diff options
author | mattpiwik <matthieu.aubry@gmail.com> | 2011-01-03 08:49:45 +0300 |
---|---|---|
committer | mattpiwik <matthieu.aubry@gmail.com> | 2011-01-03 08:49:45 +0300 |
commit | 956c25213d771f37f7ed51bd56b0788be05e6603 (patch) | |
tree | 83533901bd264f738f77350755112e9b304efe6e /plugins/Login | |
parent | 97d410fd5c78155ea744a1b0fe6aae074e5f72bb (diff) |
Various code cleanups and small improvements:
* Live! widget shows IP for all users except anonymous
* Widgetize displays full URL to the widget + preview link below widget
* Live! visitors text change from "Today" to "Last 24 hours" in preview
* remove data_push feature introduced in r1330 + removing campaign redirect feature since they are not used
* all errors should now display the Piwik header when applicable (or if a php error, prefixed with a sentence suggesting to submit error in piwik forums)
* fixing bug with cookie update when a visitor manually converts the same goal in the same second
* fixing XML output not valid in Chrome (HTML entities not valid, must use XML entities)
* simplifying + refactoring the truncation code in datatables.js (move from JS to small smarty template - hopefully we can fix this truncation and make it nice soon)
* removing unnecessary line breaks from translations
* refactoring duplicate code in renderers
git-svn-id: http://dev.piwik.org/svn/trunk@3565 59fd770c-687e-43c8-a1e3-f5a4ff64c105
Diffstat (limited to 'plugins/Login')
-rw-r--r-- | plugins/Login/Auth.php | 16 | ||||
-rw-r--r-- | plugins/Login/Controller.php | 4 | ||||
-rw-r--r-- | plugins/Login/tests/Login.test.php | 30 |
3 files changed, 40 insertions, 10 deletions
diff --git a/plugins/Login/Auth.php b/plugins/Login/Auth.php index 57589e3d0a..bd52367c49 100644 --- a/plugins/Login/Auth.php +++ b/plugins/Login/Auth.php @@ -42,7 +42,7 @@ class Piwik_Login_Auth implements Piwik_Auth if(is_null($this->login)) { - if($this->token_auth == $rootToken) + if($this->token_auth === $rootToken) { return new Piwik_Auth_Result(Piwik_Auth_Result::SUCCESS_SUPERUSER_AUTH_CODE, $rootLogin, $this->token_auth ); } @@ -53,16 +53,16 @@ class Piwik_Login_Auth implements Piwik_Auth WHERE token_auth = ?', array($this->token_auth) ); - if($login !== false) + if(!empty($login)) { return new Piwik_Auth_Result(Piwik_Auth_Result::SUCCESS, $login, $this->token_auth ); } } else if(!empty($this->login)) { - if($this->login == $rootLogin - && ($this->getHashTokenAuth($rootLogin, $rootToken) == $this->token_auth) - || $rootToken == $this->token_auth) + if($this->login === $rootLogin + && ($this->getHashTokenAuth($rootLogin, $rootToken) === $this->token_auth) + || $rootToken === $this->token_auth) { $this->setTokenAuth($rootToken); return new Piwik_Auth_Result(Piwik_Auth_Result::SUCCESS_SUPERUSER_AUTH_CODE, $rootLogin, $this->token_auth ); @@ -75,9 +75,9 @@ class Piwik_Login_Auth implements Piwik_Auth WHERE login = ?', array($login) ); - if($userToken !== false - && (($this->getHashTokenAuth($login, $userToken) == $this->token_auth) - || $userToken == $this->token_auth)) + if(!empty($userToken) + && (($this->getHashTokenAuth($login, $userToken) === $this->token_auth) + || $userToken === $this->token_auth)) { $this->setTokenAuth($userToken); return new Piwik_Auth_Result(Piwik_Auth_Result::SUCCESS, $login, $userToken ); diff --git a/plugins/Login/Controller.php b/plugins/Login/Controller.php index e2c8ec95e5..2d5da5e98f 100644 --- a/plugins/Login/Controller.php +++ b/plugins/Login/Controller.php @@ -105,7 +105,7 @@ class Piwik_Login_Controller extends Piwik_Controller $currentUrl = 'index.php'; $urlToRedirect = Piwik_Common::getRequestVar('url', $currentUrl, 'string'); - $urlToRedirect = htmlspecialchars_decode($urlToRedirect); + $urlToRedirect = Piwik_Common::unsanitizeInputValue($urlToRedirect); $this->authenticateAndRedirect($login, $password, false, $urlToRedirect); } @@ -178,7 +178,7 @@ class Piwik_Login_Controller extends Piwik_Controller $resetToken = self::generatePasswordResetToken($user); $ip = Piwik_Common::getIpString(); - $url = Piwik_Url::getCurrentUrlWithoutQueryString() . "?module=Login&action=resetPassword&token=$resetToken"; + $url = Piwik_Common::sanitizeInputValue(Piwik_Url::getCurrentUrlWithoutQueryString() . "?module=Login&action=resetPassword&token=$resetToken"); // send email with new password try diff --git a/plugins/Login/tests/Login.test.php b/plugins/Login/tests/Login.test.php index 6eb875a31f..207bf4124e 100644 --- a/plugins/Login/tests/Login.test.php +++ b/plugins/Login/tests/Login.test.php @@ -88,6 +88,12 @@ class Test_Piwik_Login extends Test_Database $rc = $auth->authenticate(); $this->assertEqual( $rc->getCode(), Piwik_Auth_Result::FAILURE ); + // not equal + $auth->setLogin('anonymous'); + $auth->setTokenAuth(0); + $rc = $auth->authenticate(); + $this->assertEqual( $rc->getCode(), Piwik_Auth_Result::FAILURE ); + // API authentication $auth->setLogin(null); $auth->setTokenAuth('anonymous'); @@ -132,6 +138,24 @@ class Test_Piwik_Login extends Test_Database $rc = $auth->authenticate(); $this->assertEqual( $rc->getCode(), Piwik_Auth_Result::FAILURE ); + // not equal + $auth->setLogin(0); + $auth->setTokenAuth(0); + $rc = $auth->authenticate(); + $this->assertEqual( $rc->getCode(), Piwik_Auth_Result::FAILURE ); + + // not equal + $auth->setLogin(0); + $auth->setTokenAuth($tokenAuth); + $rc = $auth->authenticate(); + $this->assertEqual( $rc->getCode(), Piwik_Auth_Result::FAILURE ); + + // not equal + $auth->setLogin($user['login']); + $auth->setTokenAuth(0); + $rc = $auth->authenticate(); + $this->assertEqual( $rc->getCode(), Piwik_Auth_Result::FAILURE ); + // API authentication $auth->setLogin(null); $auth->setTokenAuth($tokenAuth); @@ -179,6 +203,12 @@ class Test_Piwik_Login extends Test_Database $rc = $auth->authenticate(); $this->assertEqual( $rc->getCode(), Piwik_Auth_Result::FAILURE ); + // not equal + $auth->setLogin($user['login']); + $auth->setTokenAuth(0); + $rc = $auth->authenticate(); + $this->assertEqual( $rc->getCode(), Piwik_Auth_Result::FAILURE ); + // API authentication $auth->setLogin(null); $auth->setTokenAuth($tokenAuth); |