Skip to content
This repository has been archived by the owner on Nov 19, 2024. It is now read-only.

Commit

Permalink
Merge pull request #75 from JeroenBoersma/magento-1.9
Browse files Browse the repository at this point in the history
Updated to Magento 1.9.4.2
  • Loading branch information
Flyingmana authored Jul 6, 2019
2 parents f2fcb8e + d644768 commit b7e8ed9
Show file tree
Hide file tree
Showing 137 changed files with 956 additions and 298 deletions.
10 changes: 10 additions & 0 deletions RELEASE_NOTES.txt
Original file line number Diff line number Diff line change
@@ -1,3 +1,13 @@
==== 1.9.4.2 ====
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
] NOTE: Current Release Notes are maintained at: [
] [
] http://devdocs.magento.com/guides/m1x/ce19-ee114/ce1.9_release-notes.html [
] [
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

==== 1.9.4.1 ====
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Expand Down
6 changes: 3 additions & 3 deletions app/Mage.php
Original file line number Diff line number Diff line change
Expand Up @@ -174,7 +174,7 @@ public static function getVersionInfo()
'major' => '1',
'minor' => '9',
'revision' => '4',
'patch' => '1',
'patch' => '2',
'stability' => '',
'number' => '',
);
Expand Down Expand Up @@ -816,9 +816,9 @@ public static function log($message, $level = null, $file = '', $forceLog = fals
',',
(string) self::getConfig()->getNode('dev/log/allowedFileExtensions', Mage_Core_Model_Store::DEFAULT_CODE)
);
$logValidator = new Zend_Validate_File_Extension($_allowedFileExtensions);
$logDir = self::getBaseDir('var') . DS . 'log';
if (!$logValidator->isValid($logDir . DS . $file)) {
$validatedFileExtension = pathinfo($file, PATHINFO_EXTENSION);
if (!$validatedFileExtension || !in_array($validatedFileExtension, $_allowedFileExtensions)) {
return;
}

Expand Down
2 changes: 1 addition & 1 deletion app/code/core/Mage/Admin/Model/Block.php
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ public function validate()
if (in_array($this->getBlockName(), $disallowedBlockNames)) {
$errors[] = Mage::helper('adminhtml')->__('Block Name is disallowed.');
}
if (!Zend_Validate::is($this->getBlockName(), 'Regex', array('/^[-_a-zA-Z0-9\/]*$/'))) {
if (!Zend_Validate::is($this->getBlockName(), 'Regex', array('/^[-_a-zA-Z0-9]+\/[-_a-zA-Z0-9\/]+$/'))) {
$errors[] = Mage::helper('adminhtml')->__('Block Name is incorrect.');
}

Expand Down
2 changes: 1 addition & 1 deletion app/code/core/Mage/Admin/Model/User.php
Original file line number Diff line number Diff line change
Expand Up @@ -590,7 +590,7 @@ public function validate()
}

if ($this->userExists()) {
$errors[] = Mage::helper('adminhtml')->__('A user with the same user name or email aleady exists.');
$errors[] = Mage::helper('adminhtml')->__('A user with the same user name or email already exists.');
}

if (count($errors) === 0) {
Expand Down
9 changes: 9 additions & 0 deletions app/code/core/Mage/AdminNotification/etc/system.xml
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,15 @@
<show_in_website>0</show_in_website>
<show_in_store>0</show_in_store>
</last_update>
<feed_url>
<label>Feed Url</label>
<frontend_type>text</frontend_type>
<backend_model>adminhtml/system_config_backend_protected</backend_model>
<sort_order>3</sort_order>
<show_in_default>0</show_in_default>
<show_in_website>0</show_in_website>
<show_in_store>0</show_in_store>
</feed_url>
</fields>
</adminnotification>
</groups>
Expand Down
2 changes: 1 addition & 1 deletion app/code/core/Mage/Adminhtml/Block/Api/Role/Grid/User.php
Original file line number Diff line number Diff line change
Expand Up @@ -157,7 +157,7 @@ public function getGridUrl()
protected function _getUsers($json=false)
{
if ( $this->getRequest()->getParam('in_role_user') != "" ) {
return $this->getRequest()->getParam('in_role_user');
return (int)$this->getRequest()->getParam('in_role_user');
}
$roleId = ( $this->getRequest()->getParam('rid') > 0 ) ? $this->getRequest()->getParam('rid') : Mage::registry('RID');
$users = Mage::getModel('api/roles')->setId($roleId)->getRoleUsers();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -155,6 +155,8 @@ public function getAttributesJson()
// Hide price if needed
foreach ($attributes as &$attribute) {
$attribute['label'] = $this->escapeHtml($attribute['label']);
$attribute['frontend_label'] = $this->escapeHtml($attribute['frontend_label']);
$attribute['store_label'] = $this->escapeHtml($attribute['store_label']);
if (isset($attribute['values']) && is_array($attribute['values'])) {
foreach ($attribute['values'] as &$attributeValue) {
if (!$this->getCanReadPrice()) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,12 @@ protected function _toHtml()
$template->setTemplateText($this->getRequest()->getParam('text'));
$template->setTemplateStyles($this->getRequest()->getParam('styles'));
}
$template->setTemplateStyles(
$this->maliciousCodeFilter($template->getTemplateStyles())
);
$template->setTemplateText(
$this->maliciousCodeFilter($template->getTemplateText())
);

$storeId = (int)$this->getRequest()->getParam('store_id');
if(!$storeId) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,12 @@ protected function _toHtml()
$template->setTemplateText($this->getRequest()->getParam('text'));
$template->setTemplateStyles($this->getRequest()->getParam('styles'));
}
$template->setTemplateStyles(
$this->maliciousCodeFilter($template->getTemplateStyles())
);
$template->setTemplateText(
$this->maliciousCodeFilter($template->getTemplateText())
);

$storeId = (int)$this->getRequest()->getParam('store_id');
if(!$storeId) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -157,7 +157,7 @@ public function getGridUrl()
protected function _getUsers($json=false)
{
if ( $this->getRequest()->getParam('in_role_user') != "" ) {
return $this->getRequest()->getParam('in_role_user');
return (int)$this->getRequest()->getParam('in_role_user');
}
$roleId = ( $this->getRequest()->getParam('rid') > 0 ) ? $this->getRequest()->getParam('rid') : Mage::registry('RID');
$users = Mage::getModel('admin/roles')->setId($roleId)->getRoleUsers();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,7 @@ protected function _prepareColumns()
'header' => Mage::helper('sales')->__('Order #'),
'index' => 'order_increment_id',
'type' => 'text',
'escape' => true,
));

$this->addColumn('order_created_at', array(
Expand Down
1 change: 1 addition & 0 deletions app/code/core/Mage/Adminhtml/Block/Sales/Invoice/Grid.php
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,7 @@ protected function _prepareColumns()
'header' => Mage::helper('sales')->__('Order #'),
'index' => 'order_increment_id',
'type' => 'text',
'escape' => true,
));

$this->addColumn('order_created_at', array(
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,10 @@ class Mage_Adminhtml_Block_Sales_Order_Create_Header extends Mage_Adminhtml_Bloc
protected function _toHtml()
{
if ($this->_getSession()->getOrder()->getId()) {
return '<h3 class="icon-head head-sales-order">'.Mage::helper('sales')->__('Edit Order #%s', $this->_getSession()->getOrder()->getIncrementId()).'</h3>';
return '<h3 class="icon-head head-sales-order">' . Mage::helper('sales')->__(
'Edit Order #%s',
$this->escapeHtml($this->_getSession()->getOrder()->getIncrementId())
) . '</h3>';
}

$customerId = $this->getCustomerId();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -67,10 +67,15 @@ public function getCreditmemo()
public function getHeaderText()
{
if ($this->getCreditmemo()->getInvoice()) {
$header = Mage::helper('sales')->__('New Credit Memo for Invoice #%s', $this->getCreditmemo()->getInvoice()->getIncrementId());
}
else {
$header = Mage::helper('sales')->__('New Credit Memo for Order #%s', $this->getCreditmemo()->getOrder()->getRealOrderId());
$header = Mage::helper('sales')->__(
'New Credit Memo for Invoice #%s',
$this->escapeHtml($this->getCreditmemo()->getInvoice()->getIncrementId())
);
} else {
$header = Mage::helper('sales')->__(
'New Credit Memo for Order #%s',
$this->escapeHtml($this->getCreditmemo()->getOrder()->getRealOrderId())
);
}

return $header;
Expand Down
9 changes: 5 additions & 4 deletions app/code/core/Mage/Adminhtml/Block/Sales/Order/Grid.php
Original file line number Diff line number Diff line change
Expand Up @@ -65,10 +65,11 @@ protected function _prepareColumns()
{

$this->addColumn('real_order_id', array(
'header'=> Mage::helper('sales')->__('Order #'),
'width' => '80px',
'type' => 'text',
'index' => 'increment_id',
'header' => Mage::helper('sales')->__('Order #'),
'width' => '80px',
'type' => 'text',
'index' => 'increment_id',
'escape' => true,
));

if (!Mage::app()->isSingleStoreMode()) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -64,8 +64,14 @@ public function getInvoice()
public function getHeaderText()
{
return ($this->getInvoice()->getOrder()->getForcedDoShipmentWithInvoice())
? Mage::helper('sales')->__('New Invoice and Shipment for Order #%s', $this->getInvoice()->getOrder()->getRealOrderId())
: Mage::helper('sales')->__('New Invoice for Order #%s', $this->getInvoice()->getOrder()->getRealOrderId());
? Mage::helper('sales')->__(
'New Invoice and Shipment for Order #%s',
$this->escapeHtml($this->getInvoice()->getOrder()->getRealOrderId())
)
: Mage::helper('sales')->__(
'New Invoice for Order #%s',
$this->escapeHtml($this->getInvoice()->getOrder()->getRealOrderId())
);
}

/**
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,10 @@ public function getShipment()

public function getHeaderText()
{
$header = Mage::helper('sales')->__('New Shipment for Order #%s', $this->getShipment()->getOrder()->getRealOrderId());
$header = Mage::helper('sales')->__(
'New Shipment for Order #%s',
$this->escapeHtml($this->getShipment()->getOrder()->getRealOrderId())
);
return $header;
}

Expand Down
10 changes: 10 additions & 0 deletions app/code/core/Mage/Adminhtml/Block/Sales/Order/View.php
Original file line number Diff line number Diff line change
Expand Up @@ -315,6 +315,16 @@ public function getReviewPaymentUrl($action)
{
return $this->getUrl('*/*/reviewPayment', array('action' => $action));
}

/**
* Return header for view grid
*
* @return string
*/
public function getHeaderHtml()
{
return '<h3 class="' . $this->getHeaderCssClass() . '">' . $this->escapeHtml($this->getHeaderText()) . '</h3>';
}
//
// /**
// * Return URL for accept payment action
Expand Down
1 change: 1 addition & 0 deletions app/code/core/Mage/Adminhtml/Block/Sales/Shipment/Grid.php
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,7 @@ protected function _prepareColumns()
'header' => Mage::helper('sales')->__('Order #'),
'index' => 'order_increment_id',
'type' => 'text',
'escape' => true,
));

$this->addColumn('order_created_at', array(
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,8 @@ protected function _prepareColumns()
$this->addColumn('increment_id', array(
'header' => Mage::helper('sales')->__('Order ID'),
'index' => 'increment_id',
'type' => 'text'
'type' => 'text',
'escape' => true,
));

$this->addColumn('txn_id', array(
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -58,11 +58,12 @@ protected function _toHtml()
$template->setTemplateStyles($this->getRequest()->getParam('styles'));
}

/* @var $filter Mage_Core_Model_Input_Filter_MaliciousCode */
$filter = Mage::getSingleton('core/input_filter_maliciousCode');
$template->setTemplateStyles(
$this->maliciousCodeFilter($template->getTemplateStyles())
);

$template->setTemplateText(
$filter->filter($template->getTemplateText())
$this->maliciousCodeFilter($template->getTemplateText())
);

Varien_Profiler::start("email_template_proccessing");
Expand Down
11 changes: 11 additions & 0 deletions app/code/core/Mage/Adminhtml/Block/Template.php
Original file line number Diff line number Diff line change
Expand Up @@ -80,4 +80,15 @@ protected function _toHtml()
Mage::dispatchEvent('adminhtml_block_html_before', array('block' => $this));
return parent::_toHtml();
}

/**
* Deleting script tags from string
*
* @param string $html
* @return string
*/
public function maliciousCodeFilter($html)
{
return Mage::getSingleton('core/input_filter_maliciousCode')->filter($html);
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -114,9 +114,9 @@ public function renderHeader()
}
$out = '<a href="#" name="' . $this->getColumn()->getId() . '" title="' . $nDir
. '" class="' . $className . '"><span class="sort-title">'
. $this->getColumn()->getHeader().'</span></a>';
. $this->escapeHtml($this->getColumn()->getHeader()) . '</span></a>';
} else {
$out = $this->getColumn()->getHeader();
$out = $this->escapeHtml($this->getColumn()->getHeader());
}
return $out;
}
Expand Down
7 changes: 5 additions & 2 deletions app/code/core/Mage/Adminhtml/Model/LayoutUpdate/Validator.php
Original file line number Diff line number Diff line change
Expand Up @@ -180,8 +180,11 @@ protected function _getXpathValidationExpression() {
protected function _getXpathBlockValidationExpression() {
$xpath = "";
if (count($this->_disallowedBlock)) {
$xpath = "//block[@type='";
$xpath .= implode("'] | //block[@type='", $this->_disallowedBlock) . "']";
foreach ($this->_disallowedBlock as $key => $value) {
$xpath .= $key > 0 ? " | " : '';
$xpath .= "//block[translate(@type, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz') = ";
$xpath .= "translate('$value', 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz')]";
}
}
return $xpath;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,8 @@ protected function _beforeSave()
$parsedUrl = parse_url($value);
if (!isset($parsedUrl['scheme']) || !isset($parsedUrl['host'])) {
Mage::throwException(Mage::helper('core')->__('The %s you entered is invalid. Please make sure that it follows "http://domain.com/" format.', $this->getFieldConfig()->label));
} elseif (('https' != $parsedUrl['scheme']) && ('http' != $parsedUrl['scheme'])) {
Mage::throwException(Mage::helper('core')->__('Invalid URL scheme.'));
}
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,27 @@
*/
class Mage_Adminhtml_Model_System_Config_Backend_Locale extends Mage_Core_Model_Config_Data
{
/**
* Validate data before save data
*
* @return Mage_Core_Model_Abstract
* @throws Mage_Core_Exception
*/
protected function _beforeSave()
{
$allCurrenciesOptions = Mage::getSingleton('adminhtml/system_config_source_locale_currency_all')
->toOptionArray(true);

$allCurrenciesValues = array_column($allCurrenciesOptions, 'value');

foreach ($this->getValue() as $currency) {
if (!in_array($currency, $allCurrenciesValues)) {
Mage::throwException(Mage::helper('adminhtml')->__('Currency doesn\'t exist.'));
}
}

return parent::_beforeSave();
}

/**
* Enter description here...
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -31,11 +31,19 @@
class Mage_Adminhtml_Model_System_Config_Backend_Serialized_Array extends Mage_Adminhtml_Model_System_Config_Backend_Serialized
{
/**
* Unset array element with '__empty' key
* Check object existence in incoming data and unset array element with '__empty' key
*
* @throws Mage_Core_Exception
* @return void
*/
protected function _beforeSave()
{
try {
Mage::helper('core/unserializeArray')->unserialize(serialize($this->getValue()));
} catch (Exception $e) {
Mage::throwException(Mage::helper('adminhtml')->__('Serialized data is incorrect'));
}

$value = $this->getValue();
if (is_array($value)) {
unset($value['__empty']);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -172,6 +172,7 @@ protected function _filterPostData($data)
/** @var $helperCatalog Mage_Catalog_Helper_Data */
$helperCatalog = Mage::helper('catalog');
//labels
$data['frontend_label'] = (array) $data['frontend_label'];
foreach ($data['frontend_label'] as & $value) {
if ($value) {
$value = $helperCatalog->stripTags($value);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,17 @@ class Mage_Adminhtml_Catalog_Product_ReviewController extends Mage_Adminhtml_Con
*/
protected $_publicActions = array('edit');

/**
* Controller predispatch method
*
* @return Mage_Adminhtml_Controller_Action
*/
public function preDispatch()
{
$this->_setForcedFormKeyActions(array('delete', 'massDelete'));
return parent::preDispatch();
}

public function indexAction()
{
$this->_title($this->__('Catalog'))
Expand Down
Loading

0 comments on commit b7e8ed9

Please sign in to comment.