@sgiehl
Description:
It's currently possible to configure any url for downloading GeoIP databases from. Even though this option can be only changed by a super user and only if the GeoIP admin is enabled, limiting those options to only trusted hosts makes Matomo a little more secure. If someone needs to use the autoupdater to download files from somewhere else he can simply adjust the config.
For now the check is only done when setting the downloader option. Not sure if we should check that directly before download as well. Didn't add that yet, to prevent failures after a Matomo update if someone already has configured something else.
Review
- [ ] Functional review done
- [ ] Usability review done (is anything maybe unclear or think about anything that would cause people to reach out to support)
- [ ] Security review done see checklist
- [ ] Code review done
- [ ] Tests were added if useful/possible
- [ ] Reviewed for breaking changes
- [ ] Developer changelog updated if needed
- [ ] Documentation added if needed
- [ ] Existing documentation updated if needed
@Findus23
It would be nice if the error message displayed to the user was translatable and would explain a bit more detailed what they need to do to fix it (or link to an FAQ entry).
@Findus23 good point. I've just improved the messages and made them translatable