Hi,
the system check gives me the follwing warnings:
WARNING: ..../plugins/Diagnostics/Diagnostic/RequiredPrivateDirectories.php(138): Warning - trim() expects parameter 1 to be string, array given - Matomo 4.3.1 - Please report this message in the Matomo forums: https://forum.matomo.org (please do a search first as it might have been reported already) (Module: Installation, Action: systemCheckPage, In CLI mode: false)
and: WARNING: /home/mgdata/domains/mgdata.se/public_html/stats/plugins/Diagnostics/Diagnostic/RequiredPrivateDirectories.php(142): Warning - strpos() expects parameter 1 to be string, array given - Matomo 4.3.1 -
and also the message:
/config/config.ini.php
We found that the above URLs are accessible via the browser, but they should NOT be. ā¦
We also found that Matomoās config directory is publicly accessible. ā¦
The errors did not exist until some time ago.
Iām on a shared host (Litespeed) and have no idea what to do. I also have the impression that visitor tracking collects incorrect values, but that is perhaps another topic
It turns out there is indeed a bug in one part of this check. This should fix it:
You can apply this change to the plugins/Diagnostics/Diagnostic/RequiredPrivateDirectories.php file by replacing the lines in red with the ones in green (so adding ['data'] twice)
diff --git a/plugins/Diagnostics/Diagnostic/RequiredPrivateDirectories.php b/plugins/Diagnostics/Diagnostic/RequiredPrivateDirectories.php
index 74d41756819..40be4ee1e42 100644
--- a/plugins/Diagnostics/Diagnostic/RequiredPrivateDirectories.php
+++ b/plugins/Diagnostics/Diagnostic/RequiredPrivateDirectories.php
@@ -135,11 +135,11 @@ private function isAccessible(DiagnosticResult $result, $testUrl, $publicIfRespo
return true;
}
- if (trim($response) === $publicIfResponseEquals) {
+ if (trim($response['data']) === $publicIfResponseEquals) {
// we assume it is publicly accessible because either the exact expected content is returned or because we don't check for content match
$result->addItem(new DiagnosticResultItem(DiagnosticResult::STATUS_ERROR, $testUrl));
return true;
- } elseif (strpos($response, $publicIfResponseContains) !== false) {
+ } elseif (strpos($response['data'], $publicIfResponseContains) !== false) {
// we assume it is publicly accessible because a unique content is included in the response or because we don't check for content contains
$result->addItem(new DiagnosticResultItem(DiagnosticResult::STATUS_ERROR, $testUrl));
return true;
Iām confused about this post. I just updated to the latest and still seeing the same error.
How exactly do I fix this? I figured the update to 4.4.0 would take care of this without having to edit code?
System Check
Required Private Directories
Matomo version: 4.4.0
MySQL version: 10.5.10-MariaDB
PHP version: 7.4.20
The bug above is just in the exact setup lasse had. (where the pages werenāt public, but there was a redirect instead of an error page).
To remove the warning, make sure that these URLs canāt be accessed by any person on the internet. How to do this totally depends on your webserver setup, but checking if the .htaccess files are generated and support for them is enabled, would be one way for Apache. For other webservers, write access rules that are equivalent (or e.g. use the offical nginx config)
Thanks for your reply. Yes, Iāll check to make sure those arenāt public. I tested using tor and they werenāt which is why I wondered about the warning.
Just wanting to confirm however, is this still a bug or you mentioned itās something to do with certain setups?