Merge branch 'main' into improve-stampede-prevention

.github/FUNDING.yml

@@ -0,0 +1,2 @@
+
+open_collective: openmage

.github/workflows/check-files.yml

@@ -71,7 +71,7 @@ jobs:
 
       - name: Get changed files
         id: changed-files-specific
-        uses: tj-actions/changed-files@v39
+        uses: tj-actions/changed-files@v40
         with:
           files: |
             composer.*

.github/workflows/codeql-analysis.yml

@@ -43,7 +43,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
         config-file: ./.github/codeql-config.yml
@@ -58,7 +58,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      uses: github/codeql-action/autobuild@v3
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -71,6 +71,6 @@ jobs:
     #   ./location_of_script_within_repo/buildscript.sh
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3
       with:
         category: "/language:${{matrix.language}}"

.gitignore

@@ -23,6 +23,9 @@
 /app/etc/modules/Cm_RedisSession.xml
 /lib/Credis
 
+# TinyMCE library
+/js/tinymce
+
 # Add a base setup for running unit Tests with code coverage and send them to SonarCloud
 # https://github.com/OpenMage/magento-lts/pull/1836
 /dev/testfield

app/code/core/Mage/Admin/Model/Resource/Acl.php

@@ -132,7 +132,9 @@ public function loadRules(Mage_Admin_Model_Acl $acl, array $rulesArr)
                     $acl->deny($role, $resource, $privileges, $assert);
                 }
             } catch (Exception $e) {
-                Mage::logException($e);
+                if (Mage::getIsDeveloperMode()) {
+                    Mage::logException($e);
+                }
             }
         }
         return $this;

app/code/core/Mage/Adminhtml/Block/Widget/Tabs.php

@@ -123,7 +123,7 @@ public function addTab($tabId, $tab)
             }
 
             if (!($this->_tabs[$tabId] instanceof Mage_Adminhtml_Block_Widget_Tab_Interface)) {
-                throw new Exception(Mage::helper('adminhtml')->__('Wrong tab configuration.'));
+                throw new Exception(Mage::helper('adminhtml')->__('Wrong tab configuration for %s %s.', $tabId, $tab));
             }
         } else {
             throw new Exception(Mage::helper('adminhtml')->__('Wrong tab configuration.'));

app/code/core/Mage/Adminhtml/Model/System/Config/Backend/File.php

@@ -45,7 +45,7 @@ protected function _beforeSave()
                 $file['tmp_name'] = $tmpName[$this->getGroupId()]['fields'][$this->getField()]['value'];
                 $name = $_FILES['groups']['name'];
                 $file['name'] = $name[$this->getGroupId()]['fields'][$this->getField()]['value'];
-                $uploader = new Mage_Core_Model_File_Uploader($file);
+                $uploader = Mage::getModel('core/file_uploader', $file);
                 $uploader->setAllowedExtensions($this->_getAllowedExtensions());
                 $uploader->setAllowRenameFiles(true);
                 $this->addValidators($uploader);

app/code/core/Mage/Adminhtml/controllers/Catalog/Product/GalleryController.php

@@ -30,7 +30,7 @@ class Mage_Adminhtml_Catalog_Product_GalleryController extends Mage_Adminhtml_Co
     public function uploadAction()
     {
         try {
-            $uploader = new Mage_Core_Model_File_Uploader('image');
+            $uploader = Mage::getModel('core/file_uploader', 'image');
             $uploader->setAllowedExtensions(Varien_Io_File::ALLOWED_IMAGES_EXTENSIONS);
             $uploader->addValidateCallback(
                 'catalog_product_image',

app/code/core/Mage/Catalog/Helper/Product/Url.php

@@ -115,6 +115,6 @@ public function getConvertTable()
      */
     public function format($string)
     {
-        return strtr($string, $this->getConvertTable());
+        return $string === null ? '' : strtr($string, $this->getConvertTable());
     }
 }

app/code/core/Mage/Catalog/Model/Product/Attribute/Backend/Tierprice.php

@@ -51,7 +51,7 @@ public function _getWebsiteRates()
     protected function _getAdditionalUniqueFields($objectArray)
     {
         $uniqueFields = parent::_getAdditionalUniqueFields($objectArray);
-        $uniqueFields['qty'] = $objectArray['price_qty'] * 1;
+        $uniqueFields['qty'] = (float) $objectArray['price_qty'];
         return $uniqueFields;
     }
 

app/code/core/Mage/Catalog/Model/Product/Type/Grouped.php

@@ -28,7 +28,7 @@ class Mage_Catalog_Model_Product_Type_Grouped extends Mage_Catalog_Model_Product
      *
      * @var string
      */
-    protected $_keyAssociatedProducts   = '_cache_instance_associated_products';
+    protected $_keyAssociatedProducts = '_cache_instance_associated_products';
 
     /**
      * Cache key for Associated Product Ids
@@ -42,21 +42,46 @@ class Mage_Catalog_Model_Product_Type_Grouped extends Mage_Catalog_Model_Product
      *
      * @var string
      */
-    protected $_keyStatusFilters        = '_cache_instance_status_filters';
+    protected $_keyStatusFilters = '_cache_instance_status_filters';
 
