Skip to content
This repository has been archived by the owner on Nov 19, 2024. It is now read-only.

Commit

Permalink
Merge pull request #66 from JeroenBoersma/magento-1.9
Browse files Browse the repository at this point in the history
Updated to Magento 1.9.3.9
  • Loading branch information
drobinson authored Jun 28, 2018
2 parents 577122d + a55ff8c commit 6135503
Show file tree
Hide file tree
Showing 79 changed files with 1,423 additions and 223 deletions.
16 changes: 13 additions & 3 deletions RELEASE_NOTES.txt
Original file line number Diff line number Diff line change
@@ -1,3 +1,13 @@
==== 1.9.3.9 ====
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
] NOTE: Current Release Notes are maintained at: [
] [
] http://devdocs.magento.com/guides/m1x/ce19-ee114/ce1.9_release-notes.html [
] [
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

==== 1.9.3.8 ====
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Expand All @@ -13,7 +23,7 @@
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
] NOTE: Current Release Notes are maintained at: [
] [
] http://devdocs.magento.com/guides/m1x/ce19-ee114/ce1.9_release-notes.html [
] http://devdocs.magento.com/guides/m1x/ce19-ee114/ce1.9_release-notes.html [
] [
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Expand All @@ -23,7 +33,7 @@
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
] NOTE: Current Release Notes are maintained at: [
] [
] http://devdocs.magento.com/guides/m1x/ce19-ee114/ce1.9_release-notes.html [
] http://devdocs.magento.com/guides/m1x/ce19-ee114/ce1.9_release-notes.html [
] [
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Expand All @@ -33,7 +43,7 @@
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
] NOTE: Current Release Notes are maintained at: [
] [
] http://devdocs.magento.com/guides/m1x/ce19-ee114/ce1.9_release-notes.html [
] http://devdocs.magento.com/guides/m1x/ce19-ee114/ce1.9_release-notes.html [
] [
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Expand Down
2 changes: 1 addition & 1 deletion app/Mage.php
Original file line number Diff line number Diff line change
Expand Up @@ -171,7 +171,7 @@ public static function getVersionInfo()
'major' => '1',
'minor' => '9',
'revision' => '3',
'patch' => '8',
'patch' => '9',
'stability' => '',
'number' => '',
);
Expand Down
19 changes: 19 additions & 0 deletions app/code/core/Mage/Admin/Model/User.php
Original file line number Diff line number Diff line change
Expand Up @@ -134,6 +134,10 @@ protected function _beforeSave()
// Change user password
$data['password'] = $this->_getEncodedPassword($this->getNewPassword());
$data['new_password'] = $data['password'];
$sessionUser = $this->getSession()->getUser();
if ($sessionUser && $sessionUser->getId() == $this->getId()) {
$this->getSession()->setUserPasswordChanged(true);
}
} elseif ($this->getPassword() && $this->getPassword() != $this->getOrigData('password')) {
// New user password
$data['password'] = $this->_getEncodedPassword($this->getPassword());
Expand All @@ -154,6 +158,14 @@ protected function _beforeSave()
return parent::_beforeSave();
}

/**
* @return Mage_Admin_Model_Session
*/
protected function getSession()
{
return Mage::getSingleton('admin/session');
}

/**
* Save admin user extra data (like configuration sections state)
*
Expand Down Expand Up @@ -400,8 +412,15 @@ public function login($username, $password)
public function reload()
{
$id = $this->getId();
$oldPassword = $this->getPassword();
$this->setId(null);
$this->load($id);
$isUserPasswordChanged = $this->getSession()->getUserPasswordChanged();
if ($this->getPassword() !== $oldPassword && !$isUserPasswordChanged) {
$this->setId(null);
} elseif ($isUserPasswordChanged) {
$this->getSession()->setUserPasswordChanged(false);
}
return $this;
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,9 @@ public function __construct()
*/
public function getOptionHtml(Mage_Catalog_Model_Product_Option $option)
{
if (!empty($option['file_extension'])) {
$option['file_extension'] = $this->escapeHtml($option['file_extension']);
}
$renderer = $this->getOptionRender(
$this->getGroupOfOption($option->getType())
);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -286,7 +286,7 @@ public function getOptionValues()
$value['price_type'] = $option->getPriceType();
$value['sku'] = $this->escapeHtml($option->getSku());
$value['max_characters'] = $option->getMaxCharacters();
$value['file_extension'] = $option->getFileExtension();
$value['file_extension'] = $this->escapeHtml($option->getFileExtension());
$value['image_size_x'] = $option->getImageSizeX();
$value['image_size_y'] = $option->getImageSizeY();
if ($this->getProduct()->getStoreId() != '0' &&
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -169,10 +169,9 @@ public function getEscapedValue($index=null)
$this->getLocale()->getDateTimeFormat(Mage_Core_Model_Locale::FORMAT_TYPE_SHORT)
);
}
return $value;
return $this->escapeHtml($value);
}

return parent::getEscapedValue($index);
return $this->escapeHtml(parent::getEscapedValue($index));
}

