From 216aa653a891ece5078437698fb1982b25d2c584 Mon Sep 17 00:00:00 2001 From: Matthieu Aubry Date: Fri, 18 Jun 2021 07:50:10 +1200 Subject: =?UTF-8?q?Add=20link=20to=20new=20FAQ=20how=20to=20make=20the=20d?= =?UTF-8?q?iagnostic=20=E2=80=9CManaging=20processes=20via=20CLI=E2=80=9D?= =?UTF-8?q?=20show=20Ok=20(#17527)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Add link to new FAQ how to make the diagnostic “Managing processes via CLI” show Ok NOTE: Had to add the |raw to the item.comment, which may have security risks if some of the "Informational" diagnostics will contain random content that may be injected by someone. Maybe we should audit all informational diagnostics. The new FAQ is: https://matomo.org/faq/troubleshooting/how-to-make-the-diagnostic-managing-processes-via-cli-to-display-ok/ * Ensure possible user input is escaped in information diagnosic items Co-authored-by: sgiehl --- plugins/Diagnostics/Diagnostic/CronArchivingCheck.php | 3 ++- plugins/Diagnostics/Diagnostic/DiagnosticResult.php | 15 ++++++++++----- 2 files changed, 12 insertions(+), 6 deletions(-) (limited to 'plugins/Diagnostics') diff --git a/plugins/Diagnostics/Diagnostic/CronArchivingCheck.php b/plugins/Diagnostics/Diagnostic/CronArchivingCheck.php index 25581f3a8f..ad2520377c 100644 --- a/plugins/Diagnostics/Diagnostic/CronArchivingCheck.php +++ b/plugins/Diagnostics/Diagnostic/CronArchivingCheck.php @@ -77,7 +77,8 @@ class CronArchivingCheck implements Diagnostic } $comment .= $this->translator->translate('Installation_NotSupported') . ' ' . $this->translator->translate('Goals_Optional') - . ' (' . $this->translator->translate('General_Reasons') . ': ' . $reasonText . ')'; + . ' (' . $this->translator->translate('General_Reasons') . ': ' . $reasonText . ')' + . $this->translator->translate('General_LearnMore', [' ', '']); $status = DiagnosticResult::STATUS_INFORMATIONAL; } diff --git a/plugins/Diagnostics/Diagnostic/DiagnosticResult.php b/plugins/Diagnostics/Diagnostic/DiagnosticResult.php index f95407d40a..d0e1381ce1 100644 --- a/plugins/Diagnostics/Diagnostic/DiagnosticResult.php +++ b/plugins/Diagnostics/Diagnostic/DiagnosticResult.php @@ -8,6 +8,8 @@ namespace Piwik\Plugins\Diagnostics\Diagnostic; +use Piwik\Common; + /** * The result of a diagnostic. * @@ -55,20 +57,23 @@ class DiagnosticResult /** * @param string $label - * @param string $status * @param string $comment + * @param bool $escapeComment * @return DiagnosticResult */ - public static function informationalResult($label, $comment = '') + public static function informationalResult($label, $comment = '', $escapeComment = true) { if ($comment === true) { $comment = '1'; } elseif ($comment === false) { $comment = '0'; } - $result = new self($label); - $result->addItem(new DiagnosticResultItem(self::STATUS_INFORMATIONAL, $comment)); - return $result; + + if ($escapeComment) { + $comment = Common::sanitizeInputValue($comment); + } + + return self::singleResult($label, self::STATUS_INFORMATIONAL, $comment); } /** -- cgit v1.2.3