Add more options for global URL parameter exclusions

CHANGELOG.md

@@ -14,6 +14,7 @@ The Product Changelog at **[matomo.org/changelog](https://matomo.org/changelog)*
 
 * The methods `Db::isOptimizeInnoDBSupported`, `Db::optimizeTables` have been deprecated. Use `Db\Schema::getInstance()->isOptimizeInnoDBSupported` and `Db\Schema::getInstance()->optimizeTables` instead
 * The method `TransactionLevel::setUncommitted` has been deprecated. Use `TransactionLevel::setTransactionLevelForNonLockingReads` instead
+* The method `Piwik\Plugins\SitesManager\API::setGlobalExcludedQueryParameters` has been deprecated. Use `Piwik\Plugins\SitesManager\API::setGlobalQueryParamExclusion` instead
 
 ### New commands
 

config/global.ini.php

@@ -1325,4 +1325,165 @@
 SDK_batch_size = 10
 SDK_interval_value = 30
 
+[SitesManager]
+CommonPIIParams[] = account
+CommonPIIParams[] = accountnum
+CommonPIIParams[] = address
+CommonPIIParams[] = address1
+CommonPIIParams[] = address2
+CommonPIIParams[] = address3
+CommonPIIParams[] = addressline1
+CommonPIIParams[] = addressline2
+CommonPIIParams[] = adres
+CommonPIIParams[] = adresse
+CommonPIIParams[] = age
+CommonPIIParams[] = alter
+CommonPIIParams[] = auth
+CommonPIIParams[] = authpw
+CommonPIIParams[] = bic
+CommonPIIParams[] = billingaddress
+CommonPIIParams[] = billingaddress1
+CommonPIIParams[] = billingaddress2
+CommonPIIParams[] = calle
+CommonPIIParams[] = cardnumber
+CommonPIIParams[] = cc
+CommonPIIParams[] = ccc
+CommonPIIParams[] = cccsc
+CommonPIIParams[] = cccvc
+CommonPIIParams[] = cccvv
+CommonPIIParams[] = ccexpiry
+CommonPIIParams[] = ccexpmonth
+CommonPIIParams[] = ccexpyear
+CommonPIIParams[] = ccname
+CommonPIIParams[] = ccnumber
+CommonPIIParams[] = cctype
+CommonPIIParams[] = cell
+CommonPIIParams[] = cellphone
+CommonPIIParams[] = city
+CommonPIIParams[] = clientid
+CommonPIIParams[] = clientsecret
+CommonPIIParams[] = company
+CommonPIIParams[] = consumerkey
+CommonPIIParams[] = consumersecret
+CommonPIIParams[] = contrasenya
+CommonPIIParams[] = contraseña
+CommonPIIParams[] = creditcard
+CommonPIIParams[] = creditcardnumber
+CommonPIIParams[] = cvc
+CommonPIIParams[] = cvv
+CommonPIIParams[] = dateofbirth
+CommonPIIParams[] = debitcard
+CommonPIIParams[] = dirección
+CommonPIIParams[] = dob
+CommonPIIParams[] = domain
+CommonPIIParams[] = ebost
+CommonPIIParams[] = email
+CommonPIIParams[] = emailaddress
+CommonPIIParams[] = emailadresse
+CommonPIIParams[] = epos
+CommonPIIParams[] = epost
+CommonPIIParams[] = eposta
+CommonPIIParams[] = exp
+CommonPIIParams[] = familyname
+CommonPIIParams[] = firma
+CommonPIIParams[] = firstname
+CommonPIIParams[] = formlogin
+CommonPIIParams[] = fullname
+CommonPIIParams[] = gender
+CommonPIIParams[] = geschlecht
+CommonPIIParams[] = gst
+CommonPIIParams[] = gstnumber
+CommonPIIParams[] = handynummer
+CommonPIIParams[] = hasło
+CommonPIIParams[] = heslo
+CommonPIIParams[] = iban
+CommonPIIParams[] = ibanaccountnum
+CommonPIIParams[] = ibanaccountnumber
+CommonPIIParams[] = id
+CommonPIIParams[] = identifier
+CommonPIIParams[] = indirizzo
+CommonPIIParams[] = kartakredytowa
+CommonPIIParams[] = kennwort
+CommonPIIParams[] = keyconsumerkey
+CommonPIIParams[] = keyconsumersecret
+CommonPIIParams[] = konto
+CommonPIIParams[] = kontonr
+CommonPIIParams[] = kontonummer
+CommonPIIParams[] = kredietkaart
+CommonPIIParams[] = kreditkarte
+CommonPIIParams[] = kreditkort
+CommonPIIParams[] = lastname
+CommonPIIParams[] = login
+CommonPIIParams[] = mail
+CommonPIIParams[] = mobiili
+CommonPIIParams[] = mobile
+CommonPIIParams[] = mobilne
+CommonPIIParams[] = nachname
+CommonPIIParams[] = name
+CommonPIIParams[] = nickname
+CommonPIIParams[] = off
+CommonPIIParams[] = osoite
+CommonPIIParams[] = parole
+CommonPIIParams[] = pass
+CommonPIIParams[] = passord
+CommonPIIParams[] = password
+CommonPIIParams[] = passwort
+CommonPIIParams[] = pasword
+CommonPIIParams[] = paswort
+CommonPIIParams[] = paword
+CommonPIIParams[] = phone
+CommonPIIParams[] = pin
+CommonPIIParams[] = plz
+CommonPIIParams[] = postalcode
+CommonPIIParams[] = postcode
+CommonPIIParams[] = postleitzahl
+CommonPIIParams[] = privatekey
+CommonPIIParams[] = publickey
+CommonPIIParams[] = pw
+CommonPIIParams[] = pwd
+CommonPIIParams[] = pword
+CommonPIIParams[] = pwrd
+CommonPIIParams[] = rue
+CommonPIIParams[] = secret
+CommonPIIParams[] = secretq
+CommonPIIParams[] = secretquestion
+CommonPIIParams[] = shippingaddress
+CommonPIIParams[] = shippingaddress1
+CommonPIIParams[] = shippingaddress2
+CommonPIIParams[] = socialsec
+CommonPIIParams[] = socialsecuritynumber
+CommonPIIParams[] = socsec
+CommonPIIParams[] = sokak
+CommonPIIParams[] = ssn
+CommonPIIParams[] = steuernummer
+CommonPIIParams[] = strasse
+CommonPIIParams[] = street
+CommonPIIParams[] = surname
+CommonPIIParams[] = swift
+CommonPIIParams[] = tax
+CommonPIIParams[] = taxnumber
+CommonPIIParams[] = tel
+CommonPIIParams[] = telefon
+CommonPIIParams[] = telefonnr
+CommonPIIParams[] = telefonnummer
+CommonPIIParams[] = telefono
+CommonPIIParams[] = telephone
+CommonPIIParams[] = token
+CommonPIIParams[] = token_auth
+CommonPIIParams[] = tokenauth
+CommonPIIParams[] = téléphone
+CommonPIIParams[] = ulica
+CommonPIIParams[] = user
+CommonPIIParams[] = username
+CommonPIIParams[] = vat
+CommonPIIParams[] = vatnumber
+CommonPIIParams[] = via
+CommonPIIParams[] = vorname
+CommonPIIParams[] = wachtwoord
+CommonPIIParams[] = wagwoord
+CommonPIIParams[] = webhooksecret
+CommonPIIParams[] = website
+CommonPIIParams[] = zip
+CommonPIIParams[] = zipcode
+
 ; NOTE: do not directly edit this file! See notice at the top

plugins/SitesManager/API.php

@@ -14,6 +14,7 @@
 use Matomo\Network\IPUtils;
 use Piwik\Access;
 use Piwik\Common;
+use Piwik\Config;
 use Piwik\Container\StaticContainer;
 use Piwik\DataAccess\Model as CoreModel;
 use Piwik\Date;
@@ -40,6 +41,7 @@
 use Piwik\Translation\Translator;
 use Piwik\Url;
 use Piwik\UrlHelper;
+use Piwik\Validators\WhitelistedValue;
 
 /**
  * The SitesManager API gives you full control on Websites in Matomo (create, update and delete), and many methods to retrieve websites based on various attributes.
@@ -69,6 +71,7 @@ class API extends \Piwik\Plugin\API
     public const OPTION_EXCLUDED_USER_AGENTS_GLOBAL = 'SitesManager_ExcludedUserAgentsGlobal';
     public const OPTION_EXCLUDED_REFERRERS_GLOBAL = 'SitesManager_ExcludedReferrersGlobal';
     public const OPTION_KEEP_URL_FRAGMENTS_GLOBAL = 'SitesManager_KeepURLFragmentsGlobal';
+    public const OPTION_EXCLUDE_TYPE_QUERY_PARAMS_GLOBAL = 'SitesManager_ExcludeTypeQueryParamsGlobal';
 
     /**
      * @var SettingsProvider
@@ -1123,10 +1126,18 @@ public function getExcludedQueryParameters(int $idSite): array
      *
      * @return string Comma separated list of URL parameters
      */
-    public function getExcludedQueryParametersGlobal()
+    public function getExcludedQueryParametersGlobal(): string
     {
         Piwik::checkUserHasSomeViewAccess();
-        return Option::get(self::OPTION_EXCLUDED_QUERY_PARAMETERS_GLOBAL);
+
+        switch ($this->getExclusionTypeForQueryParams()) {
+            case SitesManager::URL_PARAM_EXCLUSION_TYPE_NAME_NO_EXCLUSIONS:
+                return '';
+            case SitesManager::URL_PARAM_EXCLUSION_TYPE_NAME_COMMON_PII_EXCLUSIONS:
+                return implode(',', Config::getInstance()->SitesManager['CommonPIIParams']);
+            default:
+                return Option::get(self::OPTION_EXCLUDED_QUERY_PARAMETERS_GLOBAL);
+        }
     }
 
     /**
@@ -1266,14 +1277,19 @@ public function setKeepURLFragmentsGlobal($enabled)
      * Will also apply to websites created in the future.
      *
      * @param string $excludedQueryParameters Comma separated list of URL query parameters to exclude from URLs
+     * @deprecated Use self::setGlobalQueryParamExclusion() instead.
      * @return bool
      */
     public function setGlobalExcludedQueryParameters($excludedQueryParameters)
     {
-        Piwik::checkUserHasSuperUserAccess();
-        $excludedQueryParameters = $this->checkAndReturnCommaSeparatedStringList($excludedQueryParameters);
-        Option::set(self::OPTION_EXCLUDED_QUERY_PARAMETERS_GLOBAL, $excludedQueryParameters);
-        Cache::deleteTrackerCache();
+        if (empty($excludedQueryParameters)) {
+            $this->setGlobalQueryParamExclusion(SitesManager::URL_PARAM_EXCLUSION_TYPE_NAME_NO_EXCLUSIONS);
+            return;
+        }
+        $this->setGlobalQueryParamExclusion(
+            SitesManager::URL_PARAM_EXCLUSION_TYPE_NAME_CUSTOM_EXCLUSIONS,
+            $excludedQueryParameters
+        );
         return true;
     }
 
@@ -1346,6 +1362,70 @@ public function setDefaultTimezone($defaultTimezone)
         return true;
     }
 
+    /**
+     * Sets global query parameter exclusion based on the specified exclusion type.
+     *
+     * @param string $exclusionType The type of query param exclusion, must be of the following:
+     *  - no_exclusions
+     *  - common_pii_exclusions
+     *  - custom_exclusions
+     * @param string|null $queryParamsToExclude (Optional) Comma separated list of query parameters to exclude when $exclusionType is 'custom'.
+     *                                         Ignored if $exclusionType is not 'custom'.
+     * @return void
+     * @throws Exception
+     */
+    public function setGlobalQueryParamExclusion(string $exclusionType, ?string $queryParamsToExclude = null): void
+    {
+        Piwik::checkUserHasSuperUserAccess();
+
+        $whiteListValidator = new WhitelistedValue(SitesManager::URL_PARAM_EXCLUSION_TYPES);
+        $whiteListValidator->validate($exclusionType);
+
+        if ($exclusionType === SitesManager::URL_PARAM_EXCLUSION_TYPE_NAME_CUSTOM_EXCLUSIONS && empty($queryParamsToExclude)) {
+            throw new Exception($this->translator->translate('SitesManager_ExceptionEmptyQueryParamsForCustomType'));
+        }
+
+        if ($exclusionType !== SitesManager::URL_PARAM_EXCLUSION_TYPE_NAME_CUSTOM_EXCLUSIONS && !empty($queryParamsToExclude)) {
+            throw new Exception($this->translator->translate('SitesManager_ExceptionNonEmptyQueryParamsForNonCustomType'));
+        }
+
+        Option::set(self::OPTION_EXCLUDE_TYPE_QUERY_PARAMS_GLOBAL, $exclusionType);
+
+        if ($exclusionType !== SitesManager::URL_PARAM_EXCLUSION_TYPE_NAME_CUSTOM_EXCLUSIONS) {
+            Option::delete(self::OPTION_EXCLUDED_QUERY_PARAMETERS_GLOBAL);
+            Cache::deleteTrackerCache();
+            return;
+        }
+
+        $excludedQueryParameters = $this->checkAndReturnCommaSeparatedStringList($queryParamsToExclude);
+        Option::set(self::OPTION_EXCLUDED_QUERY_PARAMETERS_GLOBAL, $excludedQueryParameters);
+        Cache::deleteTrackerCache();
+    }
+
+    /**
+     * Gets the exclusion type, if the option is not present in the store then it infers the type based on if there are
+     * custom exclusions already defined.
+     *
+     * @return string
+     */
+    public function getExclusionTypeForQueryParams(): string
+    {
+        Piwik::checkUserHasSomeViewAccess();
+
+        $result = Option::get(self::OPTION_EXCLUDE_TYPE_QUERY_PARAMS_GLOBAL);
+
+        if (!empty($result)) {
+            return $result;
+        }
+
+        $excludedQueryParamsGlobal = Option::get(self::OPTION_EXCLUDED_QUERY_PARAMETERS_GLOBAL);
+
+        if (empty($excludedQueryParamsGlobal)) {
+            return SitesManager::URL_PARAM_EXCLUSION_TYPE_NAME_NO_EXCLUSIONS;
+        }
+        return SitesManager::URL_PARAM_EXCLUSION_TYPE_NAME_CUSTOM_EXCLUSIONS;
+    }
+
     /**
      * Update an existing website.
      * If only one URL is specified then only the main url will be updated.

plugins/SitesManager/Controller.php

@@ -12,6 +12,7 @@
 use Exception;
 use Piwik\API\ResponseBuilder;
 use Piwik\Common;
+use Piwik\Config;
 use Piwik\DataTable\Renderer\Json;
 use Piwik\Piwik;
 use Piwik\Plugin\Manager;
@@ -54,7 +55,12 @@ public function globalSettings()
     {
         Piwik::checkUserHasSuperUserAccess();
 
-        return $this->renderTemplate('globalSettings');
+        return $this->renderTemplate(
+            'globalSettings',
+            [
+                'commonSensitiveQueryParams' => Config::getInstance()->SitesManager['CommonPIIParams']
+            ]
+        );
     }
 
     public function getGlobalSettings()
@@ -73,6 +79,11 @@ public function getGlobalSettings()
         $globalSettings['excludedQueryParametersGlobal'] = API::getInstance()->getExcludedQueryParametersGlobal();
         $globalSettings['excludedUserAgentsGlobal'] = API::getInstance()->getExcludedUserAgentsGlobal();
         $globalSettings['excludedReferrersGlobal'] = API::getInstance()->getExcludedReferrersGlobal();
+        $globalSettings['exclusionTypeForQueryParams'] = API::getInstance()->getExclusionTypeForQueryParams();
+
+        if ($globalSettings['exclusionTypeForQueryParams'] !== 'custom_exclusions') {
+            $globalSettings['excludedQueryParametersGlobal'] = '';
+        }
 
         return $response->getResponse($globalSettings);
     }
@@ -95,16 +106,17 @@ public function setGlobalSettings()
             $searchKeywordParameters = Common::getRequestVar('searchKeywordParameters', $default = "");
             $searchCategoryParameters = Common::getRequestVar('searchCategoryParameters', $default = "");
             $keepURLFragments = Common::getRequestVar('keepURLFragments', $default = 0);
+            $exclusionTypeForQueryParams = Common::getRequestVar('exclusionTypeForQueryParams', $default = "");
 
             $api = API::getInstance();
             $api->setDefaultTimezone($timezone);
             $api->setDefaultCurrency($currency);
-            $api->setGlobalExcludedQueryParameters($excludedQueryParameters);
             $api->setGlobalExcludedIps($excludedIps);
             $api->setGlobalExcludedUserAgents($excludedUserAgents);
             $api->setGlobalExcludedReferrers($excludedReferrers);
             $api->setGlobalSearchParameters($searchKeywordParameters, $searchCategoryParameters);
             $api->setKeepURLFragmentsGlobal($keepURLFragments);
+            $api->setGlobalQueryParamExclusion($exclusionTypeForQueryParams, $excludedQueryParameters);
 
             $toReturn = $response->getResponse();
         } catch (Exception $e) {