Safe to use setURL() with $_SERVER['HTTP_REFERER']?

I’m working on tracking custom images and was wondering if this code is safe to run:


Since HTTP_REFERER can be easily spoofed, I wondered if Piwik performs the necessary validation to make sure no injects happen, or if I should perform my own validations to make sure the URL is valid.

Piwik should perform all validation, if you find any security issue with this, please email us at security att piwik