_Note: setting this allows you to make sure the View **cannot** be
embedded in iframes. Learn more here._
public setXFrameOptions ( string $option = 'deny' ) | ||
$option | string | ('deny' or 'sameorigin') |
/** * @return View * @throws \Exception */ public function getOptOutView() { if ($this->view) { return $this->view; } $trackVisits = !IgnoreCookie::isIgnoreCookieFound(); $dntFound = $this->getDoNotTrackHeaderChecker()->isDoNotTrackFound(); $setCookieInNewWindow = Common::getRequestVar('setCookieInNewWindow', false, 'int'); if ($setCookieInNewWindow) { $reloadUrl = Url::getCurrentQueryStringWithParametersModified(array('showConfirmOnly' => 1, 'setCookieInNewWindow' => 0)); } else { $reloadUrl = false; $nonce = Common::getRequestVar('nonce', false); if ($nonce !== false && Nonce::verifyNonce('Piwik_OptOut', $nonce)) { Nonce::discardNonce('Piwik_OptOut'); IgnoreCookie::setIgnoreCookie(); $trackVisits = !$trackVisits; } } $language = Common::getRequestVar('language', ''); $lang = APILanguagesManager::getInstance()->isLanguageAvailable($language) ? $language : LanguagesManager::getLanguageCodeForCurrentUser(); $this->view = new View("@CoreAdminHome/optOut"); $this->view->setXFrameOptions('allow'); $this->view->dntFound = $dntFound; $this->view->trackVisits = $trackVisits; $this->view->nonce = Nonce::getNonce('Piwik_OptOut', 3600); $this->view->language = $lang; $this->view->showConfirmOnly = Common::getRequestVar('showConfirmOnly', false, 'int'); $this->view->reloadUrl = $reloadUrl; $this->view->javascripts = $this->getJavascripts(); $this->view->stylesheets = $this->getStylesheets(); $this->view->title = $this->getTitle(); return $this->view; }
/** * Assigns view properties that would be useful to views that render admin pages. * * Assigns the following variables: * * - **statisticsNotRecorded** - Set to true if the `[Tracker] record_statistics` INI * config is `0`. If not `0`, this variable will not be defined. * - **topMenu** - The result of `MenuTop::getInstance()->getMenu()`. * - **currentAdminMenuName** - The currently selected admin menu name. * - **enableFrames** - The value of the `[General] enable_framed_pages` INI config option. If * true, {@link Piwik\View::setXFrameOptions()} is called on the view. * - **isSuperUser** - Whether the current user is a superuser or not. * - **usingOldGeoIPPlugin** - Whether this Piwik install is currently using the old GeoIP * plugin or not. * - **invalidPluginsWarning** - Set if some of the plugins to load (determined by INI configuration) * are invalid or missing. * - **phpVersion** - The current PHP version. * - **phpIsNewEnough** - Whether the current PHP version is new enough to run Piwik. * - **adminMenu** - The result of `MenuAdmin::getInstance()->getMenu()`. * * @param View $view * @api */ public static function setBasicVariablesAdminView(View $view) { self::notifyWhenTrackingStatisticsDisabled(); self::notifyIfEAcceleratorIsUsed(); $view->topMenu = MenuTop::getInstance()->getMenu(); $view->userMenu = MenuUser::getInstance()->getMenu(); $view->currentAdminMenuName = MenuAdmin::getInstance()->getCurrentAdminMenuName(); $view->isDataPurgeSettingsEnabled = self::isDataPurgeSettingsEnabled(); $view->enableFrames = PiwikConfig::getInstance()->General['enable_framed_settings']; if (!$view->enableFrames) { $view->setXFrameOptions('sameorigin'); } $view->isSuperUser = Piwik::hasUserSuperUserAccess(); self::notifyAnyInvalidPlugin(); self::checkPhpVersion($view); if (Piwik::hasUserSuperUserAccess() && self::isPhpVersion53()) { $notification = new Notification(Piwik::translate('General_WarningPhpVersionXIsTooOld', '5.3')); $notification->title = Piwik::translate('General_Warning'); $notification->priority = Notification::PRIORITY_LOW; $notification->context = Notification::CONTEXT_WARNING; $notification->type = Notification::TYPE_TRANSIENT; $notification->flags = Notification::FLAG_NO_CLEAR; NotificationManager::notify('PHP53VersionCheck', $notification); } $adminMenu = MenuAdmin::getInstance()->getMenu(); $view->adminMenu = $adminMenu; $notifications = $view->notifications; if (empty($notifications)) { $view->notifications = NotificationManager::getAllNotificationsToDisplay(); NotificationManager::cancelAllNonPersistent(); } }
