Created
February 1, 2020 17:41
-
-
Save barbanet/233d73524d55dc0f55e9fcf45b12d815 to your computer and use it in GitHub Desktop.
Magento 1.9.4.3 + SUPEE 11295 diff
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/app/code/core/Mage/Adminhtml/Block/Catalog/Product/Helper/Form/Gallery/Content.php b/app/code/core/Mage/Adminhtml/Block/Catalog/Product/Helper/Form/Gallery/Content.php | |
index ff633cee..5dab2f1e 100644 | |
--- a/app/code/core/Mage/Adminhtml/Block/Catalog/Product/Helper/Form/Gallery/Content.php | |
+++ b/app/code/core/Mage/Adminhtml/Block/Catalog/Product/Helper/Form/Gallery/Content.php | |
@@ -55,7 +55,10 @@ class Mage_Adminhtml_Block_Catalog_Product_Helper_Form_Gallery_Content extends M | |
$this->getUploader()->getUploaderConfig() | |
->setFileParameterName('image') | |
- ->setTarget(Mage::getModel('adminhtml/url')->addSessionParam()->getUrl('*/catalog_product_gallery/upload')); | |
+ ->setTarget(Mage::getModel('adminhtml/url')->addSessionParam()->getUrl( | |
+ '*/catalog_product_gallery/upload', | |
+ array('_query' => false) | |
+ )); | |
$browseConfig = $this->getUploader()->getButtonConfig(); | |
$browseConfig | |
diff --git a/app/code/core/Mage/Adminhtml/Block/Cms/Wysiwyg/Images/Content/Uploader.php b/app/code/core/Mage/Adminhtml/Block/Cms/Wysiwyg/Images/Content/Uploader.php | |
index 7db75d0d..81c26e23 100644 | |
--- a/app/code/core/Mage/Adminhtml/Block/Cms/Wysiwyg/Images/Content/Uploader.php | |
+++ b/app/code/core/Mage/Adminhtml/Block/Cms/Wysiwyg/Images/Content/Uploader.php | |
@@ -44,7 +44,10 @@ class Mage_Adminhtml_Block_Cms_Wysiwyg_Images_Content_Uploader extends Mage_Uplo | |
$this->getUploaderConfig() | |
->setFileParameterName('image') | |
->setTarget( | |
- Mage::getModel('adminhtml/url')->addSessionParam()->getUrl('*/*/upload', array('type' => $type)) | |
+ Mage::getModel('adminhtml/url')->addSessionParam()->getUrl( | |
+ '*/*/upload', | |
+ array('type' => $type, '_query' => false) | |
+ ) | |
); | |
$this->getButtonConfig() | |
->setAttributes(array( | |
diff --git a/app/code/core/Mage/Core/Model/Input/Filter/MaliciousCode.php b/app/code/core/Mage/Core/Model/Input/Filter/MaliciousCode.php | |
index b3cadd01..1d6c97a0 100644 | |
--- a/app/code/core/Mage/Core/Model/Input/Filter/MaliciousCode.php | |
+++ b/app/code/core/Mage/Core/Model/Input/Filter/MaliciousCode.php | |
@@ -50,9 +50,9 @@ class Mage_Core_Model_Input_Filter_MaliciousCode implements Zend_Filter_Interfac | |
//js in the style attribute | |
'/style=[^<]*((expression\s*?\([^<]*?\))|(behavior\s*:))[^<]*(?=\>)/Uis', | |
//js attributes | |
- '/(ondblclick|onclick|onkeydown|onkeypress|onkeyup|onmousedown|onmousemove|onmouseout|onmouseover|onmouseup|onload|onunload|onerror|onanimationstart)\s*=[^>]*(?=\>)/Uis', | |
+ '/(ondblclick|onclick|onkeydown|onkeypress|onkeyup|onmousedown|onmousemove|onmouseout|onmouseover|onmouseup|onload|onunload|onerror|onanimationstart|onfocus|onloadstart|ontoggle)\s*=[^>]*(?=\>)/Uis', | |
//tags | |
- '/<\/?(script|meta|link|frame|iframe).*>/Uis', | |
+ '/<\/?(script|meta|link|frame|iframe|object).*>/Uis', | |
//base64 usage | |
'/src\s*=[^<]*base64[^<]*(?=\>)/Uis', | |
//data attribute | |
diff --git a/app/design/adminhtml/default/default/template/forgotpassword.phtml b/app/design/adminhtml/default/default/template/forgotpassword.phtml | |
index d4728379..6f67b165 100644 | |
--- a/app/design/adminhtml/default/default/template/forgotpassword.phtml | |
+++ b/app/design/adminhtml/default/default/template/forgotpassword.phtml | |
@@ -28,6 +28,7 @@ | |
<html lang="en"> | |
<head> | |
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> | |
+ <meta name="robots" content="noindex, nofollow" /> | |
<title><?php echo Mage::helper('adminhtml')->__('Log into Magento Admin Page'); ?></title> | |
<link type="text/css" rel="stylesheet" href="<?php echo $this->getSkinUrl('reset.css'); ?>" media="all" /> | |
<link type="text/css" rel="stylesheet" href="<?php echo $this->getSkinUrl('boxes.css'); ?>" media="all" /> | |
diff --git a/app/design/adminhtml/default/default/template/login.phtml b/app/design/adminhtml/default/default/template/login.phtml | |
index 49c2b81a..463230b9 100644 | |
--- a/app/design/adminhtml/default/default/template/login.phtml | |
+++ b/app/design/adminhtml/default/default/template/login.phtml | |
@@ -28,6 +28,7 @@ | |
<html xmlns="http://www.w3.org/1999/xhtml" lang="en"> | |
<head> | |
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> | |
+ <meta name="robots" content="noindex, nofollow" /> | |
<title><?php echo Mage::helper('adminhtml')->__('Log into Magento Admin Page') ?></title> | |
<link type="text/css" rel="stylesheet" href="<?php echo $this->getSkinUrl('reset.css') ?>" media="all" /> | |
<link type="text/css" rel="stylesheet" href="<?php echo $this->getSkinUrl('boxes.css') ?>" media="all" /> | |
diff --git a/app/design/adminhtml/default/default/template/page/head.phtml b/app/design/adminhtml/default/default/template/page/head.phtml | |
index 3d330442..e067095f 100644 | |
--- a/app/design/adminhtml/default/default/template/page/head.phtml | |
+++ b/app/design/adminhtml/default/default/template/page/head.phtml | |
@@ -25,6 +25,7 @@ | |
*/ | |
?> | |
<meta http-equiv="Content-Type" content="<?php echo $this->getContentType() ?>"/> | |
+<meta name="robots" content="noindex, nofollow"/> | |
<title><?php echo htmlspecialchars(html_entity_decode($this->getTitle())) ?></title> | |
<link rel="icon" href="<?php echo $this->getSkinUrl('favicon.ico') ?>" type="image/x-icon"/> | |
<link rel="shortcut icon" href="<?php echo $this->getSkinUrl('favicon.ico') ?>" type="image/x-icon"/> | |
diff --git a/app/design/adminhtml/default/default/template/resetforgottenpassword.phtml b/app/design/adminhtml/default/default/template/resetforgottenpassword.phtml | |
index 508ae90a..dad1828a 100644 | |
--- a/app/design/adminhtml/default/default/template/resetforgottenpassword.phtml | |
+++ b/app/design/adminhtml/default/default/template/resetforgottenpassword.phtml | |
@@ -28,6 +28,7 @@ | |
<html lang="en"> | |
<head> | |
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> | |
+ <meta name="robots" content="noindex, nofollow" /> | |
<title><?php echo Mage::helper('adminhtml')->__('Reset a Password'); ?></title> | |
<link type="text/css" rel="stylesheet" href="<?php echo $this->getSkinUrl('reset.css'); ?>" media="all" /> | |
<link type="text/css" rel="stylesheet" href="<?php echo $this->getSkinUrl('boxes.css'); ?>" media="all" /> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment