Created
June 1, 2017 02:24
-
-
Save barbanet/a14609586e2263b49181a615e1d83e75 to your computer and use it in GitHub Desktop.
Magento 1.9.2.2 + SUPEE 9767 diff
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/app/code/core/Mage/Admin/Model/Session.php b/app/code/core/Mage/Admin/Model/Session.php | |
index bc9dee0..d2dfa2a 100644 | |
--- a/app/code/core/Mage/Admin/Model/Session.php | |
+++ b/app/code/core/Mage/Admin/Model/Session.php | |
@@ -138,6 +138,9 @@ class Mage_Admin_Model_Session extends Mage_Core_Model_Session_Abstract | |
Mage::throwException(Mage::helper('adminhtml')->__('Invalid User Name or Password.')); | |
} | |
} catch (Mage_Core_Exception $e) { | |
+ $e->setMessage( | |
+ Mage::helper('adminhtml')->__('You did not sign in correctly or your account is temporarily disabled.') | |
+ ); | |
Mage::dispatchEvent('admin_session_user_login_failed', | |
array('user_name' => $username, 'exception' => $e)); | |
if ($request && !$request->getParam('messageSent')) { | |
diff --git a/app/code/core/Mage/Adminhtml/Block/Widget/Grid/Column/Filter/Date.php b/app/code/core/Mage/Adminhtml/Block/Widget/Grid/Column/Filter/Date.php | |
index 3e75414..d6e7302 100644 | |
--- a/app/code/core/Mage/Adminhtml/Block/Widget/Grid/Column/Filter/Date.php | |
+++ b/app/code/core/Mage/Adminhtml/Block/Widget/Grid/Column/Filter/Date.php | |
@@ -146,11 +146,11 @@ class Mage_Adminhtml_Block_Widget_Grid_Column_Filter_Date | |
if (isset($value['locale'])) { | |
if (!empty($value['from'])) { | |
$value['orig_from'] = $value['from']; | |
- $value['from'] = $this->_convertDate($value['from'], $value['locale']); | |
+ $value['from'] = $this->_convertDate($this->stripTags($value['from']), $value['locale']); | |
} | |
if (!empty($value['to'])) { | |
$value['orig_to'] = $value['to']; | |
- $value['to'] = $this->_convertDate($value['to'], $value['locale']); | |
+ $value['to'] = $this->_convertDate($this->stripTags($value['to']), $value['locale']); | |
} | |
} | |
if (empty($value['from']) && empty($value['to'])) { | |
diff --git a/app/code/core/Mage/Adminhtml/Model/Config/Data.php b/app/code/core/Mage/Adminhtml/Model/Config/Data.php | |
index a755d6a..d173241 100644 | |
--- a/app/code/core/Mage/Adminhtml/Model/Config/Data.php | |
+++ b/app/code/core/Mage/Adminhtml/Model/Config/Data.php | |
@@ -167,6 +167,9 @@ class Mage_Adminhtml_Model_Config_Data extends Varien_Object | |
if (is_object($fieldConfig)) { | |
$configPath = (string)$fieldConfig->config_path; | |
if (!empty($configPath) && strrpos($configPath, '/') > 0) { | |
+ if (!Mage::getSingleton('admin/session')->isAllowed($configPath)) { | |
+ Mage::throwException('Access denied.'); | |
+ } | |
// Extend old data with specified section group | |
$groupPath = substr($configPath, 0, strrpos($configPath, '/')); | |
if (!isset($oldConfigAdditionalGroups[$groupPath])) { | |
diff --git a/app/code/core/Mage/Adminhtml/controllers/Catalog/Product/GalleryController.php b/app/code/core/Mage/Adminhtml/controllers/Catalog/Product/GalleryController.php | |
index 4aff2ae..0ec1687 100644 | |
--- a/app/code/core/Mage/Adminhtml/controllers/Catalog/Product/GalleryController.php | |
+++ b/app/code/core/Mage/Adminhtml/controllers/Catalog/Product/GalleryController.php | |
@@ -42,6 +42,11 @@ class Mage_Adminhtml_Catalog_Product_GalleryController extends Mage_Adminhtml_Co | |
Mage::helper('catalog/image'), 'validateUploadFile'); | |
$uploader->setAllowRenameFiles(true); | |
$uploader->setFilesDispersion(true); | |
+ $uploader->addValidateCallback( | |
+ Mage_Core_Model_File_Validator_Image::NAME, | |
+ Mage::getModel('core/file_validator_image'), | |
+ 'validate' | |
+ ); | |
$result = $uploader->save( | |
Mage::getSingleton('catalog/product_media_config')->getBaseTmpMediaPath() | |
); | |
diff --git a/app/code/core/Mage/Checkout/controllers/MultishippingController.php b/app/code/core/Mage/Checkout/controllers/MultishippingController.php | |
index 1890c68..f818561 100644 | |
--- a/app/code/core/Mage/Checkout/controllers/MultishippingController.php | |
+++ b/app/code/core/Mage/Checkout/controllers/MultishippingController.php | |
@@ -233,6 +233,12 @@ class Mage_Checkout_MultishippingController extends Mage_Checkout_Controller_Act | |
$this->_redirect('*/multishipping_address/newShipping'); | |
return; | |
} | |
+ | |
+ if ($this->isFormkeyValidationOnCheckoutEnabled() && !$this->_validateFormKey()) { | |
+ $this->_redirect('*/*/addresses'); | |
+ return; | |
+ } | |
+ | |
try { | |
if ($this->getRequest()->getParam('continue', false)) { | |
$this->_getCheckout()->setCollectRatesFlag(true); | |
@@ -353,6 +359,11 @@ class Mage_Checkout_MultishippingController extends Mage_Checkout_Controller_Act | |
*/ | |
public function shippingPostAction() | |
{ | |
+ if ($this->isFormkeyValidationOnCheckoutEnabled() && !$this->_validateFormKey()) { | |
+ $this->_redirect('*/*/shipping'); | |
+ return; | |
+ } | |
+ | |
$shippingMethods = $this->getRequest()->getPost('shipping_method'); | |
try { | |
Mage::dispatchEvent( | |
@@ -462,6 +473,11 @@ class Mage_Checkout_MultishippingController extends Mage_Checkout_Controller_Act | |
return $this; | |
} | |
+ if ($this->isFormkeyValidationOnCheckoutEnabled() && !$this->_validateFormKey()) { | |
+ $this->_redirect('*/*/billing'); | |
+ return; | |
+ } | |
+ | |
$this->_getState()->setActiveStep(Mage_Checkout_Model_Type_Multishipping_State::STEP_OVERVIEW); | |
try { | |
diff --git a/app/code/core/Mage/Checkout/controllers/OnepageController.php b/app/code/core/Mage/Checkout/controllers/OnepageController.php | |
index 596bf1f..1c127e0 100644 | |
--- a/app/code/core/Mage/Checkout/controllers/OnepageController.php | |
+++ b/app/code/core/Mage/Checkout/controllers/OnepageController.php | |
@@ -350,6 +350,11 @@ class Mage_Checkout_OnepageController extends Mage_Checkout_Controller_Action | |
if ($this->_expireAjax()) { | |
return; | |
} | |
+ | |
+ if ($this->isFormkeyValidationOnCheckoutEnabled() && !$this->_validateFormKey()) { | |
+ return; | |
+ } | |
+ | |
if ($this->getRequest()->isPost()) { | |