     /**
      * Product is composite properties
      *
      * @var bool
      */
-    protected $_isComposite             = true;
+    protected $_isComposite = true;
 
     /**
      * Product is configurable
      *
      * @var bool
      */
-    protected $_canConfigure            = true;
+    protected $_canConfigure = true;
+
+    /**
+     * Attributes used in associated products
+     *
+     * @var string|string[]
+     */
+    protected $_attributesUsedInAssociatedProducts = '*';
+
+    /**
+     * @return string|string[]
+     */
+    public function getAttributesUsedInAssociatedProducts()
+    {
+        return $this->_attributesUsedInAssociatedProducts;
+    }
+
+    /**
+     * @param string|string[] $attribute
+     * @return $this
+     */
+    public function setAttributesUsedInAssociatedProducts($attribute)
+    {
+        $this->_attributesUsedInAssociatedProducts = $attribute;
+        return $this;
+    }
 
     /**
      * Return relation info about used products
@@ -123,7 +148,7 @@ public function getAssociatedProducts($product = null)
             }
 
             $collection = $this->getAssociatedProductCollection($product)
-                ->addAttributeToSelect('*')
+                ->addAttributeToSelect($this->getAttributesUsedInAssociatedProducts())
                 ->addFilterByRequiredOptions()
                 ->setPositionOrder()
                 ->addStoreFilter($this->getStoreFilter($product))

app/code/core/Mage/CatalogSearch/Model/Resource/Fulltext.php

@@ -761,7 +761,7 @@ protected function _getAttributeValue($attributeId, $value, $storeId)
             }
         }
 
-        $value = preg_replace("#\s+#siu", ' ', trim(strip_tags($value)));
+        $value = $value === null ? '' : preg_replace("#\s+#siu", ' ', trim(strip_tags($value)));
 
         return $value;
     }

app/code/core/Mage/Cms/Model/Wysiwyg/Images/Storage.php

@@ -274,7 +274,7 @@ public function deleteFile($target)
      */
     public function uploadFile($targetPath, $type = null)
     {
-        $uploader = new Mage_Core_Model_File_Uploader('image');
+        $uploader = Mage::getModel('core/file_uploader', 'image');
         if ($allowed = $this->getAllowedExtensions($type)) {
             $uploader->setAllowedExtensions($allowed);
         }

app/code/core/Mage/Core/Model/File/Validator/Image.php

@@ -80,6 +80,9 @@ public function validate($filePath)
     {
         list($imageWidth, $imageHeight, $fileType) = getimagesize($filePath);
         if ($fileType) {
+            if ($fileType === IMAGETYPE_ICO) {
+                return null;
+            }
             if ($this->isImageType($fileType)) {
                 // Config 'general/reprocess_images/active' is deprecated, replacement is the following:
                 $imageQuality = Mage::getStoreConfig('admin/security/reprocess_image_quality');

app/code/core/Mage/Core/Model/Resource/Db/Abstract.php

@@ -45,7 +45,7 @@ abstract class Mage_Core_Model_Resource_Db_Abstract extends Mage_Core_Model_Reso
      *
      * @var array
      */
-    protected $_connections          = [];
+    protected $_connections = [];
 
     /**
      * Resource model name that contains entities (names of tables)
@@ -59,7 +59,7 @@ abstract class Mage_Core_Model_Resource_Db_Abstract extends Mage_Core_Model_Reso
      *
      * @var array
      */
-    protected $_tables               = [];
+    protected $_tables = [];
 
     /**
      * Main table name
@@ -80,21 +80,21 @@ abstract class Mage_Core_Model_Resource_Db_Abstract extends Mage_Core_Model_Reso
      *
      * @var bool
      */
-    protected $_isPkAutoIncrement    = true;
+    protected $_isPkAutoIncrement = true;
 
     /**
      * Use is object new method for save of object
      *
      * @var bool
      */
-    protected $_useIsObjectNew       = false;
+    protected $_useIsObjectNew = false;
 
     /**
      * Fields List for update in forsedSave
      *
      * @var array
      */
-    protected $_fieldsForUpdate      = [];
+    protected $_fieldsForUpdate = [];
 
     /**
      * Fields of main table
@@ -118,7 +118,7 @@ abstract class Mage_Core_Model_Resource_Db_Abstract extends Mage_Core_Model_Reso
      *
      * @var array|null
      */
-    protected $_uniqueFields         = null;
+    protected $_uniqueFields = null;
 
     /**
      * Serializable fields declaration
@@ -132,7 +132,7 @@ abstract class Mage_Core_Model_Resource_Db_Abstract extends Mage_Core_Model_Reso
      *
      * @var array
      */
-    protected $_serializableFields   = [];
+    protected $_serializableFields = [];
 
     /**
      * Standard resource model initialization
@@ -405,8 +405,8 @@ protected function _getLoadSelect($field, $value, $object)
             throw new Exception("Column \"{$field}\" does not exist in table \"{$this->getMainTable()}\"");
         }
 
-        $value  = $this->_getReadAdapter()->prepareColumnValue($fields[$field], $value);
-        $field  = $this->_getReadAdapter()->quoteIdentifier(sprintf('%s.%s', $this->getMainTable(), $field));
+        $value = $this->_getReadAdapter()->prepareColumnValue($fields[$field], $value);
+        $field = $this->_getReadAdapter()->quoteIdentifier(sprintf('%s.%s', $this->getMainTable(), $field));
         return $this->_getReadAdapter()->select()
             ->from($this->getMainTable())
             ->where($field . '=?', $value);
@@ -644,7 +644,8 @@ protected function _checkUnique(Mage_Core_Model_Abstract $object)
                     [
                         'field' => $fields,
                         'title' => $fields
-                    ]];
+                    ]
+                ];
             }
 
             $data = new Varien_Object($this->_prepareDataForSave($object));
@@ -656,10 +657,10 @@ protected function _checkUnique(Mage_Core_Model_Abstract $object)
 
                 if (is_array($unique['field'])) {
                     foreach ($unique['field'] as $field) {
-                        $select->where($field . '=?', trim($data->getData($field)));
+                        $select->where($field . '=?', trim((string)$data->getData($field)));
                     }
                 } else {
-                    $select->where($unique['field'] . '=?', trim($data->getData($unique['field'])));
+                    $select->where($unique['field'] . '=?', trim((string)$data->getData($unique['field'])));
                 }
 
                 if ($object->getId() || $object->getId() === '0') {

app/code/core/Mage/Core/Model/Store/Group.php

@@ -124,7 +124,7 @@ protected function _loadStores()
             if ($this->getDefaultStoreId() == $storeId) {
                 $this->_defaultStore = $store;
             }
-            $this->_storesCount ++;
+            $this->_storesCount++;
         }
     }
 
@@ -145,7 +145,7 @@ public function setStores($stores)
             if ($this->getDefaultStoreId() == $storeId) {
                 $this->_defaultStore = $store;
             }
-            $this->_storesCount ++;
+            $this->_storesCount++;
         }
     }
 

app/code/core/Mage/Core/Model/Website.php

@@ -230,7 +230,7 @@ protected function _loadGroups()
             if ($this->getDefaultGroupId() == $groupId) {
                 $this->_defaultGroup = $group;
             }
-            $this->_groupsCount ++;
+            $this->_groupsCount++;
         }
     }
 
@@ -251,7 +251,7 @@ public function setGroups($groups)
             if ($this->getDefaultGroupId() == $groupId) {
                 $this->_defaultGroup = $group;
             }
-            $this->_groupsCount ++;
+            $this->_groupsCount++;
         }
         return $this;
     }
@@ -339,7 +339,7 @@ protected function _loadStores()
             if ($this->getDefaultGroup() && $this->getDefaultGroup()->getDefaultStoreId() == $storeId) {
                 $this->_defaultStore = $store;
             }
-            $this->_storesCount ++;
+            $this->_storesCount++;
         }
     }
 
@@ -360,7 +360,7 @@ public function setStores($stores)
             if ($this->getDefaultGroup() && $this->getDefaultGroup()->getDefaultStoreId() == $storeId) {
                 $this->_defaultStore = $store;
             }
-            $this->_storesCount ++;
+            $this->_storesCount++;
         }
     }
 

app/code/core/Mage/Dataflow/Model/Convert/Adapter/Http.php

@@ -24,11 +24,9 @@ class Mage_Dataflow_Model_Convert_Adapter_Http extends Mage_Dataflow_Model_Conve
     public function load()
     {
         if (!$_FILES) {
-            ?>
-<form method="POST" enctype="multipart/form-data">
-File to upload: <input type="file" name="io_file"/> <input type="submit" value="Upload"/>
-</form>
-            <?php
+            echo '<form method="POST" enctype="multipart/form-data">';
+            echo 'File to upload: <input type="file" name="io_file"/> <input type="submit" value="Upload"/>';
+            echo '</form>';
             exit;
         }
         if (!empty($_FILES['io_file']['tmp_name'])) {
@@ -52,15 +50,13 @@ public function save()
     public function loadFile()
     {
         if (!$_FILES) {
-            ?>
-<form method="POST" enctype="multipart/form-data">
-File to upload: <input type="file" name="io_file"/> <input type="submit" value="Upload"/>
-</form>
-            <?php
+            echo '<form method="POST" enctype="multipart/form-data">';
+            echo 'File to upload: <input type="file" name="io_file"/> <input type="submit" value="Upload"/>';
+            echo '</form>';
             exit;
         }
         if (!empty($_FILES['io_file']['tmp_name'])) {
-            $uploader = new Mage_Core_Model_File_Uploader('io_file');
+            $uploader = Mage::getModel('core/file_uploader', 'io_file');
             $uploader->setAllowedExtensions(['csv','xml']);
             $path = Mage::app()->getConfig()->getTempVarDir() . '/import/';
             $uploader->save($path);