diff options
| -rw-r--r-- | config/global.ini.php | 5 | ||||
| -rw-r--r-- | core/CronArchive.php | 2 |
2 files changed, 4 insertions, 3 deletions
diff --git a/config/global.ini.php b/config/global.ini.php index 1dc2dda825..d12f73c1c0 100644 --- a/config/global.ini.php +++ b/config/global.ini.php @@ -539,8 +539,9 @@ enable_load_data_infile = 1 ; - links to Uninstall themes will be disabled (but user can still enable/disable themes) enable_plugins_admin = 1 -; By setting this option to 1, it will be possible to upload plugin archives directly in Piwik -; Enabling this opens a remote code execution vulnarability, which yould be used by attackers gaining access to Piwik admin +; By setting this option to 1, it will be possible for Super Users to upload Piwik plugin ZIP archives directly in Piwik Administration. +; Enabling this opens a remote code execution vulnerability where +; an attacker who gained Super User access could execute custom PHP code in a Piwik plugin. enable_plugin_upload = 0 ; By setting this option to 0, you can prevent Super User from editing the Geolocation settings. diff --git a/core/CronArchive.php b/core/CronArchive.php index cc8a1de71c..d9ed8c6311 100644 --- a/core/CronArchive.php +++ b/core/CronArchive.php @@ -1017,7 +1017,7 @@ class CronArchive private function checkResponse($response, $url) { if (empty($response) - || stripos($response, 'error') + || stripos($response, 'error') !== false ) { return $this->logNetworkError($url, $response); } |