Unsanitizes a single input value and returns the result.
| public static unsanitizeInputValue ( string $value ) : string | ||
| $value | string | |
| return | string | unsanitized input |
/**
* The constructor
* Initialize some local variables from the request
* @param int $idSite
* @param Date $date ($this->date from controller)
* @param null|string $graphType
* @throws Exception
*/
public function __construct($idSite, $date, $graphType = 'graphEvolution')
{
$this->apiMethod = Common::getRequestVar('apiMethod', '', 'string');
if (empty($this->apiMethod)) {
throw new Exception("Parameter apiMethod not set.");
}
$this->label = DataTablePostProcessor::getLabelFromRequest($_GET);
if (!is_array($this->label)) {
throw new Exception("Expected label to be an array, got instead: " . $this->label);
}
$this->label = Common::unsanitizeInputValue($this->label[0]);
if ($this->label === '') {
throw new Exception("Parameter label not set.");
}
$this->period = Common::getRequestVar('period', '', 'string');
PeriodFactory::checkPeriodIsEnabled($this->period);
$this->idSite = $idSite;
$this->graphType = $graphType;
if ($this->period != 'range') {
// handle day, week, month and year: display last X periods
$end = $date->toString();
list($this->date, $lastN) = EvolutionViz::getDateRangeAndLastN($this->period, $end);
}
$this->segment = \Piwik\API\Request::getRawSegmentFromRequest();
$this->loadEvolutionReport();
}
/**
* Returns an array containing the following information:
* - referer_type
* - direct -- absence of referrer URL OR referrer URL has the same host
* - site -- based on the referrer URL
* - search_engine -- based on the referrer URL
* - campaign -- based on campaign URL parameter
*
* - referer_name
* - ()
* - piwik.net -- site host name
* - google.fr -- search engine host name
* - adwords-search -- campaign name
*
* - referer_keyword
* - ()
* - ()
* - my keyword
* - my paid keyword
* - ()
* - ()
*
* - referer_url : the same for all the referrer types
*
* @param string $referrerUrl must be URL Encoded
* @param string $currentUrl
* @param int $idSite
* @return array
*/
public function getReferrerInformation($referrerUrl, $currentUrl, $idSite)
{
$this->idsite = $idSite;
// default values for the referer_* fields
$referrerUrl = Common::unsanitizeInputValue($referrerUrl);
if (!empty($referrerUrl) && !UrlHelper::isLookLikeUrl($referrerUrl)) {
$referrerUrl = '';
}
$currentUrl = PageUrl::cleanupUrl($currentUrl);
$this->referrerUrl = $referrerUrl;
$this->referrerUrlParse = @parse_url($this->referrerUrl);
$this->currentUrlParse = @parse_url($currentUrl);
$this->typeReferrerAnalyzed = Common::REFERRER_TYPE_DIRECT_ENTRY;
$this->nameReferrerAnalyzed = '';
$this->keywordReferrerAnalyzed = '';
$this->referrerHost = '';
if (isset($this->referrerUrlParse['host'])) {
$this->referrerHost = $this->referrerUrlParse['host'];
}
$referrerDetected = $this->detectReferrerCampaign();
if (!$referrerDetected) {
if ($this->detectReferrerDirectEntry() || $this->detectReferrerSearchEngine()) {
$referrerDetected = true;
}
}
if (!empty($this->referrerHost) && !$referrerDetected) {
$this->typeReferrerAnalyzed = Common::REFERRER_TYPE_WEBSITE;
$this->nameReferrerAnalyzed = Common::mb_strtolower($this->referrerHost);
}
$referrerInformation = array('referer_type' => $this->typeReferrerAnalyzed, 'referer_name' => $this->nameReferrerAnalyzed, 'referer_keyword' => $this->keywordReferrerAnalyzed, 'referer_url' => $this->referrerUrl);
return $referrerInformation;
}
/**
* @param Request $request
*/
public function __construct(Request $request)
{
$this->spamFilter = new ReferrerSpamFilter();
$this->request = $request;
$this->idSite = $request->getIdSite();
$userAgent = $request->getUserAgent();
$this->userAgent = Common::unsanitizeInputValue($userAgent);
$this->ip = $request->getIp();
}
public function setAxisYValues(&$values)
{
foreach ($values as $label => &$data) {
$this->series[] = array('label' => Common::unsanitizeInputValue($label), 'internalLabel' => $label);
array_walk($data, function (&$v) {
$v = (double) $v;
});
$this->data[] =& $data;
}
}
private function sendMail($subject, $body)
{
$feedbackEmailAddress = Config::getInstance()->General['feedback_email_address'];
$subject = '[ Feedback Feature - Piwik ] ' . $subject;
$body = Common::unsanitizeInputValue($body) . "\n" . 'Piwik ' . Version::VERSION . "\n" . 'IP: ' . IP::getIpFromHeader() . "\n" . 'URL: ' . Url::getReferrer() . "\n";
$mail = new Mail();
$mail->setFrom(Piwik::getCurrentUserEmail());
$mail->addTo($feedbackEmailAddress, 'Piwik Team');
$mail->setSubject($subject);
$mail->setBodyText($body);
@$mail->send();
}
protected function checkSegmentValue($definition, $idSite)
{
// unsanitize so we don't record the HTML entitied segment
$definition = Common::unsanitizeInputValue($definition);
$definition = str_replace("#", '%23', $definition);
// hash delimiter
$definition = str_replace("'", '%27', $definition);
// not encoded in JS
$definition = str_replace("&", '%26', $definition);
try {
$segment = new Segment($definition, $idSite);
$segment->getHash();
} catch (Exception $e) {
throw new Exception("The specified segment is invalid: " . $e->getMessage());
}
return $definition;
}
private function findSettingValueFromRequest($settingValues, $pluginName, $settingName)
{
if (!array_key_exists($pluginName, $settingValues)) {
return;
}
foreach ($settingValues[$pluginName] as $setting) {
if ($setting['name'] === $settingName) {
$value = null;
if (array_key_exists('value', $setting)) {
$value = $setting['value'];
}
if (is_string($value)) {
return Common::unsanitizeInputValue($value);
}
return $value;
}
}
}
/**
* Returns an array containing the following information:
* - referer_type
* - direct -- absence of referrer URL OR referrer URL has the same host
* - site -- based on the referrer URL
* - search_engine -- based on the referrer URL
* - campaign -- based on campaign URL parameter
*
* - referer_name
* - ()
* - piwik.net -- site host name
* - google.fr -- search engine host name
* - adwords-search -- campaign name
*
* - referer_keyword
* - ()
* - ()
* - my keyword
* - my paid keyword
* - ()
* - ()
*
* - referer_url : the same for all the referrer types
*
* @param string $referrerUrl must be URL Encoded
* @param string $currentUrl
* @param int $idSite
* @return array
*/
protected function getReferrerInformation($referrerUrl, $currentUrl, $idSite, Request $request)
{
$cacheKey = $referrerUrl . $currentUrl . $idSite;
if (isset(self::$cachedReferrer[$cacheKey])) {
return self::$cachedReferrer[$cacheKey];
}
$this->idsite = $idSite;
// default values for the referer_* fields
$referrerUrl = Common::unsanitizeInputValue($referrerUrl);
if (!empty($referrerUrl) && !UrlHelper::isLookLikeUrl($referrerUrl)) {
$referrerUrl = '';
}
$currentUrl = PageUrl::cleanupUrl($currentUrl);
$this->referrerUrl = $referrerUrl;
$this->referrerUrlParse = @parse_url($this->referrerUrl);
$this->currentUrlParse = @parse_url($currentUrl);
$this->typeReferrerAnalyzed = Common::REFERRER_TYPE_DIRECT_ENTRY;
$this->nameReferrerAnalyzed = '';
$this->keywordReferrerAnalyzed = '';
