@mattab opened this issue on January 31st 2009

Currently Piwik reports on pages URL structures, or if user specifies a custom action name in the javascript, Piwik reports on this custom name. Piwik has always access to the html page title and could build the report of the best page by title.

Therefore there would be a new API function to get the top pages by title, as well as the current method getActions to get the top actions by URL.

The title could be customized on the JS side by callingpiwik.setDocumentTitle().

We would not report on best landing page, or top exit pages by title. We would not report on time per page title. These extra analysis would only be done on the URLs to minimize overhead during archiving.

@robocoder commented on February 25th 2009

piwik.js sends the document.title in the 'title' parameter but it is not currently used by the server. (A mod_security issue was raised in #564. We could add title_var_name to global.ini.php, in a similar manner to download_url_var_name, or we could use encodeURIComponent() in piwik.js instead of simply, escape().)

@robocoder commented on February 25th 2009

Re: previous comment. Upon closer inspection, the parameter name doesn't matter. mod_security's PHP injection rules are generic and extremely broad, e.g.,

SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES

i.e., try to match against the request filename, arguments, and argument names. To address the issue requires encoding all args from client-to-server, and a review of the arg names used in Piwik to make sure they aren't on the blacklist.

Note: encodeURIComponent() doesn't have a native PHP equivalent; similarly, there's no native version of urlencode() for JavaScript.

@robocoder commented on March 14th 2009

Per analysis in #564, mod_security requirements are removed from this ticket.

@mattab commented on October 23rd 2009

fixed in [1530]

This issue was closed on October 23rd 2009
Powered by GitHub Issue Mirror