Skip to content

Instantly share code, notes, and snippets.

@barbanet

barbanet/magento-1-9-2-2-supee-9767.diff

Created June 1, 2017 02:24
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save barbanet/a14609586e2263b49181a615e1d83e75 to your computer and use it in GitHub Desktop.
Save barbanet/a14609586e2263b49181a615e1d83e75 to your computer and use it in GitHub Desktop.
Download ZIP
Magento 1.9.2.2 + SUPEE 9767 diff
Raw
magento-1-9-2-2-supee-9767.diff
diff --git a/app/code/core/Mage/Admin/Model/Session.php b/app/code/core/Mage/Admin/Model/Session.php
index bc9dee0..d2dfa2a 100644
--- a/app/code/core/Mage/Admin/Model/Session.php
+++ b/app/code/core/Mage/Admin/Model/Session.php
@@ -138,6 +138,9 @@ class Mage_Admin_Model_Session extends Mage_Core_Model_Session_Abstract
Mage::throwException(Mage::helper('adminhtml')->__('Invalid User Name or Password.'));
}
} catch (Mage_Core_Exception $e) {
+ $e->setMessage(
+ Mage::helper('adminhtml')->__('You did not sign in correctly or your account is temporarily disabled.')
+ );
Mage::dispatchEvent('admin_session_user_login_failed',
array('user_name' => $username, 'exception' => $e));
if ($request && !$request->getParam('messageSent')) {
diff --git a/app/code/core/Mage/Adminhtml/Block/Widget/Grid/Column/Filter/Date.php b/app/code/core/Mage/Adminhtml/Block/Widget/Grid/Column/Filter/Date.php
index 3e75414..d6e7302 100644
--- a/app/code/core/Mage/Adminhtml/Block/Widget/Grid/Column/Filter/Date.php
+++ b/app/code/core/Mage/Adminhtml/Block/Widget/Grid/Column/Filter/Date.php
@@ -146,11 +146,11 @@ class Mage_Adminhtml_Block_Widget_Grid_Column_Filter_Date
if (isset($value['locale'])) {
if (!empty($value['from'])) {
$value['orig_from'] = $value['from'];
- $value['from'] = $this->_convertDate($value['from'], $value['locale']);
+ $value['from'] = $this->_convertDate($this->stripTags($value['from']), $value['locale']);
}
if (!empty($value['to'])) {
$value['orig_to'] = $value['to'];
- $value['to'] = $this->_convertDate($value['to'], $value['locale']);
+ $value['to'] = $this->_convertDate($this->stripTags($value['to']), $value['locale']);
}
}
if (empty($value['from']) && empty($value['to'])) {
diff --git a/app/code/core/Mage/Adminhtml/Model/Config/Data.php b/app/code/core/Mage/Adminhtml/Model/Config/Data.php
index a755d6a..d173241 100644
--- a/app/code/core/Mage/Adminhtml/Model/Config/Data.php
+++ b/app/code/core/Mage/Adminhtml/Model/Config/Data.php
@@ -167,6 +167,9 @@ class Mage_Adminhtml_Model_Config_Data extends Varien_Object
if (is_object($fieldConfig)) {
$configPath = (string)$fieldConfig->config_path;
if (!empty($configPath) && strrpos($configPath, '/') > 0) {
+ if (!Mage::getSingleton('admin/session')->isAllowed($configPath)) {
+ Mage::throwException('Access denied.');
+ }
// Extend old data with specified section group
$groupPath = substr($configPath, 0, strrpos($configPath, '/'));
if (!isset($oldConfigAdditionalGroups[$groupPath])) {
diff --git a/app/code/core/Mage/Adminhtml/controllers/Catalog/Product/GalleryController.php b/app/code/core/Mage/Adminhtml/controllers/Catalog/Product/GalleryController.php
index 4aff2ae..0ec1687 100644
--- a/app/code/core/Mage/Adminhtml/controllers/Catalog/Product/GalleryController.php
+++ b/app/code/core/Mage/Adminhtml/controllers/Catalog/Product/GalleryController.php
@@ -42,6 +42,11 @@ class Mage_Adminhtml_Catalog_Product_GalleryController extends Mage_Adminhtml_Co
Mage::helper('catalog/image'), 'validateUploadFile');
$uploader->setAllowRenameFiles(true);
$uploader->setFilesDispersion(true);
+ $uploader->addValidateCallback(
+ Mage_Core_Model_File_Validator_Image::NAME,
+ Mage::getModel('core/file_validator_image'),
+ 'validate'
+ );
$result = $uploader->save(
Mage::getSingleton('catalog/product_media_config')->getBaseTmpMediaPath()
);
diff --git a/app/code/core/Mage/Checkout/controllers/MultishippingController.php b/app/code/core/Mage/Checkout/controllers/MultishippingController.php
index 1890c68..f818561 100644
--- a/app/code/core/Mage/Checkout/controllers/MultishippingController.php
+++ b/app/code/core/Mage/Checkout/controllers/MultishippingController.php
@@ -233,6 +233,12 @@ class Mage_Checkout_MultishippingController extends Mage_Checkout_Controller_Act
$this->_redirect('*/multishipping_address/newShipping');
return;
}
+
+ if ($this->isFormkeyValidationOnCheckoutEnabled() && !$this->_validateFormKey()) {
+ $this->_redirect('*/*/addresses');
+ return;
+ }
+
try {
if ($this->getRequest()->getParam('continue', false)) {
$this->_getCheckout()->setCollectRatesFlag(true);
@@ -353,6 +359,11 @@ class Mage_Checkout_MultishippingController extends Mage_Checkout_Controller_Act
*/
public function shippingPostAction()
{
+ if ($this->isFormkeyValidationOnCheckoutEnabled() && !$this->_validateFormKey()) {
+ $this->_redirect('*/*/shipping');
+ return;
+ }
+
$shippingMethods = $this->getRequest()->getPost('shipping_method');
try {
Mage::dispatchEvent(
@@ -462,6 +473,11 @@ class Mage_Checkout_MultishippingController extends Mage_Checkout_Controller_Act
return $this;
}
+ if ($this->isFormkeyValidationOnCheckoutEnabled() && !$this->_validateFormKey()) {
+ $this->_redirect('*/*/billing');
+ return;
+ }
+
$this->_getState()->setActiveStep(Mage_Checkout_Model_Type_Multishipping_State::STEP_OVERVIEW);
try {
diff --git a/app/code/core/Mage/Checkout/controllers/OnepageController.php b/app/code/core/Mage/Checkout/controllers/OnepageController.php
index 596bf1f..1c127e0 100644
--- a/app/code/core/Mage/Checkout/controllers/OnepageController.php
+++ b/app/code/core/Mage/Checkout/controllers/OnepageController.php
@@ -350,6 +350,11 @@ class Mage_Checkout_OnepageController extends Mage_Checkout_Controller_Action