$this->referrerHost = '';
if (isset($this->referrerUrlParse['host'])) {
$this->referrerHost = $this->referrerUrlParse['host'];
}
$referrerDetected = $this->detectReferrerCampaign($request);
if (!$referrerDetected) {
if ($this->detectReferrerDirectEntry() || $this->detectReferrerSearchEngine()) {
$referrerDetected = true;
}
}
if (!$referrerDetected && !empty($this->referrerHost)) {
$this->typeReferrerAnalyzed = Common::REFERRER_TYPE_WEBSITE;
$this->nameReferrerAnalyzed = Common::mb_strtolower($this->referrerHost);
$urlsByHost = $this->getCachedUrlsByHostAndIdSite();
$directEntry = new SiteUrls();
$path = $directEntry->getPathMatchingUrl($this->referrerUrlParse, $urlsByHost);
if (!empty($path) && $path !== '/') {
$this->nameReferrerAnalyzed .= rtrim($path, '/');
}
}
$referrerInformation = array('referer_type' => $this->typeReferrerAnalyzed, 'referer_name' => $this->nameReferrerAnalyzed, 'referer_keyword' => $this->keywordReferrerAnalyzed, 'referer_url' => $this->referrerUrl);
self::$cachedReferrer[$cacheKey] = $referrerInformation;
return $referrerInformation;
}
private function getValueForDimension(Request $request)
{
/** @var Action $action */
$action = $request->getMetadata('Actions', 'action');
if (in_array($this->dimension, array('url', 'urlparam'))) {
if (!empty($action)) {
$dimension = $action->getActionUrlRaw();
} else {
$dimension = $request->getParam('url');
}
} elseif ($this->dimension === 'action_name' && !empty($action)) {
$dimension = $action->getActionName();
} else {
$dimension = $request->getParam($this->dimension);
}
if (!empty($dimension)) {
$dimension = Common::unsanitizeInputValue($dimension);
}
return $dimension;
}
/**
* Create a user upon call from frontend
* This API method will be called from Controller of this module
*
* @param String $userLogin
* @param String $userPassword
* @param String $userEmail
* @return Boolean
*/
public function createUser($userLogin, $userPassword, $userEmail)
{
if ($userLogin and $userPassword) {
$userManager = UserManagerAPI::getInstance();
if (!$this->userManagerModel->userEmailExists($userEmail) and !$this->userManagerModel->userExists($userLogin)) {
$password = Common::unsanitizeInputValue($userPassword);
UserManager::checkPassword($password);
$passwordTransformed = UserManager::getPasswordHash($password);
$token_auth = $userManager->getTokenAuth($userEmail, $passwordTransformed);
try {
$this->userManagerModel->addUser($userEmail, $passwordTransformed, $userEmail, $userLogin, $token_auth, Date::now()->getDatetime());
return true;
} catch (Exception $e) {
//throw new Exception($e->getMessage());
$this->__errors[] = 'Error in creating the user in database.';
}
} else {
$this->__errors[] = 'User email already exists or the login name already exists';
}
}
return false;
}
private function setEditGoalsViewVariables($view)
{
$goals = $this->goals;
$view->goals = $goals;
$idGoal = Common::getRequestVar('idGoal', 0, 'int');
$view->idGoal = 0;
if ($idGoal && array_key_exists($idGoal, $goals)) {
$view->idGoal = $idGoal;
}
// unsanitize goal names and other text data (not done in API so as not to break
// any other code/cause security issues)
foreach ($goals as &$goal) {
$goal['name'] = Common::unsanitizeInputValue($goal['name']);
if (isset($goal['pattern'])) {
$goal['pattern'] = Common::unsanitizeInputValue($goal['pattern']);
}
}
$view->goalsJSON = json_encode($goals);
$view->ecommerceEnabled = $this->site->isEcommerceEnabled();
}
/**
* Sets the options used by this class based on query parameter values.
*
* See setUpdaterOptions for query params used.
*/
public static function setUpdaterOptionsFromUrl()
{
$options = array('loc' => Common::getRequestVar('loc_db', false, 'string'), 'isp' => Common::getRequestVar('isp_db', false, 'string'), 'org' => Common::getRequestVar('org_db', false, 'string'), 'period' => Common::getRequestVar('period', false, 'string'));
foreach (self::$urlOptions as $optionKey => $optionName) {
$options[$optionKey] = Common::unsanitizeInputValue($options[$optionKey]);
// URLs should not be sanitized
}
self::setUpdaterOptions($options);
}
public function oneClickResults()
{
Request::reloadAuthUsingTokenAuth($_POST);
Piwik::checkUserIsSuperUser();
$view = new View('@CoreUpdater/oneClickResults');
$view->coreError = Common::getRequestVar('error', '', 'string', $_POST);
$view->feedbackMessages = safe_unserialize(Common::unsanitizeInputValue(Common::getRequestVar('messages', '', 'string', $_POST)));
return $view->render();
}
/**
* Derive the action ID from the request action name and type.
*/
private function deriveIdAction($actionName, $actionType)
{
switch ($actionType) {
case 'url':
$originalActionName = $actionName;
$actionName = Common::unsanitizeInputValue($actionName);
$id = TableLogAction::getIdActionFromSegment($actionName, 'idaction_url', SegmentExpression::MATCH_EQUAL, 'pageUrl');
if ($id < 0) {
// an example where this is needed is urls containing < or >
$actionName = $originalActionName;
$id = TableLogAction::getIdActionFromSegment($actionName, 'idaction_url', SegmentExpression::MATCH_EQUAL, 'pageUrl');
}
return $id;
case 'title':
$id = TableLogAction::getIdActionFromSegment($actionName, 'idaction_name', SegmentExpression::MATCH_EQUAL, 'pageTitle');
if ($id < 0) {
$unknown = ArchivingHelper::getUnknownActionName(Action::TYPE_PAGE_TITLE);
if (trim($actionName) == trim($unknown)) {
$id = TableLogAction::getIdActionFromSegment('', 'idaction_name', SegmentExpression::MATCH_EQUAL, 'pageTitle');
}
}
return $id;
default:
throw new Exception('Unknown action type');
}
}
/**
* Will search in the DataTable for a Label matching the searched string
* and return only the matching row, or an empty datatable
*/
protected function getFilterPageDatatableSearch($callBackParameters, $search, $actionType, $table = false, $searchTree = false)
{
if ($searchTree === false) {
// build the query parts that are searched inside the tree
if ($actionType == Action::TYPE_PAGE_TITLE) {
$searchedString = Common::unsanitizeInputValue($search);
} else {
$idSite = $callBackParameters[1];
try {
$searchedString = PageUrl::excludeQueryParametersFromUrl($search, $idSite);
} catch (Exception $e) {
$searchedString = $search;
}
}
ArchivingHelper::reloadConfig();
$searchTree = ArchivingHelper::getActionExplodedNames($searchedString, $actionType);
}
if ($table === false) {
// fetch the data table
$table = call_user_func_array(array($this, 'getDataTableFromArchive'), $callBackParameters);
if ($table instanceof DataTable\Map) {
// search an array of tables, e.g. when using date=last30
// note that if the root is an array, we filter all children
// if an array occurs inside the nested table, we only look for the first match (see below)
$dataTableMap = $table->getEmptyClone();
foreach ($table->getDataTables() as $label => $subTable) {
$newSubTable = $this->doFilterPageDatatableSearch($callBackParameters, $subTable, $searchTree);
$dataTableMap->addTable($newSubTable, $label);
}
return $dataTableMap;
}
}
return $this->doFilterPageDatatableSearch($callBackParameters, $table, $searchTree);
}
/**
* Form-less login
* @see how to use it on http://piwik.org/faq/how-to/#faq_30
* @throws Exception
* @return void
*/
function logme()
{
$password = Common::getRequestVar('password', null, 'string');
$login = Common::getRequestVar('login', null, 'string');
if (Piwik::hasTheUserSuperUserAccess($login)) {
