The goal of this issue is to fix a security issue where the Super User token_auth can be leaked to non logged in users.

For example in my case I was not even logged in (I was anonymous user) and still, I was shown the Super User token auth!

The error that was logged while I was anonymous was: ERROR: Got invalid response from API request: http://localhost/piwik-master/index.php?module=API&method=CoreAdminHome.runScheduledTasks&format=csv&convertToUnicode=0&token_auth=9b1cefc915ff6180071fb7dcd13ec5a4&trigger=archivephp. Response was 'sendmail: fatal: open /etc/postfix/main.cf: No such file or directory task,output Piwik\Plugins\CoreAdminHome\Tasks.purgeOutdatedArchives,Time elapsed: 2.807s Piwik\Plugins\ExamplePlugin\Tasks.myTaskWithParam_anystring,Time elapsed: 0.000s Piwik\Plugins\ExamplePlugin\Tasks.myTask,Time elapsed: 0.000s Piwik\Plugins\ScheduledReports\API.sendReport_1,ERROR: An error occured while sending 'HTML Email Report - 1.2015-02-19.1.en.html' to test@test.com. Error was 'Unable to send mail. ' Piwik\Plugins\CoreAdminHome\Tasks.purgeInvalidatedArchives,Time elapsed: 0.001s Piwik\Plugins\PrivacyManager\Tasks.deleteReportData,Time elapsed: 0.002s Piwik\Plugins\PrivacyManager\Tasks.deleteLogData,Time elapsed: 0.002s Piwik\Plugins\CorePluginsAdmin\Tasks.clearAllCacheEntries,Time elapsed: 0.001s Piwik\Plugins\CorePluginsAdmin\Tasks.sendNotificationIfUpdatesAvailable,Time elapsed: 0.001s Piwik\Plugins\CoreAdminHome\Tasks.optimizeArchiveTable,Time elapsed: 0.131s Piwik\Plugins\UserCountry\GeoIPAutoUpdater.update,Time elapsed: 0.050s Piwik\Plugins\CoreUpdater\Tasks.sendNotificationIfUpdateAvailable,Time elapsed: 0.001s'

As you can see it leaks the token_auth.

This occurs because one of the scheduled task failed with an ERROR, here the error being sendmail: fatal: open /etc/postfix/main.cf: No such file or directory