efe9029390a07787a4094e3 /core | |
parent | 4350dfb18698f54f164a868c0cb6c41ed3a6e67f (diff) |
Fix session timeouts in overlay session (#18648)
* Ensure samesite cookie attribute is set correctly for requests coming from overlay session
* Don't fetch API.getPagesComparisonsDisabledFor on Overlay page
* Check for explicit overlay requests
* Adds valid host check
* parse referer query
* use UrlHelper::getArrayFromQueryString
* Adds some tests for Overlay::isOverlayRequest
* apply review feedback
* built vue files
Co-authored-by: sgiehl <sgiehl@users.noreply.github.com>
Diffstat (limited to 'core')
-rw-r--r-- | core/Session.php | 6 | ||||
-rw-r--r-- | core/UrlHelper.php | 2 |
2 files changed, 5 insertions, 3 deletions
diff --git a/core/Session.php b/core/Session.php index 641334676c..096914e6e0 100644 --- a/core/Session.php +++ b/core/Session.php @@ -11,6 +11,7 @@ namespace Piwik; use Exception; use Piwik\Container\StaticContainer; use Piwik\Exception\MissingFilePermissionException; +use Piwik\Plugins\Overlay\Overlay; use Piwik\Session\SaveHandler\DbTable; use Psr\Log\LoggerInterface; use Zend_Session; @@ -170,10 +171,11 @@ class Session extends Zend_Session $module = Piwik::getModule(); $action = Piwik::getAction(); + $method = Common::getRequestVar('method', '', 'string'); + $referer = Url::getReferrer(); $isOptOutRequest = $module == 'CoreAdminHome' && $action == 'optOut'; - $isOverlay = $module == 'Overlay'; - $shouldUseNone = !empty($general['enable_framed_pages']) || $isOptOutRequest || $isOverlay; + $shouldUseNone = !empty($general['enable_framed_pages']) || $isOptOutRequest || Overlay::isOverlayRequest($module, $action, $method, $referer); if ($shouldUseNone && ProxyHttp::isHttps()) { return 'None'; diff --git a/core/UrlHelper.php b/core/UrlHelper.php index 2a0fc4cb1d..94c8ff9d55 100644 --- a/core/UrlHelper.php +++ b/core/UrlHelper.php @@ -202,7 +202,7 @@ class UrlHelper */ public static function getArrayFromQueryString($urlQuery) { - if (strlen($urlQuery) == 0) { + if (empty($urlQuery)) { return array(); } |