From 053ff36abf58a2be72ec1f67c9ebac17fcecdb5d Mon Sep 17 00:00:00 2001
From: Justin Velluppillai <justin@innocraft.com>
Date: Fri, 25 Jun 2021 20:26:04 +1200
Subject: Web cron archive - allow POST'd token_auth (#17703)

* Web cron archive - allow POST'd token_auth

* Explicitly check for empty string

Co-authored-by: Stefan Giehl <stefan@matomo.org>

Co-authored-by: Stefan Giehl <stefan@matomo.org>
---
 misc/cron/archive.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'misc')

diff --git a/misc/cron/archive.php b/misc/cron/archive.php
index e7ac710d14..c7846adb2e 100644
--- a/misc/cron/archive.php
+++ b/misc/cron/archive.php
@@ -54,7 +54,7 @@ try 'php archive.php --url=http://your.piwik/path'
     $_GET['method'] = 'CoreAdminHome.runCronArchiving';
     $_GET['format'] = 'console'; // will use Content-type text/plain
 
-    if(!isset($_GET['token_auth'])) {
+    if('' === Piwik\Common::getRequestVar('token_auth', '', 'string')) {
         echo "
 <b>You must specify the Super User token_auth as a parameter to this script, eg. <code>?token_auth=XYZ</code> if you wish to run this script through the browser. </b><br>
 However it is recommended to run it <a href='https://matomo.org/docs/setup-auto-archiving/'>via cron in the command line</a>, since it can take a long time to run.<br/>
@@ -65,4 +65,4 @@ In a shell, execute for example the following to trigger archiving on the local
     }
 
     require_once PIWIK_INCLUDE_PATH . "/index.php";
-}
\ No newline at end of file
+}
-- 
cgit v1.2.3