Skip to content

Instantly share code, notes, and snippets.

@raybogman

raybogman/Magento_CE_1.7.0.2_v1-CSRF_Patch.diff

Forked from davidalger/Magento_CE_1.7.0.2_v1-CSRF_Patch.diff
Created September 10, 2013 07:53
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save raybogman/6506277 to your computer and use it in GitHub Desktop.
Save raybogman/6506277 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Magento_CE_1.7.0.2_v1-CSRF_Patch.diff
Date: Fri, 5 Jul 2013 22:41:03 -0500
Subject: [PATCH] Magento_CE_1.7.0.2_v1-CSRF_Patch
---
.../core/Mage/Catalog/Block/Product/Abstract.php | 85 ++++-
app/code/core/Mage/Catalog/Block/Product/View.php | 10 +-
.../core/Mage/Catalog/Helper/Product/Compare.php | 28 +-
app/code/core/Mage/Checkout/Helper/Cart.php | 26 +-
.../Mage/Checkout/controllers/CartController.php | 69 ++--
.../Checkout/controllers/OnepageController.php | 70 +++-
app/code/core/Mage/Core/Helper/Url.php | 29 +-
app/code/core/Mage/Core/Model/Url.php | 38 +-
.../Customer/controllers/AccountController.php | 421 ++++++++++++++-------
app/code/core/Mage/Wishlist/Helper/Data.php | 57 ++-
.../Mage/Wishlist/controllers/IndexController.php | 66 ++--
.../default/template/catalog/product/view.phtml | 1 +
.../template/checkout/onepage/review/info.phtml | 2 +-
.../default/template/sales/reorder/sidebar.phtml | 1 +
.../base/default/template/tag/customer/view.phtml | 4 +-
15 files changed, 643 insertions(+), 264 deletions(-)
diff --git a/app/code/core/Mage/Catalog/Block/Product/Abstract.php b/app/code/core/Mage/Catalog/Block/Product/Abstract.php
index a4728a5..7275a1e 100644
--- a/app/code/core/Mage/Catalog/Block/Product/Abstract.php
+++ b/app/code/core/Mage/Catalog/Block/Product/Abstract.php
@@ -34,6 +34,11 @@
*/
abstract class Mage_Catalog_Block_Product_Abstract extends Mage_Core_Block_Template
{
+ /**
+ * Price block array
+ *
+ * @var array
+ */
protected $_priceBlock = array();
/**
@@ -43,10 +48,25 @@ abstract class Mage_Catalog_Block_Product_Abstract extends Mage_Core_Block_Templ
*/
protected $_block = 'catalog/product_price';
+ /**
+ * Price template
+ *
+ * @var string
+ */
protected $_priceBlockDefaultTemplate = 'catalog/product/price.phtml';
+ /**
+ * Tier price template
+ *
+ * @var string
+ */
protected $_tierPriceDefaultTemplate = 'catalog/product/view/tierprices.phtml';
+ /**
+ * Price types
+ *
+ * @var array
+ */
protected $_priceBlockTypes = array();
/**
@@ -56,6 +76,11 @@ abstract class Mage_Catalog_Block_Product_Abstract extends Mage_Core_Block_Templ
*/
protected $_useLinkForAsLowAs = true;
+ /**
+ * Review block instance
+ *
+ * @var null|Mage_Review_Block_Helper
+ */
protected $_reviewsHelperBlock;
/**
@@ -89,18 +114,33 @@ abstract class Mage_Catalog_Block_Product_Abstract extends Mage_Core_Block_Templ
*/
public function getAddToCartUrl($product, $additional = array())
{
- if ($product->getTypeInstance(true)->hasRequiredOptions($product)) {
- if (!isset($additional['_escape'])) {
- $additional['_escape'] = true;
- }
- if (!isset($additional['_query'])) {
- $additional['_query'] = array();
- }
- $additional['_query']['options'] = 'cart';
-
- return $this->getProductUrl($product, $additional);
+ if (!$product->getTypeInstance(true)->hasRequiredOptions($product)) {
+ return $this->helper('checkout/cart')->getAddUrl($product, $additional);
}
- return $this->helper('checkout/cart')->getAddUrl($product, $additional);
+ $additional = array_merge(
+ $additional,
+ array(Mage_Core_Model_Url::FORM_KEY => $this->_getSingletonModel('core/session')->getFormKey())
+ );
+ if (!isset($additional['_escape'])) {
+ $additional['_escape'] = true;
+ }
+ if (!isset($additional['_query'])) {
+ $additional['_query'] = array();
+ }
+ $additional['_query']['options'] = 'cart';
+ return $this->getProductUrl($product, $additional);
+ }
+
+ /**
+ * Return model instance
+ *
+ * @param string $className
+ * @param array $arguments
+ * @return Mage_Core_Model_Abstract
+ */
+ protected function _getSingletonModel($className, $arguments = array())
+ {
+ return Mage::getSingleton($className, $arguments);
}
/**
@@ -126,7 +166,7 @@ abstract class Mage_Catalog_Block_Product_Abstract extends Mage_Core_Block_Templ
}
/**
- * Enter description here...
+ * Return link to Add to Wishlist
*
* @param Mage_Catalog_Model_Product $product
* @return string
@@ -155,6 +195,12 @@ abstract class Mage_Catalog_Block_Product_Abstract extends Mage_Core_Block_Templ
return null;
}
+ /**
+ * Return price block
+ *
+ * @param string $productTypeId
+ * @return mixed
+ */
protected function _getPriceBlock($productTypeId)
{
if (!isset($this->_priceBlock[$productTypeId])) {
@@ -169,6 +215,12 @@ abstract class Mage_Catalog_Block_Product_Abstract extends Mage_Core_Block_Templ
return $this->_priceBlock[$productTypeId];
}
+ /**
+ * Return Block template
+ *
+ * @param string $productTypeId
+ * @return string
+ */
protected function _getPriceBlockTemplate($productTypeId)
{
if (isset($this->_priceBlockTypes[$productTypeId])) {
@@ -304,6 +356,11 @@ abstract class Mage_Catalog_Block_Product_Abstract extends Mage_Core_Block_Templ
return $this->getData('product');
}
+ /**
+ * Return tier price template
+ *
+ * @return mixed|string
+ */
public function getTierPriceTemplate()
{
if (!$this->hasData('tier_price_template')) {
@@ -419,13 +476,13 @@ abstract class Mage_Catalog_Block_Product_Abstract extends Mage_Core_Block_Templ
*
* @return string
*/
- public function getImageLabel($product=null, $mediaAttributeCode='image')
+ public function getImageLabel($product = null, $mediaAttributeCode = 'image')
{
if (is_null($product)) {
$product = $this->getProduct();
}
- $label = $product->getData($mediaAttributeCode.'_label');
+ $label = $product->getData($mediaAttributeCode . '_label');
if (empty($label)) {
$label = $product->getName();
}
diff --git a/app/code/core/Mage/Catalog/Block/Product/View.php b/app/code/core/Mage/Catalog/Block/Product/View.php
index f641f24..bc81fd7 100644
--- a/app/code/core/Mage/Catalog/Block/Product/View.php
+++ b/app/code/core/Mage/Catalog/Block/Product/View.php
@@ -61,7 +61,7 @@ class Mage_Catalog_Block_Product_View extends Mage_Catalog_Block_Product_Abstrac
$currentCategory = Mage::registry('current_category');
if ($keyword) {
$headBlock->setKeywords($keyword);
- } elseif($currentCategory) {
+ } elseif ($currentCategory) {
$headBlock->setKeywords($product->getName());
}
$description = $product->getMetaDescription();
@@ -71,7 +71,7 @@ class Mage_Catalog_Block_Product_View extends Mage_Catalog_Block_Product_Abstrac
$headBlock->setDescription(Mage::helper('core/string')->substr($product->getDescription(), 0, 255));
}
if ($this->helper('catalog/product')->canUseCanonicalTag()) {
- $params = array('_ignore_category'=>true);
+ $params = array('_ignore_category' => true);
$headBlock->addLinkRel('canonical', $product->getUrlModel()->getUrl($product, $params));
}
}
@@ -117,7 +117,7 @@ class Mage_Catalog_Block_Product_View extends Mage_Catalog_Block_Product_Abstrac
return $this->getCustomAddToCartUrl();
}
- if ($this->getRequest()->getParam('wishlist_next')){
+ if ($this->getRequest()->getParam('wishlist_next')) {
$additional['wishlist_next'] = 1;
}
@@ -191,9 +191,9 @@ class Mage_Catalog_Block_Product_View extends Mage_Catalog_Block_Product_Abstrac
);
$responseObject = new Varien_Object();
- Mage::dispatchEvent('catalog_product_view_config', array('response_object'=>$responseObject));
+ Mage::dispatchEvent('catalog_product_view_config', array('response_object' => $responseObject));
if (is_array($responseObject->getAdditionalOptions())) {
- foreach ($responseObject->getAdditionalOptions() as $option=>$value) {
+ foreach ($responseObject->getAdditionalOptions() as $option => $value) {
$config[$option] = $value;
}
}
diff --git a/app/code/core/Mage/Catalog/Helper/Product/Compare.php b/app/code/core/Mage/Catalog/Helper/Product/Compare.php
index d38d2ba..2535144 100644
--- a/app/code/core/Mage/Catalog/Helper/Product/Compare.php
+++ b/app/code/core/Mage/Catalog/Helper/Product/Compare.php
@@ -79,17 +79,17 @@ class Mage_Catalog_Helper_Product_Compare extends Mage_Core_Helper_Url
*/
public function getListUrl()
{
- $itemIds = array();
- foreach ($this->getItemCollection() as $item) {
- $itemIds[] = $item->getId();
- }
+ $itemIds = array();
+ foreach ($this->getItemCollection() as $item) {
+ $itemIds[] = $item->getId();
+ }
- $params = array(
- 'items'=>implode(',', $itemIds),
+ $params = array(
+ 'items' => implode(',', $itemIds),
Mage_Core_Controller_Front_Action::PARAM_NAME_URL_ENCODED => $this->getEncodedUrl()
- );
+ );
- return $this->_getUrl('catalog/product_compare', $params);
+ return $this->_getUrl('catalog/product_compare', $params);
}
/**
@@ -128,7 +128,8 @@ class Mage_Catalog_Helper_Product_Compare extends Mage_Core_Helper_Url
$beforeCompareUrl = Mage::getSingleton('catalog/session')->getBeforeCompareUrl();
$params = array(
- 'product'=>$product->getId(),
+ 'product' => $product->getId(),
+ Mage_Core_Model_Url::FORM_KEY => $this->_getSingletonModel('core/session')->getFormKey(),
Mage_Core_Controller_Front_Action::PARAM_NAME_URL_ENCODED => $this->getEncodedUrl($beforeCompareUrl)
);
@@ -143,10 +144,11 @@ class Mage_Catalog_Helper_Product_Compare extends Mage_Core_Helper_Url
*/
public function getAddToCartUrl($product)
{
- $beforeCompareUrl = Mage::getSingleton('catalog/session')->getBeforeCompareUrl();
+ $beforeCompareUrl = $this->_getSingletonModel('catalog/session')->getBeforeCompareUrl();
$params = array(
- 'product'=>$product->getId(),
- Mage_Core_Controller_Front_Action::PARAM_NAME_URL_ENCODED => $this->getEncodedUrl($beforeCompareUrl)
+ 'product' => $product->getId(),
+ Mage_Core_Controller_Front_Action::PARAM_NAME_URL_ENCODED => $this->getEncodedUrl($beforeCompareUrl),
+ Mage_Core_Model_Url::FORM_KEY => $this->_getSingletonModel('core/session')->getFormKey()
);
return $this->_getUrl('checkout/cart/add', $params);
@@ -161,7 +163,7 @@ class Mage_Catalog_Helper_Product_Compare extends Mage_Core_Helper_Url
public function getRemoveUrl($item)
{
$params = array(
- 'product'=>$item->getId(),
+ 'product' => $item->getId(),
Mage_Core_Controller_Front_Action::PARAM_NAME_URL_ENCODED => $this->getEncodedUrl()
);
return $this->_getUrl('catalog/product_compare/remove', $params);
diff --git a/app/code/core/Mage/Checkout/Helper/Cart.php b/app/code/core/Mage/Checkout/Helper/Cart.php
index 33ba781..38c333d 100644
--- a/app/code/core/Mage/Checkout/Helper/Cart.php
+++ b/app/code/core/Mage/Checkout/Helper/Cart.php
@@ -31,6 +31,9 @@
*/
class Mage_Checkout_Helper_Cart extends Mage_Core_Helper_Url
{
+ /**
+ * Redirect to Cart path
+ */
const XML_PATH_REDIRECT_TO_CART = 'checkout/cart/redirect_to_cart';
/**
@@ -47,16 +50,16 @@ class Mage_Checkout_Helper_Cart extends Mage_Core_Helper_Url
* Retrieve url for add product to cart
*
* @param Mage_Catalog_Model_Product $product
+ * @param array $additional
* @return string
*/
public function getAddUrl($product, $additional = array())
{
- $continueUrl = Mage::helper('core')->urlEncode($this->getCurrentUrl());
- $urlParamName = Mage_Core_Controller_Front_Action::PARAM_NAME_URL_ENCODED;
-
$routeParams = array(
- $urlParamName => $continueUrl,
- 'product' => $product->getEntityId()
+ Mage_Core_Controller_Front_Action::PARAM_NAME_URL_ENCODED => $this->_getHelperInstance('core')
+ ->urlEncode($this->getCurrentUrl()),
+ 'product' => $product->getEntityId(),
+ Mage_Core_Model_Url::FORM_KEY => $this->_getSingletonModel('core/session')->getFormKey()
);
if (!empty($additional)) {
@@ -77,6 +80,17 @@ class Mage_Checkout_Helper_Cart extends Mage_Core_Helper_Url
}
/**
+ * Return helper instance
+ *
+ * @param string $helperName
+ * @return Mage_Core_Helper_Abstract
+ */
+ protected function _getHelperInstance($helperName)
+ {
+ return Mage::helper($helperName);
+ }
+
+ /**
* Retrieve url for remove product from cart
*
* @param Mage_Sales_Quote_Item $item
@@ -85,7 +99,7 @@ class Mage_Checkout_Helper_Cart extends Mage_Core_Helper_Url
public function getRemoveUrl($item)
{
$params = array(
- 'id'=>$item->getId(),
+ 'id' => $item->getId(),
Mage_Core_Controller_Front_Action::PARAM_NAME_BASE64_URL => $this->getCurrentBase64Url()
);
return $this->_getUrl('checkout/cart/delete', $params);
diff --git a/app/code/core/Mage/Checkout/controllers/CartController.php b/app/code/core/Mage/Checkout/controllers/CartController.php
index 8745dd6..252e80f 100644
--- a/app/code/core/Mage/Checkout/controllers/CartController.php
+++ b/app/code/core/Mage/Checkout/controllers/CartController.php
@@ -70,6 +70,7 @@ class Mage_Checkout_CartController extends Mage_Core_Controller_Front_Action
* Set back redirect url to response
*
* @return Mage_Checkout_CartController
+ * @throws Mage_Exception
*/
protected function _goBack()
{
@@ -166,9 +167,15 @@ class Mage_Checkout_CartController extends Mage_Core_Controller_Front_Action
/**
* Add product to shopping cart action
+ *
+ * @return void
*/
public function addAction()
{
+ if (!$this->_validateFormKey()) {
+ $this->_goBack();
+ return;
+ }
$cart = $this->_getCart();
$params = $this->getRequest()->getParams();
try {
@@ -207,7 +214,7 @@ class Mage_Checkout_CartController extends Mage_Core_Controller_Front_Action
);
if (!$this->_getSession()->getNoCartRedirect(true)) {
- if (!$cart->getQuote()->getHasError()){
+ if (!$cart->getQuote()->getHasError()) {
$message = $this->__('%s was added to your shopping cart.', Mage::helper('core')->escapeHtml($product->getName()));
$this->_getSession()->addSuccess($message);
}
@@ -236,34 +243,41 @@ class Mage_Checkout_CartController extends Mage_Core_Controller_Front_Action
}
}
+ /**
+ * Add products in group to shopping cart action
+ */
public function addgroupAction()
{
$orderItemIds = $this->getRequest()->getParam('order_items', array());
- if (is_array($orderItemIds)) {
- $itemsCollection = Mage::getModel('sales/order_item')
- ->getCollection()
- ->addIdFilter($orderItemIds)
- ->load();
- /* @var $itemsCollection Mage_Sales_Model_Mysql4_Order_Item_Collection */
- $cart = $this->_getCart();
- foreach ($itemsCollection as $item) {
- try {
- $cart->addOrderItem($item, 1);
- } catch (Mage_Core_Exception $e) {
- if ($this->_getSession()->getUseNotice(true)) {
- $this->_getSession()->addNotice($e->getMessage());
- } else {
- $this->_getSession()->addError($e->getMessage());
- }
- } catch (Exception $e) {
- $this->_getSession()->addException($e, $this->__('Cannot add the item to shopping cart.'));
- Mage::logException($e);
- $this->_goBack();
+
+ if (!is_array($orderItemIds) || !$this->_validateFormKey()) {
+ $this->_goBack();
+ return;
+ }
+
+ $itemsCollection = Mage::getModel('sales/order_item')
+ ->getCollection()
+ ->addIdFilter($orderItemIds)
+ ->load();
+ /* @var $itemsCollection Mage_Sales_Model_Mysql4_Order_Item_Collection */
+ $cart = $this->_getCart();
+ foreach ($itemsCollection as $item) {
+ try {
+ $cart->addOrderItem($item, 1);
+ } catch (Mage_Core_Exception $e) {
+ if ($this->_getSession()->getUseNotice(true)) {
+ $this->_getSession()->addNotice($e->getMessage());
+ } else {
+ $this->_getSession()->addError($e->getMessage());
}
+ } catch (Exception $e) {
+ $this->_getSession()->addException($e, $this->__('Cannot add the item to shopping cart.'));
+ Mage::logException($e);
+ $this->_goBack();
}
- $cart->save();
- $this->_getSession()->setCartWasUpdated(true);
}
+ $cart->save();
+ $this->_getSession()->setCartWasUpdated(true);
$this->_goBack();
}
@@ -347,8 +361,8 @@ class Mage_Checkout_CartController extends Mage_Core_Controller_Front_Action
array('item' => $item, 'request' => $this->getRequest(), 'response' => $this->getResponse())
);
if (!$this->_getSession()->getNoCartRedirect(true)) {
- if (!$cart->getQuote()->getHasError()){
- $message = $this->__('%s was updated in your shopping cart.', Mage::helper('core')->htmlEscape($item->getProduct()->getName()));
+ if (!$cart->getQuote()->getHasError()) {
+ $message = $this->__('%s was updated in your shopping cart.', Mage::helper('core')->escapeHtml($item->getProduct()->getName()));
$this->_getSession()->addSuccess($message);
}
$this->_goBack();
@@ -487,6 +501,11 @@ class Mage_Checkout_CartController extends Mage_Core_Controller_Front_Action
$this->_goBack();
}
+ /**
+ * Estimate update action
+ *
+ * @return null
+ */
public function estimateUpdatePostAction()
{
$code = (string) $this->getRequest()->getParam('estimate_method');
diff --git a/app/code/core/Mage/Checkout/controllers/OnepageController.php b/app/code/core/Mage/Checkout/controllers/OnepageController.php
index e90b59e..3e4a381 100644
--- a/app/code/core/Mage/Checkout/controllers/OnepageController.php
+++ b/app/code/core/Mage/Checkout/controllers/OnepageController.php
@@ -24,16 +24,27 @@
* @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
*/
-
+/**
+ * Class Onepage controller
+ */
class Mage_Checkout_OnepageController extends Mage_Checkout_Controller_Action
{
+ /**
+ * Functions for concrete method
+ *
+ * @var array
+ */
protected $_sectionUpdateFunctions = array(
'payment-method' => '_getPaymentMethodsHtml',
'shipping-method' => '_getShippingMethodsHtml',
'review' => '_getReviewHtml',
);
- /** @var Mage_Sales_Model_Order */
+ /**
+ * Order instance
+ *
+ * @var Mage_Sales_Model_Order
+ */
protected $_order;
/**
@@ -50,7 +61,7 @@ class Mage_Checkout_OnepageController extends Mage_Checkout_Controller_Action
$checkoutSessionQuote->removeAllAddresses();
}
- if(!$this->_canShowForUnregisteredUsers()){
+ if (!$this->_canShowForUnregisteredUsers()) {
$this->norouteAction();
$this->setFlag('',self::FLAG_NO_DISPATCH,true);
return;
@@ -59,6 +70,11 @@ class Mage_Checkout_OnepageController extends Mage_Checkout_Controller_Action
return $this;
}
+ /**
+ * Send headers in case if session is expired
+ *
+ * @return Mage_Checkout_OnepageController
+ */
protected function _ajaxRedirectResponse()
{
$this->getResponse()
@@ -123,6 +139,12 @@ class Mage_Checkout_OnepageController extends Mage_Checkout_Controller_Action
return $output;
}
+ /**
+ * Return block content from the 'checkout_onepage_additional'
+ * This is the additional content for shipping method
+ *
+ * @return string
+ */
protected function _getAdditionalHtml()
{
$layout = $this->getLayout();
@@ -180,7 +202,7 @@ class Mage_Checkout_OnepageController extends Mage_Checkout_Controller_Action
return;
}
Mage::getSingleton('checkout/session')->setCartWasUpdated(false);
- Mage::getSingleton('customer/session')->setBeforeAuthUrl(Mage::getUrl('*/*/*', array('_secure'=>true)));
+ Mage::getSingleton('customer/session')->setBeforeAuthUrl(Mage::getUrl('*/*/*', array('_secure' => true)));
$this->getOnepage()->initCheckout();
$this->loadLayout();
$this->_initLayoutMessages('customer/session');
@@ -200,6 +222,9 @@ class Mage_Checkout_OnepageController extends Mage_Checkout_Controller_Action
$this->renderLayout();
}
+ /**
+ * Shipping action
+ */
public function shippingMethodAction()
{
if ($this->_expireAjax()) {
@@ -209,6 +234,9 @@ class Mage_Checkout_OnepageController extends Mage_Checkout_Controller_Action
$this->renderLayout();
}
+ /**
+ * Review action
+ */
public function reviewAction()
{
if ($this->_expireAjax()) {
@@ -244,6 +272,9 @@ class Mage_Checkout_OnepageController extends Mage_Checkout_Controller_Action
$this->renderLayout();
}
+ /**
+ * Failure action
+ */
public function failureAction()
{
$lastQuoteId = $this->getOnepage()->getCheckout()->getLastQuoteId();
@@ -259,6 +290,9 @@ class Mage_Checkout_OnepageController extends Mage_Checkout_Controller_Action
}
+ /**
+ * Additional action
+ */
public function getAdditionalAction()
{
$this->getResponse()->setBody($this->_getAdditionalHtml());
@@ -383,10 +417,10 @@ class Mage_Checkout_OnepageController extends Mage_Checkout_Controller_Action
/*
$result will have erro data if shipping method is empty
*/
- if(!$result) {
+ if (!$result) {
Mage::dispatchEvent('checkout_controller_onepage_save_shipping_method',
- array('request'=>$this->getRequest(),
- 'quote'=>$this->getOnepage()->getQuote()));
+ array('request' => $this->getRequest(),
+ 'quote' => $this->getOnepage()->getQuote()));
$this->getOnepage()->getQuote()->collectTotals();
$this->getResponse()->setBody(Mage::helper('core')->jsonEncode($result));
@@ -452,7 +486,8 @@ class Mage_Checkout_OnepageController extends Mage_Checkout_Controller_Action
/**
* Get Order by quoteId
*
- * @return Mage_Sales_Model_Order
+ * @return Mage_Core_Model_Abstract|Mage_Sales_Model_Order
+ * @throws Mage_Payment_Model_Info_Exception
*/
protected function _getOrder()
{
@@ -489,15 +524,21 @@ class Mage_Checkout_OnepageController extends Mage_Checkout_Controller_Action
*/
public function saveOrderAction()
{
+ if (!$this->_validateFormKey()) {
+ return $this->_redirect('*/*');
+ }
+
if ($this->_expireAjax()) {
return;
}
$result = array();
try {
- if ($requiredAgreements = Mage::helper('checkout')->getRequiredAgreementIds()) {
+ $requiredAgreements = Mage::helper('checkout')->getRequiredAgreementIds();
+ if ($requiredAgreements) {
$postedAgreements = array_keys($this->getRequest()->getPost('agreement', array()));
- if ($diff = array_diff($requiredAgreements, $postedAgreements)) {
+ $diff = array_diff($requiredAgreements, $postedAgreements);
+ if ($diff) {
$result['success'] = false;
$result['error'] = true;
$result['error_messages'] = $this->__('Please agree to all the terms and conditions before placing the order.');
@@ -515,7 +556,7 @@ class Mage_Checkout_OnepageController extends Mage_Checkout_Controller_Action
$result['error'] = false;
} catch (Mage_Payment_Model_Info_Exception $e) {
$message = $e->getMessage();
- if( !empty($message) ) {
+ if ( !empty($message) ) {
$result['error_messages'] = $message;
}
$result['goto_section'] = 'payment';
@@ -530,12 +571,13 @@ class Mage_Checkout_OnepageController extends Mage_Checkout_Controller_Action
$result['error'] = true;
$result['error_messages'] = $e->getMessage();
- if ($gotoSection = $this->getOnepage()->getCheckout()->getGotoSection()) {
+ $gotoSection = $this->getOnepage()->getCheckout()->getGotoSection();
+ if ($gotoSection) {
$result['goto_section'] = $gotoSection;
$this->getOnepage()->getCheckout()->setGotoSection(null);
}
-
- if ($updateSection = $this->getOnepage()->getCheckout()->getUpdateSection()) {
+ $updateSection = $this->getOnepage()->getCheckout()->getUpdateSection();
+ if ($updateSection) {
if (isset($this->_sectionUpdateFunctions[$updateSection])) {
$updateSectionFunction = $this->_sectionUpdateFunctions[$updateSection];
$result['update_section'] = array(
diff --git a/app/code/core/Mage/Core/Helper/Url.php b/app/code/core/Mage/Core/Helper/Url.php
index 2fd8608..0181a25 100644
--- a/app/code/core/Mage/Core/Helper/Url.php
+++ b/app/code/core/Mage/Core/Helper/Url.php
@@ -65,7 +65,13 @@ class Mage_Core_Helper_Url extends Mage_Core_Helper_Abstract
return $this->urlEncode($this->getCurrentUrl());
}
- public function getEncodedUrl($url=null)
+ /**
+ * Return encoded url
+ *
+ * @param null|string $url
+ * @return string
+ */
+ public function getEncodedUrl($url = null)
{
if (!$url) {
$url = $this->getCurrentUrl();
@@ -83,6 +89,12 @@ class Mage_Core_Helper_Url extends Mage_Core_Helper_Abstract
return Mage::getBaseUrl();
}
+ /**
+ * Formatting string
+ *
+ * @param string $string
+ * @return string
+ */
protected function _prepareString($string)
{
$string = preg_replace('#[^0-9a-z]+#i', '-', $string);
@@ -104,7 +116,7 @@ class Mage_Core_Helper_Url extends Mage_Core_Helper_Abstract
$startDelimiter = (false === strpos($url,'?'))? '?' : '&';
$arrQueryParams = array();
- foreach($param as $key=>$value) {
+ foreach ($param as $key => $value) {
if (is_numeric($key) || is_object($value)) {
continue;
}
@@ -128,6 +140,7 @@ class Mage_Core_Helper_Url extends Mage_Core_Helper_Abstract
*
* @param string $url
* @param string $paramKey
+ * @param boolean $caseSensitive
* @return string
*/
public function removeRequestParam($url, $paramKey, $caseSensitive = false)
@@ -143,4 +156,16 @@ class Mage_Core_Helper_Url extends Mage_Core_Helper_Abstract
}
return $url;
}
+
+ /**
+ * Return singleton model instance
+ *
+ * @param string $name
+ * @param array $arguments
+ * @return Mage_Core_Model_Abstract
+ */
+ protected function _getSingletonModel($name, $arguments = array())
+ {
+ return Mage::getSingleton($name, $arguments);
+ }
}
diff --git a/app/code/core/Mage/Core/Model/Url.php b/app/code/core/Mage/Core/Model/Url.php
index c87bf48..28086af 100644
--- a/app/code/core/Mage/Core/Model/Url.php
+++ b/app/code/core/Mage/Core/Model/Url.php
@@ -89,14 +89,31 @@ class Mage_Core_Model_Url extends Varien_Object
const DEFAULT_ACTION_NAME = 'index';
/**
- * Configuration paths
+ * XML base url path unsecure
*/
const XML_PATH_UNSECURE_URL = 'web/unsecure/base_url';
+
+ /**
+ * XML base url path secure
+ */
const XML_PATH_SECURE_URL = 'web/secure/base_url';
+
+ /**
+ * XML path for using in adminhtml
+ */
const XML_PATH_SECURE_IN_ADMIN = 'default/web/secure/use_in_adminhtml';
+
+ /**
+ * XML path for using in frontend
+ */
const XML_PATH_SECURE_IN_FRONT = 'web/secure/use_in_frontend';
/**
+ * Param name for form key functionality
+ */
+ const FORM_KEY = 'form_key';
+
+ /**
* Configuration data cache
*
* @var array
@@ -483,7 +500,7 @@ class Mage_Core_Model_Url extends Varien_Object
