Skip to content
This repository has been archived by the owner on Nov 19, 2024. It is now read-only.

Commit

Permalink
Merge pull request #69 from willcodeforfood/magento-1.9
Browse files Browse the repository at this point in the history
Import Magento Release 1.9.3.10
  • Loading branch information
LeeSaferite authored Sep 20, 2018
2 parents 6135503 + f1127a8 commit 1ed39d1
Show file tree
Hide file tree
Showing 120 changed files with 762 additions and 253 deletions.
10 changes: 10 additions & 0 deletions RELEASE_NOTES.txt
Original file line number Diff line number Diff line change
@@ -1,3 +1,13 @@
==== 1.9.3.10 ====
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
] NOTE: Current Release Notes are maintained at: [
] [
] http://devdocs.magento.com/guides/m1x/ce19-ee114/ce1.9_release-notes.html [
] [
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

==== 1.9.3.9 ====
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Expand Down
2 changes: 1 addition & 1 deletion app/Mage.php
Original file line number Diff line number Diff line change
Expand Up @@ -171,7 +171,7 @@ public static function getVersionInfo()
'major' => '1',
'minor' => '9',
'revision' => '3',
'patch' => '9',
'patch' => '10',
'stability' => '',
'number' => '',
);
Expand Down
53 changes: 53 additions & 0 deletions app/code/core/Mage/Admin/Model/User.php
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,10 @@ class Mage_Admin_Model_User extends Mage_Core_Model_Abstract
const XML_PATH_FORGOT_EMAIL_TEMPLATE = 'admin/emails/forgot_email_template';
const XML_PATH_FORGOT_EMAIL_IDENTITY = 'admin/emails/forgot_email_identity';
const XML_PATH_STARTUP_PAGE = 'admin/startup/page';

/** Configuration paths for notifications */
const XML_PATH_ADDITIONAL_EMAILS = 'general/additional_notification_emails/admin_user_create';
const XML_PATH_NOTIFICATION_EMAILS_TEMPLATE = 'admin/emails/admin_notification_email_template';
/**#@-*/

/**
Expand Down Expand Up @@ -692,4 +696,53 @@ protected function _getDateNow($dayOnly = false)
{
return now($dayOnly);
}

/**
* Send notification to general Contact and additional emails when new admin user created.
* You can declare additional emails in Mage_Core general/additional_notification_emails/admin_user_create node.
*
* @param $user
* @return $this
*/
public function sendAdminNotification($user)
{
// define general contact Name and Email
$generalContactName = Mage::getStoreConfig('trans_email/ident_general/name');
$generalContactEmail = Mage::getStoreConfig('trans_email/ident_general/email');

// collect general and additional emails
$emails = $this->getUserCreateAdditionalEmail();
$emails[] = $generalContactEmail;

/** @var $mailer Mage_Core_Model_Email_Template_Mailer */
$mailer = Mage::getModel('core/email_template_mailer');
$emailInfo = Mage::getModel('core/email_info');
$emailInfo->addTo(array_filter($emails), $generalContactName);
$mailer->addEmailInfo($emailInfo);

// Set all required params and send emails
$mailer->setSender(array(
'name' => $generalContactName,
'email' => $generalContactEmail,
));
$mailer->setStoreId(0);
$mailer->setTemplateId(Mage::getStoreConfig(self::XML_PATH_NOTIFICATION_EMAILS_TEMPLATE));
$mailer->setTemplateParams(array(
'user' => $user,
));
$mailer->send();

return $this;
}

/**
* Get additional emails for notification from config.
*
* @return array
*/
public function getUserCreateAdditionalEmail()
{
$emails = str_replace(' ', '', Mage::getStoreConfig(self::XML_PATH_ADDITIONAL_EMAILS));
return explode(',', $emails);
}
}
1 change: 1 addition & 0 deletions app/code/core/Mage/Admin/etc/config.xml
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,7 @@
<admin>
<emails>
<forgot_email_template>admin_emails_forgot_email_template</forgot_email_template>
<admin_notification_email_template>admin_emails_admin_notification_email_template</admin_notification_email_template>
<forgot_email_identity>general</forgot_email_identity>
<password_reset_link_expiration_period>2</password_reset_link_expiration_period>
</emails>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -154,6 +154,7 @@ public function getAttributesJson()
} else {
// Hide price if needed
foreach ($attributes as &$attribute) {
$attribute['label'] = $this->escapeHtml($attribute['label']);
if (isset($attribute['values']) && is_array($attribute['values'])) {
foreach ($attribute['values'] as &$attributeValue) {
if (!$this->getCanReadPrice()) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -190,7 +190,7 @@ public function getGridJsObjectName()
public function getSelectedJson()
{
if($selected = $this->getRequest()->getParam($this->getFormFieldNameInternal())) {
$selected = explode(',', $selected);
$selected = explode(',', $this->quoteEscape($selected));
return join(',', $selected);
} else {
return '';
Expand All @@ -205,7 +205,7 @@ public function getSelectedJson()
public function getSelected()
{
if($selected = $this->getRequest()->getParam($this->getFormFieldNameInternal())) {
$selected = explode(',', $selected);
$selected = explode(',', $this->quoteEscape($selected));
return $selected;
} else {
return array();
Expand Down
37 changes: 36 additions & 1 deletion app/code/core/Mage/Adminhtml/Model/LayoutUpdate/Validator.php
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@ class Mage_Adminhtml_Model_LayoutUpdate_Validator extends Zend_Validate_Abstract
{
const XML_INVALID = 'invalidXml';
const INVALID_TEMPLATE_PATH = 'invalidTemplatePath';
const INVALID_BLOCK_NAME = 'invalidBlockName';
const PROTECTED_ATTR_HELPER_IN_TAG_ACTION_VAR = 'protectedAttrHelperInActionVar';

/**
Expand All @@ -56,7 +57,18 @@ class Mage_Adminhtml_Model_LayoutUpdate_Validator extends Zend_Validate_Abstract
'*//template',
'*//@template',
'//*[@method=\'setTemplate\']',
'//*[@method=\'setDataUsingMethod\']//*[text() = \'template\']/../*'
'//*[@method=\'setDataUsingMethod\']//*[contains(translate(text(),
\'ABCDEFGHIJKLMNOPQRSTUVWXYZ\', \'abcdefghijklmnopqrstuvwxyz\'), \'template\')]/../*',
);

/**
* Disallowed template name
*
* @var array
*/
protected $_disallowedBlock = array(
'Mage_Install_Block_End',
'Mage_Rss_Block_Order_New',
);

/**
Expand Down Expand Up @@ -91,6 +103,7 @@ protected function _initMessageTemplates()
self::INVALID_TEMPLATE_PATH => Mage::helper('adminhtml')->__(
'Invalid template path used in layout update.'
),
self::INVALID_BLOCK_NAME => Mage::helper('adminhtml')->__('Disallowed block name for frontend.'),
);
}
return $this;
Expand Down Expand Up @@ -125,6 +138,10 @@ public function isValid($value)
Mage::helper('adminhtml')->__('XML object is not instance of "Varien_Simplexml_Element".'));
}

if ($value->xpath($this->_getXpathBlockValidationExpression())) {
$this->_error(self::INVALID_BLOCK_NAME);
return false;
}
// if layout update declare custom templates then validate their paths
if ($templatePaths = $value->xpath($this->_getXpathValidationExpression())) {
try {
Expand Down Expand Up @@ -154,6 +171,20 @@ protected function _getXpathValidationExpression() {
return implode(" | ", $this->_disallowedXPathExpressions);
}

/**
* Returns xPath for validate incorrect block name
*
* @return string xPath for validate incorrect block name
*/
protected function _getXpathBlockValidationExpression() {
$xpath = "";
if (count($this->_disallowedBlock)) {
$xpath = "//block[@type='";
$xpath .= implode("'] | //block[@type='", $this->_disallowedBlock) . "']";
}
return $xpath;
}

