/**
* Redirect to referer only if from within Piwik
*
* @returns string
*/
public static function getRefererToRedirect()
{
// retrieve any previously saved referer
$referer = Piwik_Common::getRequestVar('form_url', '', 'string');
if (!empty($referer)) {
return htmlspecialchars_decode($referer);
}
// if the referer contains module=Login, Installation, or CoreUpdater, we instead redirect to the doc root
$referer = Piwik_Url::getLocalReferer();
if (empty($referer) || preg_match('/module=(Login|Installation|CoreUpdater)/', $referer)) {
$referer = 'index.php';
}
return $referer;
}
/**
* Verify nonce and check referrer (if present, i.e., it may be suppressed by the browser or a proxy/network).
*
* @param string $id Unique id
* @param string $cnonce Nonce sent to client
* @return bool true if valid; false otherwise
*/
public static function verifyNonce($id, $cnonce)
{
$ns = new Piwik_Session_Namespace($id);
$nonce = $ns->nonce;
// validate token
if (empty($cnonce) || $cnonce !== $nonce) {
return false;
}
// validate referer
$referer = Piwik_Url::getReferer();
if (!empty($referer) && Piwik_Url::getLocalReferer() === false) {
return false;
}
// validate origin
$origin = self::getOrigin();
if (!empty($origin) && ($origin == 'null' || !in_array($origin, self::getAcceptableOrigins()))) {
return false;
}
return true;
}
/**
* Verify nonce and check referrer (if present, i.e., it may be suppressed by the browser or a proxy/network).
*
* @param string $id Unique id
* @param string $nonce Nonce sent to client
* @return bool true if valid; false otherwise
*/
public static function verifyNonce($id, $nonce)
{
$ns = new Zend_Session_Namespace($id);
$snonce = $ns->nonce;
// validate token
if (empty($nonce) || $snonce !== $nonce) {
return false;
}
// validate referer
$referer = Piwik_Url::getReferer();
if (!empty($referer) && Piwik_Url::getLocalReferer() === false) {
return false;
}
return true;
}
/**
* Output redirection page instead of linking directly to avoid
* exposing the referrer on the Piwik demo.
*
* @param string $url (via $_GET)
*/
public function redirect()
{
$url = Piwik_Common::getRequestVar('url', '', 'string', $_GET);
// validate referrer
$referrer = Piwik_Url::getReferer();
if (!empty($referrer) && Piwik_Url::getLocalReferer() === false) {
die('Invalid Referer detected - check that your browser sends the Referer header. <br/>The link you would have been redirected to is: ' . $url);
exit;
}
// mask visits to *.piwik.org
if (self::isPiwikUrl($url)) {
echo '<html><head>
<meta http-equiv="refresh" content="0;url=' . $url . '" />
</head></html>';
}
exit;
}
