diff options
| author | Stefan Giehl <stefan@matomo.org> | 2021-06-24 10:52:50 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-06-24 10:52:50 +0300 |
| commit | bd0a5e7750acdad2c394501f0ea7d00c30b112d4 (patch) | |
| tree | dbb54edd8274f2ef321281fc02b35d7368965573 /plugins | |
| parent | c9df572bf731fd4695845d1195895e87d4f977a3 (diff) | |
Fix permission checks for siteWithoutData methods (#17694)
Diffstat (limited to 'plugins')
| -rw-r--r-- | plugins/SitesManager/Controller.php | 11 |
1 files changed, 4 insertions, 7 deletions
diff --git a/plugins/SitesManager/Controller.php b/plugins/SitesManager/Controller.php index deceee4515..1b171533c0 100644 --- a/plugins/SitesManager/Controller.php +++ b/plugins/SitesManager/Controller.php @@ -128,17 +128,12 @@ class Controller extends \Piwik\Plugin\ControllerAdmin public function siteWithoutData() { + $this->checkSitePermission(); + $javascriptGenerator = new TrackerCodeGenerator(); $javascriptGenerator->forceMatomoEndpoint(); $piwikUrl = Url::getCurrentUrlWithoutFileName(); - if (!$this->site && Piwik::hasUserSuperUserAccess()) { - throw new UnexpectedWebsiteFoundException('Invalid site ' . $this->idSite); - } elseif (!$this->site) { - // redirect to login form - Piwik::checkUserHasViewAccess($this->idSite); - } - $jsTag = Request::processRequest('SitesManager.getJavascriptTag', array('idSite' => $this->idSite, 'piwikUrl' => $piwikUrl)); // Strip off open and close <script> tag and comments so that JS will be displayed in ALL mail clients @@ -169,6 +164,8 @@ class Controller extends \Piwik\Plugin\ControllerAdmin } public function siteWithoutDataTabs() { + $this->checkSitePermission(); + $mainUrl = $this->site->getMainUrl(); $typeCacheId = 'guessedtype_' . md5($mainUrl); $gtmCacheId = 'guessedgtm_' . md5($mainUrl); |