urldecode errors? #949
Comments
|
Attachment: replace html_entity_decode with urldecode in core/Tracker/Visit.php |
|
Attachment: phpinfo on affected server |
|
Attachment: some lines from the log_visit table. The last three lines are after applying the patch |
|
In [1439], fix #949 - replace html_entity_decode($url) with urldecode(Piwik_Common::unsanitizeInputValue($url)) |
|
According to php.net/urldecode: The superglobals $_GET and $_REQUEST are already decoded. Using urldecode() on an element in $_GET or $_REQUEST could have unexpected and dangerous results. That would explain why urldecode() wasn't previously required and why this problem hasn't been reported before. |
|
In [1441], partially revert #949 pending further investigation |
|
Unable to reproduce with: and magic_quotes_gpc on. Other than a few additional modules/extensions (APC, xdebug, sqlite, memcache), the other difference is 32-bit vs 64-bit. |
|
I've set magic_quotes_gpc to Off, but even then I need my patch. Is it expected that the referer URLs are stored urlencoded in the database? |
|
No, URLs are not stored urlencoded in my database. As the PHP documentation states, superglobals like $_GET should already be decoded. This isn't happening in your setup for some reason. So, your patch only addresses a symptom. Can you create a test script like: and call the script with an encoded URL. Test it locally and remotely to see if there's a difference. |
|
Result of var_dump running on my server in the same directory as Piwik: I have the bad feeling that my integration is faulty. I'll report more, when I find something. |
|
I found the problem. In short: My fault, Piwik was correct. Long version: I'm now running fine without my patch, after enforcing https in the tracked website. |
|
Thanks fo clearing that up. |
http://forum.piwik.org/index.php?showtopic=1438
The text was updated successfully, but these errors were encountered: