@diosmosis opened this Issue on July 27th 2015 Member

When a fatal error triggers safemode, the session is read/written when a nonce is accessed or created (see ControllerPluginAdmin/Controller.php). This seems to cause an exception, covering up the original error, see https://github.com/piwik/piwik/issues/8427

@tsteur commented on July 29th 2015 Owner

I tried to reproduce it with an API call and a Controller call but couldn't. Worked fine. Possible that it only occurs when bootstrapping Piwik in a custom environment. I can see from the looks that it can happen when including dispatch.php (here we setup safemode) but not calling FrontController::doDispatch().

Not sure what a proper fix is as I'm not sure how people use Piwik when bootstrapping it themselves. We could start a session in safemode if needed or we could just not show the deactivate/activate link.

@tsteur commented on July 29th 2015 Owner

Actually it should start a session here if needed as it should bootstrap Piwik and start session: https://github.com/piwik/piwik/blob/2.14.2/core/FrontController.php#L179

I cannot reproduce it. Need a concrete example to fix.

Edit: User did set define('PIWIK_ENABLE_SESSION_START', false); which prevents session from starting. We need to check if session was started and if not, either not show safemode at all or hide the plugin list which allows to deactivate plugin (which needs in Nonce which needs session)

Edit 2: I still cannot reproduce it

@mattab commented on August 10th 2015 Owner

Thanks for investigating, we're postponing for now. @diosmosis could you maybe take another look at reproducing this?

@diosmosis commented on August 26th 2015 Member

@mattab Issue hasn't reoccurred as far as I know, so I think it's not that important. I will close, if someone reports an issue like this we can re-open.

This Issue was closed on August 26th 2015
Powered by GitHub Issue Mirror