diff options
| author | mattab <matthieu.aubry@gmail.com> | 2015-12-18 04:29:26 +0300 |
|---|---|---|
| committer | mattab <matthieu.aubry@gmail.com> | 2015-12-18 04:29:26 +0300 |
| commit | df54f7416ffccf4678357312fdfbe11d7286120e (patch) | |
| tree | 5fe35cc0dcc53a00f4a8c8a2bf3a34720fc3d81e /plugins/Login/Controller.php | |
| parent | a981bf7fd0de8a26de94a6a88c792b4bd4f65bde (diff) | |
Display useful message how to solve "Form security error" issue, when SSL may be mis-configured
Diffstat (limited to 'plugins/Login/Controller.php')
| -rw-r--r-- | plugins/Login/Controller.php | 40 |
1 files changed, 38 insertions, 2 deletions
diff --git a/plugins/Login/Controller.php b/plugins/Login/Controller.php index 0bdb864e96..c2179ef97c 100644 --- a/plugins/Login/Controller.php +++ b/plugins/Login/Controller.php @@ -17,8 +17,10 @@ use Piwik\Cookie; use Piwik\Log; use Piwik\Nonce; use Piwik\Piwik; +use Piwik\ProxyHttp; use Piwik\QuickForm2; use Piwik\Session; +use Piwik\SettingsPiwik; use Piwik\Url; use Piwik\View; @@ -216,7 +218,41 @@ class Controller extends \Piwik\Plugin\Controller protected function getMessageExceptionNoAccess() { $message = Piwik::translate('Login_InvalidNonceOrHeadersOrReferrer', array('<a href="?module=Proxy&action=redirect&url=' . urlencode('http://piwik.org/faq/how-to-install/#faq_98') . '" target="_blank">', '</a>')); - // Should mention trusted_hosts or link to FAQ + + $message .= $this->getMessageExceptionNoAccessWhenInsecureConnectionMayBeUsed($message); + + return $message; + } + + /** + * The Session cookie is set to a secure cookie, when SSL is mis-configured, it can cause the PHP session cookie ID to change on each page view. + * Indicate to user how to solve this particular use case by forcing secure connections. + * + * @param $message + * @return string + */ + protected function getMessageExceptionNoAccessWhenInsecureConnectionMayBeUsed($message) + { + $message = ''; + + $isSecureConnectionLikelyNotUsed = Url::getCurrentSchemeFromRequestHeader() == 'http'; + $hasSessionCookieSecureFlag = ProxyHttp::isHttps(); + $isSecureConnectionAssumedByPiwikButNotForcedYet = Url::isPiwikServerAssumeSecureConnectionIsUsed() && !SettingsPiwik::isHttpsForced(); + if ( $isSecureConnectionLikelyNotUsed + && $hasSessionCookieSecureFlag + && $isSecureConnectionAssumedByPiwikButNotForcedYet + ) { + + $message = '<br/><br/>' . Piwik::translate('Login_InvalidNonceSSLMisconfigured', + array( + '<a href="?module=Proxy&action=redirect&url=' . urlencode('<a href="http://piwik.org/faq/how-to/faq_91/">') . '">', + '</a>', + 'config/config.ini.php', + '<pre>force_ssl=1</pre>', + '<pre>[General]</pre>', + ) + ); + } return $message; } @@ -224,7 +260,6 @@ class Controller extends \Piwik\Plugin\Controller * Reset password action. Stores new password as hash and sends email * to confirm use. * - * @param none */ function resetPassword() { @@ -346,4 +381,5 @@ class Controller extends \Piwik\Plugin\Controller Url::redirectToUrl($logoutUrl); } } + } |