Gecko [ dp-client.com ]

Name	Size	Permission
API	[ DIR ]	drwxr-xr-x
Access	[ DIR ]	drwxr-xr-x
Application	[ DIR ]	drwxr-xr-x
Archive	[ DIR ]	drwxr-xr-x
ArchiveProcessor	[ DIR ]	drwxr-xr-x
Archiver	[ DIR ]	drwxr-xr-x
AssetManager	[ DIR ]	drwxr-xr-x
Auth	[ DIR ]	drwxr-xr-x
Category	[ DIR ]	drwxr-xr-x
Changes	[ DIR ]	drwxr-xr-x
CliMulti	[ DIR ]	drwxr-xr-x
Columns	[ DIR ]	drwxr-xr-x
Concurrency	[ DIR ]	drwxr-xr-x
Config	[ DIR ]	drwxr-xr-x
Container	[ DIR ]	drwxr-xr-x
CronArchive	[ DIR ]	drwxr-xr-x
DataAccess	[ DIR ]	drwxr-xr-x
DataFiles	[ DIR ]	drwxr-xr-x
DataTable	[ DIR ]	drwxr-xr-x
Db	[ DIR ]	drwxr-xr-x
DeviceDetector	[ DIR ]	drwxr-xr-x
Email	[ DIR ]	drwxr-xr-x
Exception	[ DIR ]	drwxr-xr-x
Http	[ DIR ]	drwxr-xr-x
Intl	[ DIR ]	drwxr-xr-x
Mail	[ DIR ]	drwxr-xr-x
Measurable	[ DIR ]	drwxr-xr-x
Menu	[ DIR ]	drwxr-xr-x
Metrics	[ DIR ]	drwxr-xr-x
Notification	[ DIR ]	drwxr-xr-x
Period	[ DIR ]	drwxr-xr-x
Plugin	[ DIR ]	drwxr-xr-x
ProfessionalServices	[ DIR ]	drwxr-xr-x
Report	[ DIR ]	drwxr-xr-x
ReportRenderer	[ DIR ]	drwxr-xr-x
Scheduler	[ DIR ]	drwxr-xr-x
Segment	[ DIR ]	drwxr-xr-x
Session	[ DIR ]	drwxr-xr-x
Settings	[ DIR ]	drwxr-xr-x
Tracker	[ DIR ]	drwxr-xr-x
Translation	[ DIR ]	drwxr-xr-x
UpdateCheck	[ DIR ]	drwxr-xr-x
Updater	[ DIR ]	drwxr-xr-x
Updates	[ DIR ]	drwxr-xr-x
Validators	[ DIR ]	drwxr-xr-x
View	[ DIR ]	drwxr-xr-x
ViewDataTable	[ DIR ]	drwxr-xr-x
Visualization	[ DIR ]	drwxr-xr-x
Widget	[ DIR ]	drwxr-xr-x
.htaccess	545 B	-rw-r--r--
Access.php	24.89 KB	-rw-r--r--
Archive.php	35.4 KB	-rw-r--r--
ArchiveProcessor.php	26.97 KB	-rw-r--r--
AssetManager.php	15.48 KB	-rw-r--r--
Auth.php	4.03 KB	-rw-r--r--
AuthResult.php	2.13 KB	-rw-r--r--
BaseFactory.php	1.77 KB	-rw-r--r--
Cache.php	3.51 KB	-rw-r--r--
CacheId.php	2.53 KB	-rw-r--r--
CliMulti.php	14.98 KB	-rw-r--r--
Common.php	39.79 KB	-rw-r--r--
Config.php	14.69 KB	-rw-r--r--
Console.php	10.09 KB	-rw-r--r--
Context.php	3.42 KB	-rw-r--r--
Cookie.php	15.12 KB	-rw-r--r--
CronArchive.php	50.69 KB	-rw-r--r--
DataArray.php	17.97 KB	-rw-r--r--
DataTable.php	69.61 KB	-rw-r--r--
Date.php	35.04 KB	-rw-r--r--
Db.php	29.43 KB	-rw-r--r--
DbHelper.php	10.84 KB	-rw-r--r--
Development.php	6.67 KB	-rw-r--r--
ErrorHandler.php	7.55 KB	-rw-r--r--
EventDispatcher.php	6.79 KB	-rw-r--r--
ExceptionHandler.php	7.06 KB	-rw-r--r--
FileIntegrity.php	15.8 KB	-rw-r--r--
Filechecks.php	8.79 KB	-rw-r--r--
Filesystem.php	18.74 KB	-rw-r--r--
FrontController.php	29.31 KB	-rw-r--r--
Http.php	44.42 KB	-rw-r--r--
IP.php	5.08 KB	-rw-r--r--
Log.php	8.14 KB	-rw-r--r--
LogDeleter.php	3.81 KB	-rw-r--r--
Mail.php	9.32 KB	-rw-r--r--
Metrics.php	20.76 KB	-rw-r--r--
NoAccessException.php	398 B	-rw-r--r--
Nonce.php	8.25 KB	-rw-r--r--
Notification.php	5.72 KB	-rw-r--r--
NumberFormatter.php	10 KB	-rw-r--r--
Option.php	8.25 KB	-rw-r--r--
Period.php	13.52 KB	-rw-r--r--
Piwik.php	27.95 KB	-rw-r--r--
Plugin.php	21.52 KB	-rw-r--r--
Profiler.php	13.32 KB	-rw-r--r--
ProxyHeaders.php	2.16 KB	-rw-r--r--
ProxyHttp.php	11.94 KB	-rw-r--r--
QuickForm2.php	3.94 KB	-rw-r--r--
RankingQuery.php	13.06 KB	-rw-r--r--
ReportRenderer.php	8.59 KB	-rw-r--r--
Segment.php	24.24 KB	-rw-r--r--
Sequence.php	3.11 KB	-rw-r--r--
Session.php	8.04 KB	-rw-r--r--
SettingsPiwik.php	18.07 KB	-rw-r--r--
SettingsServer.php	7.58 KB	-rw-r--r--
Singleton.php	1.46 KB	-rw-r--r--
Site.php	17.86 KB	-rw-r--r--
SiteContentDetector.php	14.22 KB	-rw-r--r--
SupportedBrowser.php	2.25 KB	-rw-r--r--
TCPDF.php	1.87 KB	-rw-r--r--
Theme.php	4.93 KB	-rw-r--r--
Timer.php	2.57 KB	-rw-r--r--
Tracker.php	11.79 KB	-rw-r--r--
Twig.php	19.74 KB	-rw-r--r--
Unzip.php	1.28 KB	-rw-r--r--
UpdateCheck.php	3.34 KB	-rw-r--r--
Updater.php	25.08 KB	-rw-r--r--
UpdaterErrorException.php	304 B	-rw-r--r--
Updates.php	3.86 KB	-rw-r--r--
Url.php	25.67 KB	-rw-r--r--
UrlHelper.php	11.24 KB	-rw-r--r--
Version.php	806 B	-rw-r--r--
View.php	18.2 KB	-rw-r--r--
bootstrap.php	2.03 KB	-rw-r--r--
dispatch.php	928 B	-rw-r--r--
testMinimumPhpVersion.php	10.82 KB	-rw-r--r--

Code Editor : Nonce.php

<?php
/**
 * Matomo - free/libre analytics platform
 *
 * @link https://matomo.org
 * @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later
 *
 */
namespace Piwik;

use Piwik\Session\SessionNamespace;

/**
 * Nonce class.
 *
 * A cryptographic nonce -- "number used only once" -- is often recommended as
 * part of a robust defense against cross-site request forgery (CSRF/XSRF). This
 * class provides static methods that create and manage nonce values.
 *
 * Nonces in Piwik are stored as a session variable and have a configurable expiration.
 *
 * Learn more about nonces [here](http://en.wikipedia.org/wiki/Cryptographic_nonce).
 *
 * @api
 */
class Nonce
{
    /**
     * Returns an existing nonce by ID. If none exists, a new nonce will be generated.
     *
     * @param string $id Unique id to avoid namespace conflicts, e.g., `'ModuleName.ActionName'`.
     * @param int $ttl Optional time-to-live in seconds; default is 5 minutes. (ie, in 5 minutes,
     *                 the nonce will no longer be valid).
     * @return string
     */
    public static function getNonce($id, $ttl = 600)
    {
        // save session-dependent nonce
        $ns = new SessionNamespace($id);
        $nonce = $ns->nonce;

// re-use an unexpired nonce (a small deviation from the "used only once" principle, so long as we do not reset the expiration)
        // to handle browser pre-fetch or double fetch caused by some browser add-ons/extensions
        if (empty($nonce)) {
            // generate a new nonce
            $nonce = md5(SettingsPiwik::getSalt() . time() . Common::generateUniqId());
            $ns->nonce = $nonce;
        }

// extend lifetime if nonce is requested again to prevent from early timeout if nonce is requested again
        // a few seconds before timeout
        $ns->setExpirationSeconds($ttl, 'nonce');

return $nonce;
    }

/**
     * Returns if a nonce is valid and comes from a valid request.
     *
     * A nonce is valid if it matches the current nonce and if the current nonce
     * has not expired.
     *
     * The request is valid if the referrer is a local URL (see {@link Url::isLocalUrl()})
     * and if the HTTP origin is valid (see {@link getAcceptableOrigins()}).
     *
     * @param string $id The nonce's unique ID. See {@link getNonce()}.
     * @param string $cnonce Nonce sent from client.
     * @param null|string $expectedReferrerHost The expected referrer host for the HTTP referrer URL.
     * @return bool `true` if valid; `false` otherwise.
     */
    public static function verifyNonce($id, $cnonce, $expectedReferrerHost = null)
    {
        // load error with message function.
        $error = self::verifyNonceWithErrorMessage($id, $cnonce, $expectedReferrerHost);
        return $error === "";
    }

