/**
* Checks if the current host is valid and sets variables on the given view, including:
*
* - **isValidHost** - true if host is valid, false if otherwise
* - **invalidHostMessage** - message to display if host is invalid (only set if host is invalid)
* - **invalidHost** - the invalid hostname (only set if host is invalid)
* - **mailLinkStart** - the open tag of a link to email the Super User of this problem (only set
* if host is invalid)
*
* @param View $view
* @api
*/
public static function setHostValidationVariablesView($view)
{
// check if host is valid
$view->isValidHost = Url::isValidHost();
if (!$view->isValidHost) {
// invalid host, so display warning to user
$validHosts = Url::getTrustedHostsFromConfig();
$validHost = $validHosts[0];
$invalidHost = Common::sanitizeInputValue($_SERVER['HTTP_HOST']);
$emailSubject = rawurlencode(Piwik::translate('CoreHome_InjectedHostEmailSubject', $invalidHost));
$emailBody = rawurlencode(Piwik::translate('CoreHome_InjectedHostEmailBody'));
$superUserEmail = implode(',', Piwik::getAllSuperUserAccessEmailAddresses());
$mailToUrl = "mailto:{$superUserEmail}?subject={$emailSubject}&body={$emailBody}";
$mailLinkStart = "<a href=\"{$mailToUrl}\">";
$invalidUrl = Url::getCurrentUrlWithoutQueryString($checkIfTrusted = false);
$validUrl = Url::getCurrentScheme() . '://' . $validHost . Url::getCurrentScriptName();
$invalidUrl = Common::sanitizeInputValue($invalidUrl);
$validUrl = Common::sanitizeInputValue($validUrl);
$changeTrustedHostsUrl = "index.php" . Url::getCurrentQueryStringWithParametersModified(array('module' => 'CoreAdminHome', 'action' => 'generalSettings')) . "#trustedHostsSection";
$warningStart = Piwik::translate('CoreHome_InjectedHostWarningIntro', array('<strong>' . $invalidUrl . '</strong>', '<strong>' . $validUrl . '</strong>')) . ' <br/>';
if (Piwik::hasUserSuperUserAccess()) {
$view->invalidHostMessage = $warningStart . ' ' . Piwik::translate('CoreHome_InjectedHostSuperUserWarning', array("<a href=\"{$changeTrustedHostsUrl}\">", $invalidHost, '</a>', "<br/><a href=\"{$validUrl}\">", $validHost, '</a>'));
} else {
if (Piwik::isUserIsAnonymous()) {
$view->invalidHostMessage = $warningStart . ' ' . Piwik::translate('CoreHome_InjectedHostNonSuperUserWarning', array("<br/><a href=\"{$validUrl}\">", '</a>', '<span style="display:none">', '</span>'));
} else {
$view->invalidHostMessage = $warningStart . ' ' . Piwik::translate('CoreHome_InjectedHostNonSuperUserWarning', array("<br/><a href=\"{$validUrl}\">", '</a>', $mailLinkStart, '</a>'));
}
}
$view->invalidHostMessageHowToFix = '<p><b>How do I fix this problem and how do I login again?</b><br/> The Piwik Super User can manually edit the file piwik/config/config.ini.php
and add the following lines: <pre>[General]' . "\n" . 'trusted_hosts[] = "' . $invalidHost . '"</pre>After making the change, you will be able to login again.</p>
<p>You may also <i>disable this security feature (not recommended)</i>. To do so edit config/config.ini.php and add:
<pre>[General]' . "\n" . 'enable_trusted_host_check=0</pre>';
$view->invalidHost = $invalidHost;
// for UserSettings warning
$view->invalidHostMailLinkStart = $mailLinkStart;
}
}
/**
* @group Core
*/
public function test_getCurrentScriptName()
{
$names = array('PATH_INFO', 'REQUEST_URI', 'SCRIPT_NAME', 'SCRIPT_FILENAME', 'argv', 'HTTPS', 'HTTP_HOST', 'QUERY_STRING', 'HTTP_REFERER');
foreach ($names as $name) {
unset($_SERVER[$name]);
}
$tests = array(array('/', 'http://example.com/', null), array('/', '/', null), array('/index.php', '/index.php', null), array('/index.php', '/index.php?module=Foo', null), array('/index.php', '/index.php/route/1', '/route/1'), array('/index.php', '/index.php/route/2?module=Bar', '/route/2'), array('/path/index.php', '/path/index.php/route/3/?module=Fu&action=Bar#Hash', '/route/3/'));
foreach ($tests as $test) {
list($expected, $uri, $pathInfo) = $test;
$_SERVER['REQUEST_URI'] = $uri;
$_SERVER['PATH_INFO'] = $pathInfo;
$scriptPathName = Url::getCurrentScriptName();
$this->assertEquals($expected, $scriptPathName);
}
}
/**
* @group Core
*/
public function test_getCurrentScriptName()
{
$this->resetGlobalVariables();
$tests = array(array('/', 'http://example.com/', null), array('/', '/', null), array('/index.php', '/index.php', null), array('/index.php', '/index.php?module=Foo', null), array('/index.php', '/index.php/route/1', '/route/1'), array('/index.php', '/index.php/route/2?module=Bar', '/route/2'), array('/path/index.php', '/path/index.php/route/3/?module=Fu&action=Bar#Hash', '/route/3/'));
foreach ($tests as $test) {
list($expected, $uri, $pathInfo) = $test;
$_SERVER['REQUEST_URI'] = $uri;
$_SERVER['PATH_INFO'] = $pathInfo;
$scriptPathName = Url::getCurrentScriptName();
$this->assertEquals($expected, $scriptPathName);
}
}
/**
* Check force_ssl_login and redirect if connection isn't secure and not using a reverse proxy
*
* @param none
* @return void
*/
protected function checkForceSslLogin()
{
$forceSslLogin = Config::getInstance()->General['force_ssl_login'];
if ($forceSslLogin && !ProxyHttp::isHttps()) {
$url = 'https://' . Url::getCurrentHost() . Url::getCurrentScriptName() . Url::getCurrentQueryString();
Url::redirectToUrl($url);
}
}