if ($this->_expireAjax()) {
return;
}
+
+ if ($this->isFormkeyValidationOnCheckoutEnabled() && !$this->_validateFormKey()) {
+ return;
+ }
+
if ($this->getRequest()->isPost()) {
$method = $this->getRequest()->getPost('method');
$result = $this->getOnepage()->saveCheckoutMethod($method);
@@ -365,6 +370,11 @@ class Mage_Checkout_OnepageController extends Mage_Checkout_Controller_Action
if ($this->_expireAjax()) {
return;
}
+
+ if ($this->isFormkeyValidationOnCheckoutEnabled() && !$this->_validateFormKey()) {
+ return;
+ }
+
if ($this->getRequest()->isPost()) {
$data = $this->getRequest()->getPost('billing', array());
$customerAddressId = $this->getRequest()->getPost('billing_address_id', false);
@@ -407,6 +417,11 @@ class Mage_Checkout_OnepageController extends Mage_Checkout_Controller_Action
if ($this->_expireAjax()) {
return;
}
+
+ if ($this->isFormkeyValidationOnCheckoutEnabled() && !$this->_validateFormKey()) {
+ return;
+ }
+
if ($this->getRequest()->isPost()) {
$data = $this->getRequest()->getPost('shipping', array());
$customerAddressId = $this->getRequest()->getPost('shipping_address_id', false);
@@ -431,6 +446,11 @@ class Mage_Checkout_OnepageController extends Mage_Checkout_Controller_Action
if ($this->_expireAjax()) {
return;
}
+
+ if ($this->isFormkeyValidationOnCheckoutEnabled() && !$this->_validateFormKey()) {
+ return;
+ }
+
if ($this->getRequest()->isPost()) {
$data = $this->getRequest()->getPost('shipping_method', '');
$result = $this->getOnepage()->saveShippingMethod($data);
@@ -465,6 +485,11 @@ class Mage_Checkout_OnepageController extends Mage_Checkout_Controller_Action
if ($this->_expireAjax()) {
return;
}
+
+ if ($this->isFormkeyValidationOnCheckoutEnabled() && !$this->_validateFormKey()) {
+ return;
+ }
+
try {
if (!$this->getRequest()->isPost()) {
$this->_ajaxRedirectResponse();
diff --git a/app/code/core/Mage/Checkout/etc/system.xml b/app/code/core/Mage/Checkout/etc/system.xml
index f9f7dfa..fc66dc8 100644
--- a/app/code/core/Mage/Checkout/etc/system.xml
+++ b/app/code/core/Mage/Checkout/etc/system.xml
@@ -232,5 +232,23 @@
</payment_failed>
</groups>
</checkout>
+ <admin>
+ <groups>
+ <security>
+ <fields>
+ <validate_formkey_checkout translate="label comment">
+ <label>Enable Form Key Validation On Checkout</label>
+ <frontend_type>select</frontend_type>
+ <source_model>adminhtml/system_config_source_yesno</source_model>
+ <sort_order>4</sort_order>
+ <comment><![CDATA[<strong style="color:red">Important!</strong> Enabling this option means
+ that your custom templates used in checkout process contain form_key output.
+ Otherwise checkout may not work.]]></comment>
+ <show_in_default>1</show_in_default>
+ </validate_formkey_checkout>
+ </fields>
+ </security>
+ </groups>
+ </admin>
</sections>
</config>
diff --git a/app/code/core/Mage/Cms/Model/Wysiwyg/Images/Storage.php b/app/code/core/Mage/Cms/Model/Wysiwyg/Images/Storage.php
index cb1d41e..f750b22 100644
--- a/app/code/core/Mage/Cms/Model/Wysiwyg/Images/Storage.php
+++ b/app/code/core/Mage/Cms/Model/Wysiwyg/Images/Storage.php
@@ -282,6 +282,11 @@ class Mage_Cms_Model_Wysiwyg_Images_Storage extends Varien_Object
}
$uploader->setAllowRenameFiles(true);
$uploader->setFilesDispersion(false);
+ $uploader->addValidateCallback(
+ Mage_Core_Model_File_Validator_Image::NAME,
+ Mage::getModel('core/file_validator_image'),
+ 'validate'
+ );
$result = $uploader->save($targetPath);
if (!$result) {
diff --git a/app/code/core/Mage/Core/Controller/Front/Action.php b/app/code/core/Mage/Core/Controller/Front/Action.php
index f310cc1..e274928 100644
--- a/app/code/core/Mage/Core/Controller/Front/Action.php
+++ b/app/code/core/Mage/Core/Controller/Front/Action.php
@@ -188,4 +188,14 @@ class Mage_Core_Controller_Front_Action extends Mage_Core_Controller_Varien_Acti
{
return Mage::getStoreConfigFlag(self::XML_CSRF_USE_FLAG_CONFIG_PATH);
}
+
+ /**
+ * Check if form_key validation enabled on checkout process
+ *
+ * @return bool
+ */
+ protected function isFormkeyValidationOnCheckoutEnabled()
+ {
+ return Mage::getStoreConfigFlag('admin/security/validate_formkey_checkout');
+ }
}
diff --git a/app/code/core/Mage/Core/Controller/Request/Http.php b/app/code/core/Mage/Core/Controller/Request/Http.php
index b9098d9..62c22e9 100644
--- a/app/code/core/Mage/Core/Controller/Request/Http.php
+++ b/app/code/core/Mage/Core/Controller/Request/Http.php
@@ -148,7 +148,10 @@ class Mage_Core_Controller_Request_Http extends Zend_Controller_Request_Http
$baseUrl = $this->getBaseUrl();
$pathInfo = substr($requestUri, strlen($baseUrl));
- if ((null !== $baseUrl) && (false === $pathInfo)) {
+ if ($baseUrl && $pathInfo && (0 !== stripos($pathInfo, '/'))) {
+ $pathInfo = '';
+ $this->setActionName('noRoute');
+ } elseif ((null !== $baseUrl) && (false === $pathInfo)) {
$pathInfo = '';
} elseif (null === $baseUrl) {
$pathInfo = $requestUri;
diff --git a/app/code/core/Mage/Core/Model/File/Validator/Image.php b/app/code/core/Mage/Core/Model/File/Validator/Image.php
index 7f7b9d0..cbbcbb1 100644
--- a/app/code/core/Mage/Core/Model/File/Validator/Image.php
+++ b/app/code/core/Mage/Core/Model/File/Validator/Image.php
@@ -87,10 +87,33 @@ class Mage_Core_Model_File_Validator_Image
*/
public function validate($filePath)
{
- $fileInfo = getimagesize($filePath);
- if (is_array($fileInfo) and isset($fileInfo[2])) {
- if ($this->isImageType($fileInfo[2])) {
- return null;
+ list($imageWidth, $imageHeight, $fileType) = getimagesize($filePath);
+ if ($fileType) {
+ if ($this->isImageType($fileType)) {
+ //replace tmp image with re-sampled copy to exclude images with malicious data
