diff --git a/Diagnostic/CurlVersionCheck.php b/Diagnostic/CurlVersionCheck.php
index 1ddb5ca..eeed1f1 100644
--- a/Diagnostic/CurlVersionCheck.php
+++ b/Diagnostic/CurlVersionCheck.php
@@ -9,6 +9,7 @@
namespace Piwik\Plugins\DiagnosticsExtended\Diagnostic;
use Piwik\Http;
+use Piwik\Piwik;
use Piwik\Plugins\Diagnostics\Diagnostic\Diagnostic;
use Piwik\Plugins\Diagnostics\Diagnostic\DiagnosticResult;
use Psr\Log\LoggerInterface;
@@ -36,7 +37,7 @@ class CurlVersionCheck implements Diagnostic
public function __construct(LoggerInterface $logger, \Matomo\Cache\Lazy $lazyCache)
{
$this->logger = $logger;
- $this->label = "🧪 curl version check";
+ $this->label = "🧪 " . Piwik::translate("DiagnosticsExtended_CurlVersionCheckLabel");
$this->lazyCache = $lazyCache;
}
@@ -50,7 +51,7 @@ class CurlVersionCheck implements Diagnostic
return [DiagnosticResult::singleResult(
$this->label,
DiagnosticResult::STATUS_INFORMATIONAL,
- "Your PHP setup doesn't use curl, so there is nothing to check"
+ Piwik::translate("DiagnosticsExtended_CurlVersionCheckNoCurl")
)];
}
$version = curl_version()["version"];
@@ -86,22 +87,22 @@ class CurlVersionCheck implements Diagnostic
return [DiagnosticResult::singleResult(
$this->label,
DiagnosticResult::STATUS_ERROR,
- "Your curl version might be vulnerable against this vulnerabilities
- (unless the distributor of your curl binary is backporting security patches): "
+ Piwik::translate("DiagnosticsExtended_CurlVersionCheckVulnerable")
+ . " "
. join(", ", $vulns)
)];
} else {
return [DiagnosticResult::singleResult(
$this->label,
DiagnosticResult::STATUS_OK,
- "It seems like there are no known vulnerabilities in your curl version"
+ Piwik::translate("DiagnosticsExtended_CurlVersionCheckUpToDate")
)];
}
} catch (\Exception $e) {
return [DiagnosticResult::singleResult(
$this->label,
DiagnosticResult::STATUS_INFORMATIONAL,
- "Matomo could not check if your curl version has vulnerabilities"
+ Piwik::translate("DiagnosticsExtended_CurlVersionCheckFailed")
)];
}
diff --git a/Diagnostic/MatomoJsCheck.php b/Diagnostic/MatomoJsCheck.php
index e1a0909..150f3de 100644
--- a/Diagnostic/MatomoJsCheck.php
+++ b/Diagnostic/MatomoJsCheck.php
@@ -93,8 +93,7 @@ class MatomoJsCheck implements Diagnostic
} else {
$results->addItem(new DiagnosticResultItem(
DiagnosticResult::STATUS_WARNING,
- "matomo.js is not delivered gzipped.
- You might want to set up gzip for .js files as it can reduce the size of the file by up to 60 %."
+ Piwik::translate("DiagnosticsExtended_MatomoJSCheckNotGzipped")
));
}
return [$results];
@@ -103,9 +102,8 @@ class MatomoJsCheck implements Diagnostic
return [DiagnosticResult::singleResult(
$this->label,
DiagnosticResult::STATUS_INFORMATIONAL,
- "Matomo could not check if your matomo.js can be fetched properly"
+ Piwik::translate("DiagnosticsExtended_MatomoJSCheckUnknown")
)];
-
}
}
}
diff --git a/Diagnostic/OpensslVersionCheck.php b/Diagnostic/OpensslVersionCheck.php
index 7930eac..563dbbb 100644
--- a/Diagnostic/OpensslVersionCheck.php
+++ b/Diagnostic/OpensslVersionCheck.php
@@ -8,6 +8,7 @@
namespace Piwik\Plugins\DiagnosticsExtended\Diagnostic;
+use Piwik\Piwik;
use Piwik\Plugins\Diagnostics\Diagnostic\Diagnostic;
use Piwik\Plugins\Diagnostics\Diagnostic\DiagnosticResult;
use Psr\Log\LoggerInterface;
@@ -33,7 +34,7 @@ class OpensslVersionCheck implements Diagnostic
public function __construct(LoggerInterface $logger)
{
$this->logger = $logger;
- $this->label = "🧪 OpenSSL version check";
+ $this->label = "🧪 " . Piwik::translate("DiagnosticsExtended_OpensslVersionCheckLabel");
}
/**
@@ -44,7 +45,7 @@ class OpensslVersionCheck implements Diagnostic
return DiagnosticResult::singleResult(
$this->label,
DiagnosticResult::STATUS_INFORMATIONAL,
- "Your PHP setup doesn't use OpenSSL or curl, so there is nothing to check"
+ Piwik::translate("DiagnosticsExtended_OpensslVersionCheckNoOpenssl")
);
}
@@ -73,15 +74,13 @@ class OpensslVersionCheck implements Diagnostic
return [DiagnosticResult::singleResult(
$this->label,
DiagnosticResult::STATUS_WARNING,
- "Your OpenSSL version ($version) is pretty old.
- Check if there are known vulnerabilities for it and update it if necessary."
+ Piwik::translate("DiagnosticsExtended_OpensslVersionCheckOutdated", [$version])
)];
} else {
return [DiagnosticResult::singleResult(
$this->label,
DiagnosticResult::STATUS_INFORMATIONAL,
- "Your OpenSSL version ($version) is not really old.
- Nevertheless, check if there are known vulnerabilities for it and update it if necessary."
+ Piwik::translate("DiagnosticsExtended_OpensslVersionCheckNotOutdated", [$version])
)];
}
}
diff --git a/Diagnostic/PhpUserCheck.php b/Diagnostic/PhpUserCheck.php
index ddcdc76..eb29f5d 100644
--- a/Diagnostic/PhpUserCheck.php
+++ b/Diagnostic/PhpUserCheck.php
@@ -8,6 +8,7 @@
namespace Piwik\Plugins\DiagnosticsExtended\Diagnostic;
+use Piwik\Piwik;
use Piwik\Plugins\Diagnostics\Diagnostic\Diagnostic;
use Piwik\Plugins\Diagnostics\Diagnostic\DiagnosticResult;
use Piwik\SettingsServer;
@@ -19,10 +20,15 @@ class PhpUserCheck implements Diagnostic
* @var LoggerInterface
*/
private $logger;
+ /**
+ * @var string
+ */
+ private $label;
public function __construct(LoggerInterface $logger)
{
$this->logger = $logger;
+ $this->label = "🧪 " . Piwik::translate("DiagnosticsExtended_PhpUserCheckLabel");
}
/**
@@ -35,10 +41,9 @@ class PhpUserCheck implements Diagnostic
}
if (posix_getuid() === 0) {
return [DiagnosticResult::singleResult(
- "🧪 php running as root",
+ $this->label,
DiagnosticResult::STATUS_WARNING,
- "PHP seems to be running as root. Unless you are using Matomo inside a docker container
- you should check your setup."
+ Piwik::translate("DiagnosticsExtended_PhpUserCheckWarning")
)];
}
return [];
diff --git a/Diagnostic/URLCheck.php b/Diagnostic/URLCheck.php
index f7988cd..7da0735 100644
--- a/Diagnostic/URLCheck.php
+++ b/Diagnostic/URLCheck.php
@@ -9,6 +9,7 @@
namespace Piwik\Plugins\DiagnosticsExtended\Diagnostic;
use Piwik\Http;
+use Piwik\Piwik;
use Piwik\Plugins\Diagnostics\Diagnostic\Diagnostic;
use Piwik\Plugins\Diagnostics\Diagnostic\DiagnosticResult;
use Piwik\Plugins\Diagnostics\Diagnostic\DiagnosticResultItem;
@@ -31,18 +32,24 @@ class URLCheck implements Diagnostic
* @var boolean
*/
private $criticalIssue;
+ /**
+ * @var string
+ */
+ private $label;
public function __construct(LoggerInterface $logger)
{
$this->logger = $logger;
$this->matomoURL = SettingsPiwik::getPiwikUrl();
$this->criticalIssue = false;
+ $this->label = "🧪 " . Piwik::translate("DiagnosticsExtended_URLCheckLabel");
+
}
public function execute()
{
//TODO: don't check if running in development mode
- $result = new DiagnosticResult("Files that should not be public");
+ $result = new DiagnosticResult($this->label);
$result->addItem($this->checkConfigIni());
$result->addItem($this->checkRequestNotAllowed(
".git/info/exclude",
@@ -56,14 +63,14 @@ class URLCheck implements Diagnostic
"cache/tracker/matomocache_general.php",
"unserialize"
));
+ $result->addItem($this->checkRequestNotAllowed(
+ "lang/en.json",
+ "12HourClock",
+ false
+ ));
if ($this->criticalIssue) {
- $result->setLongErrorMessage(
- "Please check if your webserver processes the .htaccess files
- generated by Matomo properly. If you are using Nginx, please take a look at the
-
- official matomo-nginx config for reference.
- Otherwise attackers might be able to read sensitive data."
+ $result->setLongErrorMessage(Piwik::translate("DiagnosticsExtended_URLCheckLongErrorMessage", ["", ""])
);
}
return array($result);
@@ -82,10 +89,13 @@ class URLCheck implements Diagnostic
if ($this->contains($data, ";")) {
return new DiagnosticResultItem(
DiagnosticResult::STATUS_WARNING,
- "$relativeUrl seems to be semi-public. " .
- "While attackers can't read the config now, the file is publicly accessible and if for whatever reason your webserver " .
- "stops executing PHP files, everyone can read your MySQL credentials and more" .
- "Please check your webserver config."
+ Piwik::translate("DiagnosticsExtended_URLCheckConfigIni", ["$relativeUrl"])
+ );
+ }
+ else {
+ return new DiagnosticResultItem(
+ DiagnosticResult::STATUS_OK,
+ Piwik::translate("DiagnosticsExtended_URLCheckOk", ["$relativeUrl"])
);
}
}
@@ -93,12 +103,11 @@ class URLCheck implements Diagnostic
protected function checkRequestNotAllowed($relativeUrl, $content, $critical = true): DiagnosticResultItem
{
list($status, $headers, $data) = $this->makeHTTPReququest($relativeUrl);
-// var_dump($data);
if (strpos($data, $content) !== false) {
return $this->isPublicError($relativeUrl, $critical);
}
- return new DiagnosticResultItem(DiagnosticResult::STATUS_OK, "$relativeUrl doesn't seem to be publically reachable");
+ return new DiagnosticResultItem(DiagnosticResult::STATUS_OK, Piwik::translate("DiagnosticsExtended_URLCheckOk", ["$relativeUrl"]));
}
protected function isPublicError($relativeUrl, $critical): DiagnosticResultItem
@@ -108,7 +117,7 @@ class URLCheck implements Diagnostic
}
return new DiagnosticResultItem(
$critical ? DiagnosticResult::STATUS_ERROR : DiagnosticResult::STATUS_WARNING,
- "$relativeUrl should never be public. Please check your webserver config."
+ Piwik::translate("DiagnosticsExtended_URLCheckError", ["$relativeUrl"])
);
}
diff --git a/lang/en.json b/lang/en.json
index bd83a84..c09d228 100644
--- a/lang/en.json
+++ b/lang/en.json
@@ -2,28 +2,46 @@
"DiagnosticsExtended": {
"BackportingDisclaimerMariaDB": "(unless the distributor of your MariaDB binary is backporting security patches)",
"BackportingDisclaimerPHP": "(unless the distributor of your PHP binary is backporting security patches)",
+ "CurlVersionCheckFailed": "Matomo could not check if your curl version has vulnerabilities.",
+ "CurlVersionCheckLabel": "curl version check",
+ "CurlVersionCheckNoCurl": "Your PHP setup doesn't use curl, so there is nothing to check.",
+ "CurlVersionCheckUpToDate": "It seems like there are no known vulnerabilities in your curl version.",
+ "CurlVersionCheckVulnerable": "Your curl version might be vulnerable against these vulnerabilities (unless the distributor of your curl binary is backporting security patches):",
"DatabaseVersionCheckLabel": "Database version",
+ "DatabaseVersionCheckMariaDBEol": "Your MariaDB version (%1$s) does not receive security support by the MariaDB team anymore (since %2$s). You should update to a newer version",
+ "DatabaseVersionCheckMariaDBLatestVersion": "You are using the latest version of MariaDB %s.",
+ "DatabaseVersionCheckMariaDBNotEol": "Your MariaDB version (%1$s) receives security support by the MariaDB team until %2$s.",
+ "DatabaseVersionCheckMariaDBOutdated": "There is a newer MariaDB patch version (%1$s) available (you are using %2$s/%3$s). You should update to it as soon as possible",
"MatomoJSCheckFailed": "It seems like matomo.js can't be fetched properly.",
+ "MatomoJSCheckFailedCurlTip": "try running %s on your server and see if it is able to fetch the file successfully",
"MatomoJSCheckGzipped": "matomo.js is delivered gzipped.",
"MatomoJSCheckMIMEError": "matomo.js should be delivered with an 'application/javascript' Content-Type. You are using '%s'.",
- "MatomoJSCheckFailedCurlTip": "try running %s on your server and see if it is able to fetch the file successfully",
- "DatabaseVersionCheckMariaDBEol": "Your MariaDB version (%1$s) does not receive security support by the MariaDB team anymore (since %2$s). You should update to a newer version",
- "DatabaseVersionCheckMariaDBNotEol": "Your MariaDB version (%1$s) receives security support by the MariaDB team until %2$s.",
- "DatabaseVersionCheckMariaDBLatestVersion": "You are using the latest version of MariaDB %s.",
- "DatabaseVersionCheckMariaDBOutdated": "There is a newer MariaDB patch version (%1$s) available (you are using %2$s/%3$s). You should update to it as soon as possible",
+ "MatomoJSCheckNotGzipped": "matomo.js is not delivered gzipped. You might want to set up gzip for .js files as it can reduce the size of the file by up to 60 %.",
+ "MatomoJSCheckUnknown": "Matomo could not check if your matomo.js can be fetched properly.",
"NotificationText": "You have enabled the DiagnosticsExtended plugin. It adds a few more experimental system checks (marked with 🧪) to this page that might help you find issues with your Matomo instance. There might still be a few false positives and false negatives, so if you notice something strange, please report it to the %1$sforum%2$s or %3$screate a GitHub issue%4$s.",
"NotificationTitle": "About DiagnosticsExtended",
+ "OpensslVersionCheckLabel": "OpenSSL version check",
+ "OpensslVersionCheckNoOpenssl": "Your PHP setup doesn't use OpenSSL or curl, so there is nothing to check.",
+ "OpensslVersionCheckNotOutdated": "Your OpenSSL version (%s) is not really old. Nevertheless, check if there are known vulnerabilities for it and update it if necessary.",
+ "OpensslVersionCheckOutdated": "Your OpenSSL version (%s) is pretty old. Check if there are known vulnerabilities for it and update it if necessary.",
"PhpIniCheckIsDisabled": "%s is enabled",
"PhpIniCheckIsEnabled": "%s is enabled",
"PhpIniCheckLabel": "php.ini options",
"PhpIniCheckShouldBeDisabled": "%s should be enabled",
"PhpIniCheckShouldBeEnabled": "%s should be enabled",
+ "PhpUserCheckLabel": "PHP running as root",
+ "PhpUserCheckWarning": "PHP seems to be running as root. Unless you are using Matomo inside a docker container you should check your setup.",
"PhpVersionCheckEol": "Your PHP version (%1$s) does not receive security support by the PHP team anymore (since %2$s). You should update to a newer version",
"PhpVersionCheckLabel": "PHP version",
"PhpVersionCheckLatestVersion": "You are using the latest version of PHP %s",
- "PhpVersionCheckNoInformation": "No information is know about your PHP version (%s)",
+ "PhpVersionCheckNoInformation": "No information is known about your PHP version (%s)",
"PhpVersionCheckNotEol": "Your PHP version (%1$s) receives security support by the PHP team until %2$s.",
"PhpVersionCheckNotWorking": "Matomo could not check if your PHP version is up-to-date",
- "PhpVersionCheckOutdated": "There is a newer PHP patch version (%1$s) available (you are using %2$s). You should update to it as soon as possible"
+ "PhpVersionCheckOutdated": "There is a newer PHP patch version (%1$s) available (you are using %2$s). You should update to it as soon as possible",
+ "URLCheckConfigIni": "%s seems to be semi-public. While attackers can't read the config now, the file is publicly accessible and if for whatever reason your webserver stops executing PHP files in the future, everyone can read your MySQL credentials and more. Please check your webserver config.",
+ "URLCheckError": "%s should never be public, but seems to be. Please check your webserver config.",
+ "URLCheckLabel": "Files that should not be public",
+ "URLCheckLongErrorMessage": "Please check if your webserver processes the .htaccess files generated by Matomo properly. If you are using Nginx, please take a look at the %1$sofficial matomo-nginx config%2$s for reference for files that should not be public.
Otherwise attackers might be able to read sensitive data.",
+ "URLCheckOk": "%s doesn't seem to be publicly reachable"
}
}