private function sendMail($subject, $body) { $feedbackEmailAddress = Config::getInstance()->General['feedback_email_address']; $subject = '[ Feedback Feature - Piwik ] ' . $subject; $body = Common::unsanitizeInputValue($body) . "\n" . 'Piwik ' . Version::VERSION . "\n" . 'IP: ' . IP::getIpFromHeader() . "\n" . 'URL: ' . Url::getReferrer() . "\n"; $mail = new Mail(); $mail->setFrom(Piwik::getCurrentUserEmail()); $mail->addTo($feedbackEmailAddress, 'Piwik Team'); $mail->setSubject($subject); $mail->setBodyText($body); @$mail->send(); }
/** * Returns if a nonce is valid and comes from a valid request. * * A nonce is valid if it matches the current nonce and if the current nonce * has not expired. * * The request is valid if the referrer is a local URL (see {@link Url::isLocalUrl()}) * and if the HTTP origin is valid (see {@link getAcceptableOrigins()}). * * @param string $id The nonce's unique ID. See {@link getNonce()}. * @param string $cnonce Nonce sent from client. * @return bool `true` if valid; `false` otherwise. */ public static function verifyNonce($id, $cnonce) { $ns = new SessionNamespace($id); $nonce = $ns->nonce; // validate token if (empty($cnonce) || $cnonce !== $nonce) { return false; } // validate referrer $referrer = Url::getReferrer(); if (!empty($referrer) && !Url::isLocalUrl($referrer)) { return false; } // validate origin $origin = self::getOrigin(); if (!empty($origin) && ($origin == 'null' || !in_array($origin, self::getAcceptableOrigins()))) { return false; } return true; }
/** * Output redirection page instead of linking directly to avoid * exposing the referrer on the Piwik demo. * * @internal param string $url (via $_GET) */ public function redirect() { $url = Common::getRequestVar('url', '', 'string', $_GET); // validate referrer $referrer = Url::getReferrer(); if (empty($referrer) || !Url::isLocalUrl($referrer)) { die('Invalid Referrer detected - This means that your web browser is not sending the "Referrer URL" which is required to proceed with the redirect. Verify your browser settings and add-ons, to check why your browser is not sending this referrer. <br/><br/>You can access the page at: ' . $url); } // mask visits to *.piwik.org if (!self::isPiwikUrl($url)) { Piwik::checkUserHasSomeViewAccess(); } if (!UrlHelper::isLookLikeUrl($url)) { die('Please check the &url= parameter: it should to be a valid URL'); } @header('Content-Type: text/html; charset=utf-8'); echo '<html><head><meta http-equiv="refresh" content="0;url=' . $url . '" /></head></html>'; exit; }
/** * @group Core */ public function testGetReferrer() { $_SERVER['HTTP_REFERER'] = 'http://www.piwik.org'; $this->assertEquals('http://www.piwik.org', Url::getReferrer()); }
/** * send email to Piwik team and display nice thanks * @throws Exception */ function sendFeedback() { $email = Common::getRequestVar('email', '', 'string'); $body = Common::getRequestVar('body', '', 'string'); $category = Common::getRequestVar('category', '', 'string'); $nonce = Common::getRequestVar('nonce', '', 'string'); $view = new View('@Feedback/sendFeedback'); $view->feedbackEmailAddress = Config::getInstance()->General['feedback_email_address']; try { $minimumBodyLength = 40; if (strlen($body) < $minimumBodyLength || strpos($email, 'probe@') !== false || strpos($body, '<probe') !== false) { throw new Exception(Piwik::translate('Feedback_ExceptionBodyLength', array($minimumBodyLength))); } if (!Piwik::isValidEmailString($email)) { throw new Exception(Piwik::translate('UsersManager_ExceptionInvalidEmail')); } if (preg_match('/https?:/i', $body)) { throw new Exception(Piwik::translate('Feedback_ExceptionNoUrls')); } if (!Nonce::verifyNonce('Feedback.sendFeedback', $nonce)) { throw new Exception(Piwik::translate('General_ExceptionNonceMismatch')); } Nonce::discardNonce('Feedback.sendFeedback'); $mail = new Mail(); $mail->setFrom(Common::unsanitizeInputValue($email)); $mail->addTo($view->feedbackEmailAddress, 'Piwik Team'); $mail->setSubject('[ Feedback form - Piwik ] ' . $category); $mail->setBodyText(Common::unsanitizeInputValue($body) . "\n" . 'Piwik ' . Version::VERSION . "\n" . 'IP: ' . IP::getIpFromHeader() . "\n" . 'URL: ' . Url::getReferrer() . "\n"); @$mail->send(); } catch (Exception $e) { $view->errorString = $e->getMessage(); $view->message = $body; } return $view->render(); }