+ $image = imagecreatefromstring(file_get_contents($filePath));
+ if ($image !== false) {
+ $img = imagecreatetruecolor($imageWidth, $imageHeight);
+ imagecopyresampled($img, $image, 0, 0, 0, 0, $imageWidth, $imageHeight, $imageWidth, $imageHeight);
+ switch ($fileType) {
+ case IMAGETYPE_GIF:
+ imagegif($img, $filePath);
+ break;
+ case IMAGETYPE_JPEG:
+ imagejpeg($img, $filePath, 100);
+ break;
+ case IMAGETYPE_PNG:
+ imagepng($img, $filePath);
+ break;
+ default:
+ return;
+ }
+ imagedestroy($img);
+ imagedestroy($image);
+ return null;
+ } else {
+ throw Mage::exception('Mage_Core', Mage::helper('core')->__('Invalid image.'));
+ }
}
}
throw Mage::exception('Mage_Core', Mage::helper('core')->__('Invalid MIME type.'));
@@ -105,5 +128,4 @@ class Mage_Core_Model_File_Validator_Image
{
return in_array($nImageType, $this->_allowedImageTypes);
}
-
}
diff --git a/app/code/core/Mage/Core/etc/system.xml b/app/code/core/Mage/Core/etc/system.xml
index 1943649..18a2005 100644
--- a/app/code/core/Mage/Core/etc/system.xml
+++ b/app/code/core/Mage/Core/etc/system.xml
@@ -597,26 +597,6 @@
</template_hints_blocks>
</fields>
</debug>
- <template translate="label">
- <label>Template Settings</label>
- <frontend_type>text</frontend_type>
- <sort_order>25</sort_order>
- <show_in_default>1</show_in_default>
- <show_in_website>1</show_in_website>
- <show_in_store>1</show_in_store>
- <fields>
- <allow_symlink translate="label comment">
- <label>Allow Symlinks</label>
- <frontend_type>select</frontend_type>
- <source_model>adminhtml/system_config_source_yesno</source_model>
- <sort_order>10</sort_order>
- <show_in_default>1</show_in_default>
- <show_in_website>1</show_in_website>
- <show_in_store>1</show_in_store>
- <comment>Warning! Enabling this feature is not recommended on production environments because it represents a potential security risk.</comment>
- </allow_symlink>
- </fields>
- </template>
<translate_inline translate="label">
<label>Translate Inline</label>
<frontend_type>text</frontend_type>
diff --git a/app/code/core/Mage/Customer/Model/Session.php b/app/code/core/Mage/Customer/Model/Session.php
index a58a3c4..d358c67 100644
--- a/app/code/core/Mage/Customer/Model/Session.php
+++ b/app/code/core/Mage/Customer/Model/Session.php
@@ -222,6 +222,7 @@ class Mage_Customer_Model_Session extends Mage_Core_Model_Session_Abstract
{
$this->setCustomer($customer);
$this->renewSession();
+ Mage::getSingleton('core/session')->renewFormKey();
Mage::dispatchEvent('customer_login', array('customer'=>$customer));
return $this;
}
@@ -307,6 +308,7 @@ class Mage_Customer_Model_Session extends Mage_Core_Model_Session_Abstract
$this->setId(null);
$this->setCustomerGroupId(Mage_Customer_Model_Group::NOT_LOGGED_IN_ID);
$this->getCookie()->delete($this->getSessionName());
+ Mage::getSingleton('core/session')->renewFormKey();
return $this;
}
diff --git a/app/code/core/Mage/Dataflow/Model/Convert/Adapter/Zend/Cache.php b/app/code/core/Mage/Dataflow/Model/Convert/Adapter/Zend/Cache.php
index 0536149..1af38d4 100644
--- a/app/code/core/Mage/Dataflow/Model/Convert/Adapter/Zend/Cache.php
+++ b/app/code/core/Mage/Dataflow/Model/Convert/Adapter/Zend/Cache.php
@@ -40,6 +40,9 @@ class Mage_Dataflow_Model_Convert_Adapter_Zend_Cache extends Mage_Dataflow_Model
if (!$this->_resource) {
$this->_resource = Zend_Cache::factory($this->getVar('frontend', 'Core'), $this->getVar('backend', 'File'));
}
+ if ($this->_resource->getBackend() instanceof Zend_Cache_Backend_Static) {
+ throw new Exception(Mage::helper('dataflow')->__('Backend name "Static" not supported.'));
+ }
return $this->_resource;
}
diff --git a/app/code/core/Mage/Dataflow/Model/Convert/Container/Abstract.php b/app/code/core/Mage/Dataflow/Model/Convert/Container/Abstract.php
index bba9bc7..9d122fd 100644
--- a/app/code/core/Mage/Dataflow/Model/Convert/Container/Abstract.php
+++ b/app/code/core/Mage/Dataflow/Model/Convert/Container/Abstract.php
@@ -47,6 +47,18 @@ abstract class Mage_Dataflow_Model_Convert_Container_Abstract
protected $_position;
+ /**
+ * Detect serialization of data
+ *
+ * @param mixed $data
+ * @return bool
+ */
+ protected function isSerialized($data)
+ {
+ $pattern = '/^a:\d+:\{(i:\d+;|s:\d+:\".+\";|N;|O:\d+:\"\w+\":\d+:\{\w:\d+:)+|^O:\d+:\"\w+\":\d+:\{s:\d+:\"/';
+ return (is_string($data) && preg_match($pattern, $data));
+ }
+
public function getVar($key, $default=null)
{
if (!isset($this->_vars[$key]) || (!is_array($this->_vars[$key]) && strlen($this->_vars[$key]) == 0)) {
@@ -102,13 +114,45 @@ abstract class Mage_Dataflow_Model_Convert_Container_Abstract
public function setData($data)
{
- if ($this->getProfile()) {
- $this->getProfile()->getContainer()->setData($data);
+ if ($this->validateDataSerialized($data)) {
+ if ($this->getProfile()) {
+ $this->getProfile()->getContainer()->setData($data);
+ }
+
+ $this->_data = $data;
}
- $this->_data = $data;
+
return $this;
}
+ /**
+ * Validate serialized data
+ *
+ * @param mixed $data
+ * @return bool
+ */
+ public function validateDataSerialized($data = null)
+ {
+ if (is_null($data)) {
+ $data = $this->getData();
+ }
+
+ $result = true;
+ if ($this->isSerialized($data)) {
+ try {
+ $dataArray = Mage::helper('core/unserializeArray')->unserialize($data);
+ } catch (Exception $e) {
+ $result = false;
+ $this->addException(
+ "Invalid data, expecting serialized array.",
+ Mage_Dataflow_Model_Convert_Exception::FATAL
+ );
+ }
+ }
+
+ return $result;
+ }
+
public function validateDataString($data=null)
{
if (is_null($data)) {
@@ -140,7 +184,10 @@ abstract class Mage_Dataflow_Model_Convert_Container_Abstract
if (count($data)==0) {
return true;
}