}
$routePath = $this->getActionPath();
if ($this->getRouteParams()) {
- foreach ($this->getRouteParams() as $key=>$value) {
+ foreach ($this->getRouteParams() as $key => $value) {
if (is_null($value) || false === $value || '' === $value || !is_scalar($value)) {
continue;
}
@@ -939,8 +956,8 @@ class Mage_Core_Model_Url extends Varien_Object
/**
* Build url by requested path and parameters
*
- * @param string|null $routePath
- * @param array|null $routeParams
+ * @param string|null $routePath
+ * @param array|null $routeParams
* @return string
*/
public function getUrl($routePath = null, $routeParams = null)
@@ -974,6 +991,7 @@ class Mage_Core_Model_Url extends Varien_Object
$noSid = (bool)$routeParams['_nosid'];
unset($routeParams['_nosid']);
}
+
$url = $this->getRouteUrl($routePath, $routeParams);
/**
* Apply query params, need call after getRouteUrl for rewrite _current values
@@ -1007,6 +1025,18 @@ class Mage_Core_Model_Url extends Varien_Object
}
/**
+ * Return singleton model instance
+ *
+ * @param string $name
+ * @param array $arguments
+ * @return Mage_Core_Model_Abstract
+ */
+ protected function _getSingletonModel($name, $arguments = array())
+ {
+ return Mage::getSingleton($name, $arguments);
+ }
+
+ /**
* Check and add session id to URL
*
* @param string $url
diff --git a/app/code/core/Mage/Customer/controllers/AccountController.php b/app/code/core/Mage/Customer/controllers/AccountController.php
index 98bac6a..6ee3163 100644
--- a/app/code/core/Mage/Customer/controllers/AccountController.php
+++ b/app/code/core/Mage/Customer/controllers/AccountController.php
@@ -153,8 +153,8 @@ class Mage_Customer_AccountController extends Mage_Core_Controller_Front_Action
} catch (Mage_Core_Exception $e) {
switch ($e->getCode()) {
case Mage_Customer_Model_Customer::EXCEPTION_EMAIL_NOT_CONFIRMED:
- $value = Mage::helper('customer')->getEmailConfirmationUrl($login['username']);
- $message = Mage::helper('customer')->__('This account is not confirmed. <a href="%s">Click here</a> to resend confirmation email.', $value);
+ $value = $this->_getHelper('customer')->getEmailConfirmationUrl($login['username']);
+ $message = $this->_getHelper('customer')->__('This account is not confirmed. <a href="%s">Click here</a> to resend confirmation email.', $value);
break;
case Mage_Customer_Model_Customer::EXCEPTION_INVALID_EMAIL_OR_PASSWORD:
$message = $e->getMessage();
@@ -184,7 +184,7 @@ class Mage_Customer_AccountController extends Mage_Core_Controller_Front_Action
if (!$session->getBeforeAuthUrl() || $session->getBeforeAuthUrl() == Mage::getBaseUrl()) {
// Set default URL to redirect customer to
- $session->setBeforeAuthUrl(Mage::helper('customer')->getAccountUrl());
+ $session->setBeforeAuthUrl($this->_getHelper('customer')->getAccountUrl());
// Redirect customer to the last page visited after logging in
if ($session->isLoggedIn()) {
if (!Mage::getStoreConfigFlag(
@@ -193,8 +193,8 @@ class Mage_Customer_AccountController extends Mage_Core_Controller_Front_Action
$referer = $this->getRequest()->getParam(Mage_Customer_Helper_Data::REFERER_QUERY_PARAM_NAME);
if ($referer) {
// Rebuild referer URL to handle the case when SID was changed
- $referer = Mage::getModel('core/url')
- ->getRebuiltUrl(Mage::helper('core')->urlDecode($referer));
+ $referer = $this->_getModel('core/url')
+ ->getRebuiltUrl($this->_getHelper('core')->urlDecode($referer));
if ($this->_isUrlInternal($referer)) {
$session->setBeforeAuthUrl($referer);
}
@@ -203,10 +203,10 @@ class Mage_Customer_AccountController extends Mage_Core_Controller_Front_Action
$session->setBeforeAuthUrl($session->getAfterAuthUrl(true));
}
} else {
- $session->setBeforeAuthUrl(Mage::helper('customer')->getLoginUrl());
+ $session->setBeforeAuthUrl($this->_getHelper('customer')->getLoginUrl());
}
- } else if ($session->getBeforeAuthUrl() == Mage::helper('customer')->getLogoutUrl()) {
- $session->setBeforeAuthUrl(Mage::helper('customer')->getDashboardUrl());
+ } else if ($session->getBeforeAuthUrl() == $this->_getHelper('customer')->getLogoutUrl()) {
+ $session->setBeforeAuthUrl($this->_getHelper('customer')->getDashboardUrl());
} else {
if (!$session->getAfterAuthUrl()) {
$session->setAfterAuthUrl($session->getBeforeAuthUrl());
@@ -258,126 +258,255 @@ class Mage_Customer_AccountController extends Mage_Core_Controller_Front_Action
*/
public function createPostAction()
{
+ /** @var $session Mage_Customer_Model_Session */
$session = $this->_getSession();
if ($session->isLoggedIn()) {
$this->_redirect('*/*/');
return;
}
$session->setEscapeMessages(true); // prevent XSS injection in user input
- if ($this->getRequest()->isPost()) {
- $errors = array();
+ if (!$this->getRequest()->isPost()) {
+ $errUrl = $this->_getUrl('*/*/create', array('_secure' => true));
+ $this->_redirectError($errUrl);
+ return;
+ }
- if (!$customer = Mage::registry('current_customer')) {
- $customer = Mage::getModel('customer/customer')->setId(null);
+ $customer = $this->_getCustomer();
+
+ try {
+ $errors = $this->_getCustomerErrors($customer);
+
+ if (empty($errors)) {
+ $customer->save();
+ $this->_dispatchRegisterSuccess($customer);
+ $this->_successProcessRegistration($customer);
+ return;
+ } else {
+ $this->_addSessionError($errors);
+ }
+ } catch (Mage_Core_Exception $e) {
+ $session->setCustomerFormData($this->getRequest()->getPost());
+ if ($e->getCode() === Mage_Customer_Model_Customer::EXCEPTION_EMAIL_EXISTS) {
+ $url = $this->_getUrl('customer/account/forgotpassword');
+ $message = $this->__('There is already an account with this email address. If you are sure that it is your email address, <a href="%s">click here</a> to get your password and access your account.', $url);
+ $session->setEscapeMessages(false);
+ } else {
+ $message = $e->getMessage();
}
+ $session->addError($message);
+ } catch (Exception $e) {
+ $session->setCustomerFormData($this->getRequest()->getPost())
+ ->addException($e, $this->__('Cannot save the customer.'));
+ }
+ $url = $this->_getUrl('*/*/create', array('_secure' => true));
+ $this->_redirectError($url);
+ }
- /* @var $customerForm Mage_Customer_Model_Form */
- $customerForm = Mage::getModel('customer/form');
- $customerForm->setFormCode('customer_account_create')
- ->setEntity($customer);
+ /**
+ * Success Registration
+ *
+ * @param Mage_Customer_Model_Customer $customer
+ * @return Mage_Customer_AccountController
+ */
+ protected function _successProcessRegistration(Mage_Customer_Model_Customer $customer)
+ {
+ $session = $this->_getSession();
+ if ($customer->isConfirmationRequired()) {
+ /** @var $app Mage_Core_Model_App */
+ $app = $this->_getApp();
+ /** @var $store Mage_Core_Model_Store*/
+ $store = $app->getStore();
+ $customer->sendNewAccountEmail(
+ 'confirmation',
+ $session->getBeforeAuthUrl(),
+ $store->getId()
+ );
+ $customerHelper = $this->_getHelper('customer');
+ $session->addSuccess($this->__('Account confirmation is required. Please, check your email for the confirmation link. To resend the confirmation email please <a href="%s">click here</a>.',
+ $customerHelper->getEmailConfirmationUrl($customer->getEmail())));
+ $url = $this->_getUrl('*/*/index', array('_secure' => true));
+ } else {
+ $session->setCustomerAsLoggedIn($customer);
+ $session->renewSession();
+ $url = $this->_welcomeCustomer($customer);
+ }
+ $this->_redirectSuccess($url);
+ return $this;
+ }
- $customerData = $customerForm->extractData($this->getRequest());
+ /**
+ * Get Customer Model
+ *
+ * @return Mage_Customer_Model_Customer
+ */
+ protected function _getCustomer()
+ {
+ $customer = $this->_getFromRegistry('current_customer');
+ if (!$customer) {
+ $customer = $this->_getModel('customer/customer')->setId(null);
+ }
+ if ($this->getRequest()->getParam('is_subscribed', false)) {
+ $customer->setIsSubscribed(1);
+ }
+ /**
+ * Initialize customer group id
+ */
+ $customer->getGroupId();
- if ($this->getRequest()->getParam('is_subscribed', false)) {
- $customer->setIsSubscribed(1);
+ return $customer;
+ }
+
+ /**
+ * Add session error method
+ *
+ * @param string|array $errors
+ */
+ protected function _addSessionError($errors)
+ {
+ $session = $this->_getSession();
+ $session->setCustomerFormData($this->getRequest()->getPost());
+ if (is_array($errors)) {
+ foreach ($errors as $errorMessage) {
+ $session->addError($errorMessage);
}
+ } else {
+ $session->addError($this->__('Invalid customer data'));
