Piwik 0.4.5

This is a follow-up release to Piwik 0.4.4 to handle some server environment-specific issues.

Bug fixes

• #1008 – open_basedir() restrictions would cause is_writable() to fail with a notice; this was used in determining whether the session.save_path was writable when session.save_handler = files
• #1009 – one-click update might fail with PIWK_USER_PATH not defined
• Some non-Apache users reporting Piwik displays only a blank page after the update.

Maintenance

• sendHttpRequest() by sockets: increase buffer size and fflush() output.

Translations

• Updated French translation.

Our thanks to all the Trac and forum users who diligently submitted bug reports and feedback. You help make Piwik more stable and usable for everyone.

We are now working on performance enhancements for Piwik 0.5. Stay tuned!

Piwik 0.4.4

New Features
#425, #904, #908 – Provide MYSQLI support
#642 – package Piwik for Microsoft Web Application Gallery
Added Norwegian and Korean translations

Bug Fixes
#923 – invalid XML response from UsersManager.getSitesAccessFromUser
#926 – add character encoding for the Export as Image page
#935 – re-order code to make global vars available to a plugin’s JavaScript
#942 – calendar should use server date for ‘today’
#944 – timestamp should appear before message in log files
#945 – set session name and prefix session namespaces
#953 – API doesn’t handle default null parameters well
#954 – escape left & right brackets in URL; fixes Open Flash Chart error in some environments
#962, #963 – fix “integer” and “float” detection in getRequestVar(); remove “numeric” default
#964 – fix Opera 10 detection
#974 – Swedish characters don’t show up properly in UI
#975 – reload page if user logs out in another tab
#976 – exception if session.save_path not writeable
#978 – fix %ss typo in translations
#996 – fixes message box error when deleting a website open for editing (Settings | Websites)
#999 – suppress top bar navigation links for disabled plugins
#1003 – fix problem with empty translation strings
#1005 – delete obsolete directories for users updating from pre-Piwik 0.2.10
#1007 – workaround Opera 9.22 EMCAScript engine (parser bug)
- Add IGNORE keyword to ALTER statement; MySQL in ‘strict’ mode was erroring out ‘Incorrect integer value’.
- Fix color assignments when more than 8 items loaded in Evolution chart

Maintenance

Updated Catalan, Greek, Spanish, French, Italian, Dutch, Russian, Serbian translations
#497 – Update to Zend Framework 1.9.4
#540 – adding support for plugins that define their own unit tests
#632 – move local mods to subclassed ZF classes
#749 – Login form changes
#913 – add detection for Iron web browser
#916 – update search engines list; remove some duplicates
#918 – filter out newest Googlebot
#919 – more helpful help text (Installation)
#921, #922 – Added Piwik_View::factory().
#925 – add curl & stream fallback methods to sendHttpRequest()
#929, #941 – minor css changes
#937 – set_time_limit() refactoring
#951 – remove download and outlink variable names from global.ini.php
#956 – json_encode or xml extensions required; add system checks to Installation
#957 – adding support for Tracker plugin unit testing
#958 – update the Live/Bing bot filter
#971 – Update to Open Flash Charts version 2 Lug Wrym Charmer
#995 – add bz2 and tbz2 to list of recognized download extensions in piwik.js; updated QUnit
- consistent use of Piwik_TranslateException()
- changes to isPhpCliMode()
- phpdoc updates

Translations
#759, #924, #937, #939 – We need your help translating the Installation and CoreUpdater plugins! The strings are now fully translatable. We’ve added browser language detection and a language selection drop down.

Our thanks to anush, bodo, cn_dark, feyp, hansfn, jpfle, pebosi, Glen Solsberry, and Ralf Trattman for patches.

Piwik 0.4.4, response to Secunia Advisory SA37078

The Piwik project confirms that a potential vulnerability exists due to a file included in a third-party library. The vulnerability is exploitable whether or not the web site has the PHP configuration directive register_globals=On. The list of affected Piwik releases is limited to Piwik versions 0.2.35, 0.2.36, 0.2.37, 0.4, 0.4.1, 0.4.2, and 0.4.3. Piwik version [...]

Piwik 0.4.3

New Features:

- #890, #907- updates to Search Engines
- #888 – Filtering out Bing spambot
- #886 – Piwik will load bootstrap.php (if it exists) allowing for site-specific tweaks (e.g., define PIWIK_DOCUMENT_ROOT)
- #870 – Add/Edit Goal UI – can now specify goal as triggered “manually”
- #826 – new Tracker.knownVisitorInformation hook
- #793 – rewrote sendHttpRequest enabling update notifications when allow_url_fopen is Off

Fixes:
- #894 – inconsistencies between database upgrade and fresh install
- #892, 893 – Length of Visits cosmetic fixes
- #877 – Always start session; define PIWIK_ENABLE_SESSION_START=0 in bootstrap.php to get previous behaviour (may require increasing max number of MySQL connections)
- #877 – Sites management, error in the template
- #865 – unix_socket support reworked; now accepts “host”, “host:port”, “host:/socket/path”, or “/socket/path”
- #828 – session handling fix for PHP 5.2.0 (ZF1743)
- #700 – Installation checks for zlib and SPL
- #666 – database upgrades may take too long to run in browser
-  JSON-stringified layout was in some cases not completely decoded

Maintenance:
- #911 – simplifying regular expressions
- #896, #897 – all_tests.php (unit tests) broken
- #876 – Piwik_Tracker_Visit should not validate $this->request in constructor

Translations:
- Minor changes across all translations.

Thanks to kolchak, kurakin, pebosi, and Uli for providing patches!

New Piwik Javascript Tracking API – How we designed it

There are a lot of changes in Piwik 0.4. Today, I’m going to write about the release of an exciting new version of piwik.js, Piwik’s JavaScript tracker. While the improvements are all under the hood, Piwik’s client-side code is now a heavyweight contender to the trackers from the “Big 3″ (i.e., GA, Y!A, and MS). [...]

Piwik 0.2.33, response to CVE-2009-1085

Reference: CVE-2009-1085 dated 03/25/2009 Contrary to the advisory, the Piwik project did not “confirm” this “vulnerability”. We have classified this issue as user error. The subject file, “misc/cron/archive.sh”, was intended to be a sample shell script. By default, archiving is an internal Piwik process, and an external “archive.sh” file is not required nor used in [...]

Piwik Response to Zend Framework Security Advisory ZF2009-02

ZF2009-02: XSS vector in Zend_Filter_StripTags Piwik 0.2.33 (released Mar. 2, 2009) and earlier versions are not affected by this security advisory (disclosed Mar. 2, 2009) because Piwik uses a subset of ZF which does not include Zend_Filter. Piwik users are, however, encouraged to upgrade to take advantage of new features and bug fixes. Reference: Cross-site [...]

Piwik Response to Zend Framework Security Advisory ZF2009-01

ZF2009-01: LFI vector in Zend_View::setScriptPath() and render() Piwik 0.2.31 (released Feb 18, 2009) and earlier versions are not affected by this security advisory (disclosed Feb. 17, 2009) because Piwik uses a subset of ZF which does not include Zend_View. Piwik users are, however, encouraged to upgrade to take advantage of new features and bug fixes. [...]