/* Decoded by unphp.net */

<?php
 namespace Piwik\Plugin; use Exception; use Piwik\Access; use Piwik\API\Proxy; use Piwik\API\Request; use Piwik\Changes\Model as ChangesModel; use Piwik\Changes\UserChanges; use Piwik\Common; use Piwik\Config as PiwikConfig; use Piwik\Config\GeneralConfig; use Piwik\Container\StaticContainer; use Piwik\Date; use Piwik\Exception\NoPrivilegesException; use Piwik\Exception\NoWebsiteFoundException; use Piwik\FrontController; use Piwik\Menu\MenuAdmin; use Piwik\Menu\MenuTop; use Piwik\NoAccessException; use Piwik\Notification\Manager as NotificationManager; use Piwik\Period\Month; use Piwik\Period; use Piwik\Period\PeriodValidator; use Piwik\Period\Range; use Piwik\Piwik; use Piwik\Plugins\CoreAdminHome\CustomLogo; use Piwik\Plugins\CoreVisualizations\Visualizations\JqplotGraph\Evolution; use Piwik\Plugins\LanguagesManager\LanguagesManager; use Piwik\Plugins\UsersManager\Model as UsersModel; use Piwik\SettingsPiwik; use Piwik\Site; use Piwik\Url; use Piwik\Plugin; use Piwik\View; use Piwik\View\ViewInterface; use Piwik\ViewDataTable\Factory as ViewDataTableFactory; abstract class Controller { protected $pluginName; protected $strDate; protected $date; protected $idSite; protected $site = null; protected $securityPolicy = null; public function __construct() { $this->init(); } protected function init() { $aPluginName = explode("\", get_class($this)); $this->pluginName = $aPluginName[2]; $this->securityPolicy = StaticContainer::get(View\SecurityPolicy::class); $date = Common::getRequestVar("date", "yesterday", "string"); try { $this->idSite = Common::getRequestVar("idSite", false, "int"); $this->site = new Site($this->idSite); $date = $this->getDateParameterInTimezone($date, $this->site->getTimezone()); $this->setDate($date); } catch (Exception $e) { $this->date = null; } } protected function getDateParameterInTimezone($date, $timezone) { $timezoneToUse = null; if (in_array($date, array("today", "yesterday"))) { if ($date === "today") { $date = "now"; } elseif ($date === "yesterday") { $date = "yesterdaySameTime"; } $timezoneToUse = $timezone; } return Date::factory($date, $timezoneToUse); } protected function setDate(Date $date) { $this->date = $date; $this->strDate = $date->toString(); } protected static function getEnabledPeriodsInUI() { $periodValidator = new PeriodValidator(); return $periodValidator->getPeriodsAllowedForUI(); } private static function getEnabledPeriodsNames() { $availablePeriods = self::getEnabledPeriodsInUI(); $periodNames = array("day" => array("singular" => Piwik::translate("Intl_PeriodDay"), "plural" => Piwik::translate("Intl_PeriodDays")), "week" => array("singular" => Piwik::translate("Intl_PeriodWeek"), "plural" => Piwik::translate("Intl_PeriodWeeks")), "month" => array("singular" => Piwik::translate("Intl_PeriodMonth"), "plural" => Piwik::translate("Intl_PeriodMonths")), "year" => array("singular" => Piwik::translate("Intl_PeriodYear"), "plural" => Piwik::translate("Intl_PeriodYears")), "range" => array("singular" => Piwik::translate("General_DateRangeInPeriodList"), "plural" => Piwik::translate("General_DateRangeInPeriodList"))); $periodNames = array_intersect_key($periodNames, array_fill_keys($availablePeriods, true)); return $periodNames; } public function getDefaultAction() { return "index"; } protected function renderView(ViewInterface $view) { return $view->render(); } protected function renderTemplate($template, array $variables = array()) { return $this->renderTemplateAs($template, $variables); } protected function renderTemplateAs($template, array $variables = array(), $viewType = null) { if (false === strpos($template, "@") || false === strpos($template, "/")) { $template = "@" . $this->pluginName . "/" . $template; } $view = new View($template); $this->checkViewType($viewType); if (empty($viewType)) { $viewType = $this instanceof ControllerAdmin ? "admin" : "basic"; } if (isset($variables["hideWhatIsNew"])) { $view->hideWhatIsNew = $variables["hideWhatIsNew"]; } if ($this instanceof ControllerAdmin && $viewType === "admin") { $this->setBasicVariablesViewAs($view, $viewType); } elseif (empty($this->site) || empty($this->idSite)) { $this->setBasicVariablesViewAs($view, $viewType); } else { $this->setGeneralVariablesViewAs($view, $viewType); } foreach ($variables as $key => $value) { $view->{$key} = $value; } if (isset($view->siteName)) { $view->siteNameDecoded = Common::unsanitizeInputValue($view->siteName); } return $view->render(); } protected function renderReport($apiAction, $controllerAction = false) { if (empty($controllerAction) && is_string($apiAction)) { $report = ReportsProvider::factory($this->pluginName, $apiAction); if (!empty($report)) { $apiAction = $report; } } if ($apiAction instanceof Report) { $this->checkSitePermission(); $apiAction->checkIsEnabled(); return $apiAction->render(); } $pluginName = $this->pluginName; $apiProxy = Proxy::getInstance(); if (!$apiProxy->isExistingApiAction($pluginName, $apiAction)) { throw new \Exception("Invalid action name '{$apiAction}' for '{$pluginName}' plugin."); } $apiAction = $apiProxy->buildApiActionName($pluginName, $apiAction); if ($controllerAction !== false) { $controllerAction = $pluginName . "." . $controllerAction; } $view = ViewDataTableFactory::build(null, $apiAction, $controllerAction); $rendered = $view->render(); return $rendered; } protected function getLastUnitGraph($currentModuleName, $currentControllerAction, $apiMethod) { $view = ViewDataTableFactory::build(Evolution::ID, $apiMethod, $currentModuleName . "." . $currentControllerAction, $forceDefault = true); $view->config->show_goals = false; return $view; } protected function getLastUnitGraphAcrossPlugins($currentModuleName, $currentControllerAction, $columnsToDisplay = false, $selectableColumns = array(), $reportDocumentation = false, $apiMethod = "API.get") { $idSite = Common::getRequestVar("idSite"); $period = Piwik::getPeriod(); $date = Piwik::getDate(); $meta = \Piwik\Plugins\API\API::getInstance()->getReportMetadata($idSite, $period, $date); $columns = array_merge($columnsToDisplay ? $columnsToDisplay : array(), $selectableColumns); $translations = array_combine($columns, $columns); foreach ($meta as $reportMeta) { if ($reportMeta["action"] === "get" && !isset($reportMeta["parameters"])) { foreach ($columns as $column) { if (isset($reportMeta["metrics"][$column])) { $translations[$column] = $reportMeta["metrics"][$column]; } } } } $view = $this->getLastUnitGraph($currentModuleName, $currentControllerAction, $apiMethod); if ($columnsToDisplay !== false) { $view->config->columns_to_display = $columnsToDisplay; } if (property_exists($view->config, "selectable_columns")) { $view->config->selectable_columns = array_merge($view->config->selectable_columns ?: array(), $selectableColumns); } $view->config->translations += $translations; if ($reportDocumentation) { $view->config->documentation = $reportDocumentation; } return $view; } protected function getGraphParamsModified($paramsToSet = array()) { $period = $paramsToSet["period"] ?? Piwik::getPeriod(); if ($period === "range") { return $paramsToSet; } $range = isset($paramsToSet["range"]) ? $paramsToSet["range"] : "last30"; $endDate = isset($paramsToSet["date"]) ? $paramsToSet["date"] : $this->strDate; if (is_null($this->site)) { throw new NoAccessException("Website not initialized, check that you are logged in and/or using the correct token_auth."); } $paramDate = Range::getRelativeToEndDate($period, $range, $endDate, $this->site); $params = array_merge($paramsToSet, array("date" => $paramDate)); return $params; } protected function getNumericValue($methodToCall, $date = false) { $params = $date === false ? array() : array("date" => $date); $return = Request::processRequest($methodToCall, $params); $columns = $return->getFirstRow()->getColumns(); return reset($columns); } protected function getUrlSparkline($action, $customParameters = array()) { $params = $this->getGraphParamsModified(array("viewDataTable" => "sparkline", "action" => $action, "module" => $this->pluginName) + $customParameters); foreach ($params as &$value) { if (is_array($value)) { $value = rawurlencode(implode(",", $value)); } } $url = Url::getCurrentQueryStringWithParametersModified($params); return $url; } protected function setMinDateView(Date $minDate, $view) { $view->minDateYear = $minDate->toString("Y"); $view->minDateMonth = $minDate->toString("m"); $view->minDateDay = $minDate->toString("d"); } protected function setMaxDateView(Date $maxDate, $view) { $view->maxDateYear = $maxDate->toString("Y"); $view->maxDateMonth = $maxDate->toString("m"); $view->maxDateDay = $maxDate->toString("d"); } protected function setGeneralVariablesView($view) { $this->setGeneralVariablesViewAs($view, $viewType = null); } protected function setGeneralVariablesViewAs($view, $viewType) { $this->checkViewType($viewType); if ($viewType === null) { $viewType = $this instanceof ControllerAdmin ? "admin" : "basic"; } $view->idSite = $this->idSite; $this->checkSitePermission(); $this->setPeriodVariablesView($view); $view->siteName = $this->site->getName(); $view->siteMainUrl = $this->site->getMainUrl(); $siteTimezone = $this->site->getTimezone(); $datetimeMinDate = $this->site->getCreationDate()->getDatetime(); $minDate = Date::factory($datetimeMinDate, $siteTimezone); $this->setMinDateView($minDate, $view); $maxDate = Date::factory("now", $siteTimezone); $this->setMaxDateView($maxDate, $view); $rawDate = Piwik::getDate(GeneralConfig::getConfigValue("default_day")); Period::checkDateFormat($rawDate); $periodStr = Piwik::getPeriod(GeneralConfig::getConfigValue("default_period")); if ($periodStr !== "range") { $date = Date::factory($this->strDate); $validDate = $this->getValidDate($date, $minDate, $maxDate); $period = Period\Factory::build($periodStr, $validDate); if ($date->toString() !== $validDate->toString()) { $this->setDate($validDate); } } else { $period = new Range($periodStr, $rawDate, $siteTimezone); } $dateStart = $period->getDateStart(); $dateStart = $this->getValidDate($dateStart, $minDate, $maxDate); $dateEnd = $period->getDateEnd(); $dateEnd = $this->getValidDate($dateEnd, $minDate, $maxDate); if ($periodStr === "range") { $newRawDate = $dateStart->toString() . "," . $dateEnd->toString(); $period = new Range($periodStr, $newRawDate, $siteTimezone); } $view->date = $this->strDate; $view->prettyDate = self::getCalendarPrettyDate($period); $view->prettyDateLong = $period->getLocalizedLongString(); $view->rawDate = $rawDate; $view->startDate = $dateStart; $view->endDate = $dateEnd; $timezoneOffsetInSeconds = Date::getUtcOffset($siteTimezone); $view->timezoneOffset = $timezoneOffsetInSeconds; $language = LanguagesManager::getLanguageForSession(); $view->language = !empty($language) ? $language : LanguagesManager::getLanguageCodeForCurrentUser(); $this->setBasicVariablesViewAs($view, $viewType); $view->topMenu = MenuTop::getInstance()->getMenu(); $view->adminMenu = MenuAdmin::getInstance()->getMenu(); $notifications = $view->notifications; if (empty($notifications)) { $view->notifications = NotificationManager::getAllNotificationsToDisplay(); NotificationManager::cancelAllNonPersistent(); } } private function getValidDate(Date $date, Date $minDate, Date $maxDate) { if ($date->isEarlier($minDate)) { $date = $minDate; } if ($date->isLater($maxDate)) { $date = $maxDate; } return $date; } protected function setBasicVariablesNoneAdminView($view) { $view->clientSideConfig = PiwikConfig::getInstance()->getClientSideOptions(); $view->isSuperUser = Access::getInstance()->hasSuperUserAccess(); $view->hasSomeAdminAccess = Piwik::isUserHasSomeAdminAccess(); $view->hasSomeViewAccess = Piwik::isUserHasSomeViewAccess(); $view->isUserIsAnonymous = Piwik::isUserIsAnonymous(); $view->hasSuperUserAccess = Piwik::hasUserSuperUserAccess(); $view->disableTrackingMatomoAppLinks = PiwikConfig::getInstance()->General["disable_tracking_matomo_app_links"]; if (!Piwik::isUserIsAnonymous()) { $this->showWhatIsNew($view); $view->contactEmail = implode(",", Piwik::getContactEmailAddresses()); $view->emailSuperUser = implode(",", Piwik::getAllSuperUserAccessEmailAddresses()); } $capabilities = array(); if ($this->idSite && $this->site) { $capabilityProvider = StaticContainer::get(Access\CapabilitiesProvider::class); foreach ($capabilityProvider->getAllCapabilities() as $capability) { if (Piwik::isUserHasCapability($this->idSite, $capability->getId())) { $capabilities[] = $capability->getId(); } } } $view->userCapabilities = $capabilities; $this->addCustomLogoInfo($view); $customLogo = new CustomLogo(); $view->logoHeader = $customLogo->getHeaderLogoUrl(); $view->logoLarge = $customLogo->getLogoUrl(); $view->logoSVG = $customLogo->getSVGLogoUrl(); $view->hasSVGLogo = $customLogo->hasSVGLogo(); $view->contactEmail = implode(",", Piwik::getContactEmailAddresses()); $view->themeStyles = ThemeStyles::get(); $general = PiwikConfig::getInstance()->General; $view->enableFrames = $general["enable_framed_pages"] || isset($general["enable_framed_logins"]) && $general["enable_framed_logins"]; $embeddedAsIframe = Common::getRequestVar("module", '', "string") === "Widgetize"; if (!$view->enableFrames && !$embeddedAsIframe) { $view->setXFrameOptions("sameorigin"); } $pluginManager = Plugin\Manager::getInstance(); $view->relativePluginWebDirs = (object) $pluginManager->getWebRootDirectoriesForCustomPluginDirs(); $view->pluginsToLoadOnDemand = $pluginManager->getPluginUmdsToLoadOnDemand(); $view->isMultiSitesEnabled = $pluginManager->isPluginActivated("MultiSites"); $view->isSingleSite = Access::doAsSuperUser(function () { $allSites = Request::processRequest("SitesManager.getAllSitesId", array(), array()); return count($allSites) === 1; }); if (isset($this->site) && is_object($this->site) && $this->site instanceof Site) { $view->siteName = $this->site->getName(); } self::setHostValidationVariablesView($view); } protected function setBasicVariablesView($view) { $this->setBasicVariablesViewAs($view); } protected function setBasicVariablesViewAs($view, $viewType = null) { $this->checkViewType($viewType); $this->setBasicVariablesNoneAdminView($view); } protected function addCustomLogoInfo($view) { $customLogo = new CustomLogo(); $view->isCustomLogo = $customLogo->isEnabled(); $view->customFavicon = $customLogo->getPathUserFavicon(); } protected function showWhatIsNew(View $view) : void { $view->whatisnewShow = false; if (isset($view->hideWhatIsNew) && $view->hideWhatIsNew) { return; } $model = new UsersModel(); $user = $model->getUser(Piwik::getCurrentUserLogin()); if (!$user) { return; } $userChanges = new UserChanges($user); $newChangesStatus = $userChanges->getNewChangesStatus(); $shownRecently = $userChanges->shownRecently(); if ($newChangesStatus == ChangesModel::NEW_CHANGES_EXIST && !$shownRecently) { $view->whatisnewShow = true; } } public static function setHostValidationVariablesView($view) { $view->isValidHost = Url::isValidHost(); if (!$view->isValidHost) { $validHosts = Url::getTrustedHostsFromConfig(); $validHost = $validHosts[0]; $invalidHost = Common::sanitizeInputValue(Url::getHost(false)); $emailSubject = rawurlencode(Piwik::translate("CoreHome_InjectedHostEmailSubject", $invalidHost)); $emailBody = rawurlencode(Piwik::translate("CoreHome_InjectedHostEmailBody")); $superUserEmail = rawurlencode(implode(",", Piwik::getContactEmailAddresses())); $mailToUrl = "mailto:{$superUserEmail}?subject={$emailSubject}&body={$emailBody}"; $mailLinkStart = "<a href="{$mailToUrl}">"; $invalidUrl = Url::getCurrentUrlWithoutQueryString($checkIfTrusted = false); $validUrl = Url::getCurrentScheme() . "://" . $validHost . Url::getCurrentScriptName(); $invalidUrl = Common::sanitizeInputValue($invalidUrl); $validUrl = Common::sanitizeInputValue($validUrl); $changeTrustedHostsUrl = "index.php" . Url::getCurrentQueryStringWithParametersModified(array("module" => "CoreAdminHome", "action" => "generalSettings")) . "#trustedHostsSection"; $warningStart = Piwik::translate("CoreHome_InjectedHostWarningIntro", array("<strong>" . $invalidUrl . "</strong>", "<strong>" . $validUrl . "</strong>")) . " <br/>"; if (Piwik::hasUserSuperUserAccess()) { $view->invalidHostMessage = $warningStart . " " . Piwik::translate("CoreHome_InjectedHostSuperUserWarning", array("<a href="{$changeTrustedHostsUrl}">", $invalidHost, "</a>", "<br/><a href="{$validUrl}">", Common::sanitizeInputValue($validHost), "</a>")); } elseif (Piwik::isUserIsAnonymous()) { $view->invalidHostMessage = $warningStart . " " . Piwik::translate("CoreHome_InjectedHostNonSuperUserWarning", array("<br/><a href="{$validUrl}">", "</a>", "<span style="display:none">", "</span>")); } else { $view->invalidHostMessage = $warningStart . " " . Piwik::translate("CoreHome_InjectedHostNonSuperUserWarning", array("<br/><a href="{$validUrl}">", "</a>", $mailLinkStart, "</a>")); } $view->invalidHostMessageHowToFix = "<p><b>How do I fix this problem and how do I login again?</b><br/> The Matomo Super User can manually edit the file /path/to/matomo/config/config.ini.php
		\x9\x9	\x9and add the following lines: <pre>[General]" . "\xa" . "trusted_hosts[] = "" . $invalidHost . ""</pre>After making the change, you will be able to login again.</p>
	\x9	\x9	\x9<p>You may also <i>disable this security feature (not recommended)</i>. To do so edit config/config.ini.php and add:\xa\x9\x9\x9\x9		<pre>[General]" . "
" . "enable_trusted_host_check=0</pre>"; $view->invalidHost = $invalidHost; $view->invalidHostMailLinkStart = $mailLinkStart; } } public static function setPeriodVariablesView($view) { if (isset($view->period)) { return; } $periodValidator = new PeriodValidator(); $currentPeriod = Piwik::getPeriod(GeneralConfig::getConfigValue("default_period")); $availablePeriods = $periodValidator->getPeriodsAllowedForUI(); if (!$periodValidator->isPeriodAllowedForUI($currentPeriod)) { throw new Exception("Period must be one of: " . implode(", ", $availablePeriods)); } $view->displayUniqueVisitors = SettingsPiwik::isUniqueVisitorsEnabled($currentPeriod); $found = array_search($currentPeriod, $availablePeriods); unset($availablePeriods[$found]); $view->period = $currentPeriod; $view->otherPeriods = $availablePeriods; $view->enabledPeriods = self::getEnabledPeriodsInUI(); $view->periodsNames = self::getEnabledPeriodsNames(); } public function redirectToIndex($moduleToRedirect, $actionToRedirect, $websiteId = null, $defaultPeriod = null, $defaultDate = null, $parameters = array()) { try { $this->doRedirectToUrl($moduleToRedirect, $actionToRedirect, $websiteId, $defaultPeriod, $defaultDate, $parameters); } catch (Exception $e) { } if (Piwik::hasUserSuperUserAccess()) { $siteTableName = Common::prefixTable("site"); $message = "Error: no website was found in this Matomo installation.\xa\x9\x9\x9<br />Check the table '{$siteTableName}' in your database, it should contain your Matomo websites."; $ex = new NoWebsiteFoundException($message); $ex->setIsHtmlMessage(); throw $ex; } if (!Piwik::isUserIsAnonymous()) { $currentLogin = Piwik::getCurrentUserLogin(); $emails = rawurlencode(implode(",", Piwik::getContactEmailAddresses())); $errorMessage = sprintf(Piwik::translate("CoreHome_NoPrivilegesAskPiwikAdmin"), $currentLogin, "<br/><a href='mailto:" . $emails . "?subject=Access to Matomo for user {$currentLogin}'>", "</a>"); $errorMessage .= "<br /><br />&nbsp;&nbsp;&nbsp;<b><a href='index.php?module=" . Piwik::getLoginPluginName() . "&amp;action=logout'>&rsaquo; " . Piwik::translate("General_Logout") . "</a></b><br />"; $ex = new NoPrivilegesException($errorMessage); $ex->setIsHtmlMessage(); throw $ex; } echo FrontController::getInstance()->dispatch(Piwik::getLoginPluginName(), false); die; } protected function checkTokenInUrl() { $tokenRequest = Common::getRequestVar("token_auth", false); $tokenUser = Piwik::getCurrentUserTokenAuth(); if (empty($tokenRequest) && empty($tokenUser)) { return; } if ($tokenRequest !== $tokenUser) { throw new NoAccessException(Piwik::translate("General_ExceptionSecurityCheckFailed")); } } public static function getCalendarPrettyDate($period) { if ($period instanceof Month) { return $period->getLocalizedLongString(); } else { return $period->getPrettyString(); } } public static function getPrettyDate($date, $period) { return self::getCalendarPrettyDate(Period\Factory::build($period, Date::factory($date))); } protected function checkSitePermission() { if (!empty($this->idSite)) { Access::getInstance()->checkUserHasViewAccess($this->idSite); new Site($this->idSite); } elseif (empty($this->site) || empty($this->idSite)) { throw new Exception("The requested website idSite is not found in the request, or is invalid.
\x9\x9		Please check that you are logged in Matomo and have permission to access the specified website."); } } private function doRedirectToUrl($moduleToRedirect, $actionToRedirect, $websiteId, $defaultPeriod, $defaultDate, $parameters) { $menu = new Menu(); $parameters = array_merge($menu->urlForDefaultUserParams($websiteId, $defaultPeriod, $defaultDate), $parameters); $queryParams = !empty($parameters) ? "&" . Url::getQueryStringFromParameters($parameters) : ''; $url = "index.php?module=%s&action=%s"; $url = sprintf($url, $moduleToRedirect, $actionToRedirect); $url = $url . $queryParams; Url::redirectToUrl($url); } private function checkViewType($viewType) { if ($viewType === "admin" && !$this instanceof ControllerAdmin) { throw new Exception("'admin' view type is only allowed with ControllerAdmin class."); } } } ?>