+ }
+ }
- /**
- * Initialize customer group id
- */
- $customer->getGroupId();
-
- if ($this->getRequest()->getPost('create_address')) {
- /* @var $address Mage_Customer_Model_Address */
- $address = Mage::getModel('customer/address');
- /* @var $addressForm Mage_Customer_Model_Form */
- $addressForm = Mage::getModel('customer/form');
- $addressForm->setFormCode('customer_register_address')
- ->setEntity($address);
-
- $addressData = $addressForm->extractData($this->getRequest(), 'address', false);
- $addressErrors = $addressForm->validateData($addressData);
- if ($addressErrors === true) {
- $address->setId(null)
- ->setIsDefaultBilling($this->getRequest()->getParam('default_billing', false))
- ->setIsDefaultShipping($this->getRequest()->getParam('default_shipping', false));
- $addressForm->compactData($addressData);
- $customer->addAddress($address);
-
- $addressErrors = $address->validate();
- if (is_array($addressErrors)) {
- $errors = array_merge($errors, $addressErrors);
- }
- } else {
- $errors = array_merge($errors, $addressErrors);
- }
+ /**
+ * Validate customer data and return errors if they are
+ *
+ * @param Mage_Customer_Model_Customer $customer
+ * @return array|string
+ */
+ protected function _getCustomerErrors($customer)
+ {
+ $errors = array();
+ $request = $this->getRequest();
+ if ($request->getPost('create_address')) {
+ $errors = $this->_getErrorsOnCustomerAddress($customer);
+ }
+ $customerForm = $this->_getCustomerForm($customer);
+ $customerData = $customerForm->extractData($request);
+ $customerErrors = $customerForm->validateData($customerData);
+ if ($customerErrors !== true) {
+ $errors = array_merge($customerErrors, $errors);
+ } else {
+ $customerForm->compactData($customerData);
+ $customer->setPassword($request->getPost('password'));
+ $customer->setConfirmation($request->getPost('confirmation'));
+ $customerErrors = $customer->validate();
+ if (is_array($customerErrors)) {
+ $errors = array_merge($customerErrors, $errors);
}
+ }
+ return $errors;
+ }
- try {
- $customerErrors = $customerForm->validateData($customerData);
- if ($customerErrors !== true) {
- $errors = array_merge($customerErrors, $errors);
- } else {
- $customerForm->compactData($customerData);
- $customer->setPassword($this->getRequest()->getPost('password'));
- $customer->setConfirmation($this->getRequest()->getPost('confirmation'));
- $customerErrors = $customer->validate();
- if (is_array($customerErrors)) {
- $errors = array_merge($customerErrors, $errors);
- }
- }
+ /**
+ * Get Customer Form Initalized Model
+ *
+ * @param Mage_Customer_Model_Customer $customer
+ * @return Mage_Customer_Model_Form
+ */
+ protected function _getCustomerForm($customer)
+ {
+ /* @var $customerForm Mage_Customer_Model_Form */
+ $customerForm = $this->_getModel('customer/form');
+ $customerForm->setFormCode('customer_account_create');
+ $customerForm->setEntity($customer);
+ return $customerForm;
+ }
- $validationResult = count($errors) == 0;
+ /**
+ * Get Helper
+ *
+ * @param string $path
+ * @return Mage_Core_Helper_Abstract
+ */
+ protected function _getHelper($path)
+ {
+ return Mage::helper($path);
+ }
- if (true === $validationResult) {
- $customer->save();
+ /**
+ * Get App
+ *
+ * @return Mage_Core_Model_App
+ */
+ protected function _getApp()
+ {
+ return Mage::app();
+ }
- Mage::dispatchEvent('customer_register_success',
- array('account_controller' => $this, 'customer' => $customer)
- );
-
- if ($customer->isConfirmationRequired()) {
- $customer->sendNewAccountEmail(
- 'confirmation',
- $session->getBeforeAuthUrl(),
- Mage::app()->getStore()->getId()
- );
- $session->addSuccess($this->__('Account confirmation is required. Please, check your email for the confirmation link. To resend the confirmation email please <a href="%s">click here</a>.', Mage::helper('customer')->getEmailConfirmationUrl($customer->getEmail())));
- $this->_redirectSuccess(Mage::getUrl('*/*/index', array('_secure'=>true)));
- return;
- } else {
- $session->setCustomerAsLoggedIn($customer);
- $url = $this->_welcomeCustomer($customer);
- $this->_redirectSuccess($url);
- return;
- }
- } else {
- $session->setCustomerFormData($this->getRequest()->getPost());
- if (is_array($errors)) {
- foreach ($errors as $errorMessage) {
- $session->addError($errorMessage);
- }
- } else {
- $session->addError($this->__('Invalid customer data'));
- }
- }
- } catch (Mage_Core_Exception $e) {
- $session->setCustomerFormData($this->getRequest()->getPost());
- if ($e->getCode() === Mage_Customer_Model_Customer::EXCEPTION_EMAIL_EXISTS) {
- $url = Mage::getUrl('customer/account/forgotpassword');
- $message = $this->__('There is already an account with this email address. If you are sure that it is your email address, <a href="%s">click here</a> to get your password and access your account.', $url);
- $session->setEscapeMessages(false);
- } else {
- $message = $e->getMessage();
- }
- $session->addError($message);
- } catch (Exception $e) {
- $session->setCustomerFormData($this->getRequest()->getPost())
- ->addException($e, $this->__('Cannot save the customer.'));
- }
+ /**
+ * Dispatch Event
+ *
+ * @param Mage_Customer_Model_Customer $customer
+ */
+ protected function _dispatchRegisterSuccess($customer)
+ {
+ Mage::dispatchEvent('customer_register_success',
+ array('account_controller' => $this, 'customer' => $customer)
+ );
+ }
+
+ /**
+ * Get errors on provided customer address
+ *
+ * @param Mage_Customer_Model_Customer $customer
+ * @return array $errors
+ */
+ protected function _getErrorsOnCustomerAddress($customer)
+ {
+ $errors = array();
+ /* @var $address Mage_Customer_Model_Address */
+ $address = $this->_getModel('customer/address');
+ /* @var $addressForm Mage_Customer_Model_Form */
+ $addressForm = $this->_getModel('customer/form');
+ $addressForm->setFormCode('customer_register_address')
+ ->setEntity($address);
+
+ $addressData = $addressForm->extractData($this->getRequest(), 'address', false);
+ $addressErrors = $addressForm->validateData($addressData);
+ if (is_array($addressErrors)) {
+ $errors = $addressErrors;
+ }
+ $address->setId(null)
+ ->setIsDefaultBilling($this->getRequest()->getParam('default_billing', false))
+ ->setIsDefaultShipping($this->getRequest()->getParam('default_shipping', false));
+ $addressForm->compactData($addressData);
+ $customer->addAddress($address);
+
+ $addressErrors = $address->validate();
+ if (is_array($addressErrors)) {
+ $errors = array_merge($errors, $addressErrors);
}
+ return $errors;
+ }
- $this->_redirectError(Mage::getUrl('*/*/create', array('_secure' => true)));
+ /**
+ * Get model by path
+ *
+ * @param string $path
+ * @param array|null $arguments
+ * @return false|Mage_Core_Model_Abstract
+ */
+ public function _getModel($path, $arguments = array())
+ {
+ return Mage::getModel($path, $arguments);
+ }
+
+ /**
+ * Get model from registry by path
+ *
+ * @param string $path
+ * @return mixed
+ */
+ protected function _getFromRegistry($path)
+ {
+ return Mage::registry($path);
}
/**
@@ -395,14 +524,16 @@ class Mage_Customer_AccountController extends Mage_Core_Controller_Front_Action
);
if ($this->_isVatValidationEnabled()) {
// Show corresponding VAT message to customer
- $configAddressType = Mage::helper('customer/address')->getTaxCalculationAddressType();
+ $configAddressType = $this->_getHelper('customer/address')->getTaxCalculationAddressType();
$userPrompt = '';
switch ($configAddressType) {
case Mage_Customer_Model_Address_Abstract::TYPE_SHIPPING:
- $userPrompt = $this->__('If you are a registered VAT customer, please click <a href="%s">here</a> to enter you shipping address for proper VAT calculation', Mage::getUrl('customer/address/edit'));
+ $userPrompt = $this->__('If you are a registered VAT customer, please click <a href="%s">here</a> to enter you shipping address for proper VAT calculation',
+ $this->_getUrl('customer/address/edit'));
break;
default:
- $userPrompt = $this->__('If you are a registered VAT customer, please click <a href="%s">here</a> to enter you billing address for proper VAT calculation', Mage::getUrl('customer/address/edit'));
+ $userPrompt = $this->__('If you are a registered VAT customer, please click <a href="%s">here</a> to enter you billing address for proper VAT calculation',
+ $this->_getUrl('customer/address/edit'));
}
$this->_getSession()->addSuccess($userPrompt);
}
@@ -413,7 +544,7 @@ class Mage_Customer_AccountController extends Mage_Core_Controller_Front_Action
Mage::app()->getStore()->getId()
);
- $successUrl = Mage::getUrl('*/*/index', array('_secure'=>true));
+ $successUrl = $this->_getUrl('*/*/index', array('_secure' => true));
if ($this->_getSession()->getBeforeAuthUrl()) {
$successUrl = $this->_getSession()->getBeforeAuthUrl(true);
}
@@ -425,7 +556,8 @@ class Mage_Customer_AccountController extends Mage_Core_Controller_Front_Action
*/
public function confirmAction()
{
- if ($this->_getSession()->isLoggedIn()) {
+ $session = $this->_getSession();
+ if ($session->isLoggedIn()) {
$this->_redirect('*/*/');
return;
}
@@ -439,7 +571,7 @@ class Mage_Customer_AccountController extends Mage_Core_Controller_Front_Action
// load customer by id (try/catch in case if it throws exceptions)
try {
- $customer = Mage::getModel('customer/customer')->load($id);
+ $customer = $this->_getModel('customer/customer')->load($id);
if ((!$customer) || (!$customer->getId())) {
throw new Exception('Failed to load customer by id.');
}
@@ -463,21 +595,22 @@ class Mage_Customer_AccountController extends Mage_Core_Controller_Front_Action
throw new Exception($this->__('Failed to confirm customer account.'));
}
+ $session->renewSession();
// log in and send greeting email, then die happy
- $this->_getSession()->setCustomerAsLoggedIn($customer);
+ $session->setCustomerAsLoggedIn($customer);
$successUrl = $this->_welcomeCustomer($customer, true);
$this->_redirectSuccess($backUrl ? $backUrl : $successUrl);
return;
}
// die happy
- $this->_redirectSuccess(Mage::getUrl('*/*/index', array('_secure'=>true)));
+ $this->_redirectSuccess($this->_getUrl('*/*/index', array('_secure' => true)));
return;
}
catch (Exception $e) {
// die unhappy
$this->_getSession()->addError($e->getMessage());
- $this->_redirectError(Mage::getUrl('*/*/index', array('_secure'=>true)));
+ $this->_redirectError($this->_getUrl('*/*/index', array('_secure' => true)));
return;
}
}
@@ -487,7 +620,7 @@ class Mage_Customer_AccountController extends Mage_Core_Controller_Front_Action
*/
public function confirmationAction()
{
- $customer = Mage::getModel('customer/customer');
+ $customer = $this->_getModel('customer/customer');
if ($this->_getSession()->isLoggedIn()) {
$this->_redirect('*/*/');
return;
@@ -508,10 +641,10 @@ class Mage_Customer_AccountController extends Mage_Core_Controller_Front_Action
$this->_getSession()->addSuccess($this->__('This email does not require confirmation.'));
}
$this->_getSession()->setUsername($email);
- $this->_redirectSuccess(Mage::getUrl('*/*/index', array('_secure' => true)));
+ $this->_redirectSuccess($this->_getUrl('*/*/index', array('_secure' => true)));
} catch (Exception $e) {
$this->_getSession()->addException($e, $this->__('Wrong email.'));
- $this->_redirectError(Mage::getUrl('*/*/*', array('email' => $email, '_secure' => true)));
+ $this->_redirectError($this->_getUrl('*/*/*', array('email' => $email, '_secure' => true)));
}
return;
}
@@ -527,6 +660,18 @@ class Mage_Customer_AccountController extends Mage_Core_Controller_Front_Action
}
/**
+ * Get Url method
+ *
+ * @param string $url
+ * @param array $params
+ * @return string
+ */
+ protected function _getUrl($url, $params = array())
+ {
+ return Mage::getUrl($url, $params);
+ }
+
+ /**
* Forgot customer password page
*/
public function forgotPasswordAction()
@@ -557,13 +702,13 @@ class Mage_Customer_AccountController extends Mage_Core_Controller_Front_Action
}
/** @var $customer Mage_Customer_Model_Customer */
- $customer = Mage::getModel('customer/customer')
+ $customer = $this->_getModel('customer/customer')
->setWebsiteId(Mage::app()->getStore()->getWebsiteId())
->loadByEmail($email);
if ($customer->getId()) {
try {
- $newResetPasswordLinkToken = Mage::helper('customer')->generateResetPasswordLinkToken();
+ $newResetPasswordLinkToken = $this->_getHelper('customer')->generateResetPasswordLinkToken();
$customer->changeResetPasswordLinkToken($newResetPasswordLinkToken);
$customer->sendPasswordResetConfirmationEmail();
} catch (Exception $exception) {
@@ -573,7 +718,9 @@ class Mage_Customer_AccountController extends Mage_Core_Controller_Front_Action
}
}
$this->_getSession()
- ->addSuccess(Mage::helper('customer')->__('If there is an account associated with %s you will receive an email with a link to reset your password.', Mage::helper('customer')->htmlEscape($email)));
+ ->addSuccess($this->_getHelper('customer')
+ ->__('If there is an account associated with %s you will receive an email with a link to reset your password.',
+ $this->_getHelper('customer')->escapeHtml($email)));
$this->_redirect('*/*/');
return;
} else {
@@ -602,16 +749,14 @@ class Mage_Customer_AccountController extends Mage_Core_Controller_Front_Action
->setResetPasswordLinkToken($resetPasswordLinkToken);
$this->renderLayout();
} catch (Exception $exception) {
- $this->_getSession()->addError(Mage::helper('customer')->__('Your password reset link has expired.'));
+ $this->_getSession()->addError($this->_getHelper('customer')->__('Your password reset link has expired.'));
$this->_redirect('*/*/forgotpassword');
}
}
/**
* Reset forgotten password
- *
* Used to handle data recieved from reset forgotten password form
- *
*/
public function resetPasswordPostAction()
{
@@ -623,17 +768,17 @@ class Mage_Customer_AccountController extends Mage_Core_Controller_Front_Action
try {
$this->_validateResetPasswordLinkToken($customerId, $resetPasswordLinkToken);
} catch (Exception $exception) {
- $this->_getSession()->addError(Mage::helper('customer')->__('Your password reset link has expired.'));
+ $this->_getSession()->addError($this->_getHelper('customer')->__('Your password reset link has expired.'));
$this->_redirect('*/*/');
return;
}
$errorMessages = array();
if (iconv_strlen($password) <= 0) {
- array_push($errorMessages, Mage::helper('customer')->__('New password field cannot be empty.'));
+ array_push($errorMessages, $this->_getHelper('customer')->__('New password field cannot be empty.'));
}
/** @var $customer Mage_Customer_Model_Customer */
- $customer = Mage::getModel('customer/customer')->load($customerId);
+ $customer = $this->_getModel('customer/customer')->load($customerId);
$customer->setPassword($password);
$customer->setConfirmation($passwordConfirmation);
@@ -660,7 +805,7 @@ class Mage_Customer_AccountController extends Mage_Core_Controller_Front_Action
$customer->setRpTokenCreatedAt(null);
$customer->setConfirmation(null);
$customer->save();
- $this->_getSession()->addSuccess(Mage::helper('customer')->__('Your password has been updated.'));
+ $this->_getSession()->addSuccess($this->_getHelper('customer')->__('Your password has been updated.'));
$this->_redirect('*/*/login');
} catch (Exception $exception) {
$this->_getSession()->addException($exception, $this->__('Cannot save a new password.'));
@@ -687,18 +832,18 @@ class Mage_Customer_AccountController extends Mage_Core_Controller_Front_Action
|| empty($customerId)
|| $customerId < 0
) {
- throw Mage::exception('Mage_Core', Mage::helper('customer')->__('Invalid password reset token.'));
+ throw Mage::exception('Mage_Core', $this->_getHelper('customer')->__('Invalid password reset token.'));
}
/** @var $customer Mage_Customer_Model_Customer */
- $customer = Mage::getModel('customer/customer')->load($customerId);
+ $customer = $this->_getModel('customer/customer')->load($customerId);
if (!$customer || !$customer->getId()) {
- throw Mage::exception('Mage_Core', Mage::helper('customer')->__('Wrong customer account specified.'));
+ throw Mage::exception('Mage_Core', $this->_getHelper('customer')->__('Wrong customer account specified.'));
}
$customerToken = $customer->getRpToken();
if (strcmp($customerToken, $resetPasswordLinkToken) != 0 || $customer->isResetPasswordLinkTokenExpired()) {
- throw Mage::exception('Mage_Core', Mage::helper('customer')->__('Your password reset link has expired.'));
+ throw Mage::exception('Mage_Core', $this->_getHelper('customer')->__('Your password reset link has expired.'));
}
}
@@ -720,7 +865,7 @@ class Mage_Customer_AccountController extends Mage_Core_Controller_Front_Action
if (!empty($data)) {
$customer->addData($data);
}
- if ($this->getRequest()->getParam('changepass')==1){
+ if ($this->getRequest()->getParam('changepass') == 1) {
$customer->setChangePassword(1);
}
@@ -743,7 +888,7 @@ class Mage_Customer_AccountController extends Mage_Core_Controller_Front_Action
$customer = $this->_getSession()->getCustomer();
/** @var $customerForm Mage_Customer_Model_Form */
- $customerForm = Mage::getModel('customer/form');
+ $customerForm = $this->_getModel('customer/form');
$customerForm->setFormCode('customer_account_edit')
->setEntity($customer);
@@ -764,7 +909,7 @@ class Mage_Customer_AccountController extends Mage_Core_Controller_Front_Action
$confPass = $this->getRequest()->getPost('confirmation');
$oldPass = $this->_getSession()->getCustomer()->getPasswordHash();
- if (Mage::helper('core/string')->strpos($oldPass, ':')) {
+ if ($this->_getHelper('core/string')->strpos($oldPass, ':')) {
list($_salt, $salt) = explode(':', $oldPass);
} else {
$salt = false;
@@ -842,6 +987,6 @@ class Mage_Customer_AccountController extends Mage_Core_Controller_Front_Action
*/
protected function _isVatValidationEnabled($store = null)
{
- return Mage::helper('customer/address')->isVatValidationEnabled($store);
+ return $this->_getHelper('customer/address')->isVatValidationEnabled($store);
}
}
diff --git a/app/code/core/Mage/Wishlist/Helper/Data.php b/app/code/core/Mage/Wishlist/Helper/Data.php
index 93a1e7f..0b31102 100644
--- a/app/code/core/Mage/Wishlist/Helper/Data.php
+++ b/app/code/core/Mage/Wishlist/Helper/Data.php
@@ -135,11 +135,9 @@ class Mage_Wishlist_Helper_Data extends Mage_Core_Helper_Abstract
if (is_null($this->_wishlist)) {
if (Mage::registry('shared_wishlist')) {
$this->_wishlist = Mage::registry('shared_wishlist');
- }
- elseif (Mage::registry('wishlist')) {
+ } else if (Mage::registry('wishlist')) {
$this->_wishlist = Mage::registry('wishlist');
- }
- else {
+ } else {
$this->_wishlist = Mage::getModel('wishlist/wishlist');
if ($this->getCustomer()) {
$this->_wishlist->loadByCustomer($this->getCustomer());
@@ -260,8 +258,7 @@ class Mage_Wishlist_Helper_Data extends Mage_Core_Helper_Abstract
if ($product) {
if ($product->isVisibleInSiteVisibility()) {
$storeId = $product->getStoreId();
- }
- else if ($product->hasUrlDataObject()) {
+ } else if ($product->hasUrlDataObject()) {
$storeId = $product->getUrlDataObject()->getStoreId();
}
}
@@ -360,12 +357,12 @@ class Mage_Wishlist_Helper_Data extends Mage_Core_Helper_Abstract
$productId = $item->getProductId();
}
- if ($productId) {
- $params['product'] = $productId;
- return $this->_getUrlStore($item)->getUrl('wishlist/index/add', $params);
+ if (!$productId) {
+ return false;
}
-
- return false;
+ $params['product'] = $productId;
+ $params[Mage_Core_Model_Url::FORM_KEY] = $this->_getSingletonModel('core/session')->getFormKey();
+ return $this->_getUrlStore($item)->getUrl('wishlist/index/add', $params);
}
/**
@@ -376,24 +373,46 @@ class Mage_Wishlist_Helper_Data extends Mage_Core_Helper_Abstract
*/
public function getAddToCartUrl($item)
{
- $urlParamName = Mage_Core_Controller_Front_Action::PARAM_NAME_URL_ENCODED;
- $continueUrl = Mage::helper('core')->urlEncode(
- Mage::getUrl('*/*/*', array(
+ $continueUrl = $this->_getHelperInstance('core')->urlEncode(
+ $this->_getUrl('*/*/*', array(
'_current' => true,
'_use_rewrite' => true,
'_store_to_url' => true,
))
);
-
- $urlParamName = Mage_Core_Controller_Front_Action::PARAM_NAME_URL_ENCODED;
$params = array(
'item' => is_string($item) ? $item : $item->getWishlistItemId(),
- $urlParamName => $continueUrl
+ Mage_Core_Controller_Front_Action::PARAM_NAME_URL_ENCODED => $continueUrl,
+ Mage_Core_Model_Url::FORM_KEY => $this->_getSingletonModel('core/session')->getFormKey()
);
+
return $this->_getUrlStore($item)->getUrl('wishlist/index/cart', $params);
}
/**
+ * Return helper instance
+ *
+ * @param string $helperName
+ * @return Mage_Core_Helper_Abstract
+ */
+ protected function _getHelperInstance($helperName)
+ {
+ return Mage::helper($helperName);
+ }
+
+ /**
+ * Return model instance
+ *
+ * @param string $className
+ * @param array $arguments
+ * @return Mage_Core_Model_Abstract
+ */
+ protected function _getSingletonModel($className, $arguments = array())
+ {
+ return Mage::getSingleton($className, $arguments);
+ }
+
+ /**
* Retrieve URL for adding item to shoping cart from shared wishlist
*
* @param string|Mage_Catalog_Model_Product|Mage_Wishlist_Model_Item $item
@@ -407,10 +426,10 @@ class Mage_Wishlist_Helper_Data extends Mage_Core_Helper_Abstract
'_store_to_url' => true,
)));
- $urlParamName = Mage_Core_Controller_Front_Action::PARAM_NAME_URL_ENCODED;
$params = array(
'item' => is_string($item) ? $item : $item->getWishlistItemId(),
- $urlParamName => $continueUrl
+ Mage_Core_Controller_Front_Action::PARAM_NAME_URL_ENCODED => $continueUrl,
+ Mage_Core_Model_Url::FORM_KEY => $this->_getSingletonModel('core/session')->getFormKey()
);
return $this->_getUrlStore($item)->getUrl('wishlist/shared/cart', $params);
}
diff --git a/app/code/core/Mage/Wishlist/controllers/IndexController.php b/app/code/core/Mage/Wishlist/controllers/IndexController.php
index c750064..469ee08 100644
--- a/app/code/core/Mage/Wishlist/controllers/IndexController.php
+++ b/app/code/core/Mage/Wishlist/controllers/IndexController.php
@@ -48,6 +48,11 @@ class Mage_Wishlist_IndexController extends Mage_Wishlist_Controller_Abstract
*/
protected $_skipAuthentication = false;
+ /**
+ * Extend preDispatch
+ *
+ * @return Mage_Core_Controller_Front_Action|void
+ */
public function preDispatch()
{
parent::preDispatch();
@@ -152,9 +157,24 @@ class Mage_Wishlist_IndexController extends Mage_Wishlist_Controller_Abstract
/**
* Adding new item
+ *
+ * @return Mage_Core_Controller_Varien_Action|void
*/
public function addAction()
{
+ if (!$this->_validateFormKey()) {
+ return $this->_redirect('*/*');
+ }
+ $this->_addItemToWishList();
+ }
+
+ /**
+ * Add the item to wish list
+ *
+ * @return Mage_Core_Controller_Varien_Action|void
+ */
+ protected function _addItemToWishList()
+ {
$wishlist = $this->_getWishlist();
if (!$wishlist) {
return $this->norouteAction();
@@ -162,7 +182,7 @@ class Mage_Wishlist_IndexController extends Mage_Wishlist_Controller_Abstract
$session = Mage::getSingleton('customer/session');
- $productId = (int) $this->getRequest()->getParam('product');
+ $productId = (int)$this->getRequest()->getParam('product');
if (!$productId) {
$this->_redirect('*/');
return;
@@ -192,9 +212,9 @@ class Mage_Wishlist_IndexController extends Mage_Wishlist_Controller_Abstract
Mage::dispatchEvent(
'wishlist_add_product',
array(
- 'wishlist' => $wishlist,
- 'product' => $product,
- 'item' => $result
+ 'wishlist' => $wishlist,
+ 'product' => $product,
+ 'item' => $result
)
);
@@ -212,10 +232,10 @@ class Mage_Wishlist_IndexController extends Mage_Wishlist_Controller_Abstract
Mage::helper('wishlist')->calculate();
- $message = $this->__('%1$s has been added to your wishlist. Click <a href="%2$s">here</a> to continue shopping.', $product->getName(), Mage::helper('core')->escapeUrl($referer));
+ $message = $this->__('%1$s has been added to your wishlist. Click <a href="%2$s">here</a> to continue shopping.',
+ $product->getName(), Mage::helper('core')->escapeUrl($referer));
$session->addSuccess($message);
- }
- catch (Mage_Core_Exception $e) {
+ } catch (Mage_Core_Exception $e) {
$session->addError($this->__('An error occurred while adding item to wishlist: %s', $e->getMessage()));
}
catch (Exception $e) {
@@ -337,7 +357,7 @@ class Mage_Wishlist_IndexController extends Mage_Wishlist_Controller_Abstract
}
$post = $this->getRequest()->getPost();
- if($post && isset($post['description']) && is_array($post['description'])) {
+ if ($post && isset($post['description']) && is_array($post['description'])) {
$updatedItems = 0;
foreach ($post['description'] as $itemId => $description) {
@@ -393,8 +413,7 @@ class Mage_Wishlist_IndexController extends Mage_Wishlist_Controller_Abstract
try {
$wishlist->save();
Mage::helper('wishlist')->calculate();
- }
- catch (Exception $e) {
+ } catch (Exception $e) {
Mage::getSingleton('customer/session')->addError($this->__('Can\'t update wishlist'));
}
}
@@ -428,7 +447,7 @@ class Mage_Wishlist_IndexController extends Mage_Wishlist_Controller_Abstract
Mage::getSingleton('customer/session')->addError(
$this->__('An error occurred while deleting the item from wishlist: %s', $e->getMessage())
);
- } catch(Exception $e) {
+ } catch (Exception $e) {
Mage::getSingleton('customer/session')->addError(
$this->__('An error occurred while deleting the item from wishlist.')
);
@@ -447,6 +466,9 @@ class Mage_Wishlist_IndexController extends Mage_Wishlist_Controller_Abstract
*/
public function cartAction()
{
+ if (!$this->_validateFormKey()) {
+ return $this->_redirect('*/*');
+ }
$itemId = (int) $this->getRequest()->getParam('item');
/* @var $item Mage_Wishlist_Model_Item */
@@ -536,7 +558,7 @@ class Mage_Wishlist_IndexController extends Mage_Wishlist_Controller_Abstract
$cart = Mage::getSingleton('checkout/cart');
$session = Mage::getSingleton('checkout/session');
- try{
+ try {
$item = $cart->getQuote()->getItemById($itemId);
if (!$item) {
Mage::throwException(
@@ -632,7 +654,7 @@ class Mage_Wishlist_IndexController extends Mage_Wishlist_Controller_Abstract
->createBlock('wishlist/share_email_rss')
->setWishlistId($wishlist->getId())
->toHtml();
- $message .=$rss_url;
+ $message .= $rss_url;
}
$wishlistBlock = $this->getLayout()->createBlock('wishlist/share_email_items')->toHtml();
@@ -641,19 +663,19 @@ class Mage_Wishlist_IndexController extends Mage_Wishlist_Controller_Abstract
$emailModel = Mage::getModel('core/email_template');
$sharingCode = $wishlist->getSharingCode();
- foreach($emails as $email) {
+ foreach ($emails as $email) {
$emailModel->sendTransactional(
Mage::getStoreConfig('wishlist/email/email_template'),
Mage::getStoreConfig('wishlist/email/email_identity'),
$email,
null,
array(
- 'customer' => $customer,
- 'salable' => $wishlist->isSalable() ? 'yes' : '',
- 'items' => $wishlistBlock,
- 'addAllLink' => Mage::getUrl('*/shared/allcart', array('code' => $sharingCode)),
- 'viewOnSiteLink'=> Mage::getUrl('*/shared/index', array('code' => $sharingCode)),
- 'message' => $message
+ 'customer' => $customer,
+ 'salable' => $wishlist->isSalable() ? 'yes' : '',
+ 'items' => $wishlistBlock,
+ 'addAllLink' => Mage::getUrl('*/shared/allcart', array('code' => $sharingCode)),
+ 'viewOnSiteLink' => Mage::getUrl('*/shared/index', array('code' => $sharingCode)),
+ 'message' => $message
)
);
}
@@ -663,7 +685,7 @@ class Mage_Wishlist_IndexController extends Mage_Wishlist_Controller_Abstract
$translate->setTranslateInline(true);
- Mage::dispatchEvent('wishlist_share', array('wishlist'=>$wishlist));
+ Mage::dispatchEvent('wishlist_share', array('wishlist' => $wishlist));
Mage::getSingleton('customer/session')->addSuccess(
$this->__('Your Wishlist has been shared.')
);
@@ -719,7 +741,7 @@ class Mage_Wishlist_IndexController extends Mage_Wishlist_Controller_Abstract
));
}
- } catch(Exception $e) {
+ } catch (Exception $e) {
$this->_forward('noRoute');
}
exit(0);
diff --git a/app/design/frontend/base/default/template/catalog/product/view.phtml b/app/design/frontend/base/default/template/catalog/product/view.phtml
index 5d9212f..fc34321 100644
--- a/app/design/frontend/base/default/template/catalog/product/view.phtml
+++ b/app/design/frontend/base/default/template/catalog/product/view.phtml
@@ -40,6 +40,7 @@
<div class="product-view">
<div class="product-essential">
<form action="<?php echo $this->getSubmitUrl($_product) ?>" method="post" id="product_addtocart_form"<?php if($_product->getOptions()): ?> enctype="multipart/form-data"<?php endif; ?>>
+ <?php echo $this->getBlockHtml('formkey') ?>
<div class="no-display">
<input type="hidden" name="product" value="<?php echo $_product->getId() ?>" />
<input type="hidden" name="related_product" id="related-products-field" value="" />
diff --git a/app/design/frontend/base/default/template/checkout/onepage/review/info.phtml b/app/design/frontend/base/default/template/checkout/onepage/review/info.phtml
index d98d00f..6336137 100644
--- a/app/design/frontend/base/default/template/checkout/onepage/review/info.phtml
+++ b/app/design/frontend/base/default/template/checkout/onepage/review/info.phtml
@@ -78,7 +78,7 @@
</div>
<script type="text/javascript">
//<![CDATA[
- review = new Review('<?php echo $this->getUrl('checkout/onepage/saveOrder') ?>', '<?php echo $this->getUrl('checkout/onepage/success') ?>', $('checkout-agreements'));
+ review = new Review('<?php echo $this->getUrl('checkout/onepage/saveOrder', array('form_key' => Mage::getSingleton('core/session')->getFormKey())) ?>', '<?php echo $this->getUrl('checkout/onepage/success') ?>', $('checkout-agreements'));
//]]>
</script>
</div>
diff --git a/app/design/frontend/base/default/template/sales/reorder/sidebar.phtml b/app/design/frontend/base/default/template/sales/reorder/sidebar.phtml
index 8d3490f..65c0329 100644
--- a/app/design/frontend/base/default/template/sales/reorder/sidebar.phtml
+++ b/app/design/frontend/base/default/template/sales/reorder/sidebar.phtml
@@ -38,6 +38,7 @@
<strong><span><?php echo $this->__('My Orders') ?></span></strong>
</div>
<form method="post" action="<?php echo $this->getFormActionUrl() ?>" id="reorder-validate-detail">
+ <?php echo $this->getBlockHtml('formkey'); ?>
<div class="block-content">
<p class="block-subtitle"><?php echo $this->__('Last Ordered Items') ?></p>
<ol id="cart-sidebar-reorder">
diff --git a/app/design/frontend/base/default/template/tag/customer/view.phtml b/app/design/frontend/base/default/template/tag/customer/view.phtml
index 23d7809..e8d2a3a 100644
--- a/app/design/frontend/base/default/template/tag/customer/view.phtml
+++ b/app/design/frontend/base/default/template/tag/customer/view.phtml
@@ -52,7 +52,9 @@
</td>
<td>
<?php if($_product->isSaleable()): ?>
- <button type="button" title="<?php echo $this->__('Add to Cart') ?>" class="button btn-cart" onclick="setLocation('<?php echo $this->getUrl('checkout/cart/add',array('product'=>$_product->getId())) ?>')"><span><span><?php echo $this->__('Add to Cart') ?></span></span></button>
+ <?php $params[Mage_Core_Model_Url::FORM_KEY] = Mage::getSingleton('core/session')->getFormKey() ?>
+ <?php $params['product'] = $_product->getId(); ?>
+ <button type="button" title="<?php echo $this->__('Add to Cart') ?>" class="button btn-cart" onclick="setLocation('<?php echo $this->getUrl('checkout/cart/add', $params) ?>')"><span><span><?php echo $this->__('Add to Cart') ?></span></span></button>
<?php endif; ?>
<?php if ($this->helper('wishlist')->isAllow()) : ?>
<ul class="add-to-links">
--
1.7.11.1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment