Permalink
Browse files

fixing broken referer url logging and a few other bugs realted to inp…

…ut sanitization during tracking requests. #313
  • Loading branch information...
Peter Adams
Peter Adams committed Feb 21, 2018
1 parent 3e4058e commit a9dea4c30a52a1ac87cc6c8ccfd6cd500054b05f
View
@@ -79,7 +79,12 @@
// Create instance of OWA
require_once(OWA_BASE_DIR.'/owa_php.php');
$owa = new owa_php();
$config = array(
'tracking_mode' => true
);
$owa = new owa_php( $config );
// check to see if this endpoint is enabled.
if ( $owa->isEndpointEnabled( basename( __FILE__ ) ) ) {
@@ -167,7 +167,7 @@ function delete( $name ) {
if (array_key_exists( $name, $this->properties ) ) {
unset( $this->properties['name'] );
unset( $this->properties[ $name ] );
}
}
@@ -360,6 +360,17 @@ public static function cleanMd5( $md5 ) {
return "";
}
}
public static function cleanJson( $json_string ) {
if ( $json_string) {
$json_array = json_decode( $json_string, true );
$json_string = json_encode( $json_array );
return $json_string;
}
}
}
?>
@@ -92,14 +92,17 @@ public function setTrackerProperties( $event, $properties ) {
foreach ( $properties as $name => $property ) {
$value = $event->get( $name );
/*
// sanitize properties by datatype
$data_type = '';
if ( isset( $property['data_type'] ) && $property['data_type'] ) {
$data_type = $property['data_type'];
}
$value = $this->setDataType( $value, $data_type );
*/
$required = false;
if ( isset( $property['required'] ) ) {
@@ -130,7 +133,6 @@ public function setTrackerProperties( $event, $properties ) {
}
// set value on the event
if ( $required || $value || $value === 0 || $value === "0" ) {
$event->set( $name, $value );
@@ -148,6 +150,18 @@ static function setDataType( $var, $type = 'string' ) {
break;
case "string":
$var = owa_sanitize::cleanInput( $var, array('remove_html' => true) );
break;
case "url":
$var = owa_sanitize::cleanUrl( $var );
break;
case "json":
$var = owa_sanitize::cleanJson( $var );
break;
default:
$var = owa_sanitize::cleanInput( $var, array('remove_html' => true) );
}
@@ -196,11 +210,13 @@ function translateCustomVariables( $event ) {
$event->set( 'cv'.$i.'_name', $pieces[0] );
$event->set( 'cv'.$i.'_value', $pieces[1] );
}
$event->delete( 'cv'.$i );
}
}
}
static function remoteHostDefault() {
static function remoteHostDefault() {
return owa_coreAPI::getServerParam('REMOTE_HOST');
}
@@ -374,7 +390,8 @@ static function makeUrlCanonical( $url, $event ) {
owa_coreAPI::debug('no site_id passed to make makeUrlCanonical. Returning URL as is.');
return $url;
}
$url = html_entity_decode( $url );
// remove port, pass, user, and fragment
$url = owa_lib::unparseUrl( parse_url( $url ), array( 'port', 'user', 'pass', 'fragment' ) );
@@ -46,10 +46,8 @@ class owa_refererHandlers extends owa_observer {
*/
function notify($event) {
$medium = $event->get('medium');
// if there is no session referer then return
if ( ! $event->get('session_referer') ) {
if ( ! $event->get('referer_id') ) {
return OWA_EHS_EVENT_HANDLED;
}
@@ -60,21 +58,20 @@ function notify($event) {
if ( ! $r->wasPersisted() ) {
// Set id
if ( $event->get( 'referer_id' ) ) {
$r->set( 'id', $event->get( 'referer_id' ) );
} else {
$r->set( 'id', $r->generateId( $event->get( 'session_referer' ) ) );
}
$r->set( 'id', $event->get( 'referer_id' ) );
// set referer url
$r->set('url', $event->get('session_referer'));
$r->set('url', $event->get('HTTP_REFERER'));
// Set site
$url = owa_lib::parse_url($event->get('session_referer'));
$r->set('site', $url['host']);
$url = owa_lib::parse_url( $event->get( 'HTTP_REFERER' ) );
$r->set( 'site', $url['host'] );
$medium = $event->get('medium');
if ( $medium === 'organic-search' ) {
$r->set('is_searchengine', true);
}
@@ -86,7 +83,7 @@ function notify($event) {
//owa_coreAPI::debug('hello from logReferer');
$crawler = new owa_http;
//$crawler->fetch($this->params['HTTP_REFERER']);
$res = $crawler->getRequest($event->get('session_referer'));
$res = $crawler->getRequest($event->get('HTTP_REFERER'));
owa_coreAPI::debug('http request response: '.print_r($res, true));
//Extract Title
@@ -101,7 +98,7 @@ function notify($event) {
//Extract anchortext and page snippet but not if it's a search engine...
if ($se != true) {
$snippet = $crawler->extract_anchor_snippet($event->get('inbound_page_url'));
$snippet = $crawler->extract_anchor_snippet($event->get('page_url'));
if ($snippet) {
if (function_exists('iconv')) {
View
@@ -157,7 +157,7 @@ public function setupTrackingProperties() {
'page_url' => array(
'default_value' => '(not set)',
'required' => true,
'data_type' => 'string',
'data_type' => 'url',
'callbacks' => array( 'owa_trackingEventHelpers::makeUrlCanonical' )
),
@@ -213,13 +213,13 @@ public function setupTrackingProperties() {
'HTTP_REFERER' => array(
'required' => false,
'data_type' => 'string',
'data_type' => 'url',
'callbacks' => array()
),
'target_url' => array(
'required' => false,
'data_type' => 'string',
'data_type' => 'url',
'callbacks' => array( 'owa_trackingEventHelpers::makeUrlCanonical' )
),
@@ -248,7 +248,15 @@ public function setupTrackingProperties() {
'callbacks' => array( 'owa_trackingEventHelpers::setSearchTerms' ),
'default_value' => '(not set)'
)
),
'attribs' => array(
'required' => false,
'data_type' => 'json',
'callbacks' => '',
'default_value' => ''
)
);
$this->registerTrackingProperties( 'regular', $regular );
@@ -466,7 +474,7 @@ public function setupTrackingProperties() {
'referer_id' => array(
'alternative_key' => 'session_referer',
'alternative_key' => 'HTTP_REFERER',
'callbacks' => 'owa_trackingEventHelpers::generateDimensionId'
),
@@ -69,6 +69,8 @@ function action() {
*/
function pre() {
// TODO: move this all into the coreAPI::logEvent method. We really don't need the overhead of a controller for this.
$teh = owa_coreAPI::getInstance( 'owa_trackingEventHelpers', OWA_BASE_CLASS_DIR.'trackingEventHelpers.php');
$s = owa_coreAPI::serviceSingleton();
@@ -82,6 +84,19 @@ function pre() {
// add custom var properties
$properties = $teh->addCustomVariableProperties( $properties );
// there is no global input sanitization on tracking requests
// because each module needs to register tracking properties and
// their data types. Therefor we need to sanitize unregistered input
// here before we pass it along to any handlers.
// get a list of properties that we do not know the data type of
$unsanitized_properties = array_diff_key( $this->event->getProperties(), $properties );
// santize them genericly. we will apply them back to the event later
$sanitized_properties = owa_sanitize::cleanInput( $unsanitized_properties, array('remove_html' => true) );
//owa_coreAPI::debug( print_r($sanitized_properties, true ) );
// translate custom var properties
$teh->translateCustomVariables( $this->event );
@@ -91,6 +106,9 @@ function pre() {
$derived_properties = $s->getMap( 'tracking_properties_derived' );
$teh->setTrackerProperties( $this->event, $derived_properties );
// re-apply sanitized properties to event.
$this->event->setProperties( $sanitized_properties );
}
function post() {
View
@@ -162,9 +162,12 @@ function __construct() {
// Clean Input arrays
if ( $params ) {
$params = owa_sanitize::cleanInput( $params, array('remove_html' => true) );
if ( ! owa_coreAPI::getSetting('base', 'tracking_mode') ) {
$params = owa_sanitize::cleanInput( $params, array('remove_html' => true) );
}
if ( is_array( $params ) && ! empty( $params ) ) {
$this->request = $params;
@@ -270,7 +273,7 @@ function decodeRequestParams() {
}
// clean params after decode
$params = owa_lib::inputFilter($params);
//$params = owa_lib::inputFilter($params);
// replace owa params
$this->owa_params = $params;
//debug

0 comments on commit a9dea4c

Please sign in to comment.