throw new Exception(Piwik::translate('Login_ExceptionInvalidSuperUserAccessAuthenticationMethod', array("logme")));
}
$currentUrl = 'index.php';
if (($idSite = Common::getRequestVar('idSite', false, 'int')) !== false) {
$currentUrl .= '?idSite=' . $idSite;
}
$urlToRedirect = Common::getRequestVar('url', $currentUrl, 'string');
$urlToRedirect = Common::unsanitizeInputValue($urlToRedirect);
$this->authenticateAndRedirect($login, $password, false, $urlToRedirect, $passwordHashed = true);
}
public function index()
{
$view = $this->getOverviewView();
// unsanitize goal names and other text data (not done in API so as not to break
// any other code/cause security issues)
$goals = $this->goals;
foreach ($goals as &$goal) {
$goal['name'] = Common::unsanitizeInputValue($goal['name']);
if (isset($goal['pattern'])) {
$goal['pattern'] = Common::unsanitizeInputValue($goal['pattern']);
}
}
$view->goalsJSON = Common::json_encode($goals);
$view->userCanEditGoals = Piwik::isUserHasAdminAccess($this->idSite);
$view->ecommerceEnabled = $this->site->isEcommerceEnabled();
$view->displayFullReport = true;
return $view->render();
}
private function saveGeneralSettings()
{
if (!self::isGeneralSettingsAdminEnabled()) {
// General settings + Beta channel + SMTP settings is disabled
return;
}
// General Setting
$enableBrowserTriggerArchiving = Common::getRequestVar('enableBrowserTriggerArchiving');
$todayArchiveTimeToLive = Common::getRequestVar('todayArchiveTimeToLive');
Rules::setBrowserTriggerArchiving((bool) $enableBrowserTriggerArchiving);
Rules::setTodayArchiveTimeToLive($todayArchiveTimeToLive);
// update beta channel setting
$debug = Config::getInstance()->Debug;
$debug['allow_upgrades_to_beta'] = Common::getRequestVar('enableBetaReleaseCheck', '0', 'int');
Config::getInstance()->Debug = $debug;
// Update email settings
$mail = array();
$mail['transport'] = Common::getRequestVar('mailUseSmtp') == '1' ? 'smtp' : '';
$mail['port'] = Common::getRequestVar('mailPort', '');
$mail['host'] = Common::unsanitizeInputValue(Common::getRequestVar('mailHost', ''));
$mail['type'] = Common::getRequestVar('mailType', '');
$mail['username'] = Common::unsanitizeInputValue(Common::getRequestVar('mailUsername', ''));
$mail['password'] = Common::unsanitizeInputValue(Common::getRequestVar('mailPassword', ''));
$mail['encryption'] = Common::getRequestVar('mailEncryption', '');
Config::getInstance()->mail = $mail;
// update trusted host settings
$trustedHosts = Common::getRequestVar('trustedHosts', false, 'json');
if ($trustedHosts !== false) {
Url::saveTrustedHostnameInConfig($trustedHosts);
}
Config::getInstance()->forceSave();
$pluginUpdateCommunication = new UpdateCommunication();
if (Common::getRequestVar('enablePluginUpdateCommunication', '0', 'int')) {
$pluginUpdateCommunication->enable();
} else {
$pluginUpdateCommunication->disable();
}
}
public function getAllDashboards($login)
{
$dashboards = $this->getModel()->getAllDashboardsForUser($login);
$nameless = 1;
foreach ($dashboards as &$dashboard) {
if (empty($dashboard['name'])) {
$dashboard['name'] = Piwik::translate('Dashboard_DashboardOf', $login);
if ($nameless > 1) {
$dashboard['name'] .= " ({$nameless})";
}
$nameless++;
}
$dashboard['name'] = Common::unsanitizeInputValue($dashboard['name']);
$layout = '[]';
if (!empty($dashboard['layout'])) {
$layout = $dashboard['layout'];
}
$dashboard['layout'] = $this->decodeLayout($layout);
}
return $dashboards;
}
/**
* Installation Step 7: Display JavaScript tracking code
*/
public function trackingCode()
{
$this->checkPiwikIsNotInstalled();
$this->markInstallationAsCompleted();
$view = new View('@Installation/trackingCode', $this->getInstallationSteps(), __FUNCTION__);
$siteName = Common::unsanitizeInputValue($this->getParam('site_name'));
$idSite = $this->getParam('site_idSite');
// Load the Tracking code and help text from the SitesManager
$viewTrackingHelp = new \Piwik\View('@SitesManager/_displayJavascriptCode');
$viewTrackingHelp->displaySiteName = $siteName;
$viewTrackingHelp->jsTag = Piwik::getJavascriptCode($idSite, Url::getCurrentUrlWithoutFileName());
$viewTrackingHelp->idSite = $idSite;
$viewTrackingHelp->piwikUrl = Url::getCurrentUrlWithoutFileName();
$view->trackingHelp = $viewTrackingHelp->render();
$view->displaySiteName = $siteName;
$view->displayfirstWebsiteSetupSuccess = true;
$view->showNextStep = true;
return $view->render();
}
public function oneClickResults()
{
$view = new View('@CoreUpdater/oneClickResults');
$view->coreError = Common::getRequestVar('error', '', 'string', $_POST);
$view->feedbackMessages = safe_unserialize(Common::unsanitizeInputValue(Common::getRequestVar('messages', '', 'string', $_POST)));
$this->addCustomLogoInfo($view);
return $view->render();
}
public function oneClickResults()
{
$httpsFail = (bool) Common::getRequestVar('httpsFail', 0, 'int', $_POST);
$error = Common::getRequestVar('error', '', 'string', $_POST);
if ($httpsFail) {
$view = new View('@CoreUpdater/updateHttpsError');
$view->error = $error;
} elseif ($error) {
$view = new View('@CoreUpdater/updateHttpError');
$view->error = $error;
$view->feedbackMessages = safe_unserialize(Common::unsanitizeInputValue(Common::getRequestVar('messages', '', 'string', $_POST)));
} else {
$view = new View('@CoreUpdater/updateSuccess');
}
$this->addCustomLogoInfo($view);
$this->setBasicVariablesView($view);
return $view->render();
}
private function formatText($text)
{
return Common::unsanitizeInputValue($text);
}
/**
* Saves the layout as default
*/
public function saveLayoutAsDefault()
{
$this->checkTokenInUrl();
if (Piwik::hasUserSuperUserAccess()) {
$layout = Common::unsanitizeInputValue(Common::getRequestVar('layout'));
$paramsBind = array('', '1', $layout, $layout);
$query = sprintf('INSERT INTO %s (login, iddashboard, layout) VALUES (?,?,?) ON DUPLICATE KEY UPDATE layout=?', Common::prefixTable('user_dashboard'));
Db::query($query, $paramsBind);
}
}
private function processPasswordChange($userLogin)
{
$alias = Common::getRequestVar('alias');
$email = Common::getRequestVar('email');
$newPassword = false;
$password = Common::getRequestvar('password', false);
$passwordBis = Common::getRequestvar('passwordBis', false);
if (!empty($password) || !empty($passwordBis)) {
if ($password != $passwordBis) {
throw new Exception($this->translator->translate('Login_PasswordsDoNotMatch'));
}
$newPassword = $password;
}
// UI disables password change on invalid host, but check here anyway
if (!Url::isValidHost() && $newPassword !== false) {
throw new Exception("Cannot change password with untrusted hostname!");
}
APIUsersManager::getInstance()->updateUser($userLogin, $newPassword, $email, $alias);
if ($newPassword !== false) {
$newPassword = Common::unsanitizeInputValue($newPassword);
}
// logs the user in with the new password
if ($newPassword !== false) {
$sessionInitializer = new SessionInitializer();
$auth = StaticContainer::get('Piwik\\Auth');
$auth->setLogin($userLogin);
$auth->setPassword($password);
$sessionInitializer->initSession($auth, $rememberMe = false);
}
}
/**
* This function will sanitize or not if it's needed for the specified action type
*
* URLs (Download URL, Outlink URL) are stored raw (unsanitized)
* while other action types are stored Sanitized
*
* @param $actionType
* @param $actionString
* @return string
*/
private static function normaliseActionString($actionType, $actionString)
{
$actionString = Common::unsanitizeInputValue($actionString);
if (self::isActionTypeStoredUnsanitized($actionType)) {
return $actionString;
}
return Common::sanitizeInputValue($actionString);
}
/**
* Returns image link tracking code for a given site with specified options.
*
* @param int $idSite The ID to generate tracking code for.
* @param string $piwikUrl The domain and URL path to the Piwik installation.
* @param int $idGoal An ID for a goal to trigger a conversion for.
* @param int $revenue The revenue of the goal conversion. Only used if $idGoal is supplied.
* @return string The HTML tracking code.
*/
public function getImageTrackingCode($idSite, $piwikUrl = '', $actionName = false, $idGoal = false, $revenue = false)
{
$urlParams = array('idsite' => $idSite, 'rec' => 1);
if ($actionName !== false) {
$urlParams['action_name'] = urlencode(Common::unsanitizeInputValue($actionName));
}
if ($idGoal !== false) {
$urlParams['idGoal'] = $idGoal;
if ($revenue !== false) {
$urlParams['revenue'] = $revenue;
}
}
/**
* Triggered when generating image link tracking code server side. Plugins can use
* this event to customise the image tracking code that is displayed to the
* user.
*
* @param string &$piwikHost The domain and URL path to the Piwik installation, eg,
* `'examplepiwik.com/path/to/piwik'`.
* @param array &$urlParams The query parameters used in the <img> element's src
* URL. See Piwik's image tracking docs for more info.
*/
Piwik::postEvent('SitesManager.getImageTrackingCode', array(&$piwikUrl, &$urlParams));
$piwikUrl = (ProxyHttp::isHttps() ? "https://" : "http://") . $piwikUrl . '/piwik.php';
return "<!-- Piwik Image Tracker-->\n<img src=\"{$piwikUrl}?" . Url::getQueryStringFromParameters($urlParams) . "\" style=\"border:0\" alt=\"\" />\n<!-- End Piwik -->";
}
/**
* This method is called when the JS from startOverlaySession() detects that the target domain
* is not configured for the current site.
*/
public function showErrorWrongDomain()
{
$idSite = Common::getRequestVar('idSite', 0, 'int');
Piwik::checkUserHasViewAccess($idSite);
$url = Common::getRequestVar('url', '');
$url = Common::unsanitizeInputValue($url);
$message = Piwik::translate('Overlay_RedirectUrlError', array($url, "\n"));
$message = nl2br(htmlentities($message));
$view = new View('@Overlay/showErrorWrongDomain');
$this->addCustomLogoInfo($view);
$view->message = $message;
if (Piwik::isUserHasAdminAccess($idSite)) {
// TODO use $idSite to link to the correct row. This is tricky because the #rowX ids don't match
// the site ids when sites have been deleted.
