New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
urldecode errors? #949
Comments
Attachment: replace html_entity_decode with urldecode in core/Tracker/Visit.php |
Attachment: phpinfo on affected server |
Attachment: some lines from the log_visit table. The last three lines are after applying the patch |
In [1439], fix #949 - replace html_entity_decode($url) with urldecode(Piwik_Common::unsanitizeInputValue($url)) |
According to php.net/urldecode: The superglobals $_GET and $_REQUEST are already decoded. Using urldecode() on an element in $_GET or $_REQUEST could have unexpected and dangerous results. That would explain why urldecode() wasn't previously required and why this problem hasn't been reported before. |
In [1441], partially revert #949 pending further investigation |
Unable to reproduce with:
and magic_quotes_gpc on. Other than a few additional modules/extensions (APC, xdebug, sqlite, memcache), the other difference is 32-bit vs 64-bit. |
I've set magic_quotes_gpc to Off, but even then I need my patch. Is it expected that the referer URLs are stored urlencoded in the database?
|
No, URLs are not stored urlencoded in my database. As the PHP documentation states, superglobals like $_GET should already be decoded. This isn't happening in your setup for some reason. So, your patch only addresses a symptom. Can you create a test script like:
and call the script with an encoded URL. Test it locally and remotely to see if there's a difference.
|
Result of var_dump running on my server in the same directory as Piwik:
I have the bad feeling that my integration is faulty. I'll report more, when I find something. |
I found the problem. In short: My fault, Piwik was correct. Long version: I'm now running fine without my patch, after enforcing https in the tracked website. |
Thanks fo clearing that up. |
http://forum.piwik.org/index.php?showtopic=1438
The text was updated successfully, but these errors were encountered: