diff --git a/RELEASE_NOTES.txt b/RELEASE_NOTES.txt
index 6370e241b43..0af24a0a86c 100644
--- a/RELEASE_NOTES.txt
+++ b/RELEASE_NOTES.txt
@@ -1,3 +1,13 @@
+==== 1.9.4.2 ====
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+] NOTE: Current Release Notes are maintained at: [
+] [
+] http://devdocs.magento.com/guides/m1x/ce19-ee114/ce1.9_release-notes.html [
+] [
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
==== 1.9.4.1 ====
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/app/Mage.php b/app/Mage.php
index 89b63ed6767..e2ae8a242a6 100644
--- a/app/Mage.php
+++ b/app/Mage.php
@@ -174,7 +174,7 @@ public static function getVersionInfo()
'major' => '1',
'minor' => '9',
'revision' => '4',
- 'patch' => '1',
+ 'patch' => '2',
'stability' => '',
'number' => '',
);
@@ -816,9 +816,9 @@ public static function log($message, $level = null, $file = '', $forceLog = fals
',',
(string) self::getConfig()->getNode('dev/log/allowedFileExtensions', Mage_Core_Model_Store::DEFAULT_CODE)
);
- $logValidator = new Zend_Validate_File_Extension($_allowedFileExtensions);
$logDir = self::getBaseDir('var') . DS . 'log';
- if (!$logValidator->isValid($logDir . DS . $file)) {
+ $validatedFileExtension = pathinfo($file, PATHINFO_EXTENSION);
+ if (!$validatedFileExtension || !in_array($validatedFileExtension, $_allowedFileExtensions)) {
return;
}
diff --git a/app/code/core/Mage/Admin/Model/Block.php b/app/code/core/Mage/Admin/Model/Block.php
index ba329cba205..c2ad8edc076 100644
--- a/app/code/core/Mage/Admin/Model/Block.php
+++ b/app/code/core/Mage/Admin/Model/Block.php
@@ -57,7 +57,7 @@ public function validate()
if (in_array($this->getBlockName(), $disallowedBlockNames)) {
$errors[] = Mage::helper('adminhtml')->__('Block Name is disallowed.');
}
- if (!Zend_Validate::is($this->getBlockName(), 'Regex', array('/^[-_a-zA-Z0-9\/]*$/'))) {
+ if (!Zend_Validate::is($this->getBlockName(), 'Regex', array('/^[-_a-zA-Z0-9]+\/[-_a-zA-Z0-9\/]+$/'))) {
$errors[] = Mage::helper('adminhtml')->__('Block Name is incorrect.');
}
diff --git a/app/code/core/Mage/Admin/Model/User.php b/app/code/core/Mage/Admin/Model/User.php
index eac448a7654..c6511950358 100644
--- a/app/code/core/Mage/Admin/Model/User.php
+++ b/app/code/core/Mage/Admin/Model/User.php
@@ -590,7 +590,7 @@ public function validate()
}
if ($this->userExists()) {
- $errors[] = Mage::helper('adminhtml')->__('A user with the same user name or email aleady exists.');
+ $errors[] = Mage::helper('adminhtml')->__('A user with the same user name or email already exists.');
}
if (count($errors) === 0) {
diff --git a/app/code/core/Mage/AdminNotification/etc/system.xml b/app/code/core/Mage/AdminNotification/etc/system.xml
index cd9e2b6b771..9e763d0c1ed 100644
--- a/app/code/core/Mage/AdminNotification/etc/system.xml
+++ b/app/code/core/Mage/AdminNotification/etc/system.xml
@@ -64,6 +64,15 @@
0
0
+
+
+ text
+ adminhtml/system_config_backend_protected
+ 3
+ 0
+ 0
+ 0
+
diff --git a/app/code/core/Mage/Adminhtml/Block/Api/Role/Grid/User.php b/app/code/core/Mage/Adminhtml/Block/Api/Role/Grid/User.php
index 7fa0f727569..8c2fd659fd1 100644
--- a/app/code/core/Mage/Adminhtml/Block/Api/Role/Grid/User.php
+++ b/app/code/core/Mage/Adminhtml/Block/Api/Role/Grid/User.php
@@ -157,7 +157,7 @@ public function getGridUrl()
protected function _getUsers($json=false)
{
if ( $this->getRequest()->getParam('in_role_user') != "" ) {
- return $this->getRequest()->getParam('in_role_user');
+ return (int)$this->getRequest()->getParam('in_role_user');
}
$roleId = ( $this->getRequest()->getParam('rid') > 0 ) ? $this->getRequest()->getParam('rid') : Mage::registry('RID');
$users = Mage::getModel('api/roles')->setId($roleId)->getRoleUsers();
diff --git a/app/code/core/Mage/Adminhtml/Block/Catalog/Product/Edit/Tab/Super/Config.php b/app/code/core/Mage/Adminhtml/Block/Catalog/Product/Edit/Tab/Super/Config.php
index e1c2df9407f..1c9b3f1e21a 100644
--- a/app/code/core/Mage/Adminhtml/Block/Catalog/Product/Edit/Tab/Super/Config.php
+++ b/app/code/core/Mage/Adminhtml/Block/Catalog/Product/Edit/Tab/Super/Config.php
@@ -155,6 +155,8 @@ public function getAttributesJson()
// Hide price if needed
foreach ($attributes as &$attribute) {
$attribute['label'] = $this->escapeHtml($attribute['label']);
+ $attribute['frontend_label'] = $this->escapeHtml($attribute['frontend_label']);
+ $attribute['store_label'] = $this->escapeHtml($attribute['store_label']);
if (isset($attribute['values']) && is_array($attribute['values'])) {
foreach ($attribute['values'] as &$attributeValue) {
if (!$this->getCanReadPrice()) {
diff --git a/app/code/core/Mage/Adminhtml/Block/Newsletter/Queue/Preview.php b/app/code/core/Mage/Adminhtml/Block/Newsletter/Queue/Preview.php
index ea78d5419f3..ff437b30652 100644
--- a/app/code/core/Mage/Adminhtml/Block/Newsletter/Queue/Preview.php
+++ b/app/code/core/Mage/Adminhtml/Block/Newsletter/Queue/Preview.php
@@ -50,6 +50,12 @@ protected function _toHtml()
$template->setTemplateText($this->getRequest()->getParam('text'));
$template->setTemplateStyles($this->getRequest()->getParam('styles'));
}
+ $template->setTemplateStyles(
+ $this->maliciousCodeFilter($template->getTemplateStyles())
+ );
+ $template->setTemplateText(
+ $this->maliciousCodeFilter($template->getTemplateText())
+ );
$storeId = (int)$this->getRequest()->getParam('store_id');
if(!$storeId) {
diff --git a/app/code/core/Mage/Adminhtml/Block/Newsletter/Template/Preview.php b/app/code/core/Mage/Adminhtml/Block/Newsletter/Template/Preview.php
index 2eeda67f1de..fb580619ec6 100644
--- a/app/code/core/Mage/Adminhtml/Block/Newsletter/Template/Preview.php
+++ b/app/code/core/Mage/Adminhtml/Block/Newsletter/Template/Preview.php
@@ -46,6 +46,12 @@ protected function _toHtml()
$template->setTemplateText($this->getRequest()->getParam('text'));
$template->setTemplateStyles($this->getRequest()->getParam('styles'));
}
+ $template->setTemplateStyles(
+ $this->maliciousCodeFilter($template->getTemplateStyles())
+ );
+ $template->setTemplateText(
+ $this->maliciousCodeFilter($template->getTemplateText())
+ );
$storeId = (int)$this->getRequest()->getParam('store_id');
if(!$storeId) {
diff --git a/app/code/core/Mage/Adminhtml/Block/Permissions/Role/Grid/User.php b/app/code/core/Mage/Adminhtml/Block/Permissions/Role/Grid/User.php
index 159773d347f..3b0a668aade 100644
--- a/app/code/core/Mage/Adminhtml/Block/Permissions/Role/Grid/User.php
+++ b/app/code/core/Mage/Adminhtml/Block/Permissions/Role/Grid/User.php
@@ -157,7 +157,7 @@ public function getGridUrl()
protected function _getUsers($json=false)
{
if ( $this->getRequest()->getParam('in_role_user') != "" ) {
- return $this->getRequest()->getParam('in_role_user');
+ return (int)$this->getRequest()->getParam('in_role_user');
}
$roleId = ( $this->getRequest()->getParam('rid') > 0 ) ? $this->getRequest()->getParam('rid') : Mage::registry('RID');
$users = Mage::getModel('admin/roles')->setId($roleId)->getRoleUsers();
diff --git a/app/code/core/Mage/Adminhtml/Block/Sales/Creditmemo/Grid.php b/app/code/core/Mage/Adminhtml/Block/Sales/Creditmemo/Grid.php
index d81c515c841..4c0001f271e 100644
--- a/app/code/core/Mage/Adminhtml/Block/Sales/Creditmemo/Grid.php
+++ b/app/code/core/Mage/Adminhtml/Block/Sales/Creditmemo/Grid.php
@@ -76,6 +76,7 @@ protected function _prepareColumns()
'header' => Mage::helper('sales')->__('Order #'),
'index' => 'order_increment_id',
'type' => 'text',
+ 'escape' => true,
));
$this->addColumn('order_created_at', array(
diff --git a/app/code/core/Mage/Adminhtml/Block/Sales/Invoice/Grid.php b/app/code/core/Mage/Adminhtml/Block/Sales/Invoice/Grid.php
index c8a6598c76e..59c38a1e3bc 100644
--- a/app/code/core/Mage/Adminhtml/Block/Sales/Invoice/Grid.php
+++ b/app/code/core/Mage/Adminhtml/Block/Sales/Invoice/Grid.php
@@ -77,6 +77,7 @@ protected function _prepareColumns()
'header' => Mage::helper('sales')->__('Order #'),
'index' => 'order_increment_id',
'type' => 'text',
+ 'escape' => true,
));
$this->addColumn('order_created_at', array(
diff --git a/app/code/core/Mage/Adminhtml/Block/Sales/Order/Create/Header.php b/app/code/core/Mage/Adminhtml/Block/Sales/Order/Create/Header.php
index 9b18cba2ef2..169c8d618f5 100644
--- a/app/code/core/Mage/Adminhtml/Block/Sales/Order/Create/Header.php
+++ b/app/code/core/Mage/Adminhtml/Block/Sales/Order/Create/Header.php
@@ -34,7 +34,10 @@ class Mage_Adminhtml_Block_Sales_Order_Create_Header extends Mage_Adminhtml_Bloc
protected function _toHtml()
{
if ($this->_getSession()->getOrder()->getId()) {
- return '
'.Mage::helper('sales')->__('Edit Order #%s', $this->_getSession()->getOrder()->getIncrementId()).'
';
+ return '' . Mage::helper('sales')->__(
+ 'Edit Order #%s',
+ $this->escapeHtml($this->_getSession()->getOrder()->getIncrementId())
+ ) . '
';
}
$customerId = $this->getCustomerId();
diff --git a/app/code/core/Mage/Adminhtml/Block/Sales/Order/Creditmemo/Create.php b/app/code/core/Mage/Adminhtml/Block/Sales/Order/Creditmemo/Create.php
index e1e1c5b5ce0..a742055279d 100644
--- a/app/code/core/Mage/Adminhtml/Block/Sales/Order/Creditmemo/Create.php
+++ b/app/code/core/Mage/Adminhtml/Block/Sales/Order/Creditmemo/Create.php
@@ -67,10 +67,15 @@ public function getCreditmemo()
public function getHeaderText()
{
if ($this->getCreditmemo()->getInvoice()) {
- $header = Mage::helper('sales')->__('New Credit Memo for Invoice #%s', $this->getCreditmemo()->getInvoice()->getIncrementId());
- }
- else {
- $header = Mage::helper('sales')->__('New Credit Memo for Order #%s', $this->getCreditmemo()->getOrder()->getRealOrderId());
+ $header = Mage::helper('sales')->__(
+ 'New Credit Memo for Invoice #%s',
+ $this->escapeHtml($this->getCreditmemo()->getInvoice()->getIncrementId())
+ );
+ } else {
+ $header = Mage::helper('sales')->__(
+ 'New Credit Memo for Order #%s',
+ $this->escapeHtml($this->getCreditmemo()->getOrder()->getRealOrderId())
+ );
}
return $header;
diff --git a/app/code/core/Mage/Adminhtml/Block/Sales/Order/Grid.php b/app/code/core/Mage/Adminhtml/Block/Sales/Order/Grid.php
index 43ba9cd9f72..97877477976 100644
--- a/app/code/core/Mage/Adminhtml/Block/Sales/Order/Grid.php
+++ b/app/code/core/Mage/Adminhtml/Block/Sales/Order/Grid.php
@@ -65,10 +65,11 @@ protected function _prepareColumns()
{
$this->addColumn('real_order_id', array(
- 'header'=> Mage::helper('sales')->__('Order #'),
- 'width' => '80px',
- 'type' => 'text',
- 'index' => 'increment_id',
+ 'header' => Mage::helper('sales')->__('Order #'),
+ 'width' => '80px',
+ 'type' => 'text',
+ 'index' => 'increment_id',
+ 'escape' => true,
));
if (!Mage::app()->isSingleStoreMode()) {
diff --git a/app/code/core/Mage/Adminhtml/Block/Sales/Order/Invoice/Create.php b/app/code/core/Mage/Adminhtml/Block/Sales/Order/Invoice/Create.php
index b3a152d7972..3528bebd70c 100644
--- a/app/code/core/Mage/Adminhtml/Block/Sales/Order/Invoice/Create.php
+++ b/app/code/core/Mage/Adminhtml/Block/Sales/Order/Invoice/Create.php
@@ -64,8 +64,14 @@ public function getInvoice()
public function getHeaderText()
{
return ($this->getInvoice()->getOrder()->getForcedDoShipmentWithInvoice())
- ? Mage::helper('sales')->__('New Invoice and Shipment for Order #%s', $this->getInvoice()->getOrder()->getRealOrderId())
- : Mage::helper('sales')->__('New Invoice for Order #%s', $this->getInvoice()->getOrder()->getRealOrderId());
+ ? Mage::helper('sales')->__(
+ 'New Invoice and Shipment for Order #%s',
+ $this->escapeHtml($this->getInvoice()->getOrder()->getRealOrderId())
+ )
+ : Mage::helper('sales')->__(
+ 'New Invoice for Order #%s',
+ $this->escapeHtml($this->getInvoice()->getOrder()->getRealOrderId())
+ );
}
/**
diff --git a/app/code/core/Mage/Adminhtml/Block/Sales/Order/Shipment/Create.php b/app/code/core/Mage/Adminhtml/Block/Sales/Order/Shipment/Create.php
index e39ee02e57f..21e581a87cf 100644
--- a/app/code/core/Mage/Adminhtml/Block/Sales/Order/Shipment/Create.php
+++ b/app/code/core/Mage/Adminhtml/Block/Sales/Order/Shipment/Create.php
@@ -59,7 +59,10 @@ public function getShipment()
public function getHeaderText()
{
- $header = Mage::helper('sales')->__('New Shipment for Order #%s', $this->getShipment()->getOrder()->getRealOrderId());
+ $header = Mage::helper('sales')->__(
+ 'New Shipment for Order #%s',
+ $this->escapeHtml($this->getShipment()->getOrder()->getRealOrderId())
+ );
return $header;
}
diff --git a/app/code/core/Mage/Adminhtml/Block/Sales/Order/View.php b/app/code/core/Mage/Adminhtml/Block/Sales/Order/View.php
index 0af75c74930..ea97b9890d2 100644
--- a/app/code/core/Mage/Adminhtml/Block/Sales/Order/View.php
+++ b/app/code/core/Mage/Adminhtml/Block/Sales/Order/View.php
@@ -315,6 +315,16 @@ public function getReviewPaymentUrl($action)
{
return $this->getUrl('*/*/reviewPayment', array('action' => $action));
}
+
+ /**
+ * Return header for view grid
+ *
+ * @return string
+ */
+ public function getHeaderHtml()
+ {
+ return '';
+ }
//
// /**
// * Return URL for accept payment action
diff --git a/app/code/core/Mage/Adminhtml/Block/Sales/Shipment/Grid.php b/app/code/core/Mage/Adminhtml/Block/Sales/Shipment/Grid.php
index 0676cb14263..10324e57613 100644
--- a/app/code/core/Mage/Adminhtml/Block/Sales/Shipment/Grid.php
+++ b/app/code/core/Mage/Adminhtml/Block/Sales/Shipment/Grid.php
@@ -88,6 +88,7 @@ protected function _prepareColumns()
'header' => Mage::helper('sales')->__('Order #'),
'index' => 'order_increment_id',
'type' => 'text',
+ 'escape' => true,
));
$this->addColumn('order_created_at', array(
diff --git a/app/code/core/Mage/Adminhtml/Block/Sales/Transactions/Grid.php b/app/code/core/Mage/Adminhtml/Block/Sales/Transactions/Grid.php
index cc107f68fec..5559512c70d 100644
--- a/app/code/core/Mage/Adminhtml/Block/Sales/Transactions/Grid.php
+++ b/app/code/core/Mage/Adminhtml/Block/Sales/Transactions/Grid.php
@@ -82,7 +82,8 @@ protected function _prepareColumns()
$this->addColumn('increment_id', array(
'header' => Mage::helper('sales')->__('Order ID'),
'index' => 'increment_id',
- 'type' => 'text'
+ 'type' => 'text',
+ 'escape' => true,
));
$this->addColumn('txn_id', array(
diff --git a/app/code/core/Mage/Adminhtml/Block/System/Email/Template/Preview.php b/app/code/core/Mage/Adminhtml/Block/System/Email/Template/Preview.php
index 4b02ec03e96..03b732bf20f 100644
--- a/app/code/core/Mage/Adminhtml/Block/System/Email/Template/Preview.php
+++ b/app/code/core/Mage/Adminhtml/Block/System/Email/Template/Preview.php
@@ -58,11 +58,12 @@ protected function _toHtml()
$template->setTemplateStyles($this->getRequest()->getParam('styles'));
}
- /* @var $filter Mage_Core_Model_Input_Filter_MaliciousCode */
- $filter = Mage::getSingleton('core/input_filter_maliciousCode');
+ $template->setTemplateStyles(
+ $this->maliciousCodeFilter($template->getTemplateStyles())
+ );
$template->setTemplateText(
- $filter->filter($template->getTemplateText())
+ $this->maliciousCodeFilter($template->getTemplateText())
);
Varien_Profiler::start("email_template_proccessing");
diff --git a/app/code/core/Mage/Adminhtml/Block/Template.php b/app/code/core/Mage/Adminhtml/Block/Template.php
index 08201f1a316..5629a4b9b5c 100644
--- a/app/code/core/Mage/Adminhtml/Block/Template.php
+++ b/app/code/core/Mage/Adminhtml/Block/Template.php
@@ -80,4 +80,15 @@ protected function _toHtml()
Mage::dispatchEvent('adminhtml_block_html_before', array('block' => $this));
return parent::_toHtml();
}
+
+ /**
+ * Deleting script tags from string
+ *
+ * @param string $html
+ * @return string
+ */
+ public function maliciousCodeFilter($html)
+ {
+ return Mage::getSingleton('core/input_filter_maliciousCode')->filter($html);
+ }
}
diff --git a/app/code/core/Mage/Adminhtml/Block/Widget/Grid/Column/Renderer/Abstract.php b/app/code/core/Mage/Adminhtml/Block/Widget/Grid/Column/Renderer/Abstract.php
index e884e05cff1..05ce8fdc843 100644
--- a/app/code/core/Mage/Adminhtml/Block/Widget/Grid/Column/Renderer/Abstract.php
+++ b/app/code/core/Mage/Adminhtml/Block/Widget/Grid/Column/Renderer/Abstract.php
@@ -114,9 +114,9 @@ public function renderHeader()
}
$out = ''
- . $this->getColumn()->getHeader().'';
+ . $this->escapeHtml($this->getColumn()->getHeader()) . '';
} else {
- $out = $this->getColumn()->getHeader();
+ $out = $this->escapeHtml($this->getColumn()->getHeader());
}
return $out;
}
diff --git a/app/code/core/Mage/Adminhtml/Model/LayoutUpdate/Validator.php b/app/code/core/Mage/Adminhtml/Model/LayoutUpdate/Validator.php
index 513fc9c3b77..2a160e9d52e 100644
--- a/app/code/core/Mage/Adminhtml/Model/LayoutUpdate/Validator.php
+++ b/app/code/core/Mage/Adminhtml/Model/LayoutUpdate/Validator.php
@@ -180,8 +180,11 @@ protected function _getXpathValidationExpression() {
protected function _getXpathBlockValidationExpression() {
$xpath = "";
if (count($this->_disallowedBlock)) {
- $xpath = "//block[@type='";
- $xpath .= implode("'] | //block[@type='", $this->_disallowedBlock) . "']";
+ foreach ($this->_disallowedBlock as $key => $value) {
+ $xpath .= $key > 0 ? " | " : '';
+ $xpath .= "//block[translate(@type, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz') = ";
+ $xpath .= "translate('$value', 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz')]";
+ }
}
return $xpath;
}
diff --git a/app/code/core/Mage/Adminhtml/Model/System/Config/Backend/Baseurl.php b/app/code/core/Mage/Adminhtml/Model/System/Config/Backend/Baseurl.php
index 55537c27b44..7247bf98d72 100644
--- a/app/code/core/Mage/Adminhtml/Model/System/Config/Backend/Baseurl.php
+++ b/app/code/core/Mage/Adminhtml/Model/System/Config/Backend/Baseurl.php
@@ -36,6 +36,8 @@ protected function _beforeSave()
$parsedUrl = parse_url($value);
if (!isset($parsedUrl['scheme']) || !isset($parsedUrl['host'])) {
Mage::throwException(Mage::helper('core')->__('The %s you entered is invalid. Please make sure that it follows "http://domain.com/" format.', $this->getFieldConfig()->label));
+ } elseif (('https' != $parsedUrl['scheme']) && ('http' != $parsedUrl['scheme'])) {
+ Mage::throwException(Mage::helper('core')->__('Invalid URL scheme.'));
}
}
diff --git a/app/code/core/Mage/Adminhtml/Model/System/Config/Backend/Locale.php b/app/code/core/Mage/Adminhtml/Model/System/Config/Backend/Locale.php
index 9ec0be200d2..04dcfd81348 100644
--- a/app/code/core/Mage/Adminhtml/Model/System/Config/Backend/Locale.php
+++ b/app/code/core/Mage/Adminhtml/Model/System/Config/Backend/Locale.php
@@ -34,6 +34,27 @@
*/
class Mage_Adminhtml_Model_System_Config_Backend_Locale extends Mage_Core_Model_Config_Data
{
+ /**
+ * Validate data before save data
+ *
+ * @return Mage_Core_Model_Abstract
+ * @throws Mage_Core_Exception
+ */
+ protected function _beforeSave()
+ {
+ $allCurrenciesOptions = Mage::getSingleton('adminhtml/system_config_source_locale_currency_all')
+ ->toOptionArray(true);
+
+ $allCurrenciesValues = array_column($allCurrenciesOptions, 'value');
+
+ foreach ($this->getValue() as $currency) {
+ if (!in_array($currency, $allCurrenciesValues)) {
+ Mage::throwException(Mage::helper('adminhtml')->__('Currency doesn\'t exist.'));
+ }
+ }
+
+ return parent::_beforeSave();
+ }
/**
* Enter description here...
diff --git a/app/code/core/Mage/Adminhtml/Model/System/Config/Backend/Serialized/Array.php b/app/code/core/Mage/Adminhtml/Model/System/Config/Backend/Serialized/Array.php
index fef80eadac6..a4529e42c4b 100644
--- a/app/code/core/Mage/Adminhtml/Model/System/Config/Backend/Serialized/Array.php
+++ b/app/code/core/Mage/Adminhtml/Model/System/Config/Backend/Serialized/Array.php
@@ -31,11 +31,19 @@
class Mage_Adminhtml_Model_System_Config_Backend_Serialized_Array extends Mage_Adminhtml_Model_System_Config_Backend_Serialized
{
/**
- * Unset array element with '__empty' key
+ * Check object existence in incoming data and unset array element with '__empty' key
*
+ * @throws Mage_Core_Exception
+ * @return void
*/
protected function _beforeSave()
{
+ try {
+ Mage::helper('core/unserializeArray')->unserialize(serialize($this->getValue()));
+ } catch (Exception $e) {
+ Mage::throwException(Mage::helper('adminhtml')->__('Serialized data is incorrect'));
+ }
+
$value = $this->getValue();
if (is_array($value)) {
unset($value['__empty']);
diff --git a/app/code/core/Mage/Adminhtml/controllers/Catalog/Product/AttributeController.php b/app/code/core/Mage/Adminhtml/controllers/Catalog/Product/AttributeController.php
index 43cf415a701..c390a873e9a 100644
--- a/app/code/core/Mage/Adminhtml/controllers/Catalog/Product/AttributeController.php
+++ b/app/code/core/Mage/Adminhtml/controllers/Catalog/Product/AttributeController.php
@@ -172,6 +172,7 @@ protected function _filterPostData($data)
/** @var $helperCatalog Mage_Catalog_Helper_Data */
$helperCatalog = Mage::helper('catalog');
//labels
+ $data['frontend_label'] = (array) $data['frontend_label'];
foreach ($data['frontend_label'] as & $value) {
if ($value) {
$value = $helperCatalog->stripTags($value);
diff --git a/app/code/core/Mage/Adminhtml/controllers/Catalog/Product/ReviewController.php b/app/code/core/Mage/Adminhtml/controllers/Catalog/Product/ReviewController.php
index 4e5a97a415c..1976d3aba19 100644
--- a/app/code/core/Mage/Adminhtml/controllers/Catalog/Product/ReviewController.php
+++ b/app/code/core/Mage/Adminhtml/controllers/Catalog/Product/ReviewController.php
@@ -41,6 +41,17 @@ class Mage_Adminhtml_Catalog_Product_ReviewController extends Mage_Adminhtml_Con
*/
protected $_publicActions = array('edit');
+ /**
+ * Controller predispatch method
+ *
+ * @return Mage_Adminhtml_Controller_Action
+ */
+ public function preDispatch()
+ {
+ $this->_setForcedFormKeyActions(array('delete', 'massDelete'));
+ return parent::preDispatch();
+ }
+
public function indexAction()
{
$this->_title($this->__('Catalog'))
diff --git a/app/code/core/Mage/Adminhtml/controllers/Catalog/ProductController.php b/app/code/core/Mage/Adminhtml/controllers/Catalog/ProductController.php
index a38dd91f03e..264f7f3d804 100644
--- a/app/code/core/Mage/Adminhtml/controllers/Catalog/ProductController.php
+++ b/app/code/core/Mage/Adminhtml/controllers/Catalog/ProductController.php
@@ -550,7 +550,7 @@ public function validateAction()
catch (Mage_Eav_Model_Entity_Attribute_Exception $e) {
$response->setError(true);
$response->setAttribute($e->getAttributeCode());
- $response->setMessage($e->getMessage());
+ $response->setMessage(Mage::helper('core')->escapeHtml($e->getMessage()));
} catch (Mage_Core_Exception $e) {
$response->setError(true);
$response->setMessage($e->getMessage());
diff --git a/app/code/core/Mage/Adminhtml/controllers/Checkout/AgreementController.php b/app/code/core/Mage/Adminhtml/controllers/Checkout/AgreementController.php
index 98afaa24008..8eaa1642fc7 100644
--- a/app/code/core/Mage/Adminhtml/controllers/Checkout/AgreementController.php
+++ b/app/code/core/Mage/Adminhtml/controllers/Checkout/AgreementController.php
@@ -33,6 +33,17 @@
*/
class Mage_Adminhtml_Checkout_AgreementController extends Mage_Adminhtml_Controller_Action
{
+ /**
+ * Controller predispatch method
+ *
+ * @return Mage_Adminhtml_Controller_Action
+ */
+ public function preDispatch()
