diff options
author | diosmosis <diosmosis@users.noreply.github.com> | 2020-12-03 03:01:57 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-12-03 03:01:57 +0300 |
commit | ba9d657b89f08bfbcbd316fde127e0a53bc1a00b (patch) | |
tree | 4d1c34dcd00bef7999ae727f8e35936b6b66f59f /plugins/Widgetize | |
parent | 7975de828c21d28b43120934e01ceba904557482 (diff) |
Use existing Request method w/ correct logic for limiting widgetize access. (#16871)
Diffstat (limited to 'plugins/Widgetize')
-rw-r--r-- | plugins/Widgetize/Controller.php | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/plugins/Widgetize/Controller.php b/plugins/Widgetize/Controller.php index e76d8b7e5f..e7f5aae299 100644 --- a/plugins/Widgetize/Controller.php +++ b/plugins/Widgetize/Controller.php @@ -9,6 +9,7 @@ namespace Piwik\Plugins\Widgetize; use Piwik\Access; +use Piwik\API\Request; use Piwik\Common; use Piwik\Container\StaticContainer; use Piwik\FrontController; @@ -31,11 +32,10 @@ class Controller extends \Piwik\Plugin\Controller public function iframe() { + // also called by FrontController, we call it explicitly as a safety measure in case something changes in the future $token_auth = Common::getRequestVar('token_auth', '', 'string'); - - if ($token_auth !== '' - && Access::getInstance()->isUserHasSomeWriteAccess()) { - throw new \Exception(Piwik::translate('Widgetize_ViewAccessRequired')); + if (!empty($token_auth)) { + Request::checkTokenAuthIsNotLimited('Widgetize', 'iframe'); } $this->init(); |