/**
     * Returns error message
     *
     * A nonce is valid if it matches the current nonce and if the current nonce
     * has not expired.
     *
     * The request is valid if the referrer is a local URL (see {@link Url::isLocalUrl()})
     * and if the HTTP origin is valid (see {@link getAcceptableOrigins()}).
     *
     * @param string $id The nonce's unique ID. See {@link getNonce()}.
     * @param string $cnonce Nonce sent from client.
     * @param null $expectedReferrerHost The expected referrer host for the HTTP referrer URL.
     * @return string if empty is valid otherwise return error message
     */
    public static function verifyNonceWithErrorMessage($id, $cnonce, $expectedReferrerHost = null)
    {
        $ns = new SessionNamespace($id);
        $nonce = $ns->nonce;

$additionalErrors = '';

//  The Session cookie is set to a secure cookie, when SSL is mis-configured, it can cause the PHP session cookie ID to change on each page view.
        //  Indicate to user how to solve this particular use case by forcing secure connections.
        if (Url::isSecureConnectionAssumedByPiwikButNotForcedYet()) {
            $additionalErrors =  '<br/><br/>' . Piwik::translate('Login_InvalidNonceSSLMisconfigured',
                array(
                  '<a target="_blank" rel="noreferrer noopener" href="https://matomo.org/faq/how-to/faq_91/">',
                  '</a>',
                  'config/config.ini.php',
                  '<pre>force_ssl=1</pre>',
                  '<pre>[General]</pre>',
                )
              );
        }

// validate token
        if (empty($cnonce) || $cnonce !== $nonce) {
            return Piwik::translate('Login_InvalidNonceToken');
        }

// validate referrer
        $referrer = Url::getReferrer();
        if (empty($expectedReferrerHost) && !empty($referrer) && !Url::isLocalUrl($referrer)) {
            return Piwik::translate('Login_InvalidNonceReferrer', array(
              '<a target="_blank" rel="noreferrer noopener" href="https://matomo.org/faq/how-to-install/faq_98">',
              '</a>'
              )) . $additionalErrors;
        }

//referrer is different expected host
        if (!empty($expectedReferrerHost) && !self::isReferrerHostValid($referrer, $expectedReferrerHost)) {
            return Piwik::translate('Login_InvalidNonceUnexpectedReferrer') . $additionalErrors;
        }

// validate origin
        $origin = self::getOrigin();
        if (!empty($origin) &&
          ($origin == 'null'
            || !in_array($origin, self::getAcceptableOrigins()))
        ) {
            return Piwik::translate('Login_InvalidNonceOrigin') . $additionalErrors;
        }

return '';
    }

// public for tests
    public static function isReferrerHostValid($referrer, $expectedReferrerHost)
    {
        if (empty($referrer)) {
            return false;
        }

$referrerHost = Url::getHostFromUrl($referrer);
        return preg_match('/(^|\.)' . preg_quote($expectedReferrerHost) . '$/i', $referrerHost);
    }

/**
     * Force expiration of the current nonce.
     *
     * @param string $id The unique nonce ID.
     */
    public static function discardNonce($id)
    {
        $ns = new SessionNamespace($id);
        $ns->unsetAll();
    }

/**
     * Returns the **Origin** HTTP header or `false` if not found.
     *
     * @return string|bool
     */
    public static function getOrigin()
    {
        if (!empty($_SERVER['HTTP_ORIGIN'])) {
            return $_SERVER['HTTP_ORIGIN'];
        }
        return false;
    }

/**
     * Returns a list acceptable values for the HTTP **Origin** header.
     *
     * @return array
     */
    public static function getAcceptableOrigins()
    {
        $host = Url::getCurrentHost(null);

if (empty($host)) {
            return array();
        }

// parse host:port
        if (preg_match('/^([^:]+):([0-9]+)$/D', $host, $matches)) {
            $host = $matches[1];
            $port = $matches[2];
            $origins = array(
                'http://' . $host,
                'https://' . $host,
            );
            if ($port != 443) {
                $origins[] = 'http://' . $host .':' . $port;
            }
            $origins[] = 'https://' . $host . ':' . $port;
        } elseif (Config::getInstance()->General['force_ssl']) {
            $origins = array(
                'https://' . $host,
                'https://' . $host . ':443',
            );
        } else {
            $origins = array(
                'http://' . $host,
                'https://' . $host,
                'http://' . $host . ':80',
                'https://' . $host . ':443',
            );
        }

return $origins;
    }

/**
     * Verifies and discards a nonce.
     *
     * @param string $nonceName The nonce's unique ID. See {@link getNonce()}.
     * @param string|null $nonce The nonce from the client. If `null`, the value from the
     *                           **nonce** query parameter is used.
     * @throws \Exception if the nonce is invalid. See {@link verifyNonce()}.
     */
    public static function checkNonce($nonceName, $nonce = null, $expectedReferrerHost = null)
    {
        if ($nonce === null) {
            $nonce = Common::getRequestVar('nonce', null, 'string');
        }

if (!self::verifyNonce($nonceName, $nonce, $expectedReferrerHost)) {
            throw new \Exception(Piwik::translate('General_ExceptionSecurityCheckFailed'));
        }

self::discardNonce($nonceName);
    }
}

${this.title}

Code Editor : Nonce.php