New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Show error message if visitor in visitor profile could not be found instead of fatal error #12396
Conversation
…nstead of fatal error Eg happens when visitorId URL parameter is missing.
plugins/Live/Controller.php
Outdated
@@ -114,10 +120,17 @@ public function getVisitorProfilePopup() | |||
{ | |||
$idSite = Common::getRequestVar('idSite', null, 'int'); | |||
|
|||
Piwik::checkUserHasViewAccess($idSite); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure why above we use Common::getRequestVar... instead of $this->idSite
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Guess it shouldn't make a difference to use $this->idSite
instead
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we maybe add UI test(s) for invalid profiles, to prove the behavior doesn't change again?
plugins/Live/Controller.php
Outdated
@@ -114,10 +120,17 @@ public function getVisitorProfilePopup() | |||
{ | |||
$idSite = Common::getRequestVar('idSite', null, 'int'); | |||
|
|||
Piwik::checkUserHasViewAccess($idSite); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Guess it shouldn't make a difference to use $this->idSite
instead
It is not really for invalid profiles, but more for when the parameter is missing (although would also apply later to possibly deleted profiles once supported by Piwik). Test be useful, need to see when I get to it. |
Also added some permissions check. They are not 100% needed as the permissions are checked in the API calls anyway but makes sure they don't get random data from API response and shows always login screen instead of potentially a fatal error.