}
23 changes: 22 additions & 1 deletion app/code/core/Mage/Adminhtml/Model/LayoutUpdate/Validator.php
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,18 @@ class Mage_Adminhtml_Model_LayoutUpdate_Validator extends Zend_Validate_Abstract
*/
protected $_value;

/**
* XPath expression for checking layout update
*
* @var array
*/
protected $_disallowedXPathExpressions = array(
'*//template',
'*//@template',
'//*[@method=\'setTemplate\']',
'//*[@method=\'setDataUsingMethod\']//*[text() = \'template\']/../*'
);

/**
* Protected expressions
*
Expand Down Expand Up @@ -114,7 +126,7 @@ public function isValid($value)
}

// if layout update declare custom templates then validate their paths
if ($templatePaths = $value->xpath('*//template | *//@template | //*[@method=\'setTemplate\']/*')) {
if ($templatePaths = $value->xpath($this->_getXpathValidationExpression())) {
try {
$this->_validateTemplatePath($templatePaths);
} catch (Exception $e) {
Expand All @@ -133,6 +145,15 @@ public function isValid($value)
return true;
}

/**
* Returns xPath for validate incorrect path to template
*
* @return string xPath for validate incorrect path to template
*/
protected function _getXpathValidationExpression() {
return implode(" | ", $this->_disallowedXPathExpressions);
}

/**
* Validate template path for preventing access to the directory above
* If template path value has "../" @throws Exception
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -269,6 +269,9 @@ public function saveAction()
$storeId = $this->getRequest()->getParam('store');
$refreshTree = 'false';
if ($data = $this->getRequest()->getPost()) {
if (isset($data['general']['path'])) {
unset($data['general']['path']);
}
$category->addData($data['general']);
if (!$category->getId()) {
$parentId = $this->getRequest()->getParam('parent');
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -735,6 +735,7 @@ public function saveAction()
}

try {
$product->validate();
$product->save();
$productId = $product->getId();

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -188,6 +188,7 @@ public function thumbnailAction()
if ($thumb !== false) {
$image = Varien_Image_Adapter::factory('GD2');
$image->open($thumb);
$this->getResponse()->setHeader('Content-type', $image->getMimeTypeWithOutFileType());
ob_start();
$image->display();
$this->getResponse()->setBody(ob_get_contents());
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@ public function directiveAction()
$image = Varien_Image_Adapter::factory('GD2');
$image->open(Mage::getSingleton('cms/wysiwyg_config')->getSkinImagePlaceholderPath());
}
$this->getResponse()->setHeader('Content-type', $image->getMimeTypeWithOutFileType());
ob_start();
$image->display();
$this->getResponse()->setBody(ob_get_contents());
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,16 @@
*/
class Mage_Adminhtml_System_StoreController extends Mage_Adminhtml_Controller_Action
{
/**
* Controller predispatch method
*
* @return Mage_Adminhtml_Controller_Action
*/
public function preDispatch()
{
$this->_setForcedFormKeyActions(array('deleteWebsitePost', 'deleteGroupPost', 'deleteStorePost'));
return parent::preDispatch();
}

/**
* Init actions
Expand Down
8 changes: 8 additions & 0 deletions app/code/core/Mage/Catalog/Model/Product.php
Original file line number Diff line number Diff line change
Expand Up @@ -460,6 +460,8 @@ public function getAttributes($groupId = null, $skipSuper = false)

/**
* Check product options and type options and save them, too
*
* @throws Mage_Core_Exception
*/
protected function _beforeSave()
{
Expand All @@ -485,6 +487,12 @@ protected function _beforeSave()
foreach ($this->getProductOptions() as $option) {
$this->getOptionInstance()->addOption($option);
if ((!isset($option['is_delete'])) || $option['is_delete'] != '1') {
if (!empty($option['file_extension'])) {
$fileExtension = $option['file_extension'];
if (0 !== strcmp($fileExtension, Mage::helper('core')->removeTags($fileExtension))) {
Mage::throwException(Mage::helper('catalog')->__('Invalid custom option(s).'));
}
}
$hasOptions = true;
}
}
Expand Down
3 changes: 3 additions & 0 deletions app/code/core/Mage/Catalog/Model/Resource/Category/Tree.php
Original file line number Diff line number Diff line change
Expand Up @@ -482,6 +482,9 @@ public function loadByIds($ids, $addCollectionData = true, $updateAnchorProductC
$where = array($levelField . '=0' => true);

foreach ($this->_conn->fetchAll($select) as $item) {
if (!preg_match("#^[0-9\/]+$#", $item['path'])) {
$item['path'] = '';
}
$pathIds = explode('/', $item['path']);
$level = (int)$item['level'];
while ($level > 0) {
Expand Down
Loading

0 comments on commit 6135503

Please sign in to comment.