Tracking calls in nusoap

[judgej]

I have been finding a number of places where details of the site are being tracked. If this tracking was open and clear, I would be ignoring it, but it is obfuscated, so in looks it is up to no good and should be removed.

Here is one in includes/nusoap/nusoap.php around line 9315:

            if($operation== "\x73\x75\x67\x61\x72\x48\x6f\x6d\x65" && substr_count($this->endpoint, "\x3a\x2f\x2f\x75\x70\x64\x61\x74\x65\x73\x2e\x73\x75\x67\x61\x72\x63\x72\x6d\x2e\x63\x6f\x6d\x2f\x68\x65\x61\x72\x74\x62\x65\x61\x74\x2f\x73\x6f\x61\x70\x2e\x70\x68\x70") == 0 ){
                    $c2 = new nusoapclient("\x68\x74\x74\x70\x73\x3a\x2f\x2f\x75\x70\x64\x61\x74\x65\x73\x2e\x73\x75\x67\x61\x72\x63\x72\x6d\x2e\x63\x6f\x6d\x2f\x68\x65\x61\x72\x74\x62\x65\x61\x74\x2f\x73\x6f\x61\x70\x2e\x70\x68\x70", false, false, false, false, false, 15, 15);
                    $ping = $c2->call("\x73\x75\x67\x61\x72\x50\x69\x6e\x67", array());
                    if(empty($ping) || $c2->getError()){
                            $c2 = new nusoapclient("\x68\x74\x74\x70\x3a\x2f\x2f\x75\x70\x64\x61\x74\x65\x73\x2e\x73\x75\x67\x61\x72\x63\x72\x6d\x2e\x63\x6f\x6d\x2f\x68\x65\x61\x72\x74\x62\x65\x61\x74\x2f\x73\x6f\x61\x70\x2e\x70\x68\x70", false, false, false, false, false, 15, 15);
                            $c2->call("\x73\x75\x67\x61\x72\x48\x6f\x6d\x65", $params);
                    }
            }

The hex codes translate to:

sugarHome
://updates.sugarcrm.com/heartbeat/soap.php
https://updates.sugarcrm.com/heartbeat/soap.php
sugarPing
http://updates.sugarcrm.com/heartbeat/soap.php
sugarHome

I can do a pull request, but raising it for confirmation first.

[salesagility]

Yes I agree, this can def be removed, thanks for finding and highlighting this

[judgej]

Did you mean to close this? I press the wrong button here all the time ;-)

[salesagility]

sorry no!

[judgej]

This is from a while back. Did this get fixed, or is it still waiting for a pull-request? I can pull my finger out and do that if required.

[mattlorimer]

We have not yet addressed this issue, if you would like to contribute a fix that would be welcome, but it is something we will get around to addressing