Safe to use setURL() with $_SERVER['HTTP_REFERER']?


#1

I’m working on tracking custom images and was wondering if this code is safe to run:


    if(isset($_SERVER['HTTP_REFERER']))
       $t->setUrl($_SERVER['HTTP_REFERER']);

Since HTTP_REFERER can be easily spoofed, I wondered if Piwik performs the necessary validation to make sure no injects happen, or if I should perform my own validations to make sure the URL is valid.


(Matthieu Aubry) #2

Piwik should perform all validation, if you find any security issue with this, please email us at security att piwik