This method should be used when you need to unescape data that was obtained from
the user.
Some data in Piwik is stored sanitized (such as site name). In this case you may
have to use this method to unsanitize it in order to, for example, output it in JSON.
public function getCustomVariables($scope)
{
if ($scope == 'visit') {
$parameter = '_cvar';
} else {
$parameter = 'cvar';
}
$customVar = Common::unsanitizeInputValues(Common::getRequestVar($parameter, '', 'json', $this->params));
if (!is_array($customVar)) {
return array();
}
$customVariables = array();
foreach ($customVar as $id => $keyValue) {
$id = (int) $id;
if ($id < 1 || $id > Tracker::MAX_CUSTOM_VARIABLES || count($keyValue) != 2 || !is_string($keyValue[0]) && !is_numeric($keyValue[0])) {
Common::printDebug("Invalid custom variables detected (id={$id})");
continue;
}
if (strlen($keyValue[1]) == 0) {
$keyValue[1] = "";
}
// We keep in the URL when Custom Variable have empty names
// and values, as it means they can be deleted server side
$key = self::truncateCustomVariable($keyValue[0]);
$value = self::truncateCustomVariable($keyValue[1]);
$customVariables['custom_var_k' . $id] = $key;
$customVariables['custom_var_v' . $id] = $value;
}
return $customVariables;
}
/**
* Returns the javascript tag for the given idSite.
* This tag must be included on every page to be tracked by Piwik
*
* @param int $idSite
* @param string $piwikUrl
* @param bool $mergeSubdomains
* @param bool $groupPageTitlesByDomain
* @param bool $mergeAliasUrls
* @param bool $visitorCustomVariables
* @param bool $pageCustomVariables
* @param bool $customCampaignNameQueryParam
* @param bool $customCampaignKeywordParam
* @param bool $doNotTrack
* @param bool $disableCookies
* @return string The Javascript tag ready to be included on the HTML pages
*/
public function getJavascriptTag($idSite, $piwikUrl = '', $mergeSubdomains = false, $groupPageTitlesByDomain = false, $mergeAliasUrls = false, $visitorCustomVariables = false, $pageCustomVariables = false, $customCampaignNameQueryParam = false, $customCampaignKeywordParam = false, $doNotTrack = false, $disableCookies = false)
{
Piwik::checkUserHasViewAccess($idSite);
if (empty($piwikUrl)) {
$piwikUrl = SettingsPiwik::getPiwikUrl();
}
// Revert the automatic encoding
// TODO remove that when https://github.com/piwik/piwik/issues/4231 is fixed
$piwikUrl = Common::unsanitizeInputValue($piwikUrl);
$visitorCustomVariables = Common::unsanitizeInputValues($visitorCustomVariables);
$pageCustomVariables = Common::unsanitizeInputValues($pageCustomVariables);
$customCampaignNameQueryParam = Common::unsanitizeInputValue($customCampaignNameQueryParam);
$customCampaignKeywordParam = Common::unsanitizeInputValue($customCampaignKeywordParam);
$generator = new TrackerCodeGenerator();
$code = $generator->generate($idSite, $piwikUrl, $mergeSubdomains, $groupPageTitlesByDomain, $mergeAliasUrls, $visitorCustomVariables, $pageCustomVariables, $customCampaignNameQueryParam, $customCampaignKeywordParam, $doNotTrack, $disableCookies);
$code = str_replace(array('<br>', '<br />', '<br/>'), '', $code);
return $code;
}
public static function unsanitizeLabelParameter($label)
{
// this is needed because Proxy uses Common::getRequestVar which in turn
// uses Common::sanitizeInputValue. This causes the > that separates recursive labels
// to become > and we need to undo that here.
$label = Common::unsanitizeInputValues($label);
return $label;
}
/**
* Returns Items read from the request string
* @return array|bool
*/
private function getEcommerceItemsFromRequest()
{
$items = $this->request->getParam('ec_items');
if (empty($items)) {
Common::printDebug("There are no Ecommerce items in the request");
// we still record an Ecommerce order without any item in it
return array();
}
if (!is_array($items)) {
Common::printDebug("Error while json_decode the Ecommerce items = " . var_export($items, true));
return false;
}
$items = Common::unsanitizeInputValues($items);
$cleanedItems = $this->getCleanedEcommerceItems($items);
return $cleanedItems;
}
