@mattab opened this Issue on September 30th 2018 Member

When using a specially crafted URL, and if the Matomo instance is opened to anonymous, one can trigger error requests on demand.

URL: /index.php?module=Widgetize&action=iframe&moduleToWidgetize=CorePluginsAdmin&actionToWidgetize=safemode&idSite=1&period=week&date=yesterday&error_message=X&error_file=Y&error_line=111

Let's solve this so that it is not possible to trigger an error on demand (ie. prevent widgetise the safemode screen)

This Issue was closed on December 4th 2018
Powered by GitHub Issue Mirror