Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/matomo-org/matomo.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/plugins/Widgetize/Controller.php
diff options
context:
space:
mode:
authormattab <matthieu.aubry@gmail.com>2015-04-07 07:48:26 +0300
committermattab <matthieu.aubry@gmail.com>2015-04-07 07:48:26 +0300
commit5373ef94a82f8fd48bcb649b4e0a63a18745b637 (patch)
tree25f4f3f003004492b640ce2ea9895d8782234614 /plugins/Widgetize/Controller.php
parent91ae0a456047582cc277577b7c533275b0b49e26 (diff)
Do not allow to widgetize requests from the API plugin
In general it makes no sense to do this, and it could have security implications to allow it.
Diffstat (limited to 'plugins/Widgetize/Controller.php')
-rw-r--r--plugins/Widgetize/Controller.php21
1 files changed, 4 insertions, 17 deletions
diff --git a/plugins/Widgetize/Controller.php b/plugins/Widgetize/Controller.php
index 5dd61a66c7..2e2e5bf8cb 100644
--- a/plugins/Widgetize/Controller.php
+++ b/plugins/Widgetize/Controller.php
@@ -27,23 +27,6 @@ class Controller extends \Piwik\Plugin\Controller
return $view->render();
}
- public function testJsInclude1()
- {
- $view = new View('@Widgetize/testJsInclude1');
- $view->url1 = '?module=Widgetize&action=js&moduleToWidgetize=DevicesDetection&actionToWidgetize=getBrowsers&idSite=1&period=day&date=yesterday';
- $view->url2 = '?module=Widgetize&action=js&moduleToWidgetize=API&actionToWidgetize=index&method=ExamplePlugin.getGoldenRatio&format=original';
- return $view->render();
- }
-
- public function testJsInclude2()
- {
- $view = new View('@Widgetize/testJsInclude2');
- $view->url1 = '?module=Widgetize&action=js&moduleToWidgetize=DevicesDetection&actionToWidgetize=getBrowsers&idSite=1&period=day&date=yesterday';
- $view->url2 = '?module=Widgetize&action=js&moduleToWidgetize=UserCountry&actionToWidgetize=getCountry&idSite=1&period=day&date=yesterday&viewDataTable=cloud&show_footer=0';
- $view->url3 = '?module=Widgetize&action=js&moduleToWidgetize=Referrers&actionToWidgetize=getKeywords&idSite=1&period=day&date=yesterday&viewDataTable=table&show_footer=0';
- return $view->render();
- }
-
public function iframe()
{
Request::reloadAuthUsingTokenAuth();
@@ -52,6 +35,10 @@ class Controller extends \Piwik\Plugin\Controller
$controllerName = Common::getRequestVar('moduleToWidgetize');
$actionName = Common::getRequestVar('actionToWidgetize');
+ if($controllerName == 'API') {
+ throw new \Exception("Widgetizing API requests is not supported for security reasons. Please change query parameter 'moduleToWidgetize'.");
+ }
+
if ($controllerName == 'Dashboard' && $actionName == 'index') {
$view = new View('@Widgetize/iframe_empty');
} else {
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-29 11:11:07 +0300