Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ignore IP Whitelist for Opt Out IFrame #13075

Merged
merged 2 commits into from Jun 25, 2018
Merged

Ignore IP Whitelist for Opt Out IFrame #13075

merged 2 commits into from Jun 25, 2018

Conversation

sgiehl
Copy link
Member

@sgiehl sgiehl commented Jun 18, 2018

fixes #13066

@sgiehl sgiehl added not-in-changelog For issues or pull requests that should not be included in our release changelog on matomo.org. Needs Review PRs that need a code review labels Jun 18, 2018
@sgiehl sgiehl added this to the 3.6.0 milestone Jun 18, 2018
tsteur
tsteur reviewed Jun 18, 2018
View reviewed changes
plugins/CoreHome/LoginWhitelist.php Outdated
@@ -33,6 +33,11 @@ public function shouldCheckWhitelist()
return false;
}

// ignore whitelist checks for opt out iframe
if ('CoreAdminHome' === Common::getRequestVar('module', '') && 'optOut' === Common::getRequestVar('action', '')) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe use Piwik::getModule()/getAction() instead?

It looks otherwise fine. Searched again through code base to make sure we are not using any $_GET/$_POST['module/action'] directly and it can also not be passed through API requests as it would mean module=API. Not sure if we render any URLs otherwise without module/action that would allow avoiding this check.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe use Piwik::getModule()/getAction() instead?

changed.

@tsteur
Copy link
Member

tsteur commented Jun 20, 2018

Haven't tested it but looks good otherwise.

@diosmosis diosmosis merged commit b83d12f into 3.x-dev Jun 25, 2018
@diosmosis diosmosis deleted the optoutipwhitelist branch June 25, 2018 05:43
InfinityVoid pushed a commit to InfinityVoid/matomo that referenced this pull request Oct 11, 2018
@sgiehl @InfinityVoid
Ignore IP Whitelist for Opt Out IFrame (matomo-org#13075)
5c0f261 
* Ignore IP Whitelist for Opt Out IFrame

* Prevent bypassing IP Whitelist check while tracking if authentication is required
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tsteur tsteur tsteur left review comments

Assignees
No one assigned
Labels
Needs Review PRs that need a code review not-in-changelog For issues or pull requests that should not be included in our release changelog on matomo.org.
Projects
None yet
Milestone
3.6.0
Development

Successfully merging this pull request may close these issues.

login_whitelist_ip breaks optOut feature
3 participants
@sgiehl @tsteur @diosmosis