protected static function MatomoAdminSettingsForm::containsForbiddenToken in Matomo Analytics 8
Validate if string contains forbidden tokens not allowed by privacy rules.
Parameters
string $token_string: A string with one or more tokens to be validated.
Return value
bool TRUE if blocklisted token has been found, otherwise FALSE.
File
- src/
Form/ MatomoAdminSettingsForm.php, line 757
Class
- MatomoAdminSettingsForm
- Configure Matomo settings for this site.
Namespace
Drupal\matomo\FormCode
protected static function containsForbiddenToken($token_string) {
// List of strings in tokens with personal identifying information not
// allowed for privacy reasons. See section 8.1 of the Google Analytics
// terms of use for more detailed information.
//
// This list can never ever be complete. For this reason it tries to use a
// regex and may kill a few other valid tokens, but it's the only way to
// protect users as much as possible from admins with illegal ideas.
//
// User tokens are not prefixed with colon to catch 'current-user' and
// 'user'.
//
// TODO: If someone has better ideas, share them, please!
$token_blocklist = [
':account-name]',
':author]',
':author:edit-url]',
':author:url]',
':author:path]',
':current-user]',
':current-user:original]',
':display-name]',
':fid]',
':mail]',
'user:name]',
'author:name]',
'owner:name]',
':uid]',
':one-time-login-url]',
':owner]',
':owner:cancel-url]',
':owner:edit-url]',
':owner:url]',
':owner:path]',
'user:cancel-url]',
'user:edit-url]',
'user:url]',
'user:path]',
'user:picture]',
// addressfield_tokens.module.
':first-name]',
':last-name]',
':name-line]',
':mc-address]',
':thoroughfare]',
':premise]',
// realname.module.
':name-raw]',
// token.module.
':ip-address]',
];
return preg_match('/' . implode('|', array_map('preg_quote', $token_blocklist)) . '/i', $token_string);
}