Force tracker failure if location url params are used in unauthenticated request. (#13867)

1 files changed, 6 insertions, 6 deletions

diff --git a/plugins/UserCountry/Columns/Base.php b/plugins/UserCountry/Columns/Base.php
index d599043aba..bb6c45b9bb 100644
--- a/plugins/UserCountry/Columns/Base.php
+++ b/plugins/UserCountry/Columns/Base.php
@@ -9,11 +9,10 @@
 namespace Piwik\Plugins\UserCountry\Columns;
 
 use Piwik\Common;
+use Piwik\Exception\InvalidRequestParameterException;
 use Piwik\Network\IPUtils;
 use Piwik\Plugin\Dimension\VisitDimension;
 use Piwik\Plugins\UserCountry\VisitorGeolocator;
-use Piwik\Plugins\UserCountry\LocationProvider\GeoIp;
-use Piwik\Plugins\UserCountry\LocationProvider;
 use Piwik\Plugins\PrivacyManager\Config as PrivacyManagerConfig;
 use Piwik\Tracker\Visitor;
 use Piwik\Tracker\Request;
@@ -27,12 +26,13 @@ abstract class Base extends VisitDimension
 
     protected function getUrlOverrideValueIfAllowed($urlParamToOverride, Request $request)
     {
-        if (!$request->isAuthenticated()) {
-            return false;
-        }
-
         $value = Common::getRequestVar($urlParamToOverride, false, 'string', $request->getParams());
+
         if (!empty($value)) {
+            if (!$request->isAuthenticated()) {
+                Common::printDebug("WARN: Tracker API '$urlParamToOverride' was used with invalid token_auth");
+                throw new InvalidRequestParameterException("Tracker API '$urlParamToOverride' was used, requires valid token_auth");
+            }
             return $value;
         }