Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Magento 1.9.4.3 + SUPEE 11295 diff
diff --git a/app/code/core/Mage/Adminhtml/Block/Catalog/Product/Helper/Form/Gallery/Content.php b/app/code/core/Mage/Adminhtml/Block/Catalog/Product/Helper/Form/Gallery/Content.php
index ff633cee..5dab2f1e 100644
--- a/app/code/core/Mage/Adminhtml/Block/Catalog/Product/Helper/Form/Gallery/Content.php
+++ b/app/code/core/Mage/Adminhtml/Block/Catalog/Product/Helper/Form/Gallery/Content.php
@@ -55,7 +55,10 @@ class Mage_Adminhtml_Block_Catalog_Product_Helper_Form_Gallery_Content extends M
$this->getUploader()->getUploaderConfig()
->setFileParameterName('image')
- ->setTarget(Mage::getModel('adminhtml/url')->addSessionParam()->getUrl('*/catalog_product_gallery/upload'));
+ ->setTarget(Mage::getModel('adminhtml/url')->addSessionParam()->getUrl(
+ '*/catalog_product_gallery/upload',
+ array('_query' => false)
+ ));
$browseConfig = $this->getUploader()->getButtonConfig();
$browseConfig
diff --git a/app/code/core/Mage/Adminhtml/Block/Cms/Wysiwyg/Images/Content/Uploader.php b/app/code/core/Mage/Adminhtml/Block/Cms/Wysiwyg/Images/Content/Uploader.php
index 7db75d0d..81c26e23 100644
--- a/app/code/core/Mage/Adminhtml/Block/Cms/Wysiwyg/Images/Content/Uploader.php
+++ b/app/code/core/Mage/Adminhtml/Block/Cms/Wysiwyg/Images/Content/Uploader.php
@@ -44,7 +44,10 @@ class Mage_Adminhtml_Block_Cms_Wysiwyg_Images_Content_Uploader extends Mage_Uplo
$this->getUploaderConfig()
->setFileParameterName('image')
->setTarget(
- Mage::getModel('adminhtml/url')->addSessionParam()->getUrl('*/*/upload', array('type' => $type))
+ Mage::getModel('adminhtml/url')->addSessionParam()->getUrl(
+ '*/*/upload',
+ array('type' => $type, '_query' => false)
+ )
);
$this->getButtonConfig()
->setAttributes(array(
diff --git a/app/code/core/Mage/Core/Model/Input/Filter/MaliciousCode.php b/app/code/core/Mage/Core/Model/Input/Filter/MaliciousCode.php
index b3cadd01..1d6c97a0 100644
--- a/app/code/core/Mage/Core/Model/Input/Filter/MaliciousCode.php
+++ b/app/code/core/Mage/Core/Model/Input/Filter/MaliciousCode.php
@@ -50,9 +50,9 @@ class Mage_Core_Model_Input_Filter_MaliciousCode implements Zend_Filter_Interfac
//js in the style attribute
'/style=[^<]*((expression\s*?\([^<]*?\))|(behavior\s*:))[^<]*(?=\>)/Uis',
//js attributes
- '/(ondblclick|onclick|onkeydown|onkeypress|onkeyup|onmousedown|onmousemove|onmouseout|onmouseover|onmouseup|onload|onunload|onerror|onanimationstart)\s*=[^>]*(?=\>)/Uis',
+ '/(ondblclick|onclick|onkeydown|onkeypress|onkeyup|onmousedown|onmousemove|onmouseout|onmouseover|onmouseup|onload|onunload|onerror|onanimationstart|onfocus|onloadstart|ontoggle)\s*=[^>]*(?=\>)/Uis',
//tags
- '/<\/?(script|meta|link|frame|iframe).*>/Uis',
+ '/<\/?(script|meta|link|frame|iframe|object).*>/Uis',
//base64 usage
'/src\s*=[^<]*base64[^<]*(?=\>)/Uis',
//data attribute
diff --git a/app/design/adminhtml/default/default/template/forgotpassword.phtml b/app/design/adminhtml/default/default/template/forgotpassword.phtml
index d4728379..6f67b165 100644
--- a/app/design/adminhtml/default/default/template/forgotpassword.phtml
+++ b/app/design/adminhtml/default/default/template/forgotpassword.phtml
@@ -28,6 +28,7 @@
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+ <meta name="robots" content="noindex, nofollow" />
<title><?php echo Mage::helper('adminhtml')->__('Log into Magento Admin Page'); ?></title>
<link type="text/css" rel="stylesheet" href="<?php echo $this->getSkinUrl('reset.css'); ?>" media="all" />
<link type="text/css" rel="stylesheet" href="<?php echo $this->getSkinUrl('boxes.css'); ?>" media="all" />
diff --git a/app/design/adminhtml/default/default/template/login.phtml b/app/design/adminhtml/default/default/template/login.phtml
index 49c2b81a..463230b9 100644
--- a/app/design/adminhtml/default/default/template/login.phtml
+++ b/app/design/adminhtml/default/default/template/login.phtml
@@ -28,6 +28,7 @@
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+ <meta name="robots" content="noindex, nofollow" />
<title><?php echo Mage::helper('adminhtml')->__('Log into Magento Admin Page') ?></title>
<link type="text/css" rel="stylesheet" href="<?php echo $this->getSkinUrl('reset.css') ?>" media="all" />
<link type="text/css" rel="stylesheet" href="<?php echo $this->getSkinUrl('boxes.css') ?>" media="all" />
diff --git a/app/design/adminhtml/default/default/template/page/head.phtml b/app/design/adminhtml/default/default/template/page/head.phtml
index 3d330442..e067095f 100644
--- a/app/design/adminhtml/default/default/template/page/head.phtml
+++ b/app/design/adminhtml/default/default/template/page/head.phtml
@@ -25,6 +25,7 @@
*/
?>
<meta http-equiv="Content-Type" content="<?php echo $this->getContentType() ?>"/>
+<meta name="robots" content="noindex, nofollow"/>
<title><?php echo htmlspecialchars(html_entity_decode($this->getTitle())) ?></title>
<link rel="icon" href="<?php echo $this->getSkinUrl('favicon.ico') ?>" type="image/x-icon"/>
<link rel="shortcut icon" href="<?php echo $this->getSkinUrl('favicon.ico') ?>" type="image/x-icon"/>
diff --git a/app/design/adminhtml/default/default/template/resetforgottenpassword.phtml b/app/design/adminhtml/default/default/template/resetforgottenpassword.phtml
index 508ae90a..dad1828a 100644
--- a/app/design/adminhtml/default/default/template/resetforgottenpassword.phtml
+++ b/app/design/adminhtml/default/default/template/resetforgottenpassword.phtml
@@ -28,6 +28,7 @@
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+ <meta name="robots" content="noindex, nofollow" />
<title><?php echo Mage::helper('adminhtml')->__('Reset a Password'); ?></title>
<link type="text/css" rel="stylesheet" href="<?php echo $this->getSkinUrl('reset.css'); ?>" media="all" />
<link type="text/css" rel="stylesheet" href="<?php echo $this->getSkinUrl('boxes.css'); ?>" media="all" />
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment