#3471 closed Bug (fixed)

Clientside javascript for the Dashboard can get caught in infinite redirect loop

Reported by: matt Owned by:
Priority: major Milestone: 1.9.1 - Piwik 1.9.1
Component: Core Keywords:
Cc: Sensitive: no


Reported by email:

Clientside javascript that is executed when loading the dashboard can get in a state that causes it to repeat itself in an endless loop. This results in continuous requests to the web server which returns a redirect causing the process to continue indefinitely. This creates an increased and unnecessary load on the web server.

Specifically, javascript executed on the client does not handle arbitrary input after a hashtag. Initializing the webpage with arbitrary input will result in continuous requests to index.php?module=CoreHome&action=index&idSite=1&period=day&date=yesterday#<arbitrary input> (or if the page is set as the default then /index.php?<arbitrary input> works). The web server responds with 302 Found to "index.php?module=CoreHome&action=index&idSite=1&period=day&date=yesterday".

The browser continues to request the returned page and appends the text after the hashtag to the end of the url. When the page is loaded again, the arbitrary text is executed again and the loop will continue indefinitely. It only takes a couple of browsers to do this to notice the increased load on the webserver.

URL to reproduce: index.php?module=CoreHome&action=index&idSite=1&period=range&date=previous30#blabla

Change History (1)

comment:1 Changed 18 months ago by capedfuzz (diosmosis)

  • Resolution set to fixed
  • Status changed from new to closed

(In [7284]) Fixes #3471, make sure broadcast won't show AJAX result if result is whole HTML document.

Note: See TracTickets for help on using tickets.