+ {
+ $this->_setForcedFormKeyActions('delete');
+ return parent::preDispatch();
+ }
+
public function indexAction()
{
$this->_title($this->__('Sales'))->_title($this->__('Terms and Conditions'));
diff --git a/app/code/core/Mage/Adminhtml/controllers/Newsletter/TemplateController.php b/app/code/core/Mage/Adminhtml/controllers/Newsletter/TemplateController.php
index ed546c5210e..c28df8c1928 100644
--- a/app/code/core/Mage/Adminhtml/controllers/Newsletter/TemplateController.php
+++ b/app/code/core/Mage/Adminhtml/controllers/Newsletter/TemplateController.php
@@ -167,6 +167,11 @@ public function saveAction ()
}
try {
+ $allowedHtmlTags = ['text', 'styles'];
+ if (Mage::helper('adminhtml')->hasTags($request->getParams(), $allowedHtmlTags)) {
+ Mage::throwException(Mage::helper('adminhtml')->__('Invalid template data.'));
+ }
+
$template->addData($request->getParams())
->setTemplateSubject($request->getParam('subject'))
->setTemplateCode($request->getParam('code'))
diff --git a/app/code/core/Mage/Adminhtml/controllers/Promo/CatalogController.php b/app/code/core/Mage/Adminhtml/controllers/Promo/CatalogController.php
index 9962530a8ad..1156592c362 100644
--- a/app/code/core/Mage/Adminhtml/controllers/Promo/CatalogController.php
+++ b/app/code/core/Mage/Adminhtml/controllers/Promo/CatalogController.php
@@ -133,6 +133,9 @@ public function saveAction()
array('request' => $this->getRequest())
);
$data = $this->getRequest()->getPost();
+ if (Mage::helper('adminhtml')->hasTags($data['rule'], array('attribute'), false)) {
+ Mage::throwException(Mage::helper('catalogrule')->__('Wrong rule specified'));
+ }
$data = $this->_filterDates($data, array('from_date', 'to_date'));
if ($id = $this->getRequest()->getParam('rule_id')) {
$model->load($id);
diff --git a/app/code/core/Mage/Adminhtml/controllers/Promo/QuoteController.php b/app/code/core/Mage/Adminhtml/controllers/Promo/QuoteController.php
index e9b61cb1f0e..28c77cb832f 100644
--- a/app/code/core/Mage/Adminhtml/controllers/Promo/QuoteController.php
+++ b/app/code/core/Mage/Adminhtml/controllers/Promo/QuoteController.php
@@ -133,6 +133,9 @@ public function saveAction()
'adminhtml_controller_salesrule_prepare_save',
array('request' => $this->getRequest()));
$data = $this->getRequest()->getPost();
+ if (Mage::helper('adminhtml')->hasTags($data['rule'], array('attribute'), false)) {
+ Mage::throwException(Mage::helper('catalogrule')->__('Wrong rule specified'));
+ }
$data = $this->_filterDates($data, array('from_date', 'to_date'));
$id = $this->getRequest()->getParam('rule_id');
if ($id) {
diff --git a/app/code/core/Mage/Adminhtml/controllers/Sales/Order/CreateController.php b/app/code/core/Mage/Adminhtml/controllers/Sales/Order/CreateController.php
index 5ac307901c9..c8ee9a9915b 100644
--- a/app/code/core/Mage/Adminhtml/controllers/Sales/Order/CreateController.php
+++ b/app/code/core/Mage/Adminhtml/controllers/Sales/Order/CreateController.php
@@ -151,6 +151,13 @@ protected function _processActionData($action = null)
* Saving order data
*/
if ($data = $this->getRequest()->getPost('order')) {
+ if (
+ array_key_exists('comment', $data)
+ && array_key_exists('reserved_order_id', $data['comment'])
+ ) {
+ unset($data['comment']['reserved_order_id']);
+ }
+
$this->_getOrderCreateModel()->importPostData($data);
}
@@ -477,10 +484,20 @@ public function cancelAction()
/**
* Saving quote and create order
+ *
+ * @throws Mage_Core_Exception
*/
public function saveAction()
{
try {
+ $orderData = $this->getRequest()->getPost('order');
+ if (
+ array_key_exists('reserved_order_id', $orderData['comment'])
+ && Mage::helper('adminhtml/sales')->hasTags($orderData['comment']['reserved_order_id'])
+ ) {
+ Mage::throwException($this->__('Invalid order data.'));
+ }
+
$this->_processActionData('save');
$paymentData = $this->getRequest()->getPost('payment');
if ($paymentData) {
diff --git a/app/code/core/Mage/Adminhtml/controllers/SitemapController.php b/app/code/core/Mage/Adminhtml/controllers/SitemapController.php
index 9aba874d1a1..ec41ff12322 100644
--- a/app/code/core/Mage/Adminhtml/controllers/SitemapController.php
+++ b/app/code/core/Mage/Adminhtml/controllers/SitemapController.php
@@ -33,6 +33,11 @@
*/
class Mage_Adminhtml_SitemapController extends Mage_Adminhtml_Controller_Action
{
+ /**
+ * Maximum sitemap name length
+ */
+ const MAXIMUM_SITEMAP_NAME_LENGTH = 32;
+
/**
* Controller predispatch method
*
@@ -141,6 +146,19 @@ public function saveAction()
if (!empty($data['sitemap_filename']) && !empty($data['sitemap_path'])) {
$path = rtrim($data['sitemap_path'], '\\/')
. DS . $data['sitemap_filename'];
+
+ // check filename length
+ if (strlen($data['sitemap_filename']) > self::MAXIMUM_SITEMAP_NAME_LENGTH) {
+ Mage::getSingleton('adminhtml/session')->addError(
+ Mage::helper('sitemap')->__(
+ 'Please enter a sitemap name with at most %s characters.',
+ self::MAXIMUM_SITEMAP_NAME_LENGTH
+ ));
+ $this->_redirect('*/*/edit', array(
+ 'sitemap_id' => $this->getRequest()->getParam('sitemap_id')
+ ));
+ return;
+ }
/** @var $validator Mage_Core_Model_File_Validator_AvailablePath */
$validator = Mage::getModel('core/file_validator_availablePath');
/** @var $helper Mage_Adminhtml_Helper_Catalog */
diff --git a/app/code/core/Mage/Adminhtml/controllers/System/Email/TemplateController.php b/app/code/core/Mage/Adminhtml/controllers/System/Email/TemplateController.php
index 2bd9f964bba..4e3de6cbbe6 100644
--- a/app/code/core/Mage/Adminhtml/controllers/System/Email/TemplateController.php
+++ b/app/code/core/Mage/Adminhtml/controllers/System/Email/TemplateController.php
@@ -111,6 +111,8 @@ public function editAction()
/**
* Save action
+ *
+ * @throws Mage_Core_Exception
*/
public function saveAction()
{
@@ -127,6 +129,11 @@ public function saveAction()
}
try {
+ $allowedHtmlTags = ['template_text', 'styles'];
+ if (Mage::helper('adminhtml')->hasTags($request->getParams(), $allowedHtmlTags)) {
+ Mage::throwException(Mage::helper('adminhtml')->__('Invalid template data.'));
+ }
+
$template->setTemplateSubject($request->getParam('template_subject'))
->setTemplateCode($request->getParam('template_code'))
->setTemplateText($request->getParam('template_text'))
diff --git a/app/code/core/Mage/Authorizenet/Model/Directpost.php b/app/code/core/Mage/Authorizenet/Model/Directpost.php
index 5db0addee0e..196f6d1082e 100644
--- a/app/code/core/Mage/Authorizenet/Model/Directpost.php
+++ b/app/code/core/Mage/Authorizenet/Model/Directpost.php
@@ -389,9 +389,11 @@ public function setResponseData(array $postData)
public function validateResponse()
{
$response = $this->getResponse();
- //md5 check
- if (!$this->getConfigData('trans_md5') || !$this->getConfigData('login') ||
- !$response->isValidHash($this->getConfigData('trans_md5'), $this->getConfigData('login'))
+ $hashConfigKey = !empty($response->getData('x_SHA2_Hash')) ? 'signature_key' : 'trans_md5';
+
+ //hash check
+ if (!$this->getConfigData($hashConfigKey)
+ || !$response->isValidHash($this->getConfigData($hashConfigKey), $this->getConfigData('login'))
) {
Mage::throwException(
Mage::helper('authorizenet')->__('Response hash validation failed. Transaction declined.')
@@ -499,7 +501,7 @@ public function checkResponseCode()
*/
public function checkTransId()
{
- if (!$this->getResponse()->getXTransId()) {
+ if (!$this->getResponse()->getXTransId() && ('0' !== $this->getResponse()->getXTransId())) {
Mage::throwException(
Mage::helper('authorizenet')->__('Payment authorization error. Transacion id is empty.')
);
diff --git a/app/code/core/Mage/Authorizenet/Model/Directpost/Request.php b/app/code/core/Mage/Authorizenet/Model/Directpost/Request.php
index a8f85f9529b..09d5831e26c 100644
--- a/app/code/core/Mage/Authorizenet/Model/Directpost/Request.php
+++ b/app/code/core/Mage/Authorizenet/Model/Directpost/Request.php
@@ -35,9 +35,16 @@ class Mage_Authorizenet_Model_Directpost_Request extends Varien_Object
{
protected $_transKey = null;
+ /**
+ * Hexadecimal signature key.
+ *
+ * @var string
+ */
+ protected $_signatureKey = '';
+
/**
* Return merchant transaction key.
- * Needed to generate sign.
+ * Needed to generate MD5 sign.
*
* @return string
*/
@@ -48,7 +55,7 @@ protected function _getTransactionKey()
/**
* Set merchant transaction key.
- * Needed to generate sign.
+ * Needed to generate MD5 sign.
*
* @param string $transKey
* @return Mage_Authorizenet_Model_Directpost_Request
@@ -60,7 +67,7 @@ protected function _setTransactionKey($transKey)
}
/**
- * Generates the fingerprint for request.
+ * Generates the MD5 fingerprint for request.
*
* @param string $merchantApiLoginId
* @param string $merchantTransactionKey
@@ -73,19 +80,19 @@ public function generateRequestSign($merchantApiLoginId, $merchantTransactionKey
{
if (phpversion() >= '5.1.2') {
return hash_hmac("md5",
- $merchantApiLoginId . "^" .
- $fpSequence . "^" .
- $fpTimestamp . "^" .
- $amount . "^" .
+ $merchantApiLoginId . '^' .
+ $fpSequence . '^' .
+ $fpTimestamp . '^' .
+ $amount . '^' .
$currencyCode, $merchantTransactionKey
);
}
return bin2hex(mhash(MHASH_MD5,
- $merchantApiLoginId . "^" .
- $fpSequence . "^" .
- $fpTimestamp . "^" .
- $amount . "^" .
+ $merchantApiLoginId . '^' .
+ $fpSequence . '^' .
+ $fpTimestamp . '^' .
+ $amount . '^' .
$currencyCode, $merchantTransactionKey
));
}
@@ -110,6 +117,7 @@ public function setConstantData(Mage_Authorizenet_Model_Directpost $paymentMetho
->setXRelayUrl($paymentMethod->getRelayUrl());
$this->_setTransactionKey($paymentMethod->getConfigData('trans_key'));
+ $this->_setSignatureKey($paymentMethod->getConfigData('signature_key'));
return $this;
}
@@ -178,16 +186,76 @@ public function setDataFromOrder(Mage_Sales_Model_Order $order, Mage_Authorizene
public function signRequestData()
{
$fpTimestamp = time();
- $hash = $this->generateRequestSign(
- $this->getXLogin(),
- $this->_getTransactionKey(),
- $this->getXAmount(),
- $this->getXCurrencyCode(),
- $this->getXFpSequence(),
- $fpTimestamp
- );
+ if (!empty($this->_getSignatureKey())) {
+ $hash = $this->_generateSha2RequestSign(
+ $this->getXLogin(),
+ $this->_getSignatureKey(),
+ $this->getXAmount(),
+ $this->getXCurrencyCode(),
+ $this->getXFpSequence(),
+ $fpTimestamp
+ );
+ } else {
+ $hash = $this->generateRequestSign(
+ $this->getXLogin(),
+ $this->_getTransactionKey(),
+ $this->getXAmount(),
+ $this->getXCurrencyCode(),
+ $this->getXFpSequence(),
+ $fpTimestamp
+ );
+ }
$this->setXFpTimestamp($fpTimestamp);
$this->setXFpHash($hash);
return $this;
}
+
+ /**
+ * Generates the SHA2 fingerprint for request.
+ *
+ * @param string $merchantApiLoginId
+ * @param string $merchantSignatureKey
+ * @param string $amount
+ * @param string $currencyCode
+ * @param string $fpSequence An invoice number or random number.
+ * @param string $fpTimestamp
+ * @return string The fingerprint.
+ */
+ protected function _generateSha2RequestSign(
+ $merchantApiLoginId,
+ $merchantSignatureKey,
+ $amount,
+ $currencyCode,
+ $fpSequence,
+ $fpTimestamp
+ ) {
+ $message = $merchantApiLoginId . '^' . $fpSequence . '^' . $fpTimestamp . '^' . $amount . '^' . $currencyCode;
+
+ return strtoupper(hash_hmac('sha512', $message, pack('H*', $merchantSignatureKey)));
+ }
+
+ /**
+ * Return merchant hexadecimal signature key.
+ *
+ * Needed to generate SHA2 sign.
+ *
+ * @return string
+ */
+ protected function _getSignatureKey()
+ {
+ return $this->_signatureKey;
+ }
+
+ /**
+ * Set merchant hexadecimal signature key.
+ *
+ * Needed to generate SHA2 sign.
+ *
+ * @param string $signatureKey
+ * @return void
+ */
+ protected function _setSignatureKey($signatureKey)
+ {
+ $this->_signatureKey = $signatureKey;
+ }
}
diff --git a/app/code/core/Mage/Authorizenet/Model/Directpost/Response.php b/app/code/core/Mage/Authorizenet/Model/Directpost/Response.php
index 00cc05e81bb..98bc80dc870 100644
--- a/app/code/core/Mage/Authorizenet/Model/Directpost/Response.php
+++ b/app/code/core/Mage/Authorizenet/Model/Directpost/Response.php
@@ -44,23 +44,31 @@ class Mage_Authorizenet_Model_Directpost_Response extends Varien_Object
*/
public function generateHash($merchantMd5, $merchantApiLogin, $amount, $transactionId)
{
- if (!$amount) {
- $amount = '0.00';
- }
return strtoupper(md5($merchantMd5 . $merchantApiLogin . $transactionId . $amount));
}
/**
* Return if is valid order id.
*
- * @param string $merchantMd5
+ * @param string $storedHash
* @param string $merchantApiLogin
* @return bool
*/
- public function isValidHash($merchantMd5, $merchantApiLogin)
+ public function isValidHash($storedHash, $merchantApiLogin)
{
- return $this->generateHash($merchantMd5, $merchantApiLogin, $this->getXAmount(), $this->getXTransId())
- == $this->getData('x_MD5_Hash');
+ if (empty($this->getData('x_amount'))) {
+ $this->setData('x_amount', '0.00');
+ }
+
+ if (!empty($this->getData('x_SHA2_Hash'))) {
+ $hash = $this->generateSha2Hash($storedHash);
+ return $hash == $this->getData('x_SHA2_Hash');
+ } elseif (!empty($this->getData('x_MD5_Hash'))) {
+ $hash = $this->generateHash($storedHash, $merchantApiLogin, $this->getXAmount(), $this->getXTransId());
+ return $hash == $this->getData('x_MD5_Hash');
+ }
+
+ return false;
}
/**
@@ -72,4 +80,82 @@ public function isApproved()
{
return $this->getXResponseCode() == Mage_Authorizenet_Model_Directpost::RESPONSE_CODE_APPROVED;
}
+
+ /**
+ * Generates an SHA2 hash to compare against AuthNet's.
+ *
+ * @param string $signatureKey
+ * @return string
+ * @see https://support.authorize.net/s/article/MD5-Hash-End-of-Life-Signature-Key-Replacement
+ */
+ public function generateSha2Hash($signatureKey)
+ {
+ $hashFields = [
+ 'x_trans_id',
+ 'x_test_request',
+ 'x_response_code',
+ 'x_auth_code',
+ 'x_cvv2_resp_code',
+ 'x_cavv_response',
+ 'x_avs_code',
+ 'x_method',
+ 'x_account_number',
+ 'x_amount',
+ 'x_company',
+ 'x_first_name',
+ 'x_last_name',
+ 'x_address',
+ 'x_city',
+ 'x_state',
+ 'x_zip',
+ 'x_country',
+ 'x_phone',
+ 'x_fax',
+ 'x_email',
+ 'x_ship_to_company',
+ 'x_ship_to_first_name',
+ 'x_ship_to_last_name',
+ 'x_ship_to_address',
+ 'x_ship_to_city',
+ 'x_ship_to_state',
+ 'x_ship_to_zip',
+ 'x_ship_to_country',
+ 'x_invoice_num',
+ ];
+
+ $order = Mage::getModel('sales/order')->loadByIncrementId($this->getData('x_invoice_num'));
+ $billing = $order->getBillingAddress();
+ if (!empty($billing)) {
+ $this->setXFirstName(strval($billing->getFirstname()))
+ ->setXLastName(strval($billing->getLastname()))
+ ->setXCompany(strval($billing->getCompany()))
+ ->setXAddress(strval($billing->getStreet(1)))
+ ->setXCity(strval($billing->getCity()))
+ ->setXState(strval($billing->getRegion()))
+ ->setXZip(strval($billing->getPostcode()))
+ ->setXCountry(strval($billing->getCountry()))
+ ->setXPhone(strval($billing->getTelephone()))
+ ->setXFax(strval($billing->getFax()))
+ ->setXEmail(strval($order->getCustomerEmail()));
+ }
+ $shipping = $order->getShippingAddress();
+ if (!empty($shipping)) {
+ $this->setXShipToFirstName(strval($shipping->getFirstname()))
+ ->setXShipToLastName(strval($shipping->getLastname()))
+ ->setXShipToCompany(strval($shipping->getCompany()))
+ ->setXShipToAddress(strval($shipping->getStreet(1)))
+ ->setXShipToCity(strval($shipping->getCity()))
+ ->setXShipToState(strval($shipping->getRegion()))
+ ->setXShipToZip(strval($shipping->getPostcode()))
+ ->setXShipToCountry(strval($shipping->getCountry()));
+ }
+
+ $message = '^';
+ foreach ($hashFields as $field) {
+ $fieldData = $this->getData($field);
+ $message .= (isset($fieldData) ? $fieldData : '') . '^';
+ }
+
+ return strtoupper(hash_hmac('sha512', $message, pack('H*', $signatureKey)));
+ }
}
diff --git a/app/code/core/Mage/Authorizenet/etc/config.xml b/app/code/core/Mage/Authorizenet/etc/config.xml
index 33f9834b3c2..1ab5c4e7edb 100644
--- a/app/code/core/Mage/Authorizenet/etc/config.xml
+++ b/app/code/core/Mage/Authorizenet/etc/config.xml
@@ -150,6 +150,7 @@
1
Credit Card Direct Post (Authorize.net)
+
0
USD
diff --git a/app/code/core/Mage/Authorizenet/etc/system.xml b/app/code/core/Mage/Authorizenet/etc/system.xml
index 369b25a3507..f2b1aa8eb2f 100644
--- a/app/code/core/Mage/Authorizenet/etc/system.xml
+++ b/app/code/core/Mage/Authorizenet/etc/system.xml
@@ -30,7 +30,7 @@
-
+
text
34
1
@@ -81,6 +81,15 @@
1
0
+
+
+ obscure
+ adminhtml/system_config_backend_encrypted
+ 55
+ 1
+ 1
+ 0
+
obscure
diff --git a/app/code/core/Mage/Catalog/Helper/Product.php b/app/code/core/Mage/Catalog/Helper/Product.php
index e9c0146df67..b62e34daca5 100644
--- a/app/code/core/Mage/Catalog/Helper/Product.php
+++ b/app/code/core/Mage/Catalog/Helper/Product.php
@@ -525,4 +525,41 @@ public function getDefaultQty($product)
return $qty;
}
+
+ /**
+ * Get default product value by field name
+ *
+ * @param string $fieldName
+ * @param string $productType
+ * @return int
+ */
+ public function getDefaultProductValue($fieldName, $productType)
+ {
+ $fieldData = $this->getFieldset($fieldName) ? (array) $this->getFieldset($fieldName) : null;
+ if (
+ count($fieldData)
+ && array_key_exists($productType, $fieldData['product_type'])
+ && (bool)$fieldData['use_config']
+ ) {
+ return $fieldData['inventory'];
+ }
+ return self::DEFAULT_QTY;
+ }
+
+ /**
+ * Return array from config by fieldset name and area
+ *
+ * @param null|string $field
+ * @param string $fieldset
+ * @param string $area
+ * @return array|null
+ */
+ public function getFieldset($field = null, $fieldset = 'catalog_product_dataflow', $area = 'admin')
+ {
+ $fieldsetData = Mage::getConfig()->getFieldset($fieldset, $area);
+ if ($fieldsetData) {
+ return $fieldsetData ? $fieldsetData->$field : $fieldsetData;
+ }
+ return $fieldsetData;
+ }
}
diff --git a/app/code/core/Mage/Catalog/controllers/Product/CompareController.php b/app/code/core/Mage/Catalog/controllers/Product/CompareController.php
index 2be9c5298d3..0984c2b7904 100644
--- a/app/code/core/Mage/Catalog/controllers/Product/CompareController.php
+++ b/app/code/core/Mage/Catalog/controllers/Product/CompareController.php
@@ -80,7 +80,7 @@ public function addAction()
}
$productId = (int) $this->getRequest()->getParam('product');
- if ($productId
+ if ($this->isProductAvailable($productId)
&& (Mage::getSingleton('log/visitor')->getId() || Mage::getSingleton('customer/session')->isLoggedIn())
) {
$product = Mage::getModel('catalog/product')
@@ -106,7 +106,8 @@ public function addAction()
*/
public function removeAction()
{
- if ($productId = (int) $this->getRequest()->getParam('product')) {
+ $productId = (int) $this->getRequest()->getParam('product');
+ if ($this->isProductAvailable($productId)) {
$product = Mage::getModel('catalog/product')
->setStoreId(Mage::app()->getStore()->getId())
->load($productId);
@@ -184,4 +185,15 @@ public function setCustomerId($id)
$this->_customerId = $id;
return $this;
}
+
+ /**
+ * Check if product is available
+ *
+ * @param int $productId
+ * @return bool
+ */
+ public function isProductAvailable($productId)
+ {
+ return Mage::getModel('catalog/product')->load($productId)->isAvailable();
+ }
}
diff --git a/app/code/core/Mage/Checkout/Model/Session.php b/app/code/core/Mage/Checkout/Model/Session.php
index fc99aa61bdc..dded46610c3 100644
--- a/app/code/core/Mage/Checkout/Model/Session.php
+++ b/app/code/core/Mage/Checkout/Model/Session.php
@@ -120,13 +120,21 @@ public function getQuote()
if ($this->_quote === null) {
/** @var $quote Mage_Sales_Model_Quote */
$quote = Mage::getModel('sales/quote')->setStoreId(Mage::app()->getStore()->getId());
+ $customerSession = Mage::getSingleton('customer/session');
+
if ($this->getQuoteId()) {
if ($this->_loadInactive) {
$quote->load($this->getQuoteId());
} else {
$quote->loadActive($this->getQuoteId());
}
- if ($quote->getId()) {
+ if (
+ $quote->getId()
+ && (
+ ($customerSession->isLoggedIn() && $customerSession->getId() == $quote->getCustomerId())
+ || (!$customerSession->isLoggedIn() && !$quote->getCustomerId())
+ )
+ ) {
/**
* If current currency code of quote is not equal current currency code of store,
* need recalculate totals of quote. It is possible if customer use currency switcher or
@@ -143,16 +151,16 @@ public function getQuote()
$quote->load($this->getQuoteId());
}
} else {
+ $quote->unsetData();
$this->setQuoteId(null);
}
}
- $customerSession = Mage::getSingleton('customer/session');
-
if (!$this->getQuoteId()) {
if ($customerSession->isLoggedIn() || $this->_customer) {
$customer = ($this->_customer) ? $this->_customer : $customerSession->getCustomer();
$quote->loadByCustomer($customer);
+ $quote->setCustomer($customer);
$this->setQuoteId($quote->getId());
} else {
$quote->setIsCheckoutCart(true);
diff --git a/app/code/core/Mage/Checkout/controllers/OnepageController.php b/app/code/core/Mage/Checkout/controllers/OnepageController.php
index 1e122fac7b9..861b9207336 100644
--- a/app/code/core/Mage/Checkout/controllers/OnepageController.php
+++ b/app/code/core/Mage/Checkout/controllers/OnepageController.php
@@ -565,7 +565,7 @@ protected function _initInvoice()
*/
public function saveOrderAction()
{
- if (!$this->_validateFormKey()) {
+ if ($this->isFormkeyValidationOnCheckoutEnabled() && !$this->_validateFormKey()) {
$this->_redirect('*/*');
return;
}
diff --git a/app/code/core/Mage/Cms/Helper/Data.php b/app/code/core/Mage/Cms/Helper/Data.php
index 42b3b181fc8..2b603229ea2 100644
--- a/app/code/core/Mage/Cms/Helper/Data.php
+++ b/app/code/core/Mage/Cms/Helper/Data.php
@@ -37,6 +37,7 @@ class Mage_Cms_Helper_Data extends Mage_Core_Helper_Abstract
const XML_NODE_PAGE_TEMPLATE_FILTER = 'global/cms/page/tempate_filter';
const XML_NODE_BLOCK_TEMPLATE_FILTER = 'global/cms/block/tempate_filter';
const XML_NODE_ALLOWED_STREAM_WRAPPERS = 'global/cms/allowed_stream_wrappers';
+ const XML_NODE_ALLOWED_MEDIA_EXT_SWF = 'adminhtml/cms/browser/extensions/media_allowed/swf';
/**
* Retrieve Template processor for Page Content
@@ -74,4 +75,19 @@ public function getAllowedStreamWrappers()
return is_array($allowedStreamWrappers) ? $allowedStreamWrappers : array();
}
+
+ /**
+ * Check is swf file extension disabled
+ *
+ * @return bool
+ */
+ public function isSwfDisabled()
+ {
+ $statusSwf = Mage::getConfig()->getNode(self::XML_NODE_ALLOWED_MEDIA_EXT_SWF);
+ if ($statusSwf instanceof Mage_Core_Model_Config_Element) {
+ $statusSwf = $statusSwf->asArray()[0];
+ }
+
+ return $statusSwf ? false : true;
+ }
}
diff --git a/app/code/core/Mage/Cms/Model/Wysiwyg/Config.php b/app/code/core/Mage/Cms/Model/Wysiwyg/Config.php
index 471f10fa7da..33c16b6b17b 100644
--- a/app/code/core/Mage/Cms/Model/Wysiwyg/Config.php
+++ b/app/code/core/Mage/Cms/Model/Wysiwyg/Config.php
@@ -93,7 +93,8 @@ public function getConfig($data = array())
'content_css' =>
Mage::getBaseUrl('js').'mage/adminhtml/wysiwyg/tiny_mce/themes/advanced/skins/default/content.css',
'width' => '100%',
- 'plugins' => array()
+ 'plugins' => array(),
+ 'media_disable_flash' => Mage::helper('cms')->isSwfDisabled()
));
$config->setData('directives_url_quoted', preg_quote($config->getData('directives_url')));
diff --git a/app/code/core/Mage/Cms/etc/config.xml b/app/code/core/Mage/Cms/etc/config.xml
index a75a7fb1a5a..7458f93ea0d 100644
--- a/app/code/core/Mage/Cms/etc/config.xml
+++ b/app/code/core/Mage/Cms/etc/config.xml
@@ -122,7 +122,7 @@
1
- 1
+ 0
1
1
1
diff --git a/app/code/core/Mage/Compiler/Model/Process.php b/app/code/core/Mage/Compiler/Model/Process.php
index 1f7994e93ce..73fd07e6260 100644
--- a/app/code/core/Mage/Compiler/Model/Process.php
+++ b/app/code/core/Mage/Compiler/Model/Process.php
@@ -43,6 +43,9 @@ class Mage_Compiler_Model_Process
protected $_controllerFolders = array();
+ /** $_collectLibs library list array */
+ protected $_collectLibs = array();
+
public function __construct($options=array())
{
if (isset($options['compile_dir'])) {
@@ -128,6 +131,9 @@ protected function _copy($source, $target, $firstIteration = true)
|| !in_array(substr($source, strlen($source)-4, 4), array('.php'))) {
return $this;
}
+ if (!$firstIteration && stripos($source, Mage::getBaseDir('lib') . DS) !== false) {
+ $this->_collectLibs[] = $target;
+ }
copy($source, $target);
}
return $this;
@@ -341,6 +347,11 @@ protected function _getClassesSourceCode($classes, $scope)
{
$sortedClasses = array();
foreach ($classes as $className) {
+ /** Skip iteration if this class has already been moved to the includes folder from the lib */
+ if (array_search($this->_includeDir . DS . $className . '.php', $this->_collectLibs)) {
+ continue;
+ }
+
$implements = array_reverse(class_implements($className));
foreach ($implements as $class) {
if (!in_array($class, $sortedClasses) && !in_array($class, $this->_processedClasses) && strstr($class, '_')) {
diff --git a/app/code/core/Mage/Core/Helper/Abstract.php b/app/code/core/Mage/Core/Helper/Abstract.php
index ea847e3c8bd..b122553f274 100644
--- a/app/code/core/Mage/Core/Helper/Abstract.php
+++ b/app/code/core/Mage/Core/Helper/Abstract.php
@@ -443,4 +443,42 @@ public function translateArray($arr = array())
}
return $arr;
}
+
+ /**
+ * Check for tags in multidimensional arrays
+ *
+ * @param string|array $data
+ * @param array $arrayKeys keys of the array being checked that are excluded and included in the check
+ * @param bool $skipTags skip transferred array keys, if false then check only them
+ * @return bool
+ */
+ public function hasTags($data, array $arrayKeys = array(), $skipTags = true)
+ {
+ if (is_array($data)) {
+ foreach ($data as $key => $item) {
+ if ($skipTags && in_array($key, $arrayKeys)) {
+ continue;
+ }
+ if (is_array($item)) {
+ if ($this->hasTags($item, $arrayKeys, $skipTags)) {
+ return true;
+ }
+ } elseif (
+ (bool)strcmp($item, $this->removeTags($item))
+ || (bool)strcmp($key, $this->removeTags($key))
+ ) {
+ if (!$skipTags && !in_array($key, $arrayKeys)) {
+ continue;
+ }
+ return true;
+ }
+ }
+ return false;
+ } elseif (is_string($data)) {
+ if ((bool)strcmp($data, $this->removeTags($data))) {
+ return true;
+ }
+ }
+ return false;
+ }
}
diff --git a/app/code/core/Mage/Core/Helper/Data.php b/app/code/core/Mage/Core/Helper/Data.php
index e2e41b41ef4..f4deb30f613 100644
--- a/app/code/core/Mage/Core/Helper/Data.php
+++ b/app/code/core/Mage/Core/Helper/Data.php
@@ -254,7 +254,7 @@ public function getRandomString($len, $chars = null)
$chars = self::CHARS_LOWERS . self::CHARS_UPPERS . self::CHARS_DIGITS;
}
for ($i = 0, $str = '', $lc = strlen($chars)-1; $i < $len; $i++) {
- $str .= $chars[mt_rand(0, $lc)];
+ $str .= $chars[random_int(0, $lc)];
}
return $str;
}
diff --git a/app/code/core/Mage/Core/Model/Design/Package.php b/app/code/core/Mage/Core/Model/Design/Package.php
index d0587e82757..407524a4ec8 100644
--- a/app/code/core/Mage/Core/Model/Design/Package.php
+++ b/app/code/core/Mage/Core/Model/Design/Package.php
@@ -589,7 +589,11 @@ protected function _checkUserAgentAgainstRegexps($regexpsConfigPath)
return false;
}
- $regexps = @unserialize($configValueSerialized);
+ try {
+ $regexps = Mage::helper('core/unserializeArray')->unserialize($configValueSerialized);
+ } catch (Exception $e) {
+ Mage::logException($e);
+ }
if (empty($regexps)) {
return false;
diff --git a/app/code/core/Mage/Core/Model/Email/Template/Filter.php b/app/code/core/Mage/Core/Model/Email/Template/Filter.php
index 2d64307177a..2dd2b2f53d3 100644
--- a/app/code/core/Mage/Core/Model/Email/Template/Filter.php
+++ b/app/code/core/Mage/Core/Model/Email/Template/Filter.php
@@ -564,4 +564,24 @@ public function filter($value)
}
return $value;
}
+
+ /**
+ * Return variable value for var construction
+ *
+ * @param string $value raw parameters
+ * @param string $default default value
+ * @return string
+ */
+ protected function _getVariable($value, $default = '{no_value_defined}')
+ {
+ Mage::register('varProcessing', true);
+ try {
+ $result = parent::_getVariable($value, $default);
+ } catch (Exception $e) {
+ $result = '';
+ Mage::logException($e);
+ }
+ Mage::unregister('varProcessing');
+ return $result;
+ }
}
diff --git a/app/code/core/Mage/Core/Model/File/Validator/AvailablePath.php b/app/code/core/Mage/Core/Model/File/Validator/AvailablePath.php
index ca5a6646a06..0a6ed4fc2a8 100644
--- a/app/code/core/Mage/Core/Model/File/Validator/AvailablePath.php
+++ b/app/code/core/Mage/Core/Model/File/Validator/AvailablePath.php
@@ -230,8 +230,16 @@ public function isValid($value)
}
//validation
+ $protectedExtensions = Mage::helper('core/data')->getProtectedFileExtensions();
$value = str_replace(array('/', '\\'), DS, $this->_value);
$valuePathInfo = pathinfo(ltrim($value, '\\/'));
+ $fileNameExtension = pathinfo($valuePathInfo['filename'], PATHINFO_EXTENSION);
+
+ if (in_array($fileNameExtension, $protectedExtensions)) {
+ $this->_error(self::NOT_AVAILABLE_PATH, $this->_value);
+ return false;
+ }
+
if ($valuePathInfo['dirname'] == '.' || $valuePathInfo['dirname'] == DS) {
$valuePathInfo['dirname'] = '';
}
diff --git a/app/code/core/Mage/Core/Model/Observer.php b/app/code/core/Mage/Core/Model/Observer.php
index 0d570bec400..ff562d83521 100644
--- a/app/code/core/Mage/Core/Model/Observer.php
+++ b/app/code/core/Mage/Core/Model/Observer.php
@@ -125,4 +125,19 @@ public function cleanCacheByTags(Varien_Event_Observer $observer)
Mage::app()->cleanCache($tags);
return $this;
}
+
+ /**
+ * Checks method availability for processing in variable
+ *
+ * @param Varien_Event_Observer $observer
+ * @throws Exception
+ * @return Mage_Core_Model_Observer
+ */
+ public function secureVarProcessing(Varien_Event_Observer $observer)
+ {
+ if (Mage::registry('varProcessing')) {
+ Mage::throwException(Mage::helper('core')->__('Disallowed template variable method.'));
+ }
+ return $this;
+ }
}
diff --git a/app/code/core/Mage/Core/etc/config.xml b/app/code/core/Mage/Core/etc/config.xml
index d0b5293d214..7abca9384ad 100644
--- a/app/code/core/Mage/Core/etc/config.xml
+++ b/app/code/core/Mage/Core/etc/config.xml
@@ -178,6 +178,22 @@
+
+
+
+ core/observer
+ secureVarProcessing
+
+
+
+
+
+
+ core/observer
+ secureVarProcessing
+
+
+
diff --git a/app/code/core/Mage/Core/functions.php b/app/code/core/Mage/Core/functions.php
index 3def24ef00c..fc6e837b100 100644
--- a/app/code/core/Mage/Core/functions.php
+++ b/app/code/core/Mage/Core/functions.php
@@ -397,3 +397,19 @@ function hash_equals($known_string, $user_string)
return 0 === $result;
}
}
+
+if (version_compare(PHP_VERSION, '7.0.0', '<') && !function_exists('random_int')) {
+ /**
+ * Generates pseudo-random integers
+ *
+ * @param int $min
+ * @param int $max
+ * @return int Returns random integer in the range $min to $max, inclusive.
+ */
+ function random_int($min, $max)
+ {
+ mt_srand();
+
+ return mt_rand($min, $max);
+ }
+}
diff --git a/app/code/core/Mage/CurrencySymbol/Model/System/Currencysymbol.php b/app/code/core/Mage/CurrencySymbol/Model/System/Currencysymbol.php
index d92bae1ff28..31a27836156 100644
--- a/app/code/core/Mage/CurrencySymbol/Model/System/Currencysymbol.php
+++ b/app/code/core/Mage/CurrencySymbol/Model/System/Currencysymbol.php
@@ -274,7 +274,11 @@ protected function _unserializeStoreConfig($configPath, $storeId = null)
$result = array();
$configData = (string)Mage::getStoreConfig($configPath, $storeId);
if ($configData) {
- $result = unserialize($configData);
+ try {
+ $result = Mage::helper('core/unserializeArray')->unserialize($configData);
+ } catch (Exception $e) {
+ Mage::logException($e);
+ }
}
return is_array($result) ? $result : array();
diff --git a/app/code/core/Mage/Downloadable/controllers/DownloadController.php b/app/code/core/Mage/Downloadable/controllers/DownloadController.php
index 180e0133ce3..07e7fe38460 100644
--- a/app/code/core/Mage/Downloadable/controllers/DownloadController.php
+++ b/app/code/core/Mage/Downloadable/controllers/DownloadController.php
@@ -97,7 +97,12 @@ public function sampleAction()
{
$sampleId = $this->getRequest()->getParam('sample_id', 0);
$sample = Mage::getModel('downloadable/sample')->load($sampleId);
- if ($sample->getId()) {
+ if (
+ $sample->getId()
+ && Mage::helper('catalog/product')
+ ->getProduct((int) $sample->getProductId(), Mage::app()->getStore()->getId(), 'id')
+ ->isAvailable()
+ ) {
$resource = '';
$resourceType = '';
if ($sample->getSampleType() == Mage_Downloadable_Helper_Download::LINK_TYPE_URL) {
@@ -127,7 +132,12 @@ public function linkSampleAction()
{
$linkId = $this->getRequest()->getParam('link_id', 0);
$link = Mage::getModel('downloadable/link')->load($linkId);
- if ($link->getId()) {
+ if (
+ $link->getId()
+ && Mage::helper('catalog/product')
+ ->getProduct((int) $link->getProductId(), Mage::app()->getStore()->getId(), 'id')
+ ->isAvailable()
+ ) {
$resource = '';
$resourceType = '';
if ($link->getSampleType() == Mage_Downloadable_Helper_Download::LINK_TYPE_URL) {
diff --git a/app/code/core/Mage/Paygate/etc/system.xml b/app/code/core/Mage/Paygate/etc/system.xml
index f434526a4d4..7f3dd5294d2 100644
--- a/app/code/core/Mage/Paygate/etc/system.xml
+++ b/app/code/core/Mage/Paygate/etc/system.xml
@@ -30,7 +30,7 @@
-
+
text
34
1
diff --git a/app/code/core/Mage/SalesRule/Model/Coupon/Massgenerator.php b/app/code/core/Mage/SalesRule/Model/Coupon/Massgenerator.php
index a9683a00e00..9df1732029f 100644
--- a/app/code/core/Mage/SalesRule/Model/Coupon/Massgenerator.php
+++ b/app/code/core/Mage/SalesRule/Model/Coupon/Massgenerator.php
@@ -79,7 +79,7 @@ public function generateCode()
$code = '';
$charsetSize = count($charset);
for ($i=0; $i<$length; $i++) {
- $char = $charset[mt_rand(0, $charsetSize - 1)];
+ $char = $charset[random_int(0, $charsetSize - 1)];
if ($split > 0 && ($i % $split) == 0 && $i != 0) {
$char = $splitChar . $char;
}
diff --git a/app/code/core/Mage/SalesRule/Model/Resource/Report/Rule/Createdat.php b/app/code/core/Mage/SalesRule/Model/Resource/Report/Rule/Createdat.php
index bfda23b84ef..f574602d6d1 100644
--- a/app/code/core/Mage/SalesRule/Model/Resource/Report/Rule/Createdat.php
+++ b/app/code/core/Mage/SalesRule/Model/Resource/Report/Rule/Createdat.php
@@ -118,14 +118,14 @@ protected function _aggregateByOrder($aggregationField, $from, $to)
$adapter->getIfNullSql('base_subtotal_refunded', 0). ') * base_to_global_rate)', 0),
'discount_amount_actual' =>
- $adapter->getIfNullSql('SUM((base_discount_invoiced - ' .
+ $adapter->getIfNullSql('SUM((ABS(base_discount_invoiced) - ' .
$adapter->getIfNullSql('base_discount_refunded', 0) . ')
* base_to_global_rate)', 0),
'total_amount_actual' =>
$adapter->getIfNullSql('SUM((base_subtotal_invoiced - ' .
$adapter->getIfNullSql('base_subtotal_refunded', 0) . ' - ' .
- $adapter->getIfNullSql('base_discount_invoiced - ' .
+ $adapter->getIfNullSql('ABS(base_discount_invoiced) - ' .
$adapter->getIfNullSql('base_discount_refunded', 0), 0) .
') * base_to_global_rate)', 0),
);
diff --git a/app/code/core/Mage/Sendfriend/etc/config.xml b/app/code/core/Mage/Sendfriend/etc/config.xml
index 5b21374f5bb..3ef8964d825 100644
--- a/app/code/core/Mage/Sendfriend/etc/config.xml
+++ b/app/code/core/Mage/Sendfriend/etc/config.xml
@@ -122,7 +122,7 @@
- 1
+ 0
sendfriend_email_template
0
5
diff --git a/app/code/core/Mage/Sendfriend/etc/system.xml b/app/code/core/Mage/Sendfriend/etc/system.xml
index 6f43d9ccdd6..2beaf38c20b 100644
--- a/app/code/core/Mage/Sendfriend/etc/system.xml
+++ b/app/code/core/Mage/Sendfriend/etc/system.xml
@@ -52,6 +52,7 @@
1
1
1
+ Warning! This functionality is vulnerable and can be abused to distribute spam.]]>
diff --git a/app/design/adminhtml/default/default/template/catalog/product/composite/fieldset/configurable.phtml b/app/design/adminhtml/default/default/template/catalog/product/composite/fieldset/configurable.phtml
index 5452fe7d973..9d08a10dcc4 100644
--- a/app/design/adminhtml/default/default/template/catalog/product/composite/fieldset/configurable.phtml
+++ b/app/design/adminhtml/default/default/template/catalog/product/composite/fieldset/configurable.phtml
@@ -35,7 +35,7 @@
-
+
- decoratedIsLast){?> class="last">