diff options
author | Fabian Becker <fabian.becker@uni-tuebingen.de> | 2013-09-06 16:50:52 +0400 |
---|---|---|
committer | Fabian Becker <fabian.becker@uni-tuebingen.de> | 2013-09-06 16:50:52 +0400 |
commit | 8c1fcc15e99a4a12c393231339f34247ec12ed20 (patch) | |
tree | ba12285b154585403f05321df84666598c59b685 /core | |
parent | 84fe4420469ffb5ee4db8d40ed23db3d105a6304 (diff) |
Fix authentication for bulk tracking
refs #4135
Diffstat (limited to 'core')
-rw-r--r-- | core/Tracker.php | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/core/Tracker.php b/core/Tracker.php index 8b28a73596..333b6e68fe 100644 --- a/core/Tracker.php +++ b/core/Tracker.php @@ -191,7 +191,7 @@ class Tracker throw new Exception(" token_auth must be specified when using Bulk Tracking Import. See <a href='http://piwik.org/docs/tracking-api/reference/'>Tracking Doc</a>"); } if (!empty($this->requests)) { - $idSiteForAuthentication = 0; + $idSitesForAuthentication = array(); foreach ($this->requests as &$request) { // if a string is sent, we assume its a URL and try to parse it @@ -202,16 +202,20 @@ class Tracker if (!empty($url)) { @parse_str($url['query'], $params); $request = $params; - if (isset($request['idsite']) && !$idSiteForAuthentication) { - $idSiteForAuthentication = $request['idsite']; - } } } + + // We need to check access for each single request + if (isset($request['idsite']) && !in_array($request['idsite'], $idSitesForAuthentication)) { + $idSitesForAuthentication[] = $request['idsite']; + } } - // a Bulk Tracking request that is not authenticated should fail - if (!Request::authenticateSuperUserOrAdmin($tokenAuth, $idSiteForAuthentication)) { - throw new Exception(" token_auth specified is not valid for site " . intval($idSiteForAuthentication)); + foreach($idSitesForAuthentication as $idSiteForAuthentication) { + // a Bulk Tracking request that is not authenticated should fail + if (!Request::authenticateSuperUserOrAdmin($tokenAuth, $idSiteForAuthentication)) { + throw new Exception(" token_auth specified is not valid for site " . intval($idSiteForAuthentication)); + } } } return $tokenAuth; |