Skip to content

Commit

Permalink
refs #4126 for security remove settings in case a user is deleted or …
Browse files Browse the repository at this point in the history 
…a plugin installed, needs to be tested
  • Loading branch information
@tsteur
tsteur committed Oct 22, 2013
1 parent ea7ef38 commit 4af4d04
Show file tree
Hide file tree
Showing 4 changed files with 55 additions and 8 deletions.
1 change: 1 addition & 0 deletions core/Plugin/Manager.php
View file
Expand Up @@ -207,6 +207,7 @@ public function uninstallPlugin($pluginName)
$this->removePluginFromPluginsInstalledConfig($pluginName);
$this->removePluginFromTrackerConfig($pluginName);
PiwikConfig::getInstance()->forceSave();
\Piwik\Settings\Manager::cleanupPluginSettings($pluginName);

Filesystem::deleteAllCacheOnUpdate();

Expand Down
17 changes: 17 additions & 0 deletions core/Plugin/Settings.php
View file
Expand Up @@ -146,6 +146,23 @@ public function removeAllPluginSettings()
Option::delete($this->getOptionKey());
}

public function removeAllSettingsForUser($userLogin)
{
foreach ($this->settingsValues as $name => $value) {
$setting = $this->getSetting($name);

if (!$setting['isUserSetting']) {
continue;
}

if ($name == $this->buildUserSettingName($name, $userLogin)) {
unset($this->settingsValues[$name]);
}
}

$this->save();
}

private function getSettingValue($name)
{
if (!array_key_exists($name, $this->settingsValues)) {
Expand Down
39 changes: 31 additions & 8 deletions core/Settings/Manager.php
View file
Expand Up @@ -11,8 +11,6 @@

namespace Piwik\Settings;

use Piwik\Piwik;

/**
* Settings manager
*
Expand All @@ -34,19 +32,31 @@ public static function getAllPluginSettings()

$pluginNames = \Piwik\Plugin\Manager::getInstance()->getLoadedPluginsName();
foreach ($pluginNames as $pluginName) {
$klassName = 'Piwik\\Plugins\\' . $pluginName . '\\Settings';

if (class_exists($klassName) && is_subclass_of($klassName, 'Piwik\\Plugin\\Settings')) {
$settings[$pluginName] = new $klassName($pluginName);
}
$settings[$pluginName] = self::getPluginSettingsClass($pluginName);
}

static::$settings = $settings;
static::$settings = array_filter($settings);
}

return static::$settings;
}

public static function cleanupPluginSettings($pluginName)
{
$settings = self::getPluginSettingsClass($pluginName);

if (!empty($settings)) {
$settings->removeAllPluginSettings();
}
}

public static function cleanupUserSettings($userLogin)
{
foreach (static::getAllPluginSettings() as $setting) {
$setting->removeAllSettingsForUser($userLogin);
}
}

/**
* @return bool
*/
Expand All @@ -64,4 +74,17 @@ public static function hasPluginSettingsForCurrentUser()
return false;
}

/**
* @param $pluginName
* @return \Piwik\Plugin\Settings|null
*/
private static function getPluginSettingsClass($pluginName)
{
$klassName = 'Piwik\\Plugins\\' . $pluginName . '\\Settings';

if (class_exists($klassName) && is_subclass_of($klassName, 'Piwik\\Plugin\\Settings')) {
return new $klassName($pluginName);
}
}

}
6 changes: 6 additions & 0 deletions plugins/CoreAdminHome/CoreAdminHome.php
View file
Expand Up @@ -36,9 +36,15 @@ public function getListHooksRegistered()
'AssetManager.getJavaScriptFiles' => 'getJsFiles',
'Menu.Admin.addItems' => 'addMenu',
'TaskScheduler.getScheduledTasks' => 'getScheduledTasks',
'UsersManager.deleteUser' => 'cleanupUser'
);
}

public function cleanupUser($userLogin)
{
SettingsManager::cleanupUserSettings($userLogin);
}

public function getScheduledTasks(&$tasks)
{
// general data purge on older archive tables, executed daily
Expand Down

0 comments on commit 4af4d04

Please sign in to comment.