$method = $this->getRequest()->getPost('method'); | |
$result = $this->getOnepage()->saveCheckoutMethod($method); | |
@@ -365,6 +370,11 @@ class Mage_Checkout_OnepageController extends Mage_Checkout_Controller_Action | |
if ($this->_expireAjax()) { | |
return; | |
} | |
+ | |
+ if ($this->isFormkeyValidationOnCheckoutEnabled() && !$this->_validateFormKey()) { | |
+ return; | |
+ } | |
+ | |
if ($this->getRequest()->isPost()) { | |
$data = $this->getRequest()->getPost('billing', array()); | |
$customerAddressId = $this->getRequest()->getPost('billing_address_id', false); | |
@@ -407,6 +417,11 @@ class Mage_Checkout_OnepageController extends Mage_Checkout_Controller_Action | |
if ($this->_expireAjax()) { | |
return; | |
} | |
+ | |
+ if ($this->isFormkeyValidationOnCheckoutEnabled() && !$this->_validateFormKey()) { | |
+ return; | |
+ } | |
+ | |
if ($this->getRequest()->isPost()) { | |
$data = $this->getRequest()->getPost('shipping', array()); | |
$customerAddressId = $this->getRequest()->getPost('shipping_address_id', false); | |
@@ -431,6 +446,11 @@ class Mage_Checkout_OnepageController extends Mage_Checkout_Controller_Action | |
if ($this->_expireAjax()) { | |
return; | |
} | |
+ | |
+ if ($this->isFormkeyValidationOnCheckoutEnabled() && !$this->_validateFormKey()) { | |
+ return; | |
+ } | |
+ | |
if ($this->getRequest()->isPost()) { | |
$data = $this->getRequest()->getPost('shipping_method', ''); | |
$result = $this->getOnepage()->saveShippingMethod($data); | |
@@ -465,6 +485,11 @@ class Mage_Checkout_OnepageController extends Mage_Checkout_Controller_Action | |
if ($this->_expireAjax()) { | |
return; | |
} | |
+ | |
+ if ($this->isFormkeyValidationOnCheckoutEnabled() && !$this->_validateFormKey()) { | |
+ return; | |
+ } | |
+ | |
try { | |
if (!$this->getRequest()->isPost()) { | |
$this->_ajaxRedirectResponse(); | |
diff --git a/app/code/core/Mage/Checkout/etc/system.xml b/app/code/core/Mage/Checkout/etc/system.xml | |
index f9f7dfa..fc66dc8 100644 | |
--- a/app/code/core/Mage/Checkout/etc/system.xml | |
+++ b/app/code/core/Mage/Checkout/etc/system.xml | |
@@ -232,5 +232,23 @@ | |
</payment_failed> | |
</groups> | |
</checkout> | |
+ <admin> | |
+ <groups> | |
+ <security> | |
+ <fields> | |
+ <validate_formkey_checkout translate="label comment"> | |
+ <label>Enable Form Key Validation On Checkout</label> | |
+ <frontend_type>select</frontend_type> | |
+ <source_model>adminhtml/system_config_source_yesno</source_model> | |
+ <sort_order>4</sort_order> | |
+ <comment><![CDATA[<strong style="color:red">Important!</strong> Enabling this option means | |
+ that your custom templates used in checkout process contain form_key output. | |
+ Otherwise checkout may not work.]]></comment> | |
+ <show_in_default>1</show_in_default> | |
+ </validate_formkey_checkout> | |
+ </fields> | |
+ </security> | |
+ </groups> | |
+ </admin> | |
</sections> | |
</config> | |
diff --git a/app/code/core/Mage/Cms/Model/Wysiwyg/Images/Storage.php b/app/code/core/Mage/Cms/Model/Wysiwyg/Images/Storage.php | |
index cb1d41e..f750b22 100644 | |
--- a/app/code/core/Mage/Cms/Model/Wysiwyg/Images/Storage.php | |
+++ b/app/code/core/Mage/Cms/Model/Wysiwyg/Images/Storage.php | |
@@ -282,6 +282,11 @@ class Mage_Cms_Model_Wysiwyg_Images_Storage extends Varien_Object | |
} | |
$uploader->setAllowRenameFiles(true); | |
$uploader->setFilesDispersion(false); | |
+ $uploader->addValidateCallback( | |
+ Mage_Core_Model_File_Validator_Image::NAME, | |
+ Mage::getModel('core/file_validator_image'), | |
+ 'validate' | |
+ ); | |
$result = $uploader->save($targetPath); | |
if (!$result) { | |
diff --git a/app/code/core/Mage/Core/Controller/Front/Action.php b/app/code/core/Mage/Core/Controller/Front/Action.php | |
index f310cc1..e274928 100644 | |
--- a/app/code/core/Mage/Core/Controller/Front/Action.php | |
+++ b/app/code/core/Mage/Core/Controller/Front/Action.php | |
@@ -188,4 +188,14 @@ class Mage_Core_Controller_Front_Action extends Mage_Core_Controller_Varien_Acti | |
{ | |
return Mage::getStoreConfigFlag(self::XML_CSRF_USE_FLAG_CONFIG_PATH); | |
} | |
+ | |
+ /** | |
+ * Check if form_key validation enabled on checkout process | |
+ * | |
+ * @return bool | |
+ */ | |
+ protected function isFormkeyValidationOnCheckoutEnabled() | |
+ { | |
+ return Mage::getStoreConfigFlag('admin/security/validate_formkey_checkout'); | |
+ } | |
} | |
diff --git a/app/code/core/Mage/Core/Controller/Request/Http.php b/app/code/core/Mage/Core/Controller/Request/Http.php | |
index b9098d9..62c22e9 100644 | |
--- a/app/code/core/Mage/Core/Controller/Request/Http.php | |
+++ b/app/code/core/Mage/Core/Controller/Request/Http.php | |
@@ -148,7 +148,10 @@ class Mage_Core_Controller_Request_Http extends Zend_Controller_Request_Http | |
$baseUrl = $this->getBaseUrl(); | |
$pathInfo = substr($requestUri, strlen($baseUrl)); | |
- if ((null !== $baseUrl) && (false === $pathInfo)) { | |
+ if ($baseUrl && $pathInfo && (0 !== stripos($pathInfo, '/'))) { | |
+ $pathInfo = ''; | |
+ $this->setActionName('noRoute'); | |
+ } elseif ((null !== $baseUrl) && (false === $pathInfo)) { | |
$pathInfo = ''; | |
} elseif (null === $baseUrl) { | |
$pathInfo = $requestUri; | |
diff --git a/app/code/core/Mage/Core/Model/File/Validator/Image.php b/app/code/core/Mage/Core/Model/File/Validator/Image.php | |
index 7f7b9d0..cbbcbb1 100644 | |
--- a/app/code/core/Mage/Core/Model/File/Validator/Image.php | |
+++ b/app/code/core/Mage/Core/Model/File/Validator/Image.php | |
@@ -87,10 +87,33 @@ class Mage_Core_Model_File_Validator_Image | |
*/ | |
public function validate($filePath) | |
{ | |
- $fileInfo = getimagesize($filePath); | |
- if (is_array($fileInfo) and isset($fileInfo[2])) { | |
- if ($this->isImageType($fileInfo[2])) { | |
- return null; | |
+ list($imageWidth, $imageHeight, $fileType) = getimagesize($filePath); | |
+ if ($fileType) { | |
+ if ($this->isImageType($fileType)) { | |
+ //replace tmp image with re-sampled copy to exclude images with malicious data | |
