Merge pull request #70 from treestonemedia/magento-1.9.4

Update to Magento 1.9.4
OpenMage · Dec 3, 2018 · fe6a94e · fe6a94e
2 parents 1ed39d1 + 9ffa3a0
commit fe6a94e
Show file tree

Hide file tree

Showing 147 changed files with 30,305 additions and 7,187 deletions.
diff --git a/RELEASE_NOTES.txt b/RELEASE_NOTES.txt
@@ -1,3 +1,13 @@
+==== 1.9.4.0 ====
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+] NOTE: Current Release Notes are maintained at:                                                                              [
+]                                                                                                                             [
+] http://devdocs.magento.com/guides/m1x/ce19-ee114/ce1.9_release-notes.html                                                   [
+]                                                                                                                             [
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
 ==== 1.9.3.10 ====
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

diff --git a/app/Mage.php b/app/Mage.php
@@ -53,6 +53,9 @@
 
 Varien_Autoload::register();
 
+include_once "phpseclib/bootstrap.php";
+include_once "mcryptcompat/mcrypt.php";
+
 /**
  * Main Mage hub class
  *
@@ -170,8 +173,8 @@ public static function getVersionInfo()
         return array(
             'major'     => '1',
             'minor'     => '9',
-            'revision'  => '3',
-            'patch'     => '10',
+            'revision'  => '4',
+            'patch'     => '0',
             'stability' => '',
             'number'    => '',
         );

diff --git a/app/code/core/Mage/Adminhtml/Block/Catalog/Product/Attribute/Edit/Tab/Main.php b/app/code/core/Mage/Adminhtml/Block/Catalog/Product/Attribute/Edit/Tab/Main.php
@@ -32,7 +32,8 @@
  * @package    Mage_Adminhtml
  * @author     Magento Core Team <[email protected]>
  */
-class Mage_Adminhtml_Block_Catalog_Product_Attribute_Edit_Tab_Main extends Mage_Eav_Block_Adminhtml_Attribute_Edit_Main_Abstract
+class Mage_Adminhtml_Block_Catalog_Product_Attribute_Edit_Tab_Main
+    extends Mage_Eav_Block_Adminhtml_Attribute_Edit_Main_Abstract
 {
     /**
      * Adding product form elements for editing attribute
@@ -48,6 +49,17 @@ protected function _prepareForm()
         /* @var $fieldset Varien_Data_Form_Element_Fieldset */
         $fieldset = $form->getElement('base_fieldset');
 
+        $fieldset->getElements()
+            ->searchById('attribute_code')
+            ->setData(
+                'class',
+                'validate-code-event ' . $fieldset->getElements()->searchById('attribute_code')->getData('class')
+            )->setData(
+                'note',
+                $fieldset->getElements()->searchById('attribute_code')->getData('note')
+                . Mage::helper('eav')->__('. Do not use "event" for an attribute code, it is a reserved keyword.')
+            );
+
         $frontendInputElm = $form->getElement('frontend_input');
         $additionalTypes = array(
             array(
@@ -94,7 +106,10 @@ protected function _prepareForm()
             Mage_Catalog_Model_Resource_Eav_Attribute::SCOPE_GLOBAL =>Mage::helper('catalog')->__('Global'),
         );
 
-        if ($attributeObject->getAttributeCode() == 'status' || $attributeObject->getAttributeCode() == 'tax_class_id') {
+        if (
+            $attributeObject->getAttributeCode() == 'status'
+            || $attributeObject->getAttributeCode() == 'tax_class_id'
+        ) {
             unset($scopes[Mage_Catalog_Model_Resource_Eav_Attribute::SCOPE_STORE]);
         }
 

diff --git a/app/code/core/Mage/Adminhtml/Block/Customer/Group/Edit.php b/app/code/core/Mage/Adminhtml/Block/Customer/Group/Edit.php
@@ -49,6 +49,18 @@ public function __construct()
         }
     }
 
+    public function getDeleteUrl()
+    {
+        if (!Mage::getSingleton('adminhtml/url')->useSecretKey()) {
+            return $this->getUrl('*/*/delete', array(
+                $this->_objectId => $this->getRequest()->getParam($this->_objectId),
+                'form_key' => Mage::getSingleton('core/session')->getFormKey()
+            ));
+        } else {
+            parent::getDeleteUrl();
+        }
+    }
+
     public function getHeaderText()
     {
         if(!is_null(Mage::registry('current_group')->getId())) {

diff --git a/app/code/core/Mage/Adminhtml/Block/Newsletter/Template/Edit.php b/app/code/core/Mage/Adminhtml/Block/Newsletter/Template/Edit.php
@@ -275,7 +275,7 @@ public function getForm()
      */
     public function getJsTemplateName()
     {
-        return addcslashes($this->getModel()->getTemplateCode(), "\"\r\n\\");
+        return addcslashes($this->escapeHtml($this->getModel()->getTemplateCode()), "\"\r\n\\");
     }
 
     /**

diff --git a/app/code/core/Mage/Adminhtml/controllers/Catalog/Product/AttributeController.php b/app/code/core/Mage/Adminhtml/controllers/Catalog/Product/AttributeController.php
@@ -208,10 +208,10 @@ public function saveAction()
 
             //validate attribute_code
             if (isset($data['attribute_code'])) {
-                $validatorAttrCode = new Zend_Validate_Regex(array('pattern' => '/^[a-z][a-z_0-9]{1,254}$/'));
+                $validatorAttrCode = new Zend_Validate_Regex(array('pattern' => '/[a-z][a-z_0-9]{1,254}[^event]/'));
                 if (!$validatorAttrCode->isValid($data['attribute_code'])) {
                     $session->addError(
-                        Mage::helper('catalog')->__('Attribute code is invalid. Please use only letters (a-z), numbers (0-9) or underscore(_) in this field, first character should be a letter.')
+                        Mage::helper('catalog')->__('Attribute code is invalid. Please use only letters (a-z), numbers (0-9) or underscore(_) in this field, first character should be a letter. Do not use "event" for an attribute code.')
                     );
                     $this->_redirect('*/*/edit', array('attribute_id' => $id, '_current' => true));
                     return;

diff --git a/app/code/core/Mage/Adminhtml/controllers/Cms/BlockController.php b/app/code/core/Mage/Adminhtml/controllers/Cms/BlockController.php
@@ -34,6 +34,17 @@
  */
 class Mage_Adminhtml_Cms_BlockController extends Mage_Adminhtml_Controller_Action
 {
+    /**
+     * Controller predispatch method
+     *
+     * @return Mage_Adminhtml_Controller_Action
+     */
+    public function preDispatch()
+    {
+        $this->_setForcedFormKeyActions('delete');
+        return parent::preDispatch();
+    }
+
     /**
      * Init actions
      *

diff --git a/app/code/core/Mage/Adminhtml/controllers/Customer/GroupController.php b/app/code/core/Mage/Adminhtml/controllers/Customer/GroupController.php
@@ -33,6 +33,17 @@
  */
 class Mage_Adminhtml_Customer_GroupController extends Mage_Adminhtml_Controller_Action
 {
+    /**
+     * Controller predispatch method
+     *
+     * @return Mage_Adminhtml_Controller_Action
+     */
+    public function preDispatch()
+    {
+        $this->_setForcedFormKeyActions('delete');
+        return parent::preDispatch();
+    }
+
     protected function _initGroup()
     {
         $this->_title($this->__('Customers'))->_title($this->__('Customer Groups'));

diff --git a/app/code/core/Mage/Adminhtml/controllers/SitemapController.php b/app/code/core/Mage/Adminhtml/controllers/SitemapController.php
@@ -33,6 +33,17 @@
  */
 class Mage_Adminhtml_SitemapController extends  Mage_Adminhtml_Controller_Action
 {
+    /**
+     * Controller predispatch method
+     *
+     * @return Mage_Adminhtml_Controller_Action
+     */
+    public function preDispatch()
+    {
+        $this->_setForcedFormKeyActions('delete');
+        return parent::preDispatch();
+    }
+
     /**
      * Init actions
      *

diff --git a/app/code/core/Mage/Adminhtml/controllers/System/BackupController.php b/app/code/core/Mage/Adminhtml/controllers/System/BackupController.php
@@ -369,7 +369,9 @@ public function massDeleteAction()
      */
     protected function _isAllowed()
     {
-        return Mage::getSingleton('admin/session')->isAllowed('system/tools/backup' );
+        return Mage::getSingleton('admin/session')->isAllowed('system/tools/backup')
+            && Mage::helper('core')->isModuleEnabled('Mage_Backup')
+            && !Mage::getStoreConfigFlag('advanced/modules_disable_output/Mage_Backup');
     }
 
     /**

diff --git a/app/code/core/Mage/Captcha/Model/Observer.php b/app/code/core/Mage/Captcha/Model/Observer.php
@@ -289,4 +289,57 @@ protected function _getCaptchaString($request, $formId)
         $captchaParams = $request->getPost(Mage_Captcha_Helper_Data::INPUT_NAME_FIELD_VALUE);
         return $captchaParams[$formId];
     }
+
+    /**
+     * Check Captcha On Share Wishlist Page
+     *
+     * @param Varien_Event_Observer $observer
+     * @return Mage_Captcha_Model_Observer
+     */
+    public function checkWishlistSharing($observer)
+    {
+        $formId = 'wishlist_sharing';
+        $captchaModel = Mage::helper('captcha')->getCaptcha($formId);
+        if ($captchaModel->isRequired()) {
+            $controller = $observer->getControllerAction();
+            $request = $controller->getRequest();
+            if (!$captchaModel->isCorrect($this->_getCaptchaString($request, $formId))) {
+                Mage::getSingleton('wishlist/session')->addError(Mage::helper('captcha')->__('Incorrect CAPTCHA.'));
+                $controller->setFlag('', Mage_Core_Controller_Varien_Action::FLAG_NO_DISPATCH, true);
+                Mage::getSingleton('wishlist/session')->setSharingForm($request->getPost());
+                $wishlistId = (int)$request->getParam('wishlist_id');
+                $controller->getResponse()
+                    ->setRedirect(Mage::getUrl('wishlist/index/share/wishlist_id/' . $wishlistId));
+            }
+        }
+        return $this;
+    }
+
+    /**
+     * Check Captcha On Email Product To A Friend Page
+     *
+     * @param Varien_Event_Observer $observer
+     * @return Mage_Captcha_Model_Observer
+     */
+    public function checkSendfriendSend($observer)
+    {
+        $formId = 'sendfriend_send';
+        $captchaModel = Mage::helper('captcha')->getCaptcha($formId);
+        if ($captchaModel->isRequired()) {
+            $controller = $observer->getControllerAction();
+            $request = $controller->getRequest();
+            if (!$captchaModel->isCorrect($this->_getCaptchaString($request, $formId))) {
+                Mage::getSingleton('catalog/session')->addError(Mage::helper('captcha')->__('Incorrect CAPTCHA.'));
+                $controller->setFlag('', Mage_Core_Controller_Varien_Action::FLAG_NO_DISPATCH, true);
+                Mage::getSingleton('catalog/session')->setFormData($request->getPost());
+                $id = (int)$request->getParam('id');
+                $catId = $request->getParam('cat_id');
+                if (null !== $catId) {
+                    $id .= '/cat_id/' . (int)$catId;
+                }
+                $controller->getResponse()->setRedirect(Mage::getUrl('*/*/send/id/' . $id));
+            }
+        }
+        return $this;
+    }
 }
diff --git a/app/code/core/Mage/Captcha/Model/Zend.php b/app/code/core/Mage/Captcha/Model/Zend.php
@@ -116,7 +116,11 @@ public function getBlockName()
      */
     public function isRequired($login = null)
     {
-        if ($this->_isUserAuth() || !$this->_isEnabled() || !in_array($this->_formId, $this->_getTargetForms())) {
+        $nonAuthForms = array('wishlist_sharing', 'sendfriend_send');
+
+        if ((!in_array($this->_formId, $nonAuthForms) && $this->_isUserAuth())
+            || !$this->_isEnabled() || !in_array($this->_formId, $this->_getTargetForms())
+        ) {
             return false;
         }
 

diff --git a/app/code/core/Mage/Captcha/etc/config.xml b/app/code/core/Mage/Captcha/etc/config.xml
@@ -78,6 +78,14 @@
                     </captcha>
                 </observers>
             </controller_action_predispatch_customer_account_createpost>
+            <controller_action_predispatch_wishlist_index_send>
+                <observers>
+                    <captcha>
+                        <class>captcha/observer</class>
+                        <method>checkWishlistSharing</method>
+                    </captcha>
+                </observers>
+            </controller_action_predispatch_wishlist_index_send>
             <controller_action_predispatch_adminhtml_index_forgotpassword>
                 <observers>
                     <captcha>
@@ -122,6 +130,14 @@
                     </captcha_reset_attempt>
                 </observers>
             </admin_session_user_login_success>
+            <controller_action_predispatch_sendfriend_product_sendmail>
+                <observers>
+                    <captcha>
+                        <class>captcha/observer</class>
+                        <method>checkSendfriendSend</method>
+                    </captcha>
+                </observers>
+            </controller_action_predispatch_sendfriend_product_sendmail>
         </events>
     </global>
     <frontend>
@@ -206,6 +222,8 @@
                     <user_forgotpassword>1</user_forgotpassword>
                     <guest_checkout>1</guest_checkout>
                     <register_during_checkout>1</register_during_checkout>
+                    <wishlist_sharing>1</wishlist_sharing>
+                    <sendfriend_send>1</sendfriend_send>
                 </always_for>
             </captcha>
         </customer>
@@ -233,6 +251,12 @@
                     <register_during_checkout>
                         <label>Register during Checkout</label>
                     </register_during_checkout>
+                    <wishlist_sharing>
+                        <label>Share Wishlist</label>
+                    </wishlist_sharing>
+                    <sendfriend_send>
+                        <label>Email Product to a Friend</label>
+                    </sendfriend_send>
                 </areas>
             </frontend>
             <backend>

diff --git a/app/code/core/Mage/Catalog/Helper/Product/Flat.php b/app/code/core/Mage/Catalog/Helper/Product/Flat.php
@@ -80,6 +80,22 @@ class Mage_Catalog_Helper_Product_Flat extends Mage_Catalog_Helper_Flat_Abstract
      */
     protected $_flagObject;
 
+    /**
+     * Catalog Product Flat force status enable/disable
+     * to force EAV for products in quote
+     * store settings will be used by default
+     *
+     * @var boolean
+     */
+    protected $_forceFlatStatus = false;
+
+    /**
+     * Old Catalog Product Flat forced status
+     *
+     * @var boolean
+     */
+    protected $_forceFlatStatusOld;
+
     /**
      * Retrieve Catalog Product Flat Flag object
      *
@@ -155,4 +171,40 @@ public function isAddChildData()
     {
         return intval(Mage::getConfig()->getNode(self::XML_NODE_ADD_CHILD_DATA));
     }
+
+    /**
+     * Disable Catalog Product Flat
+     *
+     * @param $save bool
+     */
+    public function disableFlatCollection($save = false)
+    {
+        $this->_forceFlatStatus = true;
+
+        if ($save) {
+            $this->_forceFlatStatusOld = $this->_forceFlatStatus;
+        }
+    }
+
+    /**
+     * Reset Catalog Product Flat
+     */
+    public function resetFlatCollection()
+    {
+        if (isset($this->_forceFlatStatusOld)) {
+            $this->_forceFlatStatus = $this->_forceFlatStatusOld;
+        } else {
+            $this->_forceFlatStatus = false;
+        }
+    }
+
+    /**
+     * Checks if Catalog Product Flat was forced disabled
+     *
+     * @return bool
+     */
+    public function isFlatCollectionDisabled()
+    {
+        return $this->_forceFlatStatus;
+    }
 }
diff --git a/app/code/core/Mage/Catalog/Model/Api2/Product/Image/Rest/Admin/V1.php b/app/code/core/Mage/Catalog/Model/Api2/Product/Image/Rest/Admin/V1.php
@@ -69,7 +69,9 @@ protected function _create(array $data)
 
             // try to create Image object to check if image data is valid
             try {
-                new Varien_Image($apiTempDir . DS . $imageFileName);
+                $filePath = $apiTempDir . DS . $imageFileName;
+                new Varien_Image($filePath);
+                Mage::getModel('core/file_validator_image')->validate($filePath);
             } catch (Exception $e) {
                 $ioAdapter->rmdir($apiTempDir, true);
                 $this->_critical($e->getMessage(), Mage_Api2_Model_Server::HTTP_INTERNAL_ERROR);

diff --git a/app/code/core/Mage/Catalog/Model/Product.php b/app/code/core/Mage/Catalog/Model/Product.php
@@ -2096,4 +2096,19 @@ public function afterCommitCallback()
 
         return $this;
     }
+
+    /**
+     *  Checks event attribute for initialization as an event object
+     *
+     * @return bool | Enterprise_CatalogEvent_Model_Event
+     */
+    public function getEvent()
+    {
+        $event = parent::getEvent();
+        if (is_string($event)) {
+            $event = false;
+        }
+
+        return $event;
+    }
 }
-Original file line number
+Diff line change
@@ Expand Up / @@ -275,7 +275,7 @@ public function getForm() @@
          */
         public function getJsTemplateName()
         {
-            return addcslashes($this->getModel()->getTemplateCode(), "\"\r\n\\");
+            return addcslashes($this->escapeHtml($this->getModel()->getTemplateCode()), "\"\r\n\\");
         }
         /**
@@ Expand Down @@