/** * Redirect to referer only if from within Piwik * * @returns string */ public static function getRefererToRedirect() { // retrieve any previously saved referer $referer = Piwik_Common::getRequestVar('form_url', '', 'string'); if (!empty($referer)) { return htmlspecialchars_decode($referer); } // if the referer contains module=Login, Installation, or CoreUpdater, we instead redirect to the doc root $referer = Piwik_Url::getLocalReferer(); if (empty($referer) || preg_match('/module=(Login|Installation|CoreUpdater)/', $referer)) { $referer = 'index.php'; } return $referer; }
/** * Verify nonce and check referrer (if present, i.e., it may be suppressed by the browser or a proxy/network). * * @param string $id Unique id * @param string $cnonce Nonce sent to client * @return bool true if valid; false otherwise */ public static function verifyNonce($id, $cnonce) { $ns = new Piwik_Session_Namespace($id); $nonce = $ns->nonce; // validate token if (empty($cnonce) || $cnonce !== $nonce) { return false; } // validate referer $referer = Piwik_Url::getReferer(); if (!empty($referer) && Piwik_Url::getLocalReferer() === false) { return false; } // validate origin $origin = self::getOrigin(); if (!empty($origin) && ($origin == 'null' || !in_array($origin, self::getAcceptableOrigins()))) { return false; } return true; }
/** * Verify nonce and check referrer (if present, i.e., it may be suppressed by the browser or a proxy/network). * * @param string $id Unique id * @param string $nonce Nonce sent to client * @return bool true if valid; false otherwise */ public static function verifyNonce($id, $nonce) { $ns = new Zend_Session_Namespace($id); $snonce = $ns->nonce; // validate token if (empty($nonce) || $snonce !== $nonce) { return false; } // validate referer $referer = Piwik_Url::getReferer(); if (!empty($referer) && Piwik_Url::getLocalReferer() === false) { return false; } return true; }
/** * Output redirection page instead of linking directly to avoid * exposing the referrer on the Piwik demo. * * @param string $url (via $_GET) */ public function redirect() { $url = Piwik_Common::getRequestVar('url', '', 'string', $_GET); // validate referrer $referrer = Piwik_Url::getReferer(); if (!empty($referrer) && Piwik_Url::getLocalReferer() === false) { die('Invalid Referer detected - check that your browser sends the Referer header. <br/>The link you would have been redirected to is: ' . $url); exit; } // mask visits to *.piwik.org if (self::isPiwikUrl($url)) { echo '<html><head> <meta http-equiv="refresh" content="0;url=' . $url . '" /> </head></html>'; } exit; }