+ $image = imagecreatefromstring(file_get_contents($filePath)); | |
+ if ($image !== false) { | |
+ $img = imagecreatetruecolor($imageWidth, $imageHeight); | |
+ imagecopyresampled($img, $image, 0, 0, 0, 0, $imageWidth, $imageHeight, $imageWidth, $imageHeight); | |
+ switch ($fileType) { | |
+ case IMAGETYPE_GIF: | |
+ imagegif($img, $filePath); | |
+ break; | |
+ case IMAGETYPE_JPEG: | |
+ imagejpeg($img, $filePath, 100); | |
+ break; | |
+ case IMAGETYPE_PNG: | |
+ imagepng($img, $filePath); | |
+ break; | |
+ default: | |
+ return; | |
+ } | |
+ imagedestroy($img); | |
+ imagedestroy($image); | |
+ return null; | |
+ } else { | |
+ throw Mage::exception('Mage_Core', Mage::helper('core')->__('Invalid image.')); | |
+ } | |
} | |
} | |
throw Mage::exception('Mage_Core', Mage::helper('core')->__('Invalid MIME type.')); | |
@@ -105,5 +128,4 @@ class Mage_Core_Model_File_Validator_Image | |
{ | |
return in_array($nImageType, $this->_allowedImageTypes); | |
} | |
- | |
} | |
diff --git a/app/code/core/Mage/Core/etc/system.xml b/app/code/core/Mage/Core/etc/system.xml | |
index 1943649..18a2005 100644 | |
--- a/app/code/core/Mage/Core/etc/system.xml | |
+++ b/app/code/core/Mage/Core/etc/system.xml | |
@@ -597,26 +597,6 @@ | |
</template_hints_blocks> | |
</fields> | |
</debug> | |
- <template translate="label"> | |
- <label>Template Settings</label> | |
- <frontend_type>text</frontend_type> | |
- <sort_order>25</sort_order> | |
- <show_in_default>1</show_in_default> | |
- <show_in_website>1</show_in_website> | |
- <show_in_store>1</show_in_store> | |
- <fields> | |
- <allow_symlink translate="label comment"> | |
- <label>Allow Symlinks</label> | |
- <frontend_type>select</frontend_type> | |
- <source_model>adminhtml/system_config_source_yesno</source_model> | |
- <sort_order>10</sort_order> | |
- <show_in_default>1</show_in_default> | |
- <show_in_website>1</show_in_website> | |
- <show_in_store>1</show_in_store> | |
- <comment>Warning! Enabling this feature is not recommended on production environments because it represents a potential security risk.</comment> | |
- </allow_symlink> | |
- </fields> | |
- </template> | |
<translate_inline translate="label"> | |
<label>Translate Inline</label> | |
<frontend_type>text</frontend_type> | |
diff --git a/app/code/core/Mage/Customer/Model/Session.php b/app/code/core/Mage/Customer/Model/Session.php | |
index a58a3c4..d358c67 100644 | |
--- a/app/code/core/Mage/Customer/Model/Session.php | |
+++ b/app/code/core/Mage/Customer/Model/Session.php | |
@@ -222,6 +222,7 @@ class Mage_Customer_Model_Session extends Mage_Core_Model_Session_Abstract | |
{ | |
$this->setCustomer($customer); | |
$this->renewSession(); | |
+ Mage::getSingleton('core/session')->renewFormKey(); | |
Mage::dispatchEvent('customer_login', array('customer'=>$customer)); | |
return $this; | |
} | |
@@ -307,6 +308,7 @@ class Mage_Customer_Model_Session extends Mage_Core_Model_Session_Abstract | |
$this->setId(null); | |
$this->setCustomerGroupId(Mage_Customer_Model_Group::NOT_LOGGED_IN_ID); | |
$this->getCookie()->delete($this->getSessionName()); | |
+ Mage::getSingleton('core/session')->renewFormKey(); | |
return $this; | |
} | |
diff --git a/app/code/core/Mage/Dataflow/Model/Convert/Adapter/Zend/Cache.php b/app/code/core/Mage/Dataflow/Model/Convert/Adapter/Zend/Cache.php | |
index 0536149..1af38d4 100644 | |
--- a/app/code/core/Mage/Dataflow/Model/Convert/Adapter/Zend/Cache.php | |
+++ b/app/code/core/Mage/Dataflow/Model/Convert/Adapter/Zend/Cache.php | |
@@ -40,6 +40,9 @@ class Mage_Dataflow_Model_Convert_Adapter_Zend_Cache extends Mage_Dataflow_Model | |
if (!$this->_resource) { | |
$this->_resource = Zend_Cache::factory($this->getVar('frontend', 'Core'), $this->getVar('backend', 'File')); | |
} | |
+ if ($this->_resource->getBackend() instanceof Zend_Cache_Backend_Static) { | |
+ throw new Exception(Mage::helper('dataflow')->__('Backend name "Static" not supported.')); | |
+ } | |
return $this->_resource; | |
} | |
diff --git a/app/code/core/Mage/Dataflow/Model/Convert/Container/Abstract.php b/app/code/core/Mage/Dataflow/Model/Convert/Container/Abstract.php | |
index bba9bc7..9d122fd 100644 | |
--- a/app/code/core/Mage/Dataflow/Model/Convert/Container/Abstract.php | |
+++ b/app/code/core/Mage/Dataflow/Model/Convert/Container/Abstract.php | |
@@ -47,6 +47,18 @@ abstract class Mage_Dataflow_Model_Convert_Container_Abstract | |
protected $_position; | |
+ /** | |
+ * Detect serialization of data | |
+ * | |
+ * @param mixed $data | |
+ * @return bool | |
+ */ | |
+ protected function isSerialized($data) | |
+ { | |
+ $pattern = '/^a:\d+:\{(i:\d+;|s:\d+:\".+\";|N;|O:\d+:\"\w+\":\d+:\{\w:\d+:)+|^O:\d+:\"\w+\":\d+:\{s:\d+:\"/'; | |
+ return (is_string($data) && preg_match($pattern, $data)); | |
+ } | |
+ | |
public function getVar($key, $default=null) | |
{ | |
if (!isset($this->_vars[$key]) || (!is_array($this->_vars[$key]) && strlen($this->_vars[$key]) == 0)) { | |
@@ -102,13 +114,45 @@ abstract class Mage_Dataflow_Model_Convert_Container_Abstract | |
public function setData($data) | |
{ | |
- if ($this->getProfile()) { | |
- $this->getProfile()->getContainer()->setData($data); | |
+ if ($this->validateDataSerialized($data)) { | |
+ if ($this->getProfile()) { | |
+ $this->getProfile()->getContainer()->setData($data); | |
+ } | |
+ | |
+ $this->_data = $data; | |
} | |
- $this->_data = $data; | |
+ | |
return $this; | |
} | |
+ /** | |
+ * Validate serialized data | |
+ * | |
+ * @param mixed $data | |
+ * @return bool | |
+ */ | |
+ public function validateDataSerialized($data = null) | |
+ { | |
+ if (is_null($data)) { | |
+ $data = $this->getData(); | |
+ } | |
+ | |
+ $result = true; | |
+ if ($this->isSerialized($data)) { | |
+ try { | |
+ $dataArray = Mage::helper('core/unserializeArray')->unserialize($data); | |
+ } catch (Exception $e) { | |
+ $result = false; | |
+ $this->addException( | |
+ "Invalid data, expecting serialized array.", | |
+ Mage_Dataflow_Model_Convert_Exception::FATAL | |
+ ); | |
+ } | |
+ } | |
+ | |
+ return $result; | |
+ } | |
+ | |
public function validateDataString($data=null) | |
{ | |
if (is_null($data)) { | |
@@ -140,7 +184,10 @@ abstract class Mage_Dataflow_Model_Convert_Container_Abstract | |
if (count($data)==0) { | |
return true; | |
} | |
- $this->addException("Invalid data type, expecting 2D grid array.", Mage_Dataflow_Model_Convert_Exception::FATAL); | |
+ $this->addException( | |
+ "Invalid data type, expecting 2D grid array.", | |
+ Mage_Dataflow_Model_Convert_Exception::FATAL | |
+ ); | |
} | |
return true; | |
} | |
diff --git a/app/code/core/Mage/Dataflow/Model/Convert/Parser/Csv.php b/app/code/core/Mage/Dataflow/Model/Convert/Parser/Csv.php | |
index 5d9ce6d..14c8db1 100644 | |
--- a/app/code/core/Mage/Dataflow/Model/Convert/Parser/Csv.php | |
+++ b/app/code/core/Mage/Dataflow/Model/Convert/Parser/Csv.php | |
@@ -62,13 +62,15 @@ class Mage_Dataflow_Model_Convert_Parser_Csv extends Mage_Dataflow_Model_Convert | |
$adapter = Mage::getModel($adapterName); | |
} | |
catch (Exception $e) { | |
- $message = Mage::helper('dataflow')->__('Declared adapter %s was not found.', $adapterName); | |
+ $message = Mage::helper('dataflow') | |
+ ->__('Declared adapter %s was not found.', $adapterName); | |
$this->addException($message, Mage_Dataflow_Model_Convert_Exception::FATAL); | |
return $this; | |
} | |
if (!method_exists($adapter, $adapterMethod)) { | |
- $message = Mage::helper('dataflow')->__('Method "%s" not defined in adapter %s.', $adapterMethod, $adapterName); | |
+ $message = Mage::helper('dataflow') | |
+ ->__('Method "%s" not defined in adapter %s.', $adapterMethod, $adapterName); | |
$this->addException($message, Mage_Dataflow_Model_Convert_Exception::FATAL); | |
return $this; | |
} | |
@@ -77,8 +79,8 @@ class Mage_Dataflow_Model_Convert_Parser_Csv extends Mage_Dataflow_Model_Convert | |
$batchIoAdapter = $this->getBatchModel()->getIoAdapter(); | |
if (Mage::app()->getRequest()->getParam('files')) { | |
- $file = Mage::app()->getConfig()->getTempVarDir().'/import/' | |
- . urldecode(Mage::app()->getRequest()->getParam('files')); | |
+ $file = Mage::app()->getConfig()->getTempVarDir() . '/import/' | |
+ . str_replace('../', '', urldecode(Mage::app()->getRequest()->getParam('files'))); | |
$this->_copy($file); | |
} | |
diff --git a/app/code/core/Mage/Dataflow/Model/Convert/Parser/Xml/Excel.php b/app/code/core/Mage/Dataflow/Model/Convert/Parser/Xml/Excel.php | |
index 5a09cce..aa5e80a 100644 | |
--- a/app/code/core/Mage/Dataflow/Model/Convert/Parser/Xml/Excel.php | |
+++ b/app/code/core/Mage/Dataflow/Model/Convert/Parser/Xml/Excel.php | |
@@ -69,7 +69,8 @@ class Mage_Dataflow_Model_Convert_Parser_Xml_Excel extends Mage_Dataflow_Model_C | |
} | |
if (!method_exists($adapter, $adapterMethod)) { | |
- $message = Mage::helper('dataflow')->__('Method "%s" was not defined in adapter %s.', $adapterMethod, $adapterName); | |
+ $message = Mage::helper('dataflow') | |
+ ->__('Method "%s" was not defined in adapter %s.', $adapterMethod, $adapterName); | |
$this->addException($message, Mage_Dataflow_Model_Convert_Exception::FATAL); | |
return $this; | |
} | |
@@ -78,8 +79,8 @@ class Mage_Dataflow_Model_Convert_Parser_Xml_Excel extends Mage_Dataflow_Model_C | |
$batchIoAdapter = $this->getBatchModel()->getIoAdapter(); | |
if (Mage::app()->getRequest()->getParam('files')) { | |
- $file = Mage::app()->getConfig()->getTempVarDir().'/import/' | |
- . urldecode(Mage::app()->getRequest()->getParam('files')); | |
+ $file = Mage::app()->getConfig()->getTempVarDir() . '/import/' | |
+ . str_replace('../', '', urldecode(Mage::app()->getRequest()->getParam('files'))); | |
$this->_copy($file); | |
} | |
diff --git a/app/code/core/Mage/ImportExport/Model/Import/Uploader.php b/app/code/core/Mage/ImportExport/Model/Import/Uploader.php | |
index fb9e4de..bcc3459 100644 | |
--- a/app/code/core/Mage/ImportExport/Model/Import/Uploader.php | |
+++ b/app/code/core/Mage/ImportExport/Model/Import/Uploader.php | |
@@ -61,6 +61,11 @@ class Mage_ImportExport_Model_Import_Uploader extends Mage_Core_Model_File_Uploa | |
$this->setAllowedExtensions(array_keys($this->_allowedMimeTypes)); | |
$this->addValidateCallback('catalog_product_image', | |
Mage::helper('catalog/image'), 'validateUploadFile'); | |
+ $this->addValidateCallback( | |
+ Mage_Core_Model_File_Validator_Image::NAME, | |
+ Mage::getModel('core/file_validator_image'), | |
+ 'validate' | |
+ ); | |
$this->_uploadType = self::SINGLE_STYLE; | |
} | |
diff --git a/app/code/core/Mage/Sales/Model/Quote/Item.php b/app/code/core/Mage/Sales/Model/Quote/Item.php | |
index 1bef6b8..13caf09 100644 | |
--- a/app/code/core/Mage/Sales/Model/Quote/Item.php | |
+++ b/app/code/core/Mage/Sales/Model/Quote/Item.php | |
@@ -500,8 +500,9 @@ class Mage_Sales_Model_Quote_Item extends Mage_Sales_Model_Quote_Item_Abstract | |
/** @var Unserialize_Parser $parser */ | |
$parser = Mage::helper('core/unserializeArray'); | |
- $_itemOptionValue = $parser->unserialize($itemOptionValue); | |
- $_optionValue = $parser->unserialize($optionValue); | |
+ $_itemOptionValue = | |
+ is_numeric($itemOptionValue) ? $itemOptionValue : $parser->unserialize($itemOptionValue); | |
+ $_optionValue = is_numeric($optionValue) ? $optionValue : $parser->unserialize($optionValue); | |
if (is_array($_itemOptionValue) && is_array($_optionValue)) { | |
$itemOptionValue = $_itemOptionValue; | |
diff --git a/app/code/core/Mage/Widget/Model/Widget/Instance.php b/app/code/core/Mage/Widget/Model/Widget/Instance.php | |
index 851b1ed..f4c91ee 100644 | |
--- a/app/code/core/Mage/Widget/Model/Widget/Instance.php | |
+++ b/app/code/core/Mage/Widget/Model/Widget/Instance.php | |
@@ -347,7 +347,11 @@ class Mage_Widget_Model_Widget_Instance extends Mage_Core_Model_Abstract | |
public function getWidgetParameters() | |
{ | |
if (is_string($this->getData('widget_parameters'))) { | |
- return unserialize($this->getData('widget_parameters')); | |
+ try { | |
+ return Mage::helper('core/unserializeArray')->unserialize($this->getData('widget_parameters')); | |
+ } catch (Exception $e) { | |
+ Mage::logException($e); | |
+ } | |
} | |
return (is_array($this->getData('widget_parameters'))) ? $this->getData('widget_parameters') : array(); | |
} | |
diff --git a/app/code/core/Mage/XmlConnect/Helper/Image.php b/app/code/core/Mage/XmlConnect/Helper/Image.php | |
index f176f50..39769c1 100644 | |
--- a/app/code/core/Mage/XmlConnect/Helper/Image.php | |
+++ b/app/code/core/Mage/XmlConnect/Helper/Image.php | |
@@ -100,6 +100,11 @@ class Mage_XmlConnect_Helper_Image extends Mage_Core_Helper_Abstract | |
$uploader = Mage::getModel('core/file_uploader', $field); | |
$uploader->setAllowedExtensions(array('jpg', 'jpeg', 'gif', 'png')); | |
$uploader->setAllowRenameFiles(true); | |
+ $uploader->addValidateCallback( | |
+ Mage_Core_Model_File_Validator_Image::NAME, | |
+ Mage::getModel('core/file_validator_image'), | |
+ 'validate' | |
+ ); | |
$uploader->save($uploadDir); | |
$uploadedFilename = $uploader->getUploadedFileName(); | |
$uploadedFilename = $this->_getResizedFilename($field, $uploadedFilename, true); | |
diff --git a/app/code/core/Mage/XmlConnect/controllers/Adminhtml/MobileController.php b/app/code/core/Mage/XmlConnect/controllers/Adminhtml/MobileController.php | |
index 4fad8a3..1024c39 100644 | |
--- a/app/code/core/Mage/XmlConnect/controllers/Adminhtml/MobileController.php | |
+++ b/app/code/core/Mage/XmlConnect/controllers/Adminhtml/MobileController.php | |
@@ -567,7 +567,7 @@ class Mage_XmlConnect_Adminhtml_MobileController extends Mage_Adminhtml_Controll | |
$result = $themesHelper->deleteTheme($themeId); | |
if ($result) { | |
$response = array( | |
- 'message' => $this->__('Theme has been delete.'), | |
+ 'message' => $this->__('Theme has been deleted.'), | |
'themes' => $themesHelper->getAllThemesArray(true), | |
'themeSelector' => $themesHelper->getThemesSelector(), | |
'selectedTheme' => $themesHelper->getDefaultThemeName() | |
@@ -1393,6 +1393,11 @@ class Mage_XmlConnect_Adminhtml_MobileController extends Mage_Adminhtml_Controll | |
/** @var $uploader Mage_Core_Model_File_Uploader */ | |
$uploader = Mage::getModel('core/file_uploader', $imageModel->getImageType()); | |
$uploader->setAllowRenameFiles(true)->setAllowedExtensions(array('jpg', 'jpeg', 'gif', 'png')); | |
+ $uploader->addValidateCallback( | |
+ Mage_Core_Model_File_Validator_Image::NAME, | |
+ Mage::getModel('core/file_validator_image'), | |
+ 'validate' | |
+ ); | |
$result = $uploader->save(Mage_XmlConnect_Model_Images::getBasePath(), $newFileName); | |
$result['thumbnail'] = Mage::getModel('xmlconnect/images')->getCustomSizeImageUrl( | |
$result['file'], | |
diff --git a/app/design/adminhtml/default/default/layout/main.xml b/app/design/adminhtml/default/default/layout/main.xml | |
index bd1ac21..4f4ec4b 100644 | |
--- a/app/design/adminhtml/default/default/layout/main.xml | |
+++ b/app/design/adminhtml/default/default/layout/main.xml | |
@@ -119,7 +119,8 @@ Default layout, loads most of the pages | |
<block type="adminhtml/cache_notifications" name="cache_notifications" template="system/cache/notifications.phtml"></block> | |
<block type="adminhtml/notification_survey" name="notification_survey" template="notification/survey.phtml"/> | |
<block type="adminhtml/notification_security" name="notification_security" as="notification_security" template="notification/security.phtml"></block> | |
- </block> | |
+ <block type="adminhtml/checkout_formkey" name="checkout_formkey" as="checkout_formkey" template="notification/formkey.phtml"/></block> | |
+ <block type="adminhtml/notification_symlink" name="notification_symlink" template="notification/symlink.phtml"/> | |
<block type="adminhtml/widget_breadcrumbs" name="breadcrumbs" as="breadcrumbs"></block> | |
<!--<update handle="formkey"/> this won't work, see the try/catch and a jammed exception in Mage_Core_Model_Layout::createBlock() --> | |
diff --git a/app/design/adminhtml/default/default/template/page/head.phtml b/app/design/adminhtml/default/default/template/page/head.phtml | |
index d9e1c38..7972424 100644 | |
--- a/app/design/adminhtml/default/default/template/page/head.phtml | |
+++ b/app/design/adminhtml/default/default/template/page/head.phtml | |
@@ -33,7 +33,7 @@ | |
var BLANK_URL = '<?php echo $this->getJsUrl() ?>blank.html'; | |
var BLANK_IMG = '<?php echo $this->getJsUrl() ?>spacer.gif'; | |
var BASE_URL = '<?php echo $this->getUrl('*') ?>'; | |
- var SKIN_URL = '<?php echo $this->getSkinUrl() ?>'; | |
+ var SKIN_URL = '<?php echo $this->jsQuoteEscape($this->getSkinUrl()) ?>'; | |
var FORM_KEY = '<?php echo $this->getFormKey() ?>'; | |
</script> | |
diff --git a/app/design/frontend/base/default/template/checkout/cart/shipping.phtml b/app/design/frontend/base/default/template/checkout/cart/shipping.phtml | |
index 622c656..5a2cefb 100644 | |
--- a/app/design/frontend/base/default/template/checkout/cart/shipping.phtml | |
+++ b/app/design/frontend/base/default/template/checkout/cart/shipping.phtml | |
@@ -109,6 +109,7 @@ | |
<div class="buttons-set"> | |
<button type="submit" title="<?php echo Mage::helper('core')->quoteEscape($this->__('Update Total')) ?>" class="button" name="do" value="<?php echo Mage::helper('core')->quoteEscape($this->__('Update Total')) ?>"><span><span><?php echo $this->__('Update Total') ?></span></span></button> | |
</div> | |
+ <?php echo $this->getBlockHtml('formkey') ?> | |
</form> | |
<?php endif; ?> | |
<script type="text/javascript"> | |
diff --git a/app/design/frontend/base/default/template/checkout/multishipping/billing.phtml b/app/design/frontend/base/default/template/checkout/multishipping/billing.phtml | |
index 979ac2c..0724452 100644 | |
--- a/app/design/frontend/base/default/template/checkout/multishipping/billing.phtml | |
+++ b/app/design/frontend/base/default/template/checkout/multishipping/billing.phtml | |
@@ -91,6 +91,7 @@ | |
<p class="back-link"><a href="<?php echo $this->getBackUrl() ?>"><small>« </small><?php echo $this->__('Back to Shipping Information') ?></a></p> | |
<button id="payment-continue" type="submit" title="<?php echo Mage::helper('core')->quoteEscape($this->__('Continue to Review Your Order')) ?>" class="button"><span><span><?php echo $this->__('Continue to Review Your Order') ?></span></span></button> | |
</div> | |
+ <?php echo $this->getBlockHtml('formkey') ?> | |
</form> | |
<script type="text/javascript"> | |
//<![CDATA[ | |
diff --git a/app/design/frontend/base/default/template/checkout/multishipping/shipping.phtml b/app/design/frontend/base/default/template/checkout/multishipping/shipping.phtml | |
index f873505..44923f5 100644 | |
--- a/app/design/frontend/base/default/template/checkout/multishipping/shipping.phtml | |
+++ b/app/design/frontend/base/default/template/checkout/multishipping/shipping.phtml | |
@@ -126,5 +126,6 @@ | |
<p class="back-link"><a href="<?php echo $this->getBackUrl() ?>"><small>« </small><?php echo $this->__('Back to Select Addresses') ?></a></p> | |
<button data-action="checkout-continue-billing" type="submit" title="<?php echo Mage::helper('core')->quoteEscape($this->__('Continue to Billing Information')) ?>" class="button"><span><span><?php echo $this->__('Continue to Billing Information') ?></span></span></button> | |
</div> | |
+ <?php echo $this->getBlockHtml('formkey') ?> | |
</form> | |
</div> | |
diff --git a/app/design/frontend/base/default/template/checkout/onepage/billing.phtml b/app/design/frontend/base/default/template/checkout/onepage/billing.phtml | |
index 67e3553..f06cacd 100644 | |
--- a/app/design/frontend/base/default/template/checkout/onepage/billing.phtml | |
+++ b/app/design/frontend/base/default/template/checkout/onepage/billing.phtml | |
@@ -201,6 +201,7 @@ | |
<img src="<?php echo $this->getSkinUrl('images/opc-ajax-loader.gif') ?>" alt="<?php echo Mage::helper('core')->quoteEscape($this->__('Loading next step...')) ?>" title="<?php echo Mage::helper('core')->quoteEscape($this->__('Loading next step...')) ?>" class="v-middle" /> <?php echo $this->__('Loading next step...') ?> | |
</span> | |
</div> | |
+ <?php echo $this->getBlockHtml('formkey') ?> | |
</fieldset> | |
</form> | |
<script type="text/javascript"> | |
diff --git a/app/design/frontend/base/default/template/checkout/onepage/payment.phtml b/app/design/frontend/base/default/template/checkout/onepage/payment.phtml | |
index 86e2041..d461ced 100644 | |
--- a/app/design/frontend/base/default/template/checkout/onepage/payment.phtml | |
+++ b/app/design/frontend/base/default/template/checkout/onepage/payment.phtml | |
@@ -35,6 +35,7 @@ | |
<form action="" id="co-payment-form"> | |
<fieldset> | |
<?php echo $this->getChildHtml('methods') ?> | |
+ <?php echo $this->getBlockHtml('formkey') ?> | |
</fieldset> | |
</form> | |
<div class="tool-tip" id="payment-tool-tip" style="display:none;"> | |
diff --git a/app/design/frontend/base/default/template/checkout/onepage/shipping.phtml b/app/design/frontend/base/default/template/checkout/onepage/shipping.phtml | |
index cfce4b1..54f8e14 100644 | |
--- a/app/design/frontend/base/default/template/checkout/onepage/shipping.phtml | |
+++ b/app/design/frontend/base/default/template/checkout/onepage/shipping.phtml | |
@@ -141,6 +141,7 @@ | |
<img src="<?php echo $this->getSkinUrl('images/opc-ajax-loader.gif') ?>" alt="<?php echo Mage::helper('core')->quoteEscape($this->__('Loading next step...')) ?>" title="<?php echo Mage::helper('core')->quoteEscape($this->__('Loading next step...')) ?>" class="v-middle" /> <?php echo $this->__('Loading next step...') ?> | |
</span> | |
</div> | |
+ <?php echo $this->getBlockHtml('formkey') ?> | |
</form> | |
<script type="text/javascript"> | |
//<![CDATA[ | |
diff --git a/app/design/frontend/base/default/template/checkout/onepage/shipping_method.phtml b/app/design/frontend/base/default/template/checkout/onepage/shipping_method.phtml | |
index e306c84..233ceff 100644 | |
--- a/app/design/frontend/base/default/template/checkout/onepage/shipping_method.phtml | |
+++ b/app/design/frontend/base/default/template/checkout/onepage/shipping_method.phtml | |
@@ -43,4 +43,5 @@ | |
<img src="<?php echo $this->getSkinUrl('images/opc-ajax-loader.gif') ?>" alt="<?php echo Mage::helper('core')->quoteEscape($this->__('Loading next step...')) ?>" title="<?php echo Mage::helper('core')->quoteEscape($this->__('Loading next step...')) ?>" class="v-middle" /> <?php echo $this->__('Loading next step...') ?> | |
</span> | |
</div> | |
+ <?php echo $this->getBlockHtml('formkey') ?> | |
</form> | |
diff --git a/app/design/frontend/base/default/template/persistent/checkout/onepage/billing.phtml b/app/design/frontend/base/default/template/persistent/checkout/onepage/billing.phtml | |
index c7a2375..62c5306 100644 | |
--- a/app/design/frontend/base/default/template/persistent/checkout/onepage/billing.phtml | |
+++ b/app/design/frontend/base/default/template/persistent/checkout/onepage/billing.phtml | |
@@ -199,6 +199,7 @@ | |
<img src="<?php echo $this->getSkinUrl('images/opc-ajax-loader.gif') ?>" alt="<?php echo Mage::helper('core')->quoteEscape($this->__('Loading next step...')) ?>" title="<?php echo Mage::helper('core')->quoteEscape($this->__('Loading next step...')) ?>" class="v-middle" /> <?php echo $this->__('Loading next step...') ?> | |
</span> | |
</div> | |
+ <?php echo $this->getBlockHtml('formkey') ?> | |
</fieldset> | |
</form> | |
<script type="text/javascript"> | |
diff --git a/app/design/frontend/rwd/default/layout/page.xml b/app/design/frontend/rwd/default/layout/page.xml | |
index a904e7e..693e166 100644 | |
--- a/app/design/frontend/rwd/default/layout/page.xml | |
+++ b/app/design/frontend/rwd/default/layout/page.xml | |
@@ -36,7 +36,7 @@ | |
<block type="page/html_head" name="head" as="head"> | |
<action method="addJs"><script>prototype/prototype.js</script></action> | |
- <action method="addJs"><script>lib/jquery/jquery-1.10.2.min.js</script></action> | |
+ <action method="addJs"><script>lib/jquery/jquery-1.12.0.min.js</script></action> | |
<action method="addJs"><script>lib/jquery/noconflict.js</script></action> | |
<action method="addJs"><script>lib/ccard.js</script></action> | |
<action method="addJs"><script>prototype/validation.js</script></action> | |
diff --git a/app/design/frontend/rwd/default/template/checkout/cart/shipping.phtml b/app/design/frontend/rwd/default/template/checkout/cart/shipping.phtml | |
index 508177a..654e428 100644 | |
--- a/app/design/frontend/rwd/default/template/checkout/cart/shipping.phtml | |
+++ b/app/design/frontend/rwd/default/template/checkout/cart/shipping.phtml | |
@@ -120,6 +120,7 @@ | |
<span><span><?php echo $this->__('Update Total') ?></span></span> | |
</button> | |
</div> | |
+ <?php echo $this->getBlockHtml('formkey') ?> | |
</form> | |
<?php endif; ?> | |
<script type="text/javascript"> | |
diff --git a/app/design/frontend/rwd/default/template/checkout/multishipping/addresses.phtml b/app/design/frontend/rwd/default/template/checkout/multishipping/addresses.phtml | |
index 0ca2658..aa81193 100644 | |
--- a/app/design/frontend/rwd/default/template/checkout/multishipping/addresses.phtml | |
+++ b/app/design/frontend/rwd/default/template/checkout/multishipping/addresses.phtml | |
@@ -84,4 +84,5 @@ | |
<button type="submit" data-action="checkout-continue-shipping" title="<?php echo Mage::helper('core')->quoteEscape($this->__('Continue to Shipping Information')) ?>" class="button<?php if ($this->isContinueDisabled()):?> disabled<?php endif; ?>" onclick="$('can_continue_flag').value=1"<?php if ($this->isContinueDisabled()):?> disabled="disabled"<?php endif; ?>><span><span><?php echo $this->__('Continue to Shipping Information') ?></span></span></button> | |
</div> | |
</div> | |
+ <?php echo $this->getBlockHtml('formkey') ?> | |
</form> | |
diff --git a/app/design/frontend/rwd/default/template/checkout/multishipping/billing.phtml b/app/design/frontend/rwd/default/template/checkout/multishipping/billing.phtml | |
index 9a7159a..a69c1ed 100644 | |
--- a/app/design/frontend/rwd/default/template/checkout/multishipping/billing.phtml | |
+++ b/app/design/frontend/rwd/default/template/checkout/multishipping/billing.phtml | |
@@ -93,6 +93,7 @@ | |
<p class="back-link"><a href="<?php echo $this->getBackUrl() ?>"><small>« </small><?php echo $this->__('Back to Shipping Information') ?></a></p> | |
<button id="payment-continue" type="submit" title="<?php echo Mage::helper('core')->quoteEscape($this->__('Continue to Review Your Order')) ?>" class="button"><span><span><?php echo $this->__('Continue to Review Your Order') ?></span></span></button> | |
</div> | |
+ <?php echo $this->getBlockHtml('formkey') ?> | |
</form> | |
<script type="text/javascript"> | |
//<![CDATA[ | |
diff --git a/app/design/frontend/rwd/default/template/checkout/onepage/payment.phtml b/app/design/frontend/rwd/default/template/checkout/onepage/payment.phtml | |
index 6361a15..e8dad99 100644 | |
--- a/app/design/frontend/rwd/default/template/checkout/onepage/payment.phtml | |
+++ b/app/design/frontend/rwd/default/template/checkout/onepage/payment.phtml | |
@@ -36,6 +36,7 @@ | |
<div class="fieldset"> | |
<?php echo $this->getChildChildHtml('methods_additional', '', true, true) ?> | |
<?php echo $this->getChildHtml('methods') ?> | |
+ <?php echo $this->getBlockHtml('formkey') ?> | |
</div> | |
</form> | |
<div class="tool-tip" id="payment-tool-tip" style="display:none;"> | |
diff --git a/app/design/frontend/rwd/default/template/checkout/onepage/shipping.phtml b/app/design/frontend/rwd/default/template/checkout/onepage/shipping.phtml | |
index f7f21ee..52cb70a 100644 | |
--- a/app/design/frontend/rwd/default/template/checkout/onepage/shipping.phtml | |
+++ b/app/design/frontend/rwd/default/template/checkout/onepage/shipping.phtml | |
@@ -142,6 +142,7 @@ | |
<img src="<?php echo $this->getSkinUrl('images/opc-ajax-loader.gif') ?>" alt="<?php echo Mage::helper('core')->quoteEscape($this->__('Loading next step...')) ?>" title="<?php echo Mage::helper('core')->quoteEscape($this->__('Loading next step...')) ?>" class="v-middle" /> <?php echo $this->__('Loading next step...') ?> | |
</span> | |
</div> | |
+ <?php echo $this->getBlockHtml('formkey') ?> | |
</form> | |
<script type="text/javascript"> | |
//<![CDATA[ | |
diff --git a/app/design/frontend/rwd/default/template/persistent/checkout/onepage/billing.phtml b/app/design/frontend/rwd/default/template/persistent/checkout/onepage/billing.phtml | |
index 64b3db8..1753723 100644 | |
--- a/app/design/frontend/rwd/default/template/persistent/checkout/onepage/billing.phtml | |
+++ b/app/design/frontend/rwd/default/template/persistent/checkout/onepage/billing.phtml | |
@@ -201,6 +201,7 @@ | |
<img src="<?php echo $this->getSkinUrl('images/opc-ajax-loader.gif') ?>" alt="<?php echo $this->quoteEscape($this->__('Loading next step...')) ?>" title="<?php echo $this->quoteEscape($this->__('Loading next step...')) ?>" class="v-middle" /> <?php echo $this->__('Loading next step...') ?> | |
</span> | |
</div> | |
+ <?php echo $this->getBlockHtml('formkey') ?> | |
</div> | |
</form> | |
<script type="text/javascript"> | |
diff --git a/app/etc/applied.patches.list b/app/etc/applied.patches.list | |
index b1e9478..7257d69 100644 | |
--- a/app/etc/applied.patches.list | |
+++ b/app/etc/applied.patches.list | |
@@ -284,3 +284,79 @@ patching file skin/adminhtml/default/default/xmlconnect/boxes.css | |
patching file lib/Zend/Mail/Transport/Sendmail.php | |
+-e 2017-06-01 01:51:55 UTC | PATCH_SUPEE-9767_CE_1.9.3.0_v1.sh | CE_1.9.3.0 | v1 | 226caf7 | Mon Feb 20 17:33:39 2017 +0200 | 2321b14 | |
+patching file app/code/core/Mage/Admin/Model/Session.php | |
+patching file app/code/core/Mage/Adminhtml/Block/Checkout/Formkey.php | |
+patching file app/code/core/Mage/Adminhtml/Block/Notification/Symlink.php | |
+patching file app/code/core/Mage/Adminhtml/Block/Widget/Grid/Column/Filter/Date.php | |
+patching file app/code/core/Mage/Adminhtml/Model/Config/Data.php | |
+patching file app/code/core/Mage/Adminhtml/controllers/Catalog/Product/GalleryController.php | |
+patching file app/code/core/Mage/Checkout/controllers/MultishippingController.php | |
+patching file app/code/core/Mage/Checkout/controllers/OnepageController.php | |
+Hunk #1 succeeded at 350 (offset 1 line). | |
+Hunk #2 succeeded at 370 (offset 1 line). | |
+Hunk #3 succeeded at 417 (offset 1 line). | |
+Hunk #4 succeeded at 446 (offset 1 line). | |
+Hunk #5 succeeded at 485 (offset 1 line). | |
+patching file app/code/core/Mage/Checkout/etc/system.xml | |
+patching file app/code/core/Mage/Cms/Model/Wysiwyg/Images/Storage.php | |
+Hunk #1 succeeded at 282 (offset -1 lines). | |
+patching file app/code/core/Mage/Core/Controller/Front/Action.php | |
+patching file app/code/core/Mage/Core/Controller/Request/Http.php | |
+patching file app/code/core/Mage/Core/Model/File/Validator/Image.php | |
+Hunk #1 succeeded at 87 (offset -1 lines). | |
+Hunk #2 succeeded at 128 (offset -1 lines). | |
+patching file app/code/core/Mage/Core/etc/system.xml | |
+patching file app/code/core/Mage/Customer/Model/Session.php | |
+patching file app/code/core/Mage/Dataflow/Model/Convert/Adapter/Zend/Cache.php | |
+patching file app/code/core/Mage/Dataflow/Model/Convert/Container/Abstract.php | |
+patching file app/code/core/Mage/Dataflow/Model/Convert/Parser/Csv.php | |
+patching file app/code/core/Mage/Dataflow/Model/Convert/Parser/Xml/Excel.php | |
+patching file app/code/core/Mage/ImportExport/Model/Import/Uploader.php | |
+patching file app/code/core/Mage/Sales/Model/Quote/Item.php | |
+patching file app/code/core/Mage/Widget/Model/Widget/Instance.php | |
+patching file app/code/core/Mage/XmlConnect/Helper/Image.php | |
+patching file app/code/core/Mage/XmlConnect/controllers/Adminhtml/MobileController.php | |
+patching file app/design/adminhtml/default/default/layout/main.xml | |
+patching file app/design/adminhtml/default/default/template/notification/formkey.phtml | |
+patching file app/design/adminhtml/default/default/template/notification/symlink.phtml | |
+patching file app/design/adminhtml/default/default/template/page/head.phtml | |
+patching file app/design/frontend/base/default/template/checkout/cart/shipping.phtml | |
+patching file app/design/frontend/base/default/template/checkout/multishipping/billing.phtml | |
+patching file app/design/frontend/base/default/template/checkout/multishipping/shipping.phtml | |
+patching file app/design/frontend/base/default/template/checkout/onepage/billing.phtml | |
+patching file app/design/frontend/base/default/template/checkout/onepage/payment.phtml | |
+Hunk #1 succeeded at 35 (offset -1 lines). | |
+patching file app/design/frontend/base/default/template/checkout/onepage/shipping.phtml | |
+patching file app/design/frontend/base/default/template/checkout/onepage/shipping_method.phtml | |
+patching file app/design/frontend/base/default/template/persistent/checkout/onepage/billing.phtml | |
+patching file app/design/frontend/rwd/default/layout/page.xml | |
+patching file app/design/frontend/rwd/default/template/checkout/cart/shipping.phtml | |
+patching file app/design/frontend/rwd/default/template/checkout/multishipping/addresses.phtml | |
+patching file app/design/frontend/rwd/default/template/checkout/multishipping/billing.phtml | |
+patching file app/design/frontend/rwd/default/template/checkout/onepage/payment.phtml | |
+Hunk #1 succeeded at 36 (offset -1 lines). | |
+patching file app/design/frontend/rwd/default/template/checkout/onepage/shipping.phtml | |
+patching file app/design/frontend/rwd/default/template/persistent/checkout/onepage/billing.phtml | |
+patching file app/etc/config.xml | |
+patching file app/locale/en_US/Mage_Adminhtml.csv | |
+Hunk #1 succeeded at 1249 (offset -36 lines). | |
+patching file app/locale/en_US/Mage_Core.csv | |
+Hunk #1 succeeded at 401 (offset -6 lines). | |
+patching file app/locale/en_US/Mage_Dataflow.csv | |
+patching file app/locale/en_US/Mage_XmlConnect.csv | |
+patching file downloader/Maged/Connect.php | |
+patching file downloader/Maged/Controller.php | |
+Hunk #1 succeeded at 417 (offset -4 lines). | |
+Hunk #2 succeeded at 964 (offset -15 lines). | |
+patching file downloader/Maged/Model/Session.php | |
+Hunk #1 succeeded at 82 with fuzz 2. | |
+Hunk #2 succeeded at 268 (offset -5 lines). | |
+patching file js/lib/jquery/jquery-1.12.0.js | |
+patching file js/lib/jquery/jquery-1.12.0.min.js | |
+patching file js/lib/jquery/jquery-1.12.0.min.map | |
+patching file js/varien/payment.js | |
+patching file skin/frontend/base/default/js/opcheckout.js | |
+Hunk #1 succeeded at 711 (offset 27 lines). | |
+ | |
+ | |
diff --git a/app/etc/config.xml b/app/etc/config.xml | |
index 17e06e7..b0ce547 100644 | |
--- a/app/etc/config.xml | |
+++ b/app/etc/config.xml | |
@@ -141,6 +141,11 @@ | |
<export>{{var_dir}}/export</export> | |
</filesystem> | |
</system> | |
+ <dev> | |
+ <template> | |
+ <allow_symlink>0</allow_symlink> | |
+ </template> | |
+ </dev> | |
<general> | |
<locale> | |
<code>en_US</code> | |
diff --git a/js/varien/payment.js b/js/varien/payment.js | |
index e68864a..c6cdb41 100644 | |
--- a/js/varien/payment.js | |
+++ b/js/varien/payment.js | |
@@ -31,7 +31,7 @@ paymentForm.prototype = { | |
var method = null; | |
for (var i=0; i<elements.length; i++) { | |
- if (elements[i].name=='payment[method]') { | |
+ if (elements[i].name=='payment[method]' || elements[i].name=='form_key') { | |
if (elements[i].checked) { | |
method = elements[i].value; | |
} | |
diff --git a/skin/frontend/base/default/js/opcheckout.js b/skin/frontend/base/default/js/opcheckout.js | |
index b6234cb..971cd21 100644 | |
--- a/skin/frontend/base/default/js/opcheckout.js | |
+++ b/skin/frontend/base/default/js/opcheckout.js | |
@@ -711,7 +711,7 @@ Payment.prototype = { | |
} | |
var method = null; | |
for (var i=0; i<elements.length; i++) { | |
- if (elements[i].name=='payment[method]') { | |
+ if (elements[i].name=='payment[method]' || elements[i].name == 'form_key') { | |
if (elements[i].checked) { | |
method = elements[i].value; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment