Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Show a warning when Piwik is used as a SuperUser via HTTP #9570

Merged
merged 1 commit into from Jan 19, 2016
Merged

Show a warning when Piwik is used as a SuperUser via HTTP #9570

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
28 changes: 28 additions & 0 deletions core/Plugin/ControllerAdmin.php
View file
Open in desktop
Expand Up @@ -21,6 +21,7 @@
use Piwik\Url;
use Piwik\Version;
use Piwik\View;
use Piwik\ProxyHttp;

/**
* Base class of plugin controllers that provide administrative functionality.
Expand Down Expand Up @@ -86,6 +87,31 @@ protected function setBasicVariablesView($view)
self::setBasicVariablesAdminView($view);
}

private static function notifyIfURLIsNotSecure()
{
$isURLSecure = ProxyHttp::isHttps();
if ($isURLSecure) {
return;
}

if (!Piwik::hasUserSuperUserAccess()) {
return;
}

$message = Piwik::translate('General_CurrentlyUsingUnsecureHttp');

$message .= " ";

$message .= Piwik::translate('General_ReadThisToLearnMore',
array('<a rel="noreferrer" target="_blank" href="https://piwik.org/faq/how-to/faq_91/">', '</a>')
);

$notification = new Notification($message);
$notification->context = Notification::CONTEXT_WARNING;
$notification->raw = true;
Notification\Manager::notify('ControllerAdmin_HttpIsUsed', $notification);
}

/**
* @ignore
*/
Expand All @@ -104,6 +130,7 @@ public static function displayWarningIfConfigFileNotWritable()
}
}


private static function notifyIfEAcceleratorIsUsed()
{
$isEacceleratorUsed = ini_get('eaccelerator.enable');
Expand Down Expand Up @@ -195,6 +222,7 @@ public static function setBasicVariablesAdminView(View $view)
{
self::notifyWhenTrackingStatisticsDisabled();
self::notifyIfEAcceleratorIsUsed();
self::notifyIfURLIsNotSecure();

$view->topMenu = MenuTop::getInstance()->getMenu();
$view->userMenu = MenuUser::getInstance()->getMenu();
Expand Down
1 change: 1 addition & 0 deletions lang/en.json
View file
Open in desktop
Expand Up @@ -87,6 +87,7 @@
"ConfigFileIsNotWritable": "The Piwik configuration file %s is not writable, some of your changes might not be saved. %s Please change permissions of the config file to make it writable.",
"Continue": "Continue",
"ContinueToPiwik": "Continue to Piwik",
"CurrentlyUsingUnsecureHttp": "You are currently using Piwik over unsecure HTTP, which can be risky. We recommend you set up Piwik to use SSL (HTTPS) for improved security.",
"CurrentMonth": "Current Month",
"CurrentWeek": "Current Week",
"CurrentYear": "Current Year",
Expand Down