[Piwik-hackers] Domains are not checked (bug or intended behaviour) / Function of site URLs

[Elmar Weber]

Hello,

Matthieu Aubry wrote:
 > [...]
> The problem with this story is performance: we don't really want to 
> select the list of alias urls for the website at each page view to check 
> the current website against those.

I'm not that close with PHP, but I remember from a discussion with a 
friend with regard to caching that according to him PHP has some sort of 
in memory cache available?
Since this would be a frequently accessed, mostly static piece of data 
it would be worth putting in there.

Another option may be to create a hash for each site URL (or encrypt it) 
and put it into the visitor's cookie.
If they user has cookies disabled then the site URLs can be retrieved in 
the same select where the user is identified 
(Piwik_LogStats_Visit#recognizeTheVisitor).



> There is another possibility I can think of: hooking in the archiving 
> and trigger a job to delete the incorrect logs just before starting 
> reading the logs and archiving.

I've taken a look at the data model, the way I see it, for this to work 
the data model must be extended because the URL of the website where the 
script was executed from is not logged.

In general: What options exist to determine the website the Script was 
called from and how it made secure.
The ones I can think of are the Referrer of the call the piwik.php 
Script or a parameter to the piwik.php Script based on e.g. the 
location.href value. However, both are easy to fake.


> If you want to jump in, you're welcome to send us a patch!

I'll see if I can get something to work, I've some spare time around the 
weekend.

ciao,
Elmar

-- 
"Religion und Familie sind die beiden größten Feinde des Fortschritts."
(André Gide (1869 - 1951), französischer Schriftsteller)