You are here

protected static function PiwikAdminSettingsForm::containsForbiddenToken in Piwik Web Analytics 8

Validate if string contains forbidden tokens not allowed by privacy rules.

Parameters

string $token_string: A string with one or more tokens to be validated.

Return value

bool TRUE if blacklisted token has been found, otherwise FALSE.

File

src/Form/PiwikAdminSettingsForm.php, line 664

Class

PiwikAdminSettingsForm
Configure Piwik settings for this site.

Namespace

Drupal\piwik\Form

Code

protected static function containsForbiddenToken($token_string) {

  // List of strings in tokens with personal identifying information not
  // allowed for privacy reasons. See section 8.1 of the Google Analytics
  // terms of use for more detailed information.
  //
  // This list can never ever be complete. For this reason it tries to use a
  // regex and may kill a few other valid tokens, but it's the only way to
  // protect users as much as possible from admins with illegal ideas.
  //
  // User tokens are not prefixed with colon to catch 'current-user' and
  // 'user'.
  //
  // TODO: If someone have better ideas, share them, please!
  $token_blacklist = [
    ':account-name]',
    ':author]',
    ':author:edit-url]',
    ':author:url]',
    ':author:path]',
    ':current-user]',
    ':current-user:original]',
    ':display-name]',
    ':fid]',
    ':mail]',
    ':name]',
    ':uid]',
    ':one-time-login-url]',
    ':owner]',
    ':owner:cancel-url]',
    ':owner:edit-url]',
    ':owner:url]',
    ':owner:path]',
    'user:cancel-url]',
    'user:edit-url]',
    'user:url]',
    'user:path]',
    'user:picture]',
    // addressfield_tokens.module
    ':first-name]',
    ':last-name]',
    ':name-line]',
    ':mc-address]',
    ':thoroughfare]',
    ':premise]',
    // realname.module
    ':name-raw]',
    // token.module
    ':ip-address]',
  ];
  return preg_match('/' . implode('|', array_map('preg_quote', $token_blacklist)) . '/i', $token_string);
}