Navigation Menu

Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use correct tracker filename in privacy settings #16970

Merged
merged 1 commit into from Dec 17, 2020
Merged

Use correct tracker filename in privacy settings #16970

merged 1 commit into from Dec 17, 2020

Conversation

sgiehl
Copy link
Member

@sgiehl sgiehl commented Dec 17, 2020

Description:

fixes #16953

Review

  • Functional review done
  • Usability review done (is anything maybe unclear or think about anything that would cause people to reach out to support)
  • Security review done see checklist
  • Code review done
  • Tests were added if useful/possible
  • Reviewed for breaking changes
  • Developer changelog updated if needed
  • Documentation added if needed
  • Existing documentation updated if needed

@sgiehl sgiehl added not-in-changelog For issues or pull requests that should not be included in our release changelog on matomo.org. Needs Review PRs that need a code review labels Dec 17, 2020
@sgiehl sgiehl added this to the 4.0.x milestone Dec 17, 2020
tsteur
tsteur reviewed Dec 17, 2020
View reviewed changes
plugins/PrivacyManager/Controller.php

$view->trackerFileName = $jsCodeGenerator->getJsTrackerEndpoint();
if (Manager::getInstance()->isPluginActivated('CustomJsTracker')) {
$file = StaticContainer::get('Piwik\Plugins\CustomJsTracker\TrackerUpdater')->getToFile();
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just seeing we should probably in https://github.com/matomo-org/matomo/blob/4.1.0-b1/plugins/CustomJsTracker/TrackerUpdater.php#L52 call $jsCodeGenerator->getJsTrackerEndpoint() as well to get the correct endpoint for historical instances. It would now check for matomo.js being writable when many maybe use still piwik.js. TrackerUpdater itself wouldn't need this change as it tries to update both files anyway. But might be useful here (maybe also in the system check where we check if the tracker file is writable).

But then there are likely also systems by now where Matomo would check for piwik.js but they now use matomo.js 😕 I suppose we can also just leave it as it is and assume that if one of them is writable that both are. It might be making more sense to check for matomo.js. Old systems who have piwik.js writable but not matomo.js would then get notified basically that the file will need write permission.

So all good we don't need to change anything just wanted to put my thinking in writing to figure things out :)

@tsteur
Copy link
Member

tsteur commented Dec 17, 2020

worked for me. A downside was that it said "matomo.js" is not writable when it should have maybe said eg misc/user/foo/matomo.js is not writable but then we might also not want to disclose this path + it's an edge case that someone overwrites the path like this (which is basically only us) so all good.

@tsteur tsteur merged commit 9790d90 into 4.x-dev Dec 17, 2020
@tsteur tsteur deleted the usecorrectfilename branch December 17, 2020 19:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tsteur tsteur tsteur left review comments

Assignees
No one assigned
Labels
Needs Review PRs that need a code review not-in-changelog For issues or pull requests that should not be included in our release changelog on matomo.org.
Projects
None yet
Milestone
4.0.x
Development

Successfully merging this pull request may close these issues.

Privacy manager JS tracker writable check uses wrong file
2 participants
@sgiehl @tsteur