- $this->addException("Invalid data type, expecting 2D grid array.", Mage_Dataflow_Model_Convert_Exception::FATAL);
+ $this->addException(
+ "Invalid data type, expecting 2D grid array.",
+ Mage_Dataflow_Model_Convert_Exception::FATAL
+ );
}
return true;
}
diff --git a/app/code/core/Mage/Dataflow/Model/Convert/Parser/Csv.php b/app/code/core/Mage/Dataflow/Model/Convert/Parser/Csv.php
index 5d9ce6d..14c8db1 100644
--- a/app/code/core/Mage/Dataflow/Model/Convert/Parser/Csv.php
+++ b/app/code/core/Mage/Dataflow/Model/Convert/Parser/Csv.php
@@ -62,13 +62,15 @@ class Mage_Dataflow_Model_Convert_Parser_Csv extends Mage_Dataflow_Model_Convert
$adapter = Mage::getModel($adapterName);
}
catch (Exception $e) {
- $message = Mage::helper('dataflow')->__('Declared adapter %s was not found.', $adapterName);
+ $message = Mage::helper('dataflow')
+ ->__('Declared adapter %s was not found.', $adapterName);
$this->addException($message, Mage_Dataflow_Model_Convert_Exception::FATAL);
return $this;
}
if (!method_exists($adapter, $adapterMethod)) {
- $message = Mage::helper('dataflow')->__('Method "%s" not defined in adapter %s.', $adapterMethod, $adapterName);
+ $message = Mage::helper('dataflow')
+ ->__('Method "%s" not defined in adapter %s.', $adapterMethod, $adapterName);
$this->addException($message, Mage_Dataflow_Model_Convert_Exception::FATAL);
return $this;
}
@@ -77,8 +79,8 @@ class Mage_Dataflow_Model_Convert_Parser_Csv extends Mage_Dataflow_Model_Convert
$batchIoAdapter = $this->getBatchModel()->getIoAdapter();
if (Mage::app()->getRequest()->getParam('files')) {
- $file = Mage::app()->getConfig()->getTempVarDir().'/import/'
- . urldecode(Mage::app()->getRequest()->getParam('files'));
+ $file = Mage::app()->getConfig()->getTempVarDir() . '/import/'
+ . str_replace('../', '', urldecode(Mage::app()->getRequest()->getParam('files')));
$this->_copy($file);
}
diff --git a/app/code/core/Mage/Dataflow/Model/Convert/Parser/Xml/Excel.php b/app/code/core/Mage/Dataflow/Model/Convert/Parser/Xml/Excel.php
index 5a09cce..aa5e80a 100644
--- a/app/code/core/Mage/Dataflow/Model/Convert/Parser/Xml/Excel.php
+++ b/app/code/core/Mage/Dataflow/Model/Convert/Parser/Xml/Excel.php
@@ -69,7 +69,8 @@ class Mage_Dataflow_Model_Convert_Parser_Xml_Excel extends Mage_Dataflow_Model_C
}
if (!method_exists($adapter, $adapterMethod)) {
- $message = Mage::helper('dataflow')->__('Method "%s" was not defined in adapter %s.', $adapterMethod, $adapterName);
+ $message = Mage::helper('dataflow')
+ ->__('Method "%s" was not defined in adapter %s.', $adapterMethod, $adapterName);
$this->addException($message, Mage_Dataflow_Model_Convert_Exception::FATAL);
return $this;
}
@@ -78,8 +79,8 @@ class Mage_Dataflow_Model_Convert_Parser_Xml_Excel extends Mage_Dataflow_Model_C
$batchIoAdapter = $this->getBatchModel()->getIoAdapter();
if (Mage::app()->getRequest()->getParam('files')) {
- $file = Mage::app()->getConfig()->getTempVarDir().'/import/'
- . urldecode(Mage::app()->getRequest()->getParam('files'));
+ $file = Mage::app()->getConfig()->getTempVarDir() . '/import/'
+ . str_replace('../', '', urldecode(Mage::app()->getRequest()->getParam('files')));
$this->_copy($file);
}
diff --git a/app/code/core/Mage/ImportExport/Model/Import/Uploader.php b/app/code/core/Mage/ImportExport/Model/Import/Uploader.php
index fb9e4de..bcc3459 100644
--- a/app/code/core/Mage/ImportExport/Model/Import/Uploader.php
+++ b/app/code/core/Mage/ImportExport/Model/Import/Uploader.php
@@ -61,6 +61,11 @@ class Mage_ImportExport_Model_Import_Uploader extends Mage_Core_Model_File_Uploa
$this->setAllowedExtensions(array_keys($this->_allowedMimeTypes));
$this->addValidateCallback('catalog_product_image',
Mage::helper('catalog/image'), 'validateUploadFile');
+ $this->addValidateCallback(
+ Mage_Core_Model_File_Validator_Image::NAME,
+ Mage::getModel('core/file_validator_image'),
+ 'validate'
+ );
$this->_uploadType = self::SINGLE_STYLE;
}
diff --git a/app/code/core/Mage/Sales/Model/Quote/Item.php b/app/code/core/Mage/Sales/Model/Quote/Item.php
index 1bef6b8..13caf09 100644
--- a/app/code/core/Mage/Sales/Model/Quote/Item.php
+++ b/app/code/core/Mage/Sales/Model/Quote/Item.php
@@ -500,8 +500,9 @@ class Mage_Sales_Model_Quote_Item extends Mage_Sales_Model_Quote_Item_Abstract
/** @var Unserialize_Parser $parser */
$parser = Mage::helper('core/unserializeArray');
- $_itemOptionValue = $parser->unserialize($itemOptionValue);
- $_optionValue = $parser->unserialize($optionValue);
+ $_itemOptionValue =
+ is_numeric($itemOptionValue) ? $itemOptionValue : $parser->unserialize($itemOptionValue);
+ $_optionValue = is_numeric($optionValue) ? $optionValue : $parser->unserialize($optionValue);
if (is_array($_itemOptionValue) && is_array($_optionValue)) {
$itemOptionValue = $_itemOptionValue;
diff --git a/app/code/core/Mage/Widget/Model/Widget/Instance.php b/app/code/core/Mage/Widget/Model/Widget/Instance.php
index 851b1ed..f4c91ee 100644
--- a/app/code/core/Mage/Widget/Model/Widget/Instance.php
+++ b/app/code/core/Mage/Widget/Model/Widget/Instance.php
@@ -347,7 +347,11 @@ class Mage_Widget_Model_Widget_Instance extends Mage_Core_Model_Abstract
public function getWidgetParameters()
{
if (is_string($this->getData('widget_parameters'))) {
- return unserialize($this->getData('widget_parameters'));
+ try {
+ return Mage::helper('core/unserializeArray')->unserialize($this->getData('widget_parameters'));
+ } catch (Exception $e) {
+ Mage::logException($e);
+ }
}
return (is_array($this->getData('widget_parameters'))) ? $this->getData('widget_parameters') : array();
}
diff --git a/app/code/core/Mage/XmlConnect/Helper/Image.php b/app/code/core/Mage/XmlConnect/Helper/Image.php
index f176f50..39769c1 100644
--- a/app/code/core/Mage/XmlConnect/Helper/Image.php
+++ b/app/code/core/Mage/XmlConnect/Helper/Image.php
@@ -100,6 +100,11 @@ class Mage_XmlConnect_Helper_Image extends Mage_Core_Helper_Abstract
$uploader = Mage::getModel('core/file_uploader', $field);
$uploader->setAllowedExtensions(array('jpg', 'jpeg', 'gif', 'png'));
$uploader->setAllowRenameFiles(true);
+ $uploader->addValidateCallback(
+ Mage_Core_Model_File_Validator_Image::NAME,
+ Mage::getModel('core/file_validator_image'),
+ 'validate'
+ );
$uploader->save($uploadDir);
$uploadedFilename = $uploader->getUploadedFileName();
$uploadedFilename = $this->_getResizedFilename($field, $uploadedFilename, true);
diff --git a/app/code/core/Mage/XmlConnect/controllers/Adminhtml/MobileController.php b/app/code/core/Mage/XmlConnect/controllers/Adminhtml/MobileController.php
index 4fad8a3..1024c39 100644
--- a/app/code/core/Mage/XmlConnect/controllers/Adminhtml/MobileController.php
+++ b/app/code/core/Mage/XmlConnect/controllers/Adminhtml/MobileController.php
@@ -567,7 +567,7 @@ class Mage_XmlConnect_Adminhtml_MobileController extends Mage_Adminhtml_Controll
$result = $themesHelper->deleteTheme($themeId);
if ($result) {
$response = array(
- 'message' => $this->__('Theme has been delete.'),
+ 'message' => $this->__('Theme has been deleted.'),
'themes' => $themesHelper->getAllThemesArray(true),
'themeSelector' => $themesHelper->getThemesSelector(),
'selectedTheme' => $themesHelper->getDefaultThemeName()
@@ -1393,6 +1393,11 @@ class Mage_XmlConnect_Adminhtml_MobileController extends Mage_Adminhtml_Controll
/** @var $uploader Mage_Core_Model_File_Uploader */
$uploader = Mage::getModel('core/file_uploader', $imageModel->getImageType());
$uploader->setAllowRenameFiles(true)->setAllowedExtensions(array('jpg', 'jpeg', 'gif', 'png'));
+ $uploader->addValidateCallback(
+ Mage_Core_Model_File_Validator_Image::NAME,
+ Mage::getModel('core/file_validator_image'),
+ 'validate'
+ );
$result = $uploader->save(Mage_XmlConnect_Model_Images::getBasePath(), $newFileName);
$result['thumbnail'] = Mage::getModel('xmlconnect/images')->getCustomSizeImageUrl(
$result['file'],
diff --git a/app/design/adminhtml/default/default/layout/main.xml b/app/design/adminhtml/default/default/layout/main.xml
index bd1ac21..4f4ec4b 100644
--- a/app/design/adminhtml/default/default/layout/main.xml
+++ b/app/design/adminhtml/default/default/layout/main.xml
@@ -119,7 +119,8 @@ Default layout, loads most of the pages
<block type="adminhtml/cache_notifications" name="cache_notifications" template="system/cache/notifications.phtml"></block>
<block type="adminhtml/notification_survey" name="notification_survey" template="notification/survey.phtml"/>
<block type="adminhtml/notification_security" name="notification_security" as="notification_security" template="notification/security.phtml"></block>
- </block>
+ <block type="adminhtml/checkout_formkey" name="checkout_formkey" as="checkout_formkey" template="notification/formkey.phtml"/></block>
+ <block type="adminhtml/notification_symlink" name="notification_symlink" template="notification/symlink.phtml"/>
<block type="adminhtml/widget_breadcrumbs" name="breadcrumbs" as="breadcrumbs"></block>
<!--<update handle="formkey"/> this won't work, see the try/catch and a jammed exception in Mage_Core_Model_Layout::createBlock() -->
diff --git a/app/design/adminhtml/default/default/template/page/head.phtml b/app/design/adminhtml/default/default/template/page/head.phtml
index d9e1c38..7972424 100644
--- a/app/design/adminhtml/default/default/template/page/head.phtml
+++ b/app/design/adminhtml/default/default/template/page/head.phtml
@@ -33,7 +33,7 @@
var BLANK_URL = '<?php echo $this->getJsUrl() ?>blank.html';
var BLANK_IMG = '<?php echo $this->getJsUrl() ?>spacer.gif';
var BASE_URL = '<?php echo $this->getUrl('*') ?>';
- var SKIN_URL = '<?php echo $this->getSkinUrl() ?>';
+ var SKIN_URL = '<?php echo $this->jsQuoteEscape($this->getSkinUrl()) ?>';
var FORM_KEY = '<?php echo $this->getFormKey() ?>';
</script>
diff --git a/app/design/frontend/base/default/template/checkout/cart/shipping.phtml b/app/design/frontend/base/default/template/checkout/cart/shipping.phtml
index 622c656..5a2cefb 100644
--- a/app/design/frontend/base/default/template/checkout/cart/shipping.phtml
+++ b/app/design/frontend/base/default/template/checkout/cart/shipping.phtml
@@ -109,6 +109,7 @@
<div class="buttons-set">
<button type="submit" title="<?php echo Mage::helper('core')->quoteEscape($this->__('Update Total')) ?>" class="button" name="do" value="<?php echo Mage::helper('core')->quoteEscape($this->__('Update Total')) ?>"><span><span><?php echo $this->__('Update Total') ?></span></span></button>
</div>
+ <?php echo $this->getBlockHtml('formkey') ?>
</form>
<?php endif; ?>
<script type="text/javascript">
diff --git a/app/design/frontend/base/default/template/checkout/multishipping/billing.phtml b/app/design/frontend/base/default/template/checkout/multishipping/billing.phtml
index 979ac2c..0724452 100644
--- a/app/design/frontend/base/default/template/checkout/multishipping/billing.phtml
+++ b/app/design/frontend/base/default/template/checkout/multishipping/billing.phtml
@@ -91,6 +91,7 @@
<p class="back-link"><a href="<?php echo $this->getBackUrl() ?>"><small>&laquo; </small><?php echo $this->__('Back to Shipping Information') ?></a></p>
<button id="payment-continue" type="submit" title="<?php echo Mage::helper('core')->quoteEscape($this->__('Continue to Review Your Order')) ?>" class="button"><span><span><?php echo $this->__('Continue to Review Your Order') ?></span></span></button>
</div>
+ <?php echo $this->getBlockHtml('formkey') ?>
</form>
<script type="text/javascript">
//<![CDATA[
diff --git a/app/design/frontend/base/default/template/checkout/multishipping/shipping.phtml b/app/design/frontend/base/default/template/checkout/multishipping/shipping.phtml
index f873505..44923f5 100644
--- a/app/design/frontend/base/default/template/checkout/multishipping/shipping.phtml
+++ b/app/design/frontend/base/default/template/checkout/multishipping/shipping.phtml
@@ -126,5 +126,6 @@
<p class="back-link"><a href="<?php echo $this->getBackUrl() ?>"><small>&laquo; </small><?php echo $this->__('Back to Select Addresses') ?></a></p>
<button data-action="checkout-continue-billing" type="submit" title="<?php echo Mage::helper('core')->quoteEscape($this->__('Continue to Billing Information')) ?>" class="button"><span><span><?php echo $this->__('Continue to Billing Information') ?></span></span></button>
</div>
+ <?php echo $this->getBlockHtml('formkey') ?>
</form>
</div>
diff --git a/app/design/frontend/base/default/template/checkout/onepage/billing.phtml b/app/design/frontend/base/default/template/checkout/onepage/billing.phtml
index 67e3553..f06cacd 100644
--- a/app/design/frontend/base/default/template/checkout/onepage/billing.phtml
+++ b/app/design/frontend/base/default/template/checkout/onepage/billing.phtml
@@ -201,6 +201,7 @@
<img src="<?php echo $this->getSkinUrl('images/opc-ajax-loader.gif') ?>" alt="<?php echo Mage::helper('core')->quoteEscape($this->__('Loading next step...')) ?>" title="<?php echo Mage::helper('core')->quoteEscape($this->__('Loading next step...')) ?>" class="v-middle" /> <?php echo $this->__('Loading next step...') ?>
</span>
</div>
+ <?php echo $this->getBlockHtml('formkey') ?>
</fieldset>
</form>
<script type="text/javascript">
diff --git a/app/design/frontend/base/default/template/checkout/onepage/payment.phtml b/app/design/frontend/base/default/template/checkout/onepage/payment.phtml
index 86e2041..d461ced 100644
--- a/app/design/frontend/base/default/template/checkout/onepage/payment.phtml
+++ b/app/design/frontend/base/default/template/checkout/onepage/payment.phtml
@@ -35,6 +35,7 @@
<form action="" id="co-payment-form">
<fieldset>
<?php echo $this->getChildHtml('methods') ?>
+ <?php echo $this->getBlockHtml('formkey') ?>
</fieldset>
</form>
<div class="tool-tip" id="payment-tool-tip" style="display:none;">
diff --git a/app/design/frontend/base/default/template/checkout/onepage/shipping.phtml b/app/design/frontend/base/default/template/checkout/onepage/shipping.phtml
index cfce4b1..54f8e14 100644
--- a/app/design/frontend/base/default/template/checkout/onepage/shipping.phtml
+++ b/app/design/frontend/base/default/template/checkout/onepage/shipping.phtml
@@ -141,6 +141,7 @@
<img src="<?php echo $this->getSkinUrl('images/opc-ajax-loader.gif') ?>" alt="<?php echo Mage::helper('core')->quoteEscape($this->__('Loading next step...')) ?>" title="<?php echo Mage::helper('core')->quoteEscape($this->__('Loading next step...')) ?>" class="v-middle" /> <?php echo $this->__('Loading next step...') ?>
</span>
</div>
+ <?php echo $this->getBlockHtml('formkey') ?>
</form>
<script type="text/javascript">
//<![CDATA[
diff --git a/app/design/frontend/base/default/template/checkout/onepage/shipping_method.phtml b/app/design/frontend/base/default/template/checkout/onepage/shipping_method.phtml
index e306c84..233ceff 100644
--- a/app/design/frontend/base/default/template/checkout/onepage/shipping_method.phtml
+++ b/app/design/frontend/base/default/template/checkout/onepage/shipping_method.phtml
@@ -43,4 +43,5 @@
<img src="<?php echo $this->getSkinUrl('images/opc-ajax-loader.gif') ?>" alt="<?php echo Mage::helper('core')->quoteEscape($this->__('Loading next step...')) ?>" title="<?php echo Mage::helper('core')->quoteEscape($this->__('Loading next step...')) ?>" class="v-middle" /> <?php echo $this->__('Loading next step...') ?>
</span>
</div>
+ <?php echo $this->getBlockHtml('formkey') ?>
</form>
diff --git a/app/design/frontend/base/default/template/persistent/checkout/onepage/billing.phtml b/app/design/frontend/base/default/template/persistent/checkout/onepage/billing.phtml
index c7a2375..62c5306 100644
--- a/app/design/frontend/base/default/template/persistent/checkout/onepage/billing.phtml
+++ b/app/design/frontend/base/default/template/persistent/checkout/onepage/billing.phtml
@@ -199,6 +199,7 @@
<img src="<?php echo $this->getSkinUrl('images/opc-ajax-loader.gif') ?>" alt="<?php echo Mage::helper('core')->quoteEscape($this->__('Loading next step...')) ?>" title="<?php echo Mage::helper('core')->quoteEscape($this->__('Loading next step...')) ?>" class="v-middle" /> <?php echo $this->__('Loading next step...') ?>
</span>
</div>
+ <?php echo $this->getBlockHtml('formkey') ?>
</fieldset>
</form>
<script type="text/javascript">
diff --git a/app/design/frontend/rwd/default/layout/page.xml b/app/design/frontend/rwd/default/layout/page.xml
index a904e7e..693e166 100644
--- a/app/design/frontend/rwd/default/layout/page.xml
+++ b/app/design/frontend/rwd/default/layout/page.xml
@@ -36,7 +36,7 @@
<block type="page/html_head" name="head" as="head">
<action method="addJs"><script>prototype/prototype.js</script></action>
- <action method="addJs"><script>lib/jquery/jquery-1.10.2.min.js</script></action>
+ <action method="addJs"><script>lib/jquery/jquery-1.12.0.min.js</script></action>
<action method="addJs"><script>lib/jquery/noconflict.js</script></action>
<action method="addJs"><script>lib/ccard.js</script></action>
<action method="addJs"><script>prototype/validation.js</script></action>
diff --git a/app/design/frontend/rwd/default/template/checkout/cart/shipping.phtml b/app/design/frontend/rwd/default/template/checkout/cart/shipping.phtml
index 508177a..654e428 100644
--- a/app/design/frontend/rwd/default/template/checkout/cart/shipping.phtml
+++ b/app/design/frontend/rwd/default/template/checkout/cart/shipping.phtml
@@ -120,6 +120,7 @@
<span><span><?php echo $this->__('Update Total') ?></span></span>
</button>
</div>
+ <?php echo $this->getBlockHtml('formkey') ?>
</form>
<?php endif; ?>
<script type="text/javascript">
diff --git a/app/design/frontend/rwd/default/template/checkout/multishipping/addresses.phtml b/app/design/frontend/rwd/default/template/checkout/multishipping/addresses.phtml
index 0ca2658..aa81193 100644
--- a/app/design/frontend/rwd/default/template/checkout/multishipping/addresses.phtml
+++ b/app/design/frontend/rwd/default/template/checkout/multishipping/addresses.phtml
@@ -84,4 +84,5 @@
<button type="submit" data-action="checkout-continue-shipping" title="<?php echo Mage::helper('core')->quoteEscape($this->__('Continue to Shipping Information')) ?>" class="button<?php if ($this->isContinueDisabled()):?> disabled<?php endif; ?>" onclick="$('can_continue_flag').value=1"<?php if ($this->isContinueDisabled()):?> disabled="disabled"<?php endif; ?>><span><span><?php echo $this->__('Continue to Shipping Information') ?></span></span></button>
</div>
</div>
+ <?php echo $this->getBlockHtml('formkey') ?>
</form>
diff --git a/app/design/frontend/rwd/default/template/checkout/multishipping/billing.phtml b/app/design/frontend/rwd/default/template/checkout/multishipping/billing.phtml
index 9a7159a..a69c1ed 100644
--- a/app/design/frontend/rwd/default/template/checkout/multishipping/billing.phtml
+++ b/app/design/frontend/rwd/default/template/checkout/multishipping/billing.phtml
@@ -93,6 +93,7 @@
<p class="back-link"><a href="<?php echo $this->getBackUrl() ?>"><small>&laquo; </small><?php echo $this->__('Back to Shipping Information') ?></a></p>
<button id="payment-continue" type="submit" title="<?php echo Mage::helper('core')->quoteEscape($this->__('Continue to Review Your Order')) ?>" class="button"><span><span><?php echo $this->__('Continue to Review Your Order') ?></span></span></button>
</div>
+ <?php echo $this->getBlockHtml('formkey') ?>
</form>
<script type="text/javascript">
//<![CDATA[
diff --git a/app/design/frontend/rwd/default/template/checkout/onepage/payment.phtml b/app/design/frontend/rwd/default/template/checkout/onepage/payment.phtml
index 6361a15..e8dad99 100644
--- a/app/design/frontend/rwd/default/template/checkout/onepage/payment.phtml
+++ b/app/design/frontend/rwd/default/template/checkout/onepage/payment.phtml
@@ -36,6 +36,7 @@
<div class="fieldset">
<?php echo $this->getChildChildHtml('methods_additional', '', true, true) ?>
<?php echo $this->getChildHtml('methods') ?>
+ <?php echo $this->getBlockHtml('formkey') ?>
</div>
</form>
<div class="tool-tip" id="payment-tool-tip" style="display:none;">
diff --git a/app/design/frontend/rwd/default/template/checkout/onepage/shipping.phtml b/app/design/frontend/rwd/default/template/checkout/onepage/shipping.phtml
index f7f21ee..52cb70a 100644
--- a/app/design/frontend/rwd/default/template/checkout/onepage/shipping.phtml
+++ b/app/design/frontend/rwd/default/template/checkout/onepage/shipping.phtml
@@ -142,6 +142,7 @@
<img src="<?php echo $this->getSkinUrl('images/opc-ajax-loader.gif') ?>" alt="<?php echo Mage::helper('core')->quoteEscape($this->__('Loading next step...')) ?>" title="<?php echo Mage::helper('core')->quoteEscape($this->__('Loading next step...')) ?>" class="v-middle" /> <?php echo $this->__('Loading next step...') ?>
</span>
</div>
+ <?php echo $this->getBlockHtml('formkey') ?>
</form>
<script type="text/javascript">
//<![CDATA[
diff --git a/app/design/frontend/rwd/default/template/persistent/checkout/onepage/billing.phtml b/app/design/frontend/rwd/default/template/persistent/checkout/onepage/billing.phtml
index 64b3db8..1753723 100644
--- a/app/design/frontend/rwd/default/template/persistent/checkout/onepage/billing.phtml
+++ b/app/design/frontend/rwd/default/template/persistent/checkout/onepage/billing.phtml
@@ -201,6 +201,7 @@
<img src="<?php echo $this->getSkinUrl('images/opc-ajax-loader.gif') ?>" alt="<?php echo $this->quoteEscape($this->__('Loading next step...')) ?>" title="<?php echo $this->quoteEscape($this->__('Loading next step...')) ?>" class="v-middle" /> <?php echo $this->__('Loading next step...') ?>
</span>
</div>
+ <?php echo $this->getBlockHtml('formkey') ?>
</div>
</form>
<script type="text/javascript">
diff --git a/app/etc/applied.patches.list b/app/etc/applied.patches.list
index b1e9478..7257d69 100644
--- a/app/etc/applied.patches.list
+++ b/app/etc/applied.patches.list
@@ -284,3 +284,79 @@ patching file skin/adminhtml/default/default/xmlconnect/boxes.css
patching file lib/Zend/Mail/Transport/Sendmail.php
+-e 2017-06-01 01:51:55 UTC | PATCH_SUPEE-9767_CE_1.9.3.0_v1.sh | CE_1.9.3.0 | v1 | 226caf7 | Mon Feb 20 17:33:39 2017 +0200 | 2321b14
+patching file app/code/core/Mage/Admin/Model/Session.php
+patching file app/code/core/Mage/Adminhtml/Block/Checkout/Formkey.php
+patching file app/code/core/Mage/Adminhtml/Block/Notification/Symlink.php
+patching file app/code/core/Mage/Adminhtml/Block/Widget/Grid/Column/Filter/Date.php
+patching file app/code/core/Mage/Adminhtml/Model/Config/Data.php
+patching file app/code/core/Mage/Adminhtml/controllers/Catalog/Product/GalleryController.php
+patching file app/code/core/Mage/Checkout/controllers/MultishippingController.php
+patching file app/code/core/Mage/Checkout/controllers/OnepageController.php
+Hunk #1 succeeded at 350 (offset 1 line).
+Hunk #2 succeeded at 370 (offset 1 line).
+Hunk #3 succeeded at 417 (offset 1 line).
+Hunk #4 succeeded at 446 (offset 1 line).
+Hunk #5 succeeded at 485 (offset 1 line).
+patching file app/code/core/Mage/Checkout/etc/system.xml
+patching file app/code/core/Mage/Cms/Model/Wysiwyg/Images/Storage.php
+Hunk #1 succeeded at 282 (offset -1 lines).
+patching file app/code/core/Mage/Core/Controller/Front/Action.php
+patching file app/code/core/Mage/Core/Controller/Request/Http.php
+patching file app/code/core/Mage/Core/Model/File/Validator/Image.php
+Hunk #1 succeeded at 87 (offset -1 lines).
+Hunk #2 succeeded at 128 (offset -1 lines).
+patching file app/code/core/Mage/Core/etc/system.xml
+patching file app/code/core/Mage/Customer/Model/Session.php
+patching file app/code/core/Mage/Dataflow/Model/Convert/Adapter/Zend/Cache.php
+patching file app/code/core/Mage/Dataflow/Model/Convert/Container/Abstract.php
+patching file app/code/core/Mage/Dataflow/Model/Convert/Parser/Csv.php
+patching file app/code/core/Mage/Dataflow/Model/Convert/Parser/Xml/Excel.php
+patching file app/code/core/Mage/ImportExport/Model/Import/Uploader.php
+patching file app/code/core/Mage/Sales/Model/Quote/Item.php
+patching file app/code/core/Mage/Widget/Model/Widget/Instance.php
+patching file app/code/core/Mage/XmlConnect/Helper/Image.php
+patching file app/code/core/Mage/XmlConnect/controllers/Adminhtml/MobileController.php
+patching file app/design/adminhtml/default/default/layout/main.xml
+patching file app/design/adminhtml/default/default/template/notification/formkey.phtml
+patching file app/design/adminhtml/default/default/template/notification/symlink.phtml
+patching file app/design/adminhtml/default/default/template/page/head.phtml
+patching file app/design/frontend/base/default/template/checkout/cart/shipping.phtml
+patching file app/design/frontend/base/default/template/checkout/multishipping/billing.phtml
+patching file app/design/frontend/base/default/template/checkout/multishipping/shipping.phtml
+patching file app/design/frontend/base/default/template/checkout/onepage/billing.phtml
+patching file app/design/frontend/base/default/template/checkout/onepage/payment.phtml
+Hunk #1 succeeded at 35 (offset -1 lines).
+patching file app/design/frontend/base/default/template/checkout/onepage/shipping.phtml
+patching file app/design/frontend/base/default/template/checkout/onepage/shipping_method.phtml
+patching file app/design/frontend/base/default/template/persistent/checkout/onepage/billing.phtml
+patching file app/design/frontend/rwd/default/layout/page.xml
+patching file app/design/frontend/rwd/default/template/checkout/cart/shipping.phtml
+patching file app/design/frontend/rwd/default/template/checkout/multishipping/addresses.phtml
+patching file app/design/frontend/rwd/default/template/checkout/multishipping/billing.phtml
+patching file app/design/frontend/rwd/default/template/checkout/onepage/payment.phtml
+Hunk #1 succeeded at 36 (offset -1 lines).
+patching file app/design/frontend/rwd/default/template/checkout/onepage/shipping.phtml
+patching file app/design/frontend/rwd/default/template/persistent/checkout/onepage/billing.phtml
+patching file app/etc/config.xml
+patching file app/locale/en_US/Mage_Adminhtml.csv
+Hunk #1 succeeded at 1249 (offset -36 lines).
+patching file app/locale/en_US/Mage_Core.csv
+Hunk #1 succeeded at 401 (offset -6 lines).
+patching file app/locale/en_US/Mage_Dataflow.csv
+patching file app/locale/en_US/Mage_XmlConnect.csv
+patching file downloader/Maged/Connect.php
+patching file downloader/Maged/Controller.php
+Hunk #1 succeeded at 417 (offset -4 lines).
+Hunk #2 succeeded at 964 (offset -15 lines).
+patching file downloader/Maged/Model/Session.php
+Hunk #1 succeeded at 82 with fuzz 2.
+Hunk #2 succeeded at 268 (offset -5 lines).
+patching file js/lib/jquery/jquery-1.12.0.js
+patching file js/lib/jquery/jquery-1.12.0.min.js
+patching file js/lib/jquery/jquery-1.12.0.min.map
+patching file js/varien/payment.js
+patching file skin/frontend/base/default/js/opcheckout.js
+Hunk #1 succeeded at 711 (offset 27 lines).
+
+
diff --git a/app/etc/config.xml b/app/etc/config.xml
index 17e06e7..b0ce547 100644
--- a/app/etc/config.xml
+++ b/app/etc/config.xml
@@ -141,6 +141,11 @@
<export>{{var_dir}}/export</export>
</filesystem>
</system>
+ <dev>
+ <template>
+ <allow_symlink>0</allow_symlink>
+ </template>
+ </dev>
<general>
<locale>
<code>en_US</code>
diff --git a/js/varien/payment.js b/js/varien/payment.js
index e68864a..c6cdb41 100644
--- a/js/varien/payment.js
+++ b/js/varien/payment.js
@@ -31,7 +31,7 @@ paymentForm.prototype = {
var method = null;
for (var i=0; i<elements.length; i++) {
- if (elements[i].name=='payment[method]') {
+ if (elements[i].name=='payment[method]' || elements[i].name=='form_key') {
if (elements[i].checked) {
method = elements[i].value;
}
diff --git a/skin/frontend/base/default/js/opcheckout.js b/skin/frontend/base/default/js/opcheckout.js
index b6234cb..971cd21 100644
--- a/skin/frontend/base/default/js/opcheckout.js
+++ b/skin/frontend/base/default/js/opcheckout.js
@@ -711,7 +711,7 @@ Payment.prototype = {
}
var method = null;
for (var i=0; i<elements.length; i++) {
- if (elements[i].name=='payment[method]') {
+ if (elements[i].name=='payment[method]' || elements[i].name == 'form_key') {
if (elements[i].checked) {
method = elements[i].value;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment