1 files changed, 29 insertions, 8 deletions

diff --git a/plugins/CoreUpdater/Controller.php b/plugins/CoreUpdater/Controller.php
index de4dc20532..207bf9f329 100644
--- a/plugins/CoreUpdater/Controller.php
+++ b/plugins/CoreUpdater/Controller.php
@@ -20,7 +20,6 @@ use Piwik\Filesystem;
 use Piwik\Http;
 use Piwik\Option;
 use Piwik\Piwik;
-use Piwik\Plugin;
 use Piwik\Plugin\Manager as PluginManager;
 use Piwik\Plugins\LanguagesManager\LanguagesManager;
 use Piwik\Plugins\Marketplace\Plugins;
@@ -173,23 +172,41 @@ class Controller extends \Piwik\Plugin\Controller
         return $view->render();
     }
 
-    public function oneClickUpdatePartTwo()
+    public function oneClickUpdatePartTwo($sendHeader = true)
     {
-        Json::sendHeaderJSON();
+        if ($sendHeader) {
+            Json::sendHeaderJSON();
+        }
 
-        $messages = [];
+        $task = "Couldn't update Marketplace plugins.";
+
+        $nonce = Common::getRequestVar('nonce', '', 'string');
+        if (empty($nonce)) {
+            return json_encode(['No token. ' . $task]);
+        }
+        $value = Option::get('NonceOneClickUpdatePartTwo');
+        if (empty($value)) {
+            return json_encode(['Invalid token. ' . $task]);
+        }
+        $value = json_decode($value, true);
+
+        if (empty($value['nonce'])
+            || empty($value['ttl'])
+            || time() > (int) $value['ttl']
+            || $nonce !== $value['nonce']) {
+            return json_encode(['Invalid nonce or nonce expired. ' . $task]);
+        }
 
         try {
-            Piwik::checkUserHasSuperUserAccess();
             $messages = $this->updater->oneClickUpdatePartTwo();
         } catch (UpdaterException $e) {
             $messages = $e->getUpdateLogMessages();
             $messages[] = $e->getMessage();
         } catch (Exception $e) {
-            $messages[] = $e->getMessage();
+            $messages = [$e->getMessage()];
         }
 
-        echo json_encode($messages);
+        return json_encode($messages);
     }
 
     public function oneClickResults()
@@ -205,10 +222,14 @@ class Controller extends \Piwik\Plugin\Controller
         } elseif ($error) {
             $view = new View('@CoreUpdater/updateHttpError');
             $view->error = $error;
-            $view->feedbackMessages = safe_unserialize(Common::unsanitizeInputValue(Common::getRequestVar('messages', '', 'string', $_POST)));
         } else {
             $view = new View('@CoreUpdater/updateSuccess');
         }
+        $messages = safe_unserialize(Common::unsanitizeInputValue(Common::getRequestVar('messages', '', 'string', $_POST)));
+        if (!is_array($messages)) {
+            $messages = array();
+        }
+        $view->feedbackMessages = $messages;
 
         $this->addCustomLogoInfo($view);
         $this->setBasicVariablesView($view);