Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clientside javascript for the Dashboard can get caught in infinite redirect loop #3471

Closed
mattab opened this issue Oct 23, 2012 · 1 comment
Labels
Bug For errors / faults / flaws / inconsistencies etc. Major Indicates the severity or impact or benefit of an issue is much higher than normal but not critical.
Milestone

Comments

@mattab
Copy link
Member

mattab commented Oct 23, 2012

Reported by email:



Clientside javascript that is executed when loading the dashboard can get in a state that causes it to repeat itself in an endless loop. This results in continuous requests to the web server which returns a redirect causing the process to continue indefinitely. This creates an increased and unnecessary load on the web server.

Specifically, javascript executed on the client does not handle arbitrary input after a hashtag. Initializing the webpage with arbitrary input will result in continuous requests to index.php?module=CoreHome&action=index&idSite=1&period=day&date=yesterday#<arbitrary input> (or if the page is set as the default then /index.php?<arbitrary input> works). The web server responds with 302 Found to "index.php?module=CoreHome&action=index&idSite=1&period=day&date=yesterday".

The browser continues to request the returned page and appends the text after the hashtag to the end of the url. When the page is loaded again, the arbitrary text is executed again and the loop will continue indefinitely. It only takes a couple of browsers to do this to notice the increased load on the webserver.

URL to reproduce: index.php?module=CoreHome&action=index&idSite=1&period=range&date=previous30#blabla

@diosmosis
Copy link
Member

(In [7284]) Fixes #3471, make sure broadcast won't show AJAX result if result is whole HTML document.

@mattab mattab added this to the 1.9.1 - Piwik 1.9.1 milestone Jul 8, 2014
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Bug For errors / faults / flaws / inconsistencies etc. Major Indicates the severity or impact or benefit of an issue is much higher than normal but not critical.
Projects
None yet
Development

No branches or pull requests

2 participants