Safe to use setURL() with $_SERVER['HTTP_REFERER']?


I’m working on tracking custom images and was wondering if this code is safe to run:


Since HTTP_REFERER can be easily spoofed, I wondered if Piwik performs the necessary validation to make sure no injects happen, or if I should perform my own validations to make sure the URL is valid.

(Matthieu Aubry) #2

Piwik should perform all validation, if you find any security issue with this, please email us at security att piwik