Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upstream merge 1.9.4.1 #639

Merged
merged 4 commits into from
Apr 2, 2019
Merged

Upstream merge 1.9.4.1 #639

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
1cc18d8
Update Magento 1.9.4.1 - only copyright changes
Schrank Mar 27, 2019
62fae32
Update Magento 1.9.4.1 - real changes
Schrank Mar 27, 2019
f2fcb8e
Merge pull request #73 from Schrank/magento-1.9
Flyingmana Mar 29, 2019
13ebca7
Merge tag '1.9.4.1' of github.com:OpenMage/magento-mirror into 1.9.4.x
Flyingmana Mar 29, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Update Magento 1.9.4.1 - real changes
  • Loading branch information
@Schrank
Schrank committed Mar 27, 2019
commit 62fae32153d34cfae1377cbc18937def7ef8c501
10 changes: 10 additions & 0 deletions RELEASE_NOTES.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,13 @@
==== 1.9.4.1 ====
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
] NOTE: Current Release Notes are maintained at: [
] [
] http://devdocs.magento.com/guides/m1x/ce19-ee114/ce1.9_release-notes.html [
] [
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

==== 1.9.4.0 ====
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Expand Down
16 changes: 11 additions & 5 deletions app/Mage.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
*
* @category Mage
* @package Mage
* @copyright Copyright (c) 2006-2018 Magento, Inc. (http://www.magento.com)
* @copyright Copyright (c) 2006-2019 Magento, Inc. (http://www.magento.com)
* @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
*/

Expand Down Expand Up @@ -174,7 +174,7 @@ public static function getVersionInfo()
'major' => '1',
'minor' => '9',
'revision' => '4',
'patch' => '0',
'patch' => '1',
'stability' => '',
'number' => '',
);
Expand Down Expand Up @@ -808,16 +808,22 @@ public static function log($message, $level = null, $file = '', $forceLog = fals
static $loggers = array();

$level = is_null($level) ? Zend_Log::DEBUG : $level;
$file = empty($file) ? 'system.log' : basename($file);
$file = empty($file) ?
(string) self::getConfig()->getNode('dev/log/file', Mage_Core_Model_Store::DEFAULT_CODE) : basename($file);

// Validate file extension before save. Allowed file extensions: log, txt, html, csv
if (!self::helper('log')->isLogFileExtensionValid($file)) {
$_allowedFileExtensions = explode(
',',
(string) self::getConfig()->getNode('dev/log/allowedFileExtensions', Mage_Core_Model_Store::DEFAULT_CODE)
);
$logValidator = new Zend_Validate_File_Extension($_allowedFileExtensions);
$logDir = self::getBaseDir('var') . DS . 'log';
if (!$logValidator->isValid($logDir . DS . $file)) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure about to change this ... see #646

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Another patch another regression, le sigh. Should get addressed in a separate PR though.

Copy link
Contributor

@edannenberg edannenberg Apr 2, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

After digging a bit into the issue the code is actually correct, for some reason Zend_Validate_File_Extension::isValid() also does a file check, which really is none of it's business.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not said its wrong. Finally it does nearly the same as the old check - if the file check is removed :)

return;
}

try {
if (!isset($loggers[$file])) {
$logDir = self::getBaseDir('var') . DS . 'log';
$logFile = $logDir . DS . $file;

if (!is_dir($logDir)) {
Expand Down
39 changes: 31 additions & 8 deletions app/code/core/Mage/Admin/Model/Session.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
*
* @category Mage
* @package Mage_Admin
* @copyright Copyright (c) 2006-2018 Magento, Inc. (http://www.magento.com)
* @copyright Copyright (c) 2006-2019 Magento, Inc. (http://www.magento.com)
* @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
*/

Expand Down Expand Up @@ -157,15 +157,13 @@ public function login($username, $password, $request = null)
$e->setMessage(
Mage::helper('adminhtml')->__('You did not sign in correctly or your account is temporarily disabled.')
);
Mage::dispatchEvent('admin_session_user_login_failed',
array('user_name' => $username, 'exception' => $e));
if ($request && !$request->getParam('messageSent')) {
Mage::getSingleton('adminhtml/session')->addError($e->getMessage());
$request->setParam('messageSent', true);
}
$this->_loginFailed($e, $request, $username, $e->getMessage());
} catch (Exception $e) {
$message = Mage::helper('adminhtml')->__('An error occurred while logging in.');
$this->_loginFailed($e, $request, $username, $message);
}

return $user;
return isset($user) ? $user : null;
}

/**
Expand Down Expand Up @@ -276,4 +274,29 @@ protected function _getRequestUri($request = null)
return null;
}
}

/**
* Login failed process
*
* @param Exception $e
* @param string $username
* @param string $message
* @param Mage_Core_Controller_Request_Http $request
* @return void
*/
protected function _loginFailed($e, $request, $username, $message)
{
try {
Mage::dispatchEvent('admin_session_user_login_failed', array(
'user_name' => $username,
'exception' => $e
));
} catch (Exception $e) {
}

if ($request && !$request->getParam('messageSent')) {
Mage::getSingleton('adminhtml/session')->addError($message);
$request->setParam('messageSent', true);
}
}
}
4 changes: 2 additions & 2 deletions app/code/core/Mage/Adminhtml/Block/Api/Buttons.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
*
* @category Mage
* @package Mage_Adminhtml
* @copyright Copyright (c) 2006-2018 Magento, Inc. (http://www.magento.com)
* @copyright Copyright (c) 2006-2019 Magento, Inc. (http://www.magento.com)
* @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
*/

Expand Down Expand Up @@ -71,7 +71,7 @@ protected function _prepareLayout()
true
)
. '\', \''
. $this->getUrl('*/*/delete', array('rid' => $this->getRequest()->getParam('rid')))
. $this->getUrlSecure('*/*/delete', array('rid' => $this->getRequest()->getParam('rid')))
. '\')',
'class' => 'delete'
))
Expand Down
4 changes: 2 additions & 2 deletions app/code/core/Mage/Adminhtml/Block/Catalog/Product/Edit.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
*
* @category Mage
* @package Mage_Adminhtml
* @copyright Copyright (c) 2006-2018 Magento, Inc. (http://www.magento.com)
* @copyright Copyright (c) 2006-2019 Magento, Inc. (http://www.magento.com)
* @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
*/

Expand Down Expand Up @@ -205,7 +205,7 @@ public function getIsGrouped()

public function getDeleteUrl()
{
return $this->getUrl('*/*/delete', array('_current'=>true));
return $this->getUrlSecure('*/*/delete', array('_current'=>true));
}

public function getDuplicateUrl()
Expand Down
4 changes: 2 additions & 2 deletions app/code/core/Mage/Adminhtml/Block/Customer/Group/Edit.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
*
* @category Mage
* @package Mage_Adminhtml
* @copyright Copyright (c) 2006-2018 Magento, Inc. (http://www.magento.com)
* @copyright Copyright (c) 2006-2019 Magento, Inc. (http://www.magento.com)
* @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
*/

Expand Down Expand Up @@ -57,7 +57,7 @@ public function getDeleteUrl()
'form_key' => Mage::getSingleton('core/session')->getFormKey()
));
} else {
parent::getDeleteUrl();
return parent::getDeleteUrl();
}
}

Expand Down
67 changes: 19 additions & 48 deletions app/code/core/Mage/Adminhtml/Block/Dashboard/Graph.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
*
* @category Mage
* @package Mage_Adminhtml
* @copyright Copyright (c) 2006-2018 Magento, Inc. (http://www.magento.com)
* @copyright Copyright (c) 2006-2019 Magento, Inc. (http://www.magento.com)
* @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
*/

Expand All @@ -37,7 +37,7 @@ class Mage_Adminhtml_Block_Dashboard_Graph extends Mage_Adminhtml_Block_Dashboar
/**
* Api URL
*/
const API_URL = 'http://chart.apis.google.com/chart';
const API_URL = 'https://image-charts.com/chart';

/**
* All series
Expand Down Expand Up @@ -98,6 +98,8 @@ class Mage_Adminhtml_Block_Dashboard_Graph extends Mage_Adminhtml_Block_Dashboar
/**
* Google chart api data encoding
*
* @deprecated since the Google Image Charts API not accessible from March 14, 2019
*
* @var string
*/
protected $_encoding = 'e';
Expand Down Expand Up @@ -190,7 +192,9 @@ public function getChartUrl($directUrl = true)
'cht' => 'lc',
'chf' => 'bg,s,f4f4f4|c,lg,90,ffffff,0.1,ededed,0',
'chm' => 'B,f4d4b2,0,0,0',
'chco' => 'db4814'
'chco' => 'db4814',
'chxs' => '0,0,11|1,0,11',
'chma' => '15,15,15,15'
);

$this->_allSeries = $this->getRowsData($this->_dataRows);
Expand Down Expand Up @@ -264,20 +268,11 @@ public function getChartUrl($directUrl = true)
$this->_axisLabels['x'] = $dates;
$this->_allSeries = $datas;

//Google encoding values
if ($this->_encoding == "s") {
// simple encoding
$params['chd'] = "s:";
$dataDelimiter = "";
$dataSetdelimiter = ",";
$dataMissing = "_";
} else {
// extended encoding
$params['chd'] = "e:";
$dataDelimiter = "";
$dataSetdelimiter = ",";
$dataMissing = "__";
}
// Image-Charts Awesome data format values
$params['chd'] = "a:";
$dataDelimiter = ",";
$dataSetdelimiter = "|";
$dataMissing = "_";

// process each string in the array, and find the max length
foreach ($this->getAllSeries() as $index => $serie) {
Expand Down Expand Up @@ -323,38 +318,14 @@ public function getChartUrl($directUrl = true)

foreach ($this->getAllSeries() as $index => $serie) {
$thisdataarray = $serie;
if ($this->_encoding == "s") {
// SIMPLE ENCODING
for ($j = 0; $j < sizeof($thisdataarray); $j++) {
$currentvalue = $thisdataarray[$j];
if (is_numeric($currentvalue)) {
$ylocation = round((strlen($this->_simpleEncoding)-1) * ($yorigin + $currentvalue) / $yrange);
array_push($chartdata, substr($this->_simpleEncoding, $ylocation, 1) . $dataDelimiter);
} else {
array_push($chartdata, $dataMissing . $dataDelimiter);
}
}
// END SIMPLE ENCODING
} else {
// EXTENDED ENCODING
for ($j = 0; $j < sizeof($thisdataarray); $j++) {
$currentvalue = $thisdataarray[$j];
if (is_numeric($currentvalue)) {
if ($yrange) {
$ylocation = (4095 * ($yorigin + $currentvalue) / $yrange);
} else {
$ylocation = 0;
}
$firstchar = floor($ylocation / 64);
$secondchar = $ylocation % 64;
$mappedchar = substr($this->_extendedEncoding, $firstchar, 1)
. substr($this->_extendedEncoding, $secondchar, 1);
array_push($chartdata, $mappedchar . $dataDelimiter);
} else {
array_push($chartdata, $dataMissing . $dataDelimiter);
}
for ($j = 0; $j < sizeof($thisdataarray); $j++) {
$currentvalue = $thisdataarray[$j];
if (is_numeric($currentvalue)) {
$ylocation = $yorigin + $currentvalue;
array_push($chartdata, $ylocation . $dataDelimiter);
} else {
array_push($chartdata, $dataMissing . $dataDelimiter);
}
// ============= END EXTENDED ENCODING =============
}
array_push($chartdata, $dataSetdelimiter);
}
Expand Down
4 changes: 2 additions & 2 deletions app/code/core/Mage/Adminhtml/Block/Permissions/Buttons.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
*
* @category Mage
* @package Mage_Adminhtml
* @copyright Copyright (c) 2006-2018 Magento, Inc. (http://www.magento.com)
* @copyright Copyright (c) 2006-2019 Magento, Inc. (http://www.magento.com)
* @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
*/

Expand Down Expand Up @@ -70,7 +70,7 @@ protected function _prepareLayout()
Mage::helper('adminhtml')->__('Are you sure you want to do this?')
)
. '\', \''
. $this->getUrl('*/*/delete', array('rid' => $this->getRequest()->getParam('rid')))
. $this->getUrlSecure('*/*/delete', array('rid' => $this->getRequest()->getParam('rid')))
. '\')',
'class' => 'delete'
))
Expand Down
7 changes: 5 additions & 2 deletions app/code/core/Mage/Adminhtml/Block/System/Design/Edit.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
*
* @category Mage
* @package Mage_Adminhtml
* @copyright Copyright (c) 2006-2018 Magento, Inc. (http://www.magento.com)
* @copyright Copyright (c) 2006-2019 Magento, Inc. (http://www.magento.com)
* @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
*/

Expand Down Expand Up @@ -75,7 +75,10 @@ public function getDesignChangeId()

public function getDeleteUrl()
{
return $this->getUrl('*/*/delete', array('_current'=>true));
return $this->getUrlSecure('*/*/delete', array(
'id' => $this->getDesignChangeId(),
Mage_Core_Model_Url::FORM_KEY => $this->getFormKey()
));
}

public function getSaveUrl()
Expand Down
37 changes: 33 additions & 4 deletions app/code/core/Mage/Adminhtml/Block/System/Store/Edit.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
*
* @category Mage
* @package Mage_Adminhtml
* @copyright Copyright (c) 2006-2018 Magento, Inc. (http://www.magento.com)
* @copyright Copyright (c) 2006-2019 Magento, Inc. (http://www.magento.com)
* @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
*/

Expand All @@ -40,24 +40,28 @@ class Mage_Adminhtml_Block_System_Store_Edit extends Mage_Adminhtml_Block_Widget
*/
public function __construct()
{
$backupAvailable =
Mage::getSingleton('admin/session')->isAllowed('system/tools/backup')
&& Mage::helper('core')->isModuleEnabled('Mage_Backup')
&& !Mage::getStoreConfigFlag('advanced/modules_disable_output/Mage_Backup');
switch (Mage::registry('store_type')) {
case 'website':
$this->_objectId = 'website_id';
$saveLabel = Mage::helper('core')->__('Save Website');
$deleteLabel = Mage::helper('core')->__('Delete Website');
$deleteUrl = $this->getUrl('*/*/deleteWebsite', array('item_id' => Mage::registry('store_data')->getId()));
$deleteUrl = $this->_getDeleteUrl(Mage::registry('store_type'), $backupAvailable);
break;
case 'group':
$this->_objectId = 'group_id';
$saveLabel = Mage::helper('core')->__('Save Store');
$deleteLabel = Mage::helper('core')->__('Delete Store');
$deleteUrl = $this->getUrl('*/*/deleteGroup', array('item_id' => Mage::registry('store_data')->getId()));
$deleteUrl = $this->_getDeleteUrl(Mage::registry('store_type'), $backupAvailable);
break;
case 'store':
$this->_objectId = 'store_id';
$saveLabel = Mage::helper('core')->__('Save Store View');
$deleteLabel = Mage::helper('core')->__('Delete Store View');
$deleteUrl = $this->getUrl('*/*/deleteStore', array('item_id' => Mage::registry('store_data')->getId()));
$deleteUrl = $this->_getDeleteUrl(Mage::registry('store_type'), $backupAvailable);
break;
}
$this->_controller = 'system_store';
Expand Down Expand Up @@ -100,4 +104,29 @@ public function getHeaderText()

return Mage::registry('store_action') == 'add' ? $addLabel : $editLabel;
}

/**
* Create URL depending on backups
*
* @param string $storeType
* @param bool $backupAvailable
* @return string
*/
public function _getDeleteUrl($storeType, $backupAvailable = false)
{
$storeType = uc_words($storeType);
if ($backupAvailable) {
$deleteUrl = $this->getUrl('*/*/delete' . $storeType, array('item_id' => Mage::registry('store_data')->getId()));
} else {
$deleteUrl = $this->getUrl(
'*/*/delete' . $storeType . 'Post',
array(
'item_id' => Mage::registry('store_data')->getId(),
'form_key' => Mage::getSingleton('core/session')->getFormKey()
)
);
}

return $deleteUrl;
}
}
Loading