/** * Assigns view properties that would be useful to views that render admin pages. * * Assigns the following variables: * * - **statisticsNotRecorded** - Set to true if the `[Tracker] record_statistics` INI * config is `0`. If not `0`, this variable will not be defined. * - **topMenu** - The result of `MenuTop::getInstance()->getMenu()`. * - **currentAdminMenuName** - The currently selected admin menu name. * - **enableFrames** - The value of the `[General] enable_framed_pages` INI config option. If * true, {@link Piwik\View::setXFrameOptions()} is called on the view. * - **isSuperUser** - Whether the current user is a superuser or not. * - **usingOldGeoIPPlugin** - Whether this Piwik install is currently using the old GeoIP * plugin or not. * - **invalidPluginsWarning** - Set if some of the plugins to load (determined by INI configuration) * are invalid or missing. * - **phpVersion** - The current PHP version. * - **phpIsNewEnough** - Whether the current PHP version is new enough to run Piwik. * - **adminMenu** - The result of `MenuAdmin::getInstance()->getMenu()`. * * @param View $view * @api */ public static function setBasicVariablesAdminView(View $view) { self::notifyWhenTrackingStatisticsDisabled(); $view->topMenu = MenuTop::getInstance()->getMenu(); $view->currentAdminMenuName = MenuAdmin::getInstance()->getCurrentAdminMenuName(); $view->isDataPurgeSettingsEnabled = self::isDataPurgeSettingsEnabled(); $view->enableFrames = PiwikConfig::getInstance()->General['enable_framed_settings']; if (!$view->enableFrames) { $view->setXFrameOptions('sameorigin'); } $view->isSuperUser = Piwik::isUserIsSuperUser(); self::notifyAnyInvalidPlugin(); self::checkPhpVersion($view); $adminMenu = MenuAdmin::getInstance()->getMenu(); $view->adminMenu = $adminMenu; $view->notifications = NotificationManager::getAllNotificationsToDisplay(); NotificationManager::cancelAllNonPersistent(); }
/** * Assigns view properties that would be useful to views that render admin pages. * * Assigns the following variables: * * - **statisticsNotRecorded** - Set to true if the `[Tracker] record_statistics` INI * config is `0`. If not `0`, this variable will not be defined. * - **topMenu** - The result of `MenuTop::getInstance()->getMenu()`. * - **enableFrames** - The value of the `[General] enable_framed_pages` INI config option. If * true, {@link Piwik\View::setXFrameOptions()} is called on the view. * - **isSuperUser** - Whether the current user is a superuser or not. * - **usingOldGeoIPPlugin** - Whether this Piwik install is currently using the old GeoIP * plugin or not. * - **invalidPluginsWarning** - Set if some of the plugins to load (determined by INI configuration) * are invalid or missing. * - **phpVersion** - The current PHP version. * - **phpIsNewEnough** - Whether the current PHP version is new enough to run Piwik. * - **adminMenu** - The result of `MenuAdmin::getInstance()->getMenu()`. * * @param View $view * @api */ public static function setBasicVariablesAdminView(View $view) { self::notifyWhenTrackingStatisticsDisabled(); self::notifyIfEAcceleratorIsUsed(); $view->topMenu = MenuTop::getInstance()->getMenu(); $view->userMenu = MenuUser::getInstance()->getMenu(); $view->isDataPurgeSettingsEnabled = self::isDataPurgeSettingsEnabled(); $enableFrames = PiwikConfig::getInstance()->General['enable_framed_settings']; $view->enableFrames = $enableFrames; if (!$enableFrames) { $view->setXFrameOptions('sameorigin'); } $view->isSuperUser = Piwik::hasUserSuperUserAccess(); self::notifyAnyInvalidPlugin(); self::checkPhpVersion($view); self::notifyWhenPhpVersionIsEOL(); self::notifyWhenDebugOnDemandIsEnabled('debug'); self::notifyWhenDebugOnDemandIsEnabled('debug_on_demand'); $adminMenu = MenuAdmin::getInstance()->getMenu(); $view->adminMenu = $adminMenu; $notifications = $view->notifications; if (empty($notifications)) { $view->notifications = NotificationManager::getAllNotificationsToDisplay(); NotificationManager::cancelAllNonPersistent(); } }
/** * Shows the "Track Visits" checkbox. */ public function optOut() { $trackVisits = !IgnoreCookie::isIgnoreCookieFound(); $nonce = Common::getRequestVar('nonce', false); $language = Common::getRequestVar('language', ''); if ($nonce !== false && Nonce::verifyNonce('Piwik_OptOut', $nonce)) { Nonce::discardNonce('Piwik_OptOut'); IgnoreCookie::setIgnoreCookie(); $trackVisits = !$trackVisits; } $lang = APILanguagesManager::getInstance()->isLanguageAvailable($language) ? $language : LanguagesManager::getLanguageCodeForCurrentUser(); // should not use self::renderTemplate since that uses setBasicVariablesView. this will cause // an error when setBasicVariablesAdminView is called, and MenuTop is requested (the idSite query // parameter is required) $view = new View("@CoreAdminHome/optOut"); $view->setXFrameOptions('allow'); $view->trackVisits = $trackVisits; $view->nonce = Nonce::getNonce('Piwik_OptOut', 3600); $view->language = $lang; return $view->render(); }
/** * Shows the "Track Visits" checkbox. */ public function optOut() { $trackVisits = !IgnoreCookie::isIgnoreCookieFound(); $dntChecker = new DoNotTrackHeaderChecker(); $dntFound = $dntChecker->isDoNotTrackFound(); $setCookieInNewWindow = Common::getRequestVar('setCookieInNewWindow', false, 'int'); if ($setCookieInNewWindow) { $reloadUrl = Url::getCurrentQueryStringWithParametersModified(array( 'showConfirmOnly' => 1, 'setCookieInNewWindow' => 0, )); } else { $reloadUrl = false; $nonce = Common::getRequestVar('nonce', false); if ($nonce !== false && Nonce::verifyNonce('Piwik_OptOut', $nonce)) { Nonce::discardNonce('Piwik_OptOut'); IgnoreCookie::setIgnoreCookie(); $trackVisits = !$trackVisits; } } $language = Common::getRequestVar('language', ''); $lang = APILanguagesManager::getInstance()->isLanguageAvailable($language) ? $language : LanguagesManager::getLanguageCodeForCurrentUser(); // should not use self::renderTemplate since that uses setBasicVariablesView. this will cause // an error when setBasicVariablesAdminView is called, and MenuTop is requested (the idSite query // parameter is required) $view = new View("@CoreAdminHome/optOut"); $view->setXFrameOptions('allow'); $view->dntFound = $dntFound; $view->trackVisits = $trackVisits; $view->nonce = Nonce::getNonce('Piwik_OptOut', 3600); $view->language = $lang; $view->isSafari = $this->isUserAgentSafari(); $view->showConfirmOnly = Common::getRequestVar('showConfirmOnly', false, 'int'); $view->reloadUrl = $reloadUrl; return $view->render(); }
/** * Assigns a set of generally useful variables to a {@link Piwik\View} instance. * * The following variables assigned: * * **debugTrackVisitsInsidePiwikUI** - The value of the `[Debug] track_visits_inside_piwik_ui` * INI config option. * **isSuperUser** - True if the current user is the super user, false if otherwise. * **hasSomeAdminAccess** - True if the current user has admin access to at least one site, * false if otherwise. * **isCustomLogo** - The value of the `[branding] use_custom_logo` INI config option. * **logoHeader** - The header logo URL to use. * **logoLarge** - The large logo URL to use. * **logoSVG** - The SVG logo URL to use. * **hasSVGLogo** - True if there is a SVG logo, false if otherwise. * **enableFrames** - The value of the `[General] enable_framed_pages` INI config option. If * true, {@link Piwik\View::setXFrameOptions()} is called on the view. * * Also calls {@link setHostValidationVariablesView()}. * * @param View $view * @api */ protected function setBasicVariablesView($view) { $view->debugTrackVisitsInsidePiwikUI = PiwikConfig::getInstance()->Debug['track_visits_inside_piwik_ui']; $view->isSuperUser = Access::getInstance()->isSuperUser(); $view->hasSomeAdminAccess = Piwik::isUserHasSomeAdminAccess(); $view->isCustomLogo = PiwikConfig::getInstance()->branding['use_custom_logo']; $view->logoHeader = \Piwik\Plugins\API\API::getInstance()->getHeaderLogoUrl(); $view->logoLarge = \Piwik\Plugins\API\API::getInstance()->getLogoUrl(); $view->logoSVG = \Piwik\Plugins\API\API::getInstance()->getSVGLogoUrl(); $view->hasSVGLogo = \Piwik\Plugins\API\API::getInstance()->hasSVGLogo(); $general = PiwikConfig::getInstance()->General; $view->enableFrames = $general['enable_framed_pages'] || isset($general['enable_framed_logins']) && $general['enable_framed_logins']; if (!$view->enableFrames) { $view->setXFrameOptions('sameorigin'); } self::setHostValidationVariablesView($view); }