From f8359173bef317bd316c74672f86c74cd0b8bdbf Mon Sep 17 00:00:00 2001
From: gRoussac <gregory.roussac@prestashop.com>
Date: Mon, 27 May 2013 10:12:41 +0200
Subject: [PATCH] [-] CORE : Report of
 https://github.com/PrestaShop/PrestaShop-1.4/commit/a6e8a2eda7fe3bab5245df9b98df7b2f6f7d541f

---
 classes/ConnectionsSource.php | 61 ++++++++++++++++++-----------------
 classes/SearchEngine.php      |  2 ++
 2 files changed, 33 insertions(+), 30 deletions(-)

diff --git a/classes/ConnectionsSource.php b/classes/ConnectionsSource.php
index fa3151aca..52409ab69 100644
--- a/classes/ConnectionsSource.php
+++ b/classes/ConnectionsSource.php
@@ -61,38 +61,39 @@ class ConnectionsSourceCore extends ObjectModel
 			$cookie = Context::getContext()->cookie;
 		if (!isset($cookie->id_connections) || !Validate::isUnsignedId($cookie->id_connections))
 			return false;
+			
+		// If the referrer is not correct, we drop the connection
+		if (isset($_SERVER['HTTP_REFERER']) && !Validate::isAbsoluteUrl($_SERVER['HTTP_REFERER']))
+			return false;
+		// If there is no referrer and we do not want to save direct traffic (as opposed to referral traffic), we drop the connection			
 		if (!isset($_SERVER['HTTP_REFERER']) && !Configuration::get('TRACKING_DIRECT_TRAFFIC'))
 			return false;
-		if(Configuration::get('TRACKING_DIRECT_TRAFFIC'))
-		{		
-			$source = new ConnectionsSource();
-			if (isset($_SERVER['HTTP_REFERER']) && Validate::isAbsoluteUrl($_SERVER['HTTP_REFERER']))
-			{
-				$parsed = parse_url($_SERVER['HTTP_REFERER']);
-				$parsed_host = parse_url(Tools::getProtocol().Tools::getHttpHost(false, false).__PS_BASE_URI__);
-				if ((!isset($parsed['path']) ||!isset($parsed_host['path'])) || (preg_replace('/^www./', '', $parsed['host']) == preg_replace('/^www./', '', Tools::getHttpHost(false, false))) 
-					&& !strncmp($parsed['path'], $parsed_host['path'], strlen(__PS_BASE_URI__)))
-					return false;
-				if (Validate::isAbsoluteUrl(strval($_SERVER['HTTP_REFERER'])))
-				{
-					$source->http_referer = substr(strval($_SERVER['HTTP_REFERER']), 0, ConnectionsSource::$uri_max_size);
-					$source->keywords = substr(trim(SearchEngine::getKeywords(strval($_SERVER['HTTP_REFERER']))), 0, ConnectionsSource::$uri_max_size);
-					if (!Validate::isMessage($source->keywords))
-						return false;
-				}
-			}
-			
-			$source->id_connections = (int)$cookie->id_connections;
-			$source->request_uri = Tools::getHttpHost(false, false);
-			if (isset($_SERVER['REDIRECT_URL']))
-				$source->request_uri .= strval($_SERVER['REDIRECT_URL']);
-			elseif (isset($_SERVER['REQUEST_URI']))
-				$source->request_uri .= strval($_SERVER['REQUEST_URI']);
-			if (!Validate::isUrl($source->request_uri))
-				$source->request_uri = '';
-			$source->request_uri = substr($source->request_uri, 0, ConnectionsSource::$uri_max_size);
-			return $source->add();
+		
+		$source = new ConnectionsSource();
+
+		// There are a few more operations if there is a referrer
+		if (isset($_SERVER['HTTP_REFERER']))
+		{
+			// If the referrer is internal (i.e. from your own website), then we drop the connection		
+			$parsed = parse_url($_SERVER['HTTP_REFERER']);
+			$parsed_host = parse_url(Tools::getProtocol().Tools::getHttpHost(false, false).__PS_BASE_URI__);
+			if ((!isset($parsed['path']) ||!isset($parsed_host['path'])) || (preg_replace('/^www./', '', $parsed['host']) == preg_replace('/^www./', '', Tools::getHttpHost(false, false))) && !strncmp($parsed['path'], $parsed_host['path'], strlen(__PS_BASE_URI__)))
+				return false;
+
+			$source->http_referer = substr($_SERVER['HTTP_REFERER'], 0, ConnectionsSource::$uri_max_size);
+			$source->keywords = substr(trim(SearchEngine::getKeywords($_SERVER['HTTP_REFERER'])), 0, ConnectionsSource::$uri_max_size);
 		}
+		
+		$source->id_connections = (int)$cookie->id_connections;
+		$source->request_uri = Tools::getHttpHost(false, false);
+		if (isset($_SERVER['REDIRECT_URL']))
+			$source->request_uri .= $_SERVER['REDIRECT_URL'];
+		elseif (isset($_SERVER['REQUEST_URI']))
+			$source->request_uri .= $_SERVER['REQUEST_URI'];
+		if (!Validate::isUrl($source->request_uri))
+			$source->request_uri = '';
+		$source->request_uri = substr($source->request_uri, 0, ConnectionsSource::$uri_max_size);
+		return $source->add();
 	}
 	
 	public static function getOrderSources($id_order)
@@ -106,4 +107,4 @@ class ConnectionsSourceCore extends ObjectModel
 		WHERE id_order = '.(int)($id_order).'
 		ORDER BY cos.date_add DESC');
 	}
-}
+}
\ No newline at end of file
diff --git a/classes/SearchEngine.php b/classes/SearchEngine.php
index 30bc7fa21..851d8b9ef 100644
--- a/classes/SearchEngine.php
+++ b/classes/SearchEngine.php
@@ -60,6 +60,8 @@ class SearchEngineCore extends ObjectModel
 				if (empty($array[0]))
 					return false;
 				$str = urldecode(str_replace('+', ' ', ltrim(substr(rtrim($array[0], '&'), strlen($varname) + 1), '=')));
+				if (!Validate::isMessage($str))
+					return false;				
 				return $str;
 			}
 		}