/** * send email to Piwik team and display nice thanks */ function sendFeedback() { $email = Piwik_Common::getRequestVar('email', '', 'string'); $body = Piwik_Common::getRequestVar('body', '', 'string'); $category = Piwik_Common::getRequestVar('category', '', 'string'); $nonce = Piwik_Common::getRequestVar('nonce', '', 'string'); $view = Piwik_View::factory('sent'); $view->feedbackEmailAddress = Zend_Registry::get('config')->General->feedback_email_address; try { $minimumBodyLength = 35; if (strlen($body) < $minimumBodyLength) { throw new Exception(Piwik_TranslateException('Feedback_ExceptionBodyLength', array($minimumBodyLength))); } if (!Piwik::isValidEmailString($email)) { throw new Exception(Piwik_TranslateException('UsersManager_ExceptionInvalidEmail')); } if (preg_match('/https?:/i', $body)) { throw new Exception(Piwik_TranslateException('Feedback_ExceptionNoUrls')); } if (!Piwik_Nonce::verifyNonce('Piwik_Feedback.sendFeedback', $nonce)) { throw new Exception(Piwik_TranslateException('General_ExceptionNonceMismatch')); } Piwik_Nonce::discardNonce('Piwik_Feedback.sendFeedback'); $mail = new Piwik_Mail(); $mail->setFrom(Piwik_Common::unsanitizeInputValue($email)); $mail->addTo($view->feedbackEmailAddress, 'Piwik Team'); $mail->setSubject('[ Feedback form - Piwik ] ' . $category); $mail->setBodyText(Piwik_Common::unsanitizeInputValue($body) . "\n" . 'Piwik ' . Piwik_Version::VERSION . "\n" . 'IP: ' . Piwik_Common::getIpString() . "\n" . 'URL: ' . Piwik_Url::getReferer() . "\n"); @$mail->send(); } catch (Exception $e) { $view->ErrorString = $e->getMessage(); $view->message = $body; } echo $view->render(); }
/** * Verify nonce and check referrer (if present, i.e., it may be suppressed by the browser or a proxy/network). * * @param string $id Unique id * @param string $cnonce Nonce sent to client * @return bool true if valid; false otherwise */ static public function verifyNonce($id, $cnonce) { $ns = new Piwik_Session_Namespace($id); $nonce = $ns->nonce; // validate token if(empty($cnonce) || $cnonce !== $nonce) { return false; } // validate referer $referer = Piwik_Url::getReferer(); if(!empty($referer) && !Piwik_Url::isLocalUrl($referer)) { return false; } // validate origin $origin = self::getOrigin(); if(!empty($origin) && ($origin == 'null' || !in_array($origin, self::getAcceptableOrigins()))) { return false; } return true; }
/** * Login form */ function login() { $messageNoAccess = null; $form = new Piwik_Login_Form(); $currentUrl = Piwik_Url::getReferer(); $urlToRedirect = Piwik_Common::getRequestVar('form_url', $currentUrl, 'string'); $urlToRedirect = htmlspecialchars_decode($urlToRedirect); if ($form->validate()) { // if the current url to redirect contains module=Login or Installation we instead redirect to the doc root if (preg_match('/module=(Login|Installation)/', $urlToRedirect)) { $urlToRedirect = 'index.php'; } $login = $form->getSubmitValue('form_login'); $password = $form->getSubmitValue('form_password'); $md5Password = md5($password); $messageNoAccess = $this->authenticateAndRedirect($login, $md5Password, $urlToRedirect); } $view = Piwik_View::factory('login'); // make navigation login form -> reset password -> login form remember your first url $view->urlToRedirect = $urlToRedirect; $view->AccessErrorString = $messageNoAccess; $view->linkTitle = Piwik::getRandomTitle(); $view->addForm($form); $view->subTemplate = 'genericForm.tpl'; echo $view->render(); }
function init() { // if form_url is not defined go to current url $currentUrl = 'index.php' . Piwik_Url::getCurrentQueryString(); $urlToGoAfter = Piwik_Common::getRequestVar('form_url', $currentUrl, 'string'); // if the current url to redirect contains module=login we insteaed redirect to the referer url if (stripos($urlToGoAfter, 'module=Login') !== false) { $urlToGoAfter = Piwik_Url::getReferer(); } $formElements = array(array('text', 'form_login'), array('password', 'form_password'), array('hidden', 'form_url', $urlToGoAfter)); $this->addElements($formElements); $formRules = array(array('form_login', sprintf(Piwik_Translate('General_Required'), Piwik_Translate('Login_Login')), 'required'), array('form_password', sprintf(Piwik_Translate('General_Required'), Piwik_Translate('Login_Password')), 'required')); $this->addRules($formRules); $this->addElement('submit', 'submit'); }
function init() { // if form_url is not defined, go to referrer $currentUrl = Piwik_Url::getReferer(); $urlToGoAfter = Piwik_Common::getRequestVar('form_url', $currentUrl, 'string'); $urlToGoAfter = htmlspecialchars_decode($urlToGoAfter); $formElements = array( array('text', 'form_login'), array('password', 'form_password'), array('hidden', 'form_url', $urlToGoAfter), ); $this->addElements( $formElements ); $formRules = array( array('form_login', sprintf(Piwik_Translate('General_Required'), Piwik_Translate('Login_Login')), 'required'), array('form_password', sprintf(Piwik_Translate('General_Required'), Piwik_Translate('Login_Password')), 'required'), ); $this->addRules( $formRules ); $this->addElement('submit', 'submit'); }
/** * Output redirection page instead of linking directly to avoid * exposing the referrer on the Piwik demo. * * @param string $url (via $_GET) */ public function redirect() { $url = Piwik_Common::getRequestVar('url', '', 'string', $_GET); // validate referrer $referrer = Piwik_Url::getReferer(); if (!empty($referrer) && !Piwik_Url::isLocalUrl($referrer)) { die('Invalid Referer detected - check that your browser sends the Referer header. <br/>The link you would have been redirected to is: ' . $url); exit; } // mask visits to *.piwik.org if (self::isPiwikUrl($url)) { echo '<html><head> <meta http-equiv="refresh" content="0;url=' . $url . '" /> </head></html>'; } exit; }
/** * @group Core * @group Url */ public function testGetReferer() { $_SERVER['HTTP_REFERER'] = 'http://www.piwik.org'; $this->assertEquals('http://www.piwik.org', Piwik_Url::getReferer()); }
/** * Verify nonce and check referrer (if present, i.e., it may be suppressed by the browser or a proxy/network). * * @param string $id Unique id * @param string $nonce Nonce sent to client * @return bool true if valid; false otherwise */ public static function verifyNonce($id, $nonce) { $ns = new Zend_Session_Namespace($id); $snonce = $ns->nonce; // validate token if (empty($nonce) || $snonce !== $nonce) { return false; } // validate referer $referer = Piwik_Url::getReferer(); if (!empty($referer) && Piwik_Url::getLocalReferer() === false) { return false; } return true; }