Various code cleanups and small improvements:

 * Live! widget shows IP for all users except anonymous
 * Widgetize displays full URL to the widget + preview link below widget
 * Live! visitors text change from "Today" to "Last 24 hours" in preview
 * remove data_push feature introduced in r1330 + removing campaign redirect feature since they are not used
 * all errors should now display the Piwik header when applicable (or if a php error, prefixed with a sentence suggesting to submit error in piwik forums)
 * fixing bug with cookie update when a visitor manually converts the same goal in the same second
 * fixing XML output not valid in Chrome (HTML entities not valid, must use XML entities)
 * simplifying + refactoring the truncation code in datatables.js (move from JS to small smarty template - hopefully we can fix this truncation and make it nice soon)
 * removing unnecessary line breaks from translations
 * refactoring duplicate code in renderers 

git-svn-id: http://dev.piwik.org/svn/trunk@3565 59fd770c-687e-43c8-a1e3-f5a4ff64c105

3 files changed, 40 insertions, 10 deletions

diff --git a/plugins/Login/Auth.php b/plugins/Login/Auth.php
index 57589e3d0a..bd52367c49 100644
--- a/plugins/Login/Auth.php
+++ b/plugins/Login/Auth.php
@@ -42,7 +42,7 @@ class Piwik_Login_Auth implements Piwik_Auth
 
 		if(is_null($this->login))
 		{
-			if($this->token_auth == $rootToken)
+			if($this->token_auth === $rootToken)
 			{
 				return new Piwik_Auth_Result(Piwik_Auth_Result::SUCCESS_SUPERUSER_AUTH_CODE, $rootLogin, $this->token_auth );
 			}
@@ -53,16 +53,16 @@ class Piwik_Login_Auth implements Piwik_Auth
 					WHERE token_auth = ?',
 					array($this->token_auth)
 			);
-			if($login !== false)
+			if(!empty($login))
 			{
 				return new Piwik_Auth_Result(Piwik_Auth_Result::SUCCESS, $login, $this->token_auth );
 			}
 		}
 		else if(!empty($this->login))
 		{
-			if($this->login == $rootLogin
-				&& ($this->getHashTokenAuth($rootLogin, $rootToken) == $this->token_auth)
-				|| $rootToken == $this->token_auth)
+			if($this->login === $rootLogin
+				&& ($this->getHashTokenAuth($rootLogin, $rootToken) === $this->token_auth)
+				|| $rootToken === $this->token_auth)
 			{
 				$this->setTokenAuth($rootToken);
 				return new Piwik_Auth_Result(Piwik_Auth_Result::SUCCESS_SUPERUSER_AUTH_CODE, $rootLogin, $this->token_auth );
@@ -75,9 +75,9 @@ class Piwik_Login_Auth implements Piwik_Auth
 					WHERE login = ?',
 					array($login)
 			);
-			if($userToken !== false
-				&& (($this->getHashTokenAuth($login, $userToken) == $this->token_auth)
-				|| $userToken == $this->token_auth))
+			if(!empty($userToken)
+				&& (($this->getHashTokenAuth($login, $userToken) === $this->token_auth)
+				|| $userToken === $this->token_auth))
 			{
 				$this->setTokenAuth($userToken);
 				return new Piwik_Auth_Result(Piwik_Auth_Result::SUCCESS, $login, $userToken );
diff --git a/plugins/Login/Controller.php b/plugins/Login/Controller.php
index e2c8ec95e5..2d5da5e98f 100644
--- a/plugins/Login/Controller.php
+++ b/plugins/Login/Controller.php
@@ -105,7 +105,7 @@ class Piwik_Login_Controller extends Piwik_Controller
 
 		$currentUrl = 'index.php';
 		$urlToRedirect = Piwik_Common::getRequestVar('url', $currentUrl, 'string');
-		$urlToRedirect = htmlspecialchars_decode($urlToRedirect);
+		$urlToRedirect = Piwik_Common::unsanitizeInputValue($urlToRedirect);
 
 		$this->authenticateAndRedirect($login, $password, false, $urlToRedirect);
 	}
@@ -178,7 +178,7 @@ class Piwik_Login_Controller extends Piwik_Controller
 		$resetToken = self::generatePasswordResetToken($user);
 
 		$ip = Piwik_Common::getIpString();
-		$url = Piwik_Url::getCurrentUrlWithoutQueryString() . "?module=Login&action=resetPassword&token=$resetToken";
+		$url = Piwik_Common::sanitizeInputValue(Piwik_Url::getCurrentUrlWithoutQueryString() . "?module=Login&action=resetPassword&token=$resetToken");
 
 		// send email with new password
 		try
diff --git a/plugins/Login/tests/Login.test.php b/plugins/Login/tests/Login.test.php
index 6eb875a31f..207bf4124e 100644
--- a/plugins/Login/tests/Login.test.php
+++ b/plugins/Login/tests/Login.test.php
@@ -88,6 +88,12 @@ class Test_Piwik_Login extends Test_Database
 		$rc = $auth->authenticate();
 		$this->assertEqual( $rc->getCode(), Piwik_Auth_Result::FAILURE );
 
+		// not equal
+		$auth->setLogin('anonymous');
+		$auth->setTokenAuth(0);
+		$rc = $auth->authenticate();
+		$this->assertEqual( $rc->getCode(), Piwik_Auth_Result::FAILURE );
+
 		// API authentication
 		$auth->setLogin(null);
 		$auth->setTokenAuth('anonymous');
@@ -132,6 +138,24 @@ class Test_Piwik_Login extends Test_Database
 		$rc = $auth->authenticate();
 		$this->assertEqual( $rc->getCode(), Piwik_Auth_Result::FAILURE );
 
+		// not equal
+		$auth->setLogin(0);
+		$auth->setTokenAuth(0);
+		$rc = $auth->authenticate();
+		$this->assertEqual( $rc->getCode(), Piwik_Auth_Result::FAILURE );
+
+		// not equal
+		$auth->setLogin(0);
+		$auth->setTokenAuth($tokenAuth);
+		$rc = $auth->authenticate();
+		$this->assertEqual( $rc->getCode(), Piwik_Auth_Result::FAILURE );
+
+		// not equal
+		$auth->setLogin($user['login']);
+		$auth->setTokenAuth(0);
+		$rc = $auth->authenticate();
+		$this->assertEqual( $rc->getCode(), Piwik_Auth_Result::FAILURE );
+
 		// API authentication
 		$auth->setLogin(null);
 		$auth->setTokenAuth($tokenAuth);
@@ -179,6 +203,12 @@ class Test_Piwik_Login extends Test_Database
 		$rc = $auth->authenticate();
 		$this->assertEqual( $rc->getCode(), Piwik_Auth_Result::FAILURE );
 
+		// not equal
+		$auth->setLogin($user['login']);
+		$auth->setTokenAuth(0);
+		$rc = $auth->authenticate();
+		$this->assertEqual( $rc->getCode(), Piwik_Auth_Result::FAILURE );
+
 		// API authentication
 		$auth->setLogin(null);
 		$auth->setTokenAuth($tokenAuth);