$url = 'index.php?module=SitesManager&action=index';
$troubleshoot = htmlentities(Piwik::translate('Overlay_RedirectUrlErrorAdmin'));
$troubleshoot = sprintf($troubleshoot, '<a href="' . $url . '" target="_top">', '</a>');
$view->troubleshoot = $troubleshoot;
} else {
$view->troubleshoot = htmlentities(Piwik::translate('Overlay_RedirectUrlErrorUser'));
}
return $view->render();
}
/**
* Convert segment expression to an action ID or an SQL expression.
*
* This method is used as a sqlFilter-callback for the segments of this plugin.
* Usually, these callbacks only return a value that should be compared to the
* column in the database. In this case, that doesn't work since multiple IDs
* can match an expression (e.g. "pageUrl=@foo").
* @param string $valueToMatch
* @param string $sqlField
* @param string $matchType
* @param string $segmentName
* @throws \Exception
* @return array|int|string
*/
public static function getIdActionFromSegment($valueToMatch, $sqlField, $matchType, $segmentName)
{
$actionType = self::guessActionTypeFromSegment($segmentName);
if ($actionType == Action::TYPE_PAGE_URL) {
// for urls trim protocol and www because it is not recorded in the db
$valueToMatch = preg_replace('@^http[s]?://(www\\.)?@i', '', $valueToMatch);
}
$valueToMatch = Common::sanitizeInputValue(Common::unsanitizeInputValue($valueToMatch));
if ($matchType == SegmentExpression::MATCH_EQUAL || $matchType == SegmentExpression::MATCH_NOT_EQUAL) {
$idAction = self::getIdActionMatchingNameAndType($valueToMatch, $actionType);
// if the action is not found, we hack -100 to ensure it tries to match against an integer
// otherwise binding idaction_name to "false" returns some rows for some reasons (in case &segment=pageTitle==Větrnásssssss)
if (empty($idAction)) {
$idAction = -100;
}
return $idAction;
}
// "name contains $string" match can match several idaction so we cannot return yet an idaction
// special case
$sql = TableLogAction::getSelectQueryWhereNameContains($matchType, $actionType);
return array('SQL' => $sql, 'bind' => $valueToMatch);
}
/**
* send email to Piwik team and display nice thanks
* @throws Exception
*/
function sendFeedback()
{
$email = Common::getRequestVar('email', '', 'string');
$body = Common::getRequestVar('body', '', 'string');
$category = Common::getRequestVar('category', '', 'string');
$nonce = Common::getRequestVar('nonce', '', 'string');
$view = new View('@Feedback/sendFeedback');
$view->feedbackEmailAddress = Config::getInstance()->General['feedback_email_address'];
try {
$minimumBodyLength = 40;
if (strlen($body) < $minimumBodyLength || strpos($email, 'probe@') !== false || strpos($body, '<probe') !== false) {
throw new Exception(Piwik::translate('Feedback_ExceptionBodyLength', array($minimumBodyLength)));
}
if (!Piwik::isValidEmailString($email)) {
throw new Exception(Piwik::translate('UsersManager_ExceptionInvalidEmail'));
}
if (preg_match('/https?:/i', $body)) {
throw new Exception(Piwik::translate('Feedback_ExceptionNoUrls'));
}
if (!Nonce::verifyNonce('Feedback.sendFeedback', $nonce)) {
throw new Exception(Piwik::translate('General_ExceptionNonceMismatch'));
}
Nonce::discardNonce('Feedback.sendFeedback');
$mail = new Mail();
$mail->setFrom(Common::unsanitizeInputValue($email));
$mail->addTo($view->feedbackEmailAddress, 'Piwik Team');
$mail->setSubject('[ Feedback form - Piwik ] ' . $category);
$mail->setBodyText(Common::unsanitizeInputValue($body) . "\n" . 'Piwik ' . Version::VERSION . "\n" . 'IP: ' . IP::getIpFromHeader() . "\n" . 'URL: ' . Url::getReferrer() . "\n");
@$mail->send();
} catch (Exception $e) {
$view->errorString = $e->getMessage();
$view->message = $body;
}
return $view->render();
}
