diff options
| -rw-r--r-- | core/Controller.php | 12 | ||||
| -rw-r--r-- | core/Url.php | 18 | ||||
| -rw-r--r-- | plugins/CoreHome/templates/header.tpl | 11 | ||||
| -rw-r--r-- | plugins/CoreHome/templates/index.tpl | 8 | ||||
| -rw-r--r-- | plugins/Login/templates/login.tpl | 16 |
5 files changed, 35 insertions, 30 deletions
diff --git a/core/Controller.php b/core/Controller.php index 1d9537b3ce..e7edf0a6a6 100644 --- a/core/Controller.php +++ b/core/Controller.php @@ -525,7 +525,7 @@ abstract class Piwik_Controller $warningStart = Piwik_Translate('CoreHome_InjectedHostWarningIntro', array( '<strong>'.$invalidUrl.'</strong>', '<strong>'.$validUrl.'</strong>' - )); + )) . ' <br/>'; if (Piwik::isUserIsSuperUser()) { @@ -534,7 +534,7 @@ abstract class Piwik_Controller "<a href=\"$changeTrustedHostsUrl\">", $invalidHost, '</a>', - "<a href=\"$validUrl\">", + "<br/><a href=\"$validUrl\">", $validHost, '</a>' )); @@ -543,13 +543,17 @@ abstract class Piwik_Controller { $view->invalidHostMessage = $warningStart . ' ' . Piwik_Translate('CoreHome_InjectedHostNonSuperUserWarning', array( - "<a href=\"$validUrl\">", + "<br/><a href=\"$validUrl\">", '</a>', $mailLinkStart, '</a>' )); } - + $view->invalidHostMessageHowToFix = '<b>How do I fix this problem and how do I login again?</b><br/> The Piwik Super User can manually edit the file piwik/config/config.ini.php + and add the following lines: <pre>[General]'."\n".'trusted_hosts[] = "'.$validHost.'"</pre><br/>After making the change, you will be able to login again.<br/><br/> + You may also <i>disable this security feature (not recommended)</i>. To do so edit config/config.ini.php and add: + <pre>[General]'."\n".'enable_trusted_host_check=0</pre>'; + $view->invalidHost = $invalidHost; // for UserSettings warning $view->invalidHostMailLinkStart = $mailLinkStart; } diff --git a/core/Url.php b/core/Url.php index 4ab5cafd44..8ab9a0454c 100644 --- a/core/Url.php +++ b/core/Url.php @@ -191,7 +191,6 @@ class Piwik_Url return true; } } - // if host is in hardcoded whitelist, assume it's valid if (in_array($host, self::$alwaysTrustedHosts)) { @@ -199,7 +198,6 @@ class Piwik_Url } $trustedHosts = @Piwik_Config::getInstance()->General['trusted_hosts']; - // if no trusted hosts, just assume it's valid if (empty($trustedHosts)) { @@ -219,16 +217,17 @@ class Piwik_Url { return false; } - + foreach ($trustedHosts as &$trustedHost) { $trustedHost = preg_quote($trustedHost); } - $untrustedHost = Piwik_Common::mb_strtolower($host); - $hostRegex = Piwik_Common::mb_strtolower('/(^|.)' . implode('|', $trustedHosts) . '(:[0-9]+)?$/'); - - return 0 !== preg_match($hostRegex, rtrim($untrustedHost, '.')); + $untrustedHost = rtrim($untrustedHost, '.'); + $hostRegex = Piwik_Common::mb_strtolower('/(^|.)' . implode('|', $trustedHosts) . '$/'); + $result = preg_match($hostRegex, $untrustedHost); +// var_dump($hostRegex);var_dump($untrustedHost);var_dump($result); + return 0 !== $result; } /** @@ -248,7 +247,7 @@ class Piwik_Url { return $host; } - + // HTTP/1.0 request doesn't include Host: header if (isset($_SERVER['SERVER_ADDR'])) { @@ -442,11 +441,12 @@ class Piwik_Url // drop port numbers from hostnames and IP addresses $hosts = array_map(array('Piwik_IP', 'sanitizeIp'), $hosts); + $disableHostCheck = Piwik_Config::getInstance()->General['enable_trusted_host_check'] == 0; // compare scheme and host $parsedUrl = @parse_url($url); $host = Piwik_IP::sanitizeIp(@$parsedUrl['host']); return !empty($host) - && in_array($host, $hosts) + && ($disableHostCheck || in_array($host, $hosts)) && !empty($parsedUrl['scheme']) && in_array($parsedUrl['scheme'], array('http', 'https')); } diff --git a/plugins/CoreHome/templates/header.tpl b/plugins/CoreHome/templates/header.tpl index 405bcc6e1e..ee60b81581 100644 --- a/plugins/CoreHome/templates/header.tpl +++ b/plugins/CoreHome/templates/header.tpl @@ -27,4 +27,13 @@ <div class="ui-confirm" id="alert"> <h2></h2> <input id="yes" type="button" value="{'General_Ok'|translate}" /> -</div>
\ No newline at end of file +</div> + +{* untrusted host warning *} +{if isset($isValidHost) && isset($invalidHostMessage) && !$isValidHost} + <div class="ajaxSuccess" style='clear:both;width:800px'> + <a style="float:right" href="http://piwik.org/faq/troubleshooting/#faq_171" target="_blank"><img src="themes/default/images/help_grey.png" /></a> + <strong>{'General_Warning'|translate}: </strong>{$invalidHostMessage} + </div> +{/if} + diff --git a/plugins/CoreHome/templates/index.tpl b/plugins/CoreHome/templates/index.tpl index 242755a6f2..bec7810f0a 100644 --- a/plugins/CoreHome/templates/index.tpl +++ b/plugins/CoreHome/templates/index.tpl @@ -12,14 +12,6 @@ {include file="CoreHome/templates/header_message.tpl"} {ajaxRequestErrorDiv} </div> - - {* untrusted host warning *} - {if isset($isValidHost) && isset($invalidHostMessage) && !$isValidHost} - <div class="ajaxSuccess"> - <a style="float:right" href="http://piwik.org/faq/troubleshooting/#faq_171" target="_blank"><img src="themes/default/images/help_grey.png" /></a> - <strong>{'General_Warning'|translate}: </strong>{$invalidHostMessage} - </div> - {/if} {ajaxLoadingDiv} diff --git a/plugins/Login/templates/login.tpl b/plugins/Login/templates/login.tpl index 1b177de3d5..7df5d52d68 100644 --- a/plugins/Login/templates/login.tpl +++ b/plugins/Login/templates/login.tpl @@ -4,11 +4,15 @@ {* untrusted host warning *} {if isset($isValidHost) && isset($invalidHostMessage) && !$isValidHost} -<div id="login_error"> +<div id="login_error" style='width:400px'> <strong>{'General_Warning'|translate}: </strong>{$invalidHostMessage} -</div> -{/if} + <br><br>{$invalidHostMessageHowToFix} + <br/><br/><a style="float:right" href="http://piwik.org/faq/troubleshooting/#faq_171" target="_blank">{'General_Help'|translate} <img style='vertical-align: bottom' src="themes/default/images/help_grey.png" /></a><br/> + + +</div> +{else} <div id="message_container"> {if $form_data.errors} <div id="login_error"> @@ -47,7 +51,6 @@ </p> </form> -{if isset($isValidHost) && $isValidHost} <form id="reset_form" style="display:none;"> <p> <label>{'Login_LoginOrEmail'|translate}:<br /> @@ -73,13 +76,10 @@ <input type="hidden" name="module" value="Login"/> <input type="hidden" name="action" value="resetPassword"/> </form> -{/if} <p id="nav"> -{if isset($isValidHost) && $isValidHost} <a id="login_form_nav" href="#" title="{'Login_LostYourPassword'|translate}">{'Login_LostYourPassword'|translate}</a> <a id="alternate_reset_nav" href="#" style="display:none;" title="{'Login_LogIn'|translate}">{'Login_LogIn'|translate}</a> -{/if} <a id="reset_form_nav" href="#" style="display:none;" title="{'Mobile_NavigationBack'|translate}">{'General_Cancel'|translate}</a> </p> {if isset($smarty.capture.poweredByPiwik)} @@ -91,7 +91,7 @@ <div id="lost_password_instructions" style="display:none;"> <p class="message">{'Login_ResetPasswordInstructions'|translate}</p> </div> - +{/if} </div> </body> </html> |