/**
* Validate template path for preventing access to the directory above
* If template path value has "../" @throws Exception
Expand All @@ -162,7 +193,11 @@ protected function _getXpathValidationExpression() {
*/
protected function _validateTemplatePath(array $templatePaths)
{
/**@var $path Varien_Simplexml_Element */
foreach ($templatePaths as $path) {
if ($path->hasChildren()) {
$path = stripcslashes(trim((string) $path->children(), '"'));
}
if (strpos($path, '..' . DS) !== false) {
throw new Exception();
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -1031,6 +1031,16 @@ public function quickCreateAction()
}

$product->addData($this->getRequest()->getParam('simple_product', array()));

$productSku = $product->getSku();
if ($productSku && $productSku != Mage::helper('core')->stripTags($productSku)) {
$result['error'] = array(
'message' => $this->__('HTML tags are not allowed in SKU attribute.')
);
$this->getResponse()->setBody(Mage::helper('core')->jsonEncode($result));
return;
}

$product->setWebsiteIds($configurableProduct->getWebsiteIds());

$autogenerateOptions = array();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,8 @@ public function saveAction()

$id = $this->getRequest()->getParam('user_id');
$model = Mage::getModel('admin/user')->load($id);
// @var $isNew flag for detecting new admin user creation.
$isNew = !$model->getId() ? true : false;
if (!$model->getId() && $id) {
Mage::getSingleton('adminhtml/session')->addError($this->__('This user no longer exists.'));
$this->_redirect('*/*/');
Expand Down Expand Up @@ -139,6 +141,10 @@ public function saveAction()

try {
$model->save();
// Send notification to General and additional contacts (if declared) that a new admin user was created.
if (Mage::getStoreConfigFlag('admin/security/crate_admin_user_notification') && $isNew) {
Mage::getModel('admin/user')->sendAdminNotification($model);
}
if ( $uRoles = $this->getRequest()->getParam('roles', false) ) {
/*parse_str($uRoles, $uRoles);
$uRoles = array_keys($uRoles);*/
Expand Down
5 changes: 5 additions & 0 deletions app/code/core/Mage/Adminhtml/etc/config.xml
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,11 @@
<file>admin_password_reset_confirmation.html</file>
<type>html</type>
</admin_emails_forgot_email_template>
<admin_emails_admin_notification_email_template>
<label>New Admin User Create Notification</label>
<file>admin_new_user_notification.html</file>
<type>html</type>
</admin_emails_admin_notification_email_template>
</email>
</template>
<events>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -152,7 +152,7 @@ protected function _prepareNewCustomerQuote(Mage_Sales_Model_Quote $quote)
$customer->setPasswordCreatedAt(time());
$quote->setCustomer($customer)
->setCustomerId(true);

$quote->setPasswordHash('');
return $this;
}

Expand Down
1 change: 1 addition & 0 deletions app/code/core/Mage/Checkout/Model/Type/Onepage.php
Original file line number Diff line number Diff line change
Expand Up @@ -734,6 +734,7 @@ protected function _prepareNewCustomerQuote()
$customer->setPasswordCreatedAt($passwordCreatedTime);
$quote->setCustomer($customer)
->setCustomerId(true);
$quote->setPasswordHash('');
}

/**
Expand Down
17 changes: 10 additions & 7 deletions app/code/core/Mage/Cms/Model/Wysiwyg/Images/Storage.php
Original file line number Diff line number Diff line change
Expand Up @@ -283,20 +283,23 @@ public function uploadFile($targetPath, $type = null)
}
$uploader->setAllowRenameFiles(true);
$uploader->setFilesDispersion(false);
$uploader->addValidateCallback(
Mage_Core_Model_File_Validator_Image::NAME,
Mage::getModel('core/file_validator_image'),
'validate'
);
if ($type == 'image') {
$uploader->addValidateCallback(
Mage_Core_Model_File_Validator_Image::NAME,
Mage::getModel('core/file_validator_image'),
'validate'
);
}
$result = $uploader->save($targetPath);

if (!$result) {
Mage::throwException( Mage::helper('cms')->__('Cannot upload file.') );
}

// create thumbnail
$this->resizeFile($targetPath . DS . $uploader->getUploadedFileName(), true);

if ($type == 'image') {
$this->resizeFile($targetPath . DS . $uploader->getUploadedFileName(), true);
}
$result['cookie'] = array(
'name' => session_name(),
'value' => $this->getSession()->getSessionId(),
Expand Down
5 changes: 5 additions & 0 deletions app/code/core/Mage/Core/etc/config.xml
Original file line number Diff line number Diff line change
Expand Up @@ -471,6 +471,11 @@
<reprocess_images>
<active>1</active>
</reprocess_images>
<!-- Additional email for notifications -->
<additional_notification_emails>
<!-- On creating a new admin user. You can specify several emails separated by commas. -->
<admin_user_create></admin_user_create>
</additional_notification_emails>
</general>
</default>
<stores>
Expand Down
10 changes: 10 additions & 0 deletions app/code/core/Mage/Core/etc/system.xml
Original file line number Diff line number Diff line change
Expand Up @@ -1219,6 +1219,16 @@
<show_in_website>0</show_in_website>
<show_in_store>0</show_in_store>
</extensions_compatibility_mode>
<crate_admin_user_notification translate="label comment">
<label>New Admin User Create Notification</label>
<comment>This setting enable notification when new admin user created.</comment>
<frontend_type>select</frontend_type>
<sort_order>10</sort_order>
<source_model>adminhtml/system_config_source_enabledisable</source_model>
<show_in_default>1</show_in_default>
<show_in_website>0</show_in_website>
<show_in_store>0</show_in_store>
</crate_admin_user_notification>
</fields>
</security>
<dashboard translate="label">
Expand Down
11 changes: 11 additions & 0 deletions app/code/core/Mage/Customer/Helper/Data.php
Original file line number Diff line number Diff line change
Expand Up @@ -459,6 +459,17 @@ public function generateResetPasswordLinkToken()
return Mage::helper('core')->uniqHash();
}

/**
* Generate unique token based on customer Id for reset password confirmation link
*
* @param $customerId
* @return string
*/
public function generateResetPasswordLinkCustomerId($customerId)
{
return md5(uniqid($customerId . microtime() . mt_rand(), true));
}

/**
* Retrieve customer reset password link expiration period in days
*
Expand Down
23 changes: 23 additions & 0 deletions app/code/core/Mage/Customer/Model/Customer.php
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,7 @@ class Mage_Customer_Model_Customer extends Mage_Core_Model_Abstract
const EXCEPTION_INVALID_EMAIL_OR_PASSWORD = 2;
const EXCEPTION_EMAIL_EXISTS = 3;
const EXCEPTION_INVALID_RESET_PASSWORD_LINK_TOKEN = 4;
const EXCEPTION_INVALID_RESET_PASSWORD_LINK_CUSTOMER_ID = 5;
/**#@-*/

/**#@+
Expand Down Expand Up @@ -1390,6 +1391,28 @@ public function changeResetPasswordLinkToken($newResetPasswordLinkToken) {
return $this;
}

/**
* Change reset password link customer Id
*
* Stores new reset password link customer Id
*
* @param string $newResetPasswordLinkCustomerId
* @return Mage_Customer_Model_Customer
* @throws Mage_Core_Exception
*/
public function changeResetPasswordLinkCustomerId($newResetPasswordLinkCustomerId)
{
if (!is_string($newResetPasswordLinkCustomerId) || empty($newResetPasswordLinkCustomerId)) {
throw Mage::exception(
'Mage_Core',
Mage::helper('customer')->__('Invalid password reset customer Id.'),
self::EXCEPTION_INVALID_RESET_PASSWORD_LINK_CUSTOMER_ID
);
}
$this->_getResource()->changeResetPasswordLinkCustomerId($this, $newResetPasswordLinkCustomerId);
return $this;
}

/**
* Check if current reset password link token is expired
*
Expand Down
Loading

0 comments on commit 1ed39d1

Please sign in to comment.