@mattab opened this issue on October 19th 2012

In Transitions the external links go through the proxy url. The proxy URL was changed to now accept any link when user has any view access. This poses the problem of open redirect on piwik servers with anonymous access open.

Therefore we should: - In transitions, link to Proxy URL only if user is not anonymous - Restrict proxy to work only if user is not anonymous - this logic should go through a smarty function 'proxylink' that would rewrite the URL when needed. Also check for classic cross site via url param.

Later as a follow up, we should also convert all external links to the proxy smarty function, so that the referrer is not leaked on all external links from a piwik server.

See: #3268

@sgiehl commented on November 6th 2012

Attachment: 3460.patch.txt

@mattab commented on October 19th 2012

Once this ticket is done, let's do: #3268

@sgiehl commented on November 6th 2012

Shouldn't that small change fix the main part of this issue? (see attached patch)

@mattab commented on November 7th 2012

Oh!! that's a very good find, which I think will fix the problem indeed!

SteveG can you please apply patch after double checking things work as expected but I think it will

@sgiehl commented on November 7th 2012

(In [7397]) refs #3460 fixes XSS within proxy module; allow redirect only if user was referred from within current piwik instance

@mattab commented on November 9th 2012

Thanks Stefan it looks good to me

This issue was closed on November 9th 2012
Powered by GitHub Issue Mirror