Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Adjusted patch file for Magento 1.7.0.2
#!/bin/bash
# Patch apllying tool template
# v0.1.2
# (c) Copyright 2013. Magento Inc.
#
# DO NOT CHANGE ANY LINE IN THIS FILE.
# 1. Check required system tools
_check_installed_tools() {
local missed=""
until [ -z "$1" ]; do
type -t $1 >/dev/null 2>/dev/null
if (( $? != 0 )); then
missed="$missed $1"
fi
shift
done
echo $missed
}
REQUIRED_UTILS='sed patch'
MISSED_REQUIRED_TOOLS=`_check_installed_tools $REQUIRED_UTILS`
if (( `echo $MISSED_REQUIRED_TOOLS | wc -w` > 0 ));
then
echo -e "Error! Some required system tools, that are utilized in this sh script, are not installed:\nTool(s) \"$MISSED_REQUIRED_TOOLS\" is(are) missed, please install it(them)."
exit 1
fi
# 2. Determine bin path for system tools
CAT_BIN=`which cat`
PATCH_BIN=`which patch`
SED_BIN=`which sed`
PWD_BIN=`which pwd`
BASENAME_BIN=`which basename`
BASE_NAME=`$BASENAME_BIN "$0"`
# 3. Help menu
if [ "$1" = "-?" -o "$1" = "-h" -o "$1" = "--help" ]
then
$CAT_BIN << EOFH
Usage: sh $BASE_NAME [--help] [-R|--revert] [--list]
Apply embedded patch.
-R, --revert Revert previously applied embedded patch
--list Show list of applied patches
--help Show this help message
EOFH
exit 0
fi
# 4. Get "revert" flag and "list applied patches" flag
REVERT_FLAG=
SHOW_APPLIED_LIST=0
if [ "$1" = "-R" -o "$1" = "--revert" ]
then
REVERT_FLAG=-R
fi
if [ "$1" = "--list" ]
then
SHOW_APPLIED_LIST=1
fi
# 5. File pathes
CURRENT_DIR=`$PWD_BIN`/
APP_ETC_DIR=`echo "$CURRENT_DIR""app/etc/"`
APPLIED_PATCHES_LIST_FILE=`echo "$APP_ETC_DIR""applied.patches.list"`
# 6. Show applied patches list if requested
if [ "$SHOW_APPLIED_LIST" -eq 1 ] ; then
echo -e "Applied/reverted patches list:"
if [ -e "$APPLIED_PATCHES_LIST_FILE" ]
then
if [ ! -r "$APPLIED_PATCHES_LIST_FILE" ]
then
echo "ERROR: \"$APPLIED_PATCHES_LIST_FILE\" must be readable so applied patches list can be shown."
exit 1
else
$SED_BIN -n "/SUP-\|SUPEE-/p" $APPLIED_PATCHES_LIST_FILE
fi
else
echo "<empty>"
fi
exit 0
fi
# 7. Check applied patches track file and its directory
_check_files() {
if [ ! -e "$APP_ETC_DIR" ]
then
echo "ERROR: \"$APP_ETC_DIR\" must exist for proper tool work."
exit 1
fi
if [ ! -w "$APP_ETC_DIR" ]
then
echo "ERROR: \"$APP_ETC_DIR\" must be writeable for proper tool work."
exit 1
fi
if [ -e "$APPLIED_PATCHES_LIST_FILE" ]
then
if [ ! -w "$APPLIED_PATCHES_LIST_FILE" ]
then
echo "ERROR: \"$APPLIED_PATCHES_LIST_FILE\" must be writeable for proper tool work."
exit 1
fi
fi
}
_check_files
# 8. Apply/revert patch
# Note: there is no need to check files permissions for files to be patched.
# "patch" tool will not modify any file if there is not enough permissions for all files to be modified.
# Get start points for additional information and patch data
SKIP_LINES=$((`$SED_BIN -n "/^__PATCHFILE_FOLLOWS__$/=" "$CURRENT_DIR""$BASE_NAME"` + 1))
ADDITIONAL_INFO_LINE=$(($SKIP_LINES - 3))p
_apply_revert_patch() {
DRY_RUN_FLAG=
if [ "$1" = "dry-run" ]
then
DRY_RUN_FLAG=" --dry-run"
echo "Checking if patch can be applied/reverted successfully..."
fi
PATCH_APPLY_REVERT_RESULT=`$SED_BIN -e '1,/^__PATCHFILE_FOLLOWS__$/d' "$CURRENT_DIR""$BASE_NAME" | $PATCH_BIN $DRY_RUN_FLAG $REVERT_FLAG -p0`
PATCH_APPLY_REVERT_STATUS=$?
if [ $PATCH_APPLY_REVERT_STATUS -eq 1 ] ; then
echo -e "ERROR: Patch can't be applied/reverted successfully.\n\n$PATCH_APPLY_REVERT_RESULT"
exit 1
fi
if [ $PATCH_APPLY_REVERT_STATUS -eq 2 ] ; then
echo -e "ERROR: Patch can't be applied/reverted successfully."
exit 2
fi
}
REVERTED_PATCH_MARK=
if [ -n "$REVERT_FLAG" ]
then
REVERTED_PATCH_MARK=" | REVERTED"
fi
_apply_revert_patch dry-run
_apply_revert_patch
# 9. Track patch applying result
echo "Patch was applied/reverted successfully."
ADDITIONAL_INFO=`$SED_BIN -n ""$ADDITIONAL_INFO_LINE"" "$CURRENT_DIR""$BASE_NAME"`
APPLIED_REVERTED_ON_DATE=`date -u +"%F %T UTC"`
APPLIED_REVERTED_PATCH_INFO=`echo -n "$APPLIED_REVERTED_ON_DATE"" | ""$ADDITIONAL_INFO""$REVERTED_PATCH_MARK"`
echo -e "$APPLIED_REVERTED_PATCH_INFO\n$PATCH_APPLY_REVERT_RESULT\n\n" >> "$APPLIED_PATCHES_LIST_FILE"
exit 0
SUPEE-8788 | 1.7.0.2 | v1 | 1e18988326b46e7b227e1113f62de7b7047b169c | Thu Sep 8 14:32:57 2016 +0300 | a4eeba90a6..1e18988326
__PATCHFILE_FOLLOWS__
diff --git app/code/core/Mage/Adminhtml/Block/Catalog/Product/Helper/Form/Gallery/Content.php app/code/core/Mage/Adminhtml/Block/Catalog/Product/Helper/Form/Gallery/Content.php
index effc12e..19f15f4 100644
--- app/code/core/Mage/Adminhtml/Block/Catalog/Product/Helper/Form/Gallery/Content.php
+++ app/code/core/Mage/Adminhtml/Block/Catalog/Product/Helper/Form/Gallery/Content.php
@@ -34,6 +34,12 @@
*/
class Mage_Adminhtml_Block_Catalog_Product_Helper_Form_Gallery_Content extends Mage_Adminhtml_Block_Widget
{
+ /**
+ * Type of uploader block
+ *
+ * @var string
+ */
+ protected $_uploaderType = 'uploader/multiple';
public function __construct()
{
@@ -44,17 +50,17 @@ class Mage_Adminhtml_Block_Catalog_Product_Helper_Form_Gallery_Content extends M
protected function _prepareLayout()
{
$this->setChild('uploader',
- $this->getLayout()->createBlock('adminhtml/media_uploader')
+ $this->getLayout()->createBlock($this->_uploaderType)
);
- $this->getUploader()->getConfig()
- ->setUrl(Mage::getModel('adminhtml/url')->addSessionParam()->getUrl('*/catalog_product_gallery/upload'))
- ->setFileField('image')
- ->setFilters(array(
- 'images' => array(
- 'label' => Mage::helper('adminhtml')->__('Images (.gif, .jpg, .png)'),
- 'files' => array('*.gif', '*.jpg','*.jpeg', '*.png')
- )
+ $this->getUploader()->getUploaderConfig()
+ ->setFileParameterName('image')
+ ->setTarget(Mage::getModel('adminhtml/url')->addSessionParam()->getUrl('*/catalog_product_gallery/upload'));
+
+ $browseConfig = $this->getUploader()->getButtonConfig();
+ $browseConfig
+ ->setAttributes(array(
+ 'accept' => $browseConfig->getMimeTypesByExtensions('gif, png, jpeg, jpg')
));
Mage::dispatchEvent('catalog_product_gallery_prepare_layout', array('block' => $this));
@@ -65,7 +71,7 @@ class Mage_Adminhtml_Block_Catalog_Product_Helper_Form_Gallery_Content extends M
/**
* Retrive uploader block
*
- * @return Mage_Adminhtml_Block_Media_Uploader
+ * @return Mage_Uploader_Block_Multiple
*/
public function getUploader()
{
diff --git app/code/core/Mage/Adminhtml/Block/Cms/Wysiwyg/Images/Content/Uploader.php app/code/core/Mage/Adminhtml/Block/Cms/Wysiwyg/Images/Content/Uploader.php
index b9b7376..82a33c0 100644
--- app/code/core/Mage/Adminhtml/Block/Cms/Wysiwyg/Images/Content/Uploader.php
+++ app/code/core/Mage/Adminhtml/Block/Cms/Wysiwyg/Images/Content/Uploader.php
@@ -31,29 +31,24 @@
* @package Mage_Adminhtml
* @author Magento Core Team <core@magentocommerce.com>
*/
-class Mage_Adminhtml_Block_Cms_Wysiwyg_Images_Content_Uploader extends Mage_Adminhtml_Block_Media_Uploader
+class Mage_Adminhtml_Block_Cms_Wysiwyg_Images_Content_Uploader extends Mage_Uploader_Block_Multiple
{
+ /**
+ * Uploader block constructor
+ */
public function __construct()
{
parent::__construct();
- $params = $this->getConfig()->getParams();
$type = $this->_getMediaType();
$allowed = Mage::getSingleton('cms/wysiwyg_images_storage')->getAllowedExtensions($type);
- $labels = array();
- $files = array();
- foreach ($allowed as $ext) {
- $labels[] = '.' . $ext;
- $files[] = '*.' . $ext;
- }
- $this->getConfig()
- ->setUrl(Mage::getModel('adminhtml/url')->addSessionParam()->getUrl('*/*/upload', array('type' => $type)))
- ->setParams($params)
- ->setFileField('image')
- ->setFilters(array(
- 'images' => array(
- 'label' => $this->helper('cms')->__('Images (%s)', implode(', ', $labels)),
- 'files' => $files
- )
+ $this->getUploaderConfig()
+ ->setFileParameterName('image')
+ ->setTarget(
+ Mage::getModel('adminhtml/url')->addSessionParam()->getUrl('*/*/upload', array('type' => $type))
+ );
+ $this->getButtonConfig()
+ ->setAttributes(array(
+ 'accept' => $this->getButtonConfig()->getMimeTypesByExtensions($allowed)
));
}
diff --git app/code/core/Mage/Adminhtml/Block/Media/Uploader.php app/code/core/Mage/Adminhtml/Block/Media/Uploader.php
index 033ece1..1f1d0fc 100644
--- app/code/core/Mage/Adminhtml/Block/Media/Uploader.php
+++ app/code/core/Mage/Adminhtml/Block/Media/Uploader.php
@@ -31,189 +31,20 @@
* @package Mage_Adminhtml
* @author Magento Core Team <core@magentocommerce.com>
*/
-class Mage_Adminhtml_Block_Media_Uploader extends Mage_Adminhtml_Block_Widget
-{
-
- protected $_config;
-
- public function __construct()
- {
- parent::__construct();
- $this->setId($this->getId() . '_Uploader');
- $this->setTemplate('media/uploader.phtml');
- $this->getConfig()->setUrl(Mage::getModel('adminhtml/url')->addSessionParam()->getUrl('*/*/upload'));
- $this->getConfig()->setParams(array('form_key' => $this->getFormKey()));
- $this->getConfig()->setFileField('file');
- $this->getConfig()->setFilters(array(
- 'images' => array(
- 'label' => Mage::helper('adminhtml')->__('Images (.gif, .jpg, .png)'),
- 'files' => array('*.gif', '*.jpg', '*.png')
- ),
- 'media' => array(
- 'label' => Mage::helper('adminhtml')->__('Media (.avi, .flv, .swf)'),
- 'files' => array('*.avi', '*.flv', '*.swf')
- ),
- 'all' => array(
- 'label' => Mage::helper('adminhtml')->__('All Files'),
- 'files' => array('*.*')
- )
- ));
- }
-
- protected function _prepareLayout()
- {
- $this->setChild(
- 'browse_button',
- $this->getLayout()->createBlock('adminhtml/widget_button')
- ->addData(array(
- 'id' => $this->_getButtonId('browse'),
- 'label' => Mage::helper('adminhtml')->__('Browse Files...'),
- 'type' => 'button',
- 'onclick' => $this->getJsObjectName() . '.browse()'
- ))
- );
-
- $this->setChild(
- 'upload_button',
- $this->getLayout()->createBlock('adminhtml/widget_button')
- ->addData(array(
- 'id' => $this->_getButtonId('upload'),
- 'label' => Mage::helper('adminhtml')->__('Upload Files'),
- 'type' => 'button',
- 'onclick' => $this->getJsObjectName() . '.upload()'
- ))
- );
-
- $this->setChild(
- 'delete_button',
- $this->getLayout()->createBlock('adminhtml/widget_button')
- ->addData(array(
- 'id' => '{{id}}-delete',
- 'class' => 'delete',
- 'type' => 'button',
- 'label' => Mage::helper('adminhtml')->__('Remove'),
- 'onclick' => $this->getJsObjectName() . '.removeFile(\'{{fileId}}\')'
- ))
- );
-
- return parent::_prepareLayout();
- }
-
- protected function _getButtonId($buttonName)
- {
- return $this->getHtmlId() . '-' . $buttonName;
- }
-
- public function getBrowseButtonHtml()
- {
- return $this->getChildHtml('browse_button');
- }
-
- public function getUploadButtonHtml()
- {
- return $this->getChildHtml('upload_button');
- }
-
- public function getDeleteButtonHtml()
- {
- return $this->getChildHtml('delete_button');
- }
-
- /**
- * Retrive uploader js object name
- *
- * @return string
- */
- public function getJsObjectName()
- {
- return $this->getHtmlId() . 'JsObject';
- }
-
- /**
- * Retrive config json
- *
- * @return string
- */
- public function getConfigJson()
- {
- return Mage::helper('core')->jsonEncode($this->getConfig()->getData());
- }
-
- /**
- * Retrive config object
- *
- * @return Varien_Config
- */
- public function getConfig()
- {
- if(is_null($this->_config)) {
- $this->_config = new Varien_Object();
- }
-
- return $this->_config;
- }
-
- public function getPostMaxSize()
- {
- return ini_get('post_max_size');
- }
-
- public function getUploadMaxSize()
- {
- return ini_get('upload_max_filesize');
- }
-
- public function getDataMaxSize()
- {
- return min($this->getPostMaxSize(), $this->getUploadMaxSize());
- }
-
- public function getDataMaxSizeInBytes()
- {
- $iniSize = $this->getDataMaxSize();
- $size = substr($iniSize, 0, strlen($iniSize)-1);
- $parsedSize = 0;
- switch (strtolower(substr($iniSize, strlen($iniSize)-1))) {
- case 't':
- $parsedSize = $size*(1024*1024*1024*1024);
- break;
- case 'g':
- $parsedSize = $size*(1024*1024*1024);
- break;
- case 'm':
- $parsedSize = $size*(1024*1024);
- break;
- case 'k':
- $parsedSize = $size*1024;
- break;
- case 'b':
- default:
- $parsedSize = $size;
- break;
- }
- return $parsedSize;
- }
+/**
+ * @deprecated
+ * Class Mage_Adminhtml_Block_Media_Uploader
+ */
+class Mage_Adminhtml_Block_Media_Uploader extends Mage_Uploader_Block_Multiple
+{
/**
- * Retrieve full uploader SWF's file URL
- * Implemented to solve problem with cross domain SWFs
- * Now uploader can be only in the same URL where backend located
- *
- * @param string $url url to uploader in current theme
- *
- * @return string full URL
+ * Constructor for uploader block
*/
- public function getUploaderUrl($url)
+ public function __construct()
{
- if (!is_string($url)) {
- $url = '';
- }
- $design = Mage::getDesign();
- $theme = $design->getTheme('skin');
- if (empty($url) || !$design->validateFile($url, array('_type' => 'skin', '_theme' => $theme))) {
- $theme = $design->getDefaultTheme();
- }
- return Mage::getBaseUrl(Mage_Core_Model_Store::URL_TYPE_WEB) . 'skin/' .
- $design->getArea() . '/' . $design->getPackageName() . '/' . $theme . '/' . $url;
+ parent::__construct();
+ $this->getUploaderConfig()->setTarget(Mage::getModel('adminhtml/url')->addSessionParam()->getUrl('*/*/upload'));
+ $this->getUploaderConfig()->setFileParameterName('file');
}
}
diff --git app/code/core/Mage/Adminhtml/Block/Urlrewrite/Category/Tree.php app/code/core/Mage/Adminhtml/Block/Urlrewrite/Category/Tree.php
index 8483bf6..5354be9 100644
--- app/code/core/Mage/Adminhtml/Block/Urlrewrite/Category/Tree.php
+++ app/code/core/Mage/Adminhtml/Block/Urlrewrite/Category/Tree.php
@@ -119,7 +119,7 @@ class Mage_Adminhtml_Block_Urlrewrite_Category_Tree extends Mage_Adminhtml_Block
'parent_id' => (int)$node->getParentId(),
'children_count' => (int)$node->getChildrenCount(),
'is_active' => (bool)$node->getIsActive(),
- 'name' => $node->getName(),
+ 'name' => $this->escapeHtml($node->getName()),
'level' => (int)$node->getLevel(),
'product_count' => (int)$node->getProductCount()
);
diff --git app/code/core/Mage/Adminhtml/Model/System/Config/Backend/Serialized.php app/code/core/Mage/Adminhtml/Model/System/Config/Backend/Serialized.php
index 3355f17..8465a50 100644
--- app/code/core/Mage/Adminhtml/Model/System/Config/Backend/Serialized.php
+++ app/code/core/Mage/Adminhtml/Model/System/Config/Backend/Serialized.php
@@ -29,8 +29,17 @@ class Mage_Adminhtml_Model_System_Config_Backend_Serialized extends Mage_Core_Mo
protected function _afterLoad()
{
if (!is_array($this->getValue())) {
- $value = $this->getValue();
- $this->setValue(empty($value) ? false : unserialize($value));
+ $serializedValue = $this->getValue();
+ $unserializedValue = false;
+ if (!empty($serializedValue)) {
+ try {
+ $unserializedValue = Mage::helper('core/unserializeArray')
+ ->unserialize($serializedValue);
+ } catch (Exception $e) {
+ Mage::logException($e);
+ }
+ }
+ $this->setValue($unserializedValue);
}
}
diff --git app/code/core/Mage/Adminhtml/controllers/IndexController.php app/code/core/Mage/Adminhtml/controllers/IndexController.php
index 724dd73..4565d93 100644
--- app/code/core/Mage/Adminhtml/controllers/IndexController.php
+++ app/code/core/Mage/Adminhtml/controllers/IndexController.php
@@ -392,7 +392,7 @@ class Mage_Adminhtml_IndexController extends Mage_Adminhtml_Controller_Action
}
$userToken = $user->getRpToken();
- if (strcmp($userToken, $resetPasswordLinkToken) != 0 || $user->isResetPasswordLinkTokenExpired()) {
+ if (!hash_equals($userToken, $resetPasswordLinkToken) || $user->isResetPasswordLinkTokenExpired()) {
throw Mage::exception('Mage_Core', Mage::helper('adminhtml')->__('Your password reset link has expired.'));
}
}
diff --git app/code/core/Mage/Adminhtml/controllers/Media/UploaderController.php app/code/core/Mage/Adminhtml/controllers/Media/UploaderController.php
index 940e97c..6dd6380 100644
--- app/code/core/Mage/Adminhtml/controllers/Media/UploaderController.php
+++ app/code/core/Mage/Adminhtml/controllers/Media/UploaderController.php
@@ -43,7 +43,7 @@ class Mage_Adminhtml_Media_UploaderController extends Mage_Adminhtml_Controller_
{
$this->loadLayout();
$this->_addContent(
- $this->getLayout()->createBlock('adminhtml/media_uploader')
+ $this->getLayout()->createBlock('uploader/multiple')
);
$this->renderLayout();
}
diff --git app/code/core/Mage/Catalog/Block/Product/Abstract.php app/code/core/Mage/Catalog/Block/Product/Abstract.php
index a4728a5..7275a1e 100644
--- app/code/core/Mage/Catalog/Block/Product/Abstract.php
+++ app/code/core/Mage/Catalog/Block/Product/Abstract.php
@@ -34,6 +34,11 @@
*/
abstract class Mage_Catalog_Block_Product_Abstract extends Mage_Core_Block_Template
{
+ /**
+ * Price block array
+ *
+ * @var array
+ */
protected $_priceBlock = array();
/**
@@ -43,10 +48,25 @@ abstract class Mage_Catalog_Block_Product_Abstract extends Mage_Core_Block_Templ
*/
protected $_block = 'catalog/product_price';
+ /**
+ * Price template
+ *
+ * @var string
+ */
protected $_priceBlockDefaultTemplate = 'catalog/product/price.phtml';
+ /**
+ * Tier price template
+ *
+ * @var string
+ */
protected $_tierPriceDefaultTemplate = 'catalog/product/view/tierprices.phtml';
+ /**
+ * Price types
+ *
+ * @var array
+ */
protected $_priceBlockTypes = array();
/**
@@ -56,6 +76,11 @@ abstract class Mage_Catalog_Block_Product_Abstract extends Mage_Core_Block_Templ
*/
protected $_useLinkForAsLowAs = true;
+ /**
+ * Review block instance
+ *
+ * @var null|Mage_Review_Block_Helper
+ */
protected $_reviewsHelperBlock;
/**
@@ -89,18 +114,33 @@ abstract class Mage_Catalog_Block_Product_Abstract extends Mage_Core_Block_Templ
*/
public function getAddToCartUrl($product, $additional = array())
{
- if ($product->getTypeInstance(true)->hasRequiredOptions($product)) {
- if (!isset($additional['_escape'])) {
- $additional['_escape'] = true;
- }
- if (!isset($additional['_query'])) {
- $additional['_query'] = array();
- }
- $additional['_query']['options'] = 'cart';
-
- return $this->getProductUrl($product, $additional);
+ if (!$product->getTypeInstance(true)->hasRequiredOptions($product)) {
+ return $this->helper('checkout/cart')->getAddUrl($product, $additional);
}
- return $this->helper('checkout/cart')->getAddUrl($product, $additional);
+ $additional = array_merge(
+ $additional,
+ array(Mage_Core_Model_Url::FORM_KEY => $this->_getSingletonModel('core/session')->getFormKey())
+ );
+ if (!isset($additional['_escape'])) {
+ $additional['_escape'] = true;
+ }
+ if (!isset($additional['_query'])) {
+ $additional['_query'] = array();
+ }
+ $additional['_query']['options'] = 'cart';
+ return $this->getProductUrl($product, $additional);
+ }
+
+ /**
+ * Return model instance
+ *
+ * @param string $className
+ * @param array $arguments
+ * @return Mage_Core_Model_Abstract
+ */
+ protected function _getSingletonModel($className, $arguments = array())
+ {
+ return Mage::getSingleton($className, $arguments);
}
/**
@@ -126,7 +166,7 @@ abstract class Mage_Catalog_Block_Product_Abstract extends Mage_Core_Block_Templ
}
/**
- * Enter description here...
+ * Return link to Add to Wishlist
*
* @param Mage_Catalog_Model_Product $product
* @return string
@@ -155,6 +195,12 @@ abstract class Mage_Catalog_Block_Product_Abstract extends Mage_Core_Block_Templ
return null;
}
+ /**
+ * Return price block
+ *
+ * @param string $productTypeId
+ * @return mixed
+ */
protected function _getPriceBlock($productTypeId)
{
if (!isset($this->_priceBlock[$productTypeId])) {
@@ -169,6 +215,12 @@ abstract class Mage_Catalog_Block_Product_Abstract extends Mage_Core_Block_Templ
return $this->_priceBlock[$productTypeId];
}
+ /**
+ * Return Block template
+ *
+ * @param string $productTypeId
+ * @return string
+ */
protected function _getPriceBlockTemplate($productTypeId)
{
if (isset($this->_priceBlockTypes[$productTypeId])) {
@@ -304,6 +356,11 @@ abstract class Mage_Catalog_Block_Product_Abstract extends Mage_Core_Block_Templ
return $this->getData('product');
}
+ /**
+ * Return tier price template
+ *
+ * @return mixed|string
+ */
public function getTierPriceTemplate()
{
if (!$this->hasData('tier_price_template')) {
@@ -419,13 +476,13 @@ abstract class Mage_Catalog_Block_Product_Abstract extends Mage_Core_Block_Templ
*
* @return string
*/
- public function getImageLabel($product=null, $mediaAttributeCode='image')
+ public function getImageLabel($product = null, $mediaAttributeCode = 'image')
{
if (is_null($product)) {
$product = $this->getProduct();
}
- $label = $product->getData($mediaAttributeCode.'_label');
+ $label = $product->getData($mediaAttributeCode . '_label');
if (empty($label)) {
$label = $product->getName();
}
diff --git app/code/core/Mage/Catalog/Block/Product/View.php app/code/core/Mage/Catalog/Block/Product/View.php
index f641f24..bc81fd7 100644
--- app/code/core/Mage/Catalog/Block/Product/View.php
+++ app/code/core/Mage/Catalog/Block/Product/View.php
@@ -61,7 +61,7 @@ class Mage_Catalog_Block_Product_View extends Mage_Catalog_Block_Product_Abstrac
$currentCategory = Mage::registry('current_category');
if ($keyword) {
$headBlock->setKeywords($keyword);
- } elseif($currentCategory) {
+ } elseif ($currentCategory) {
$headBlock->setKeywords($product->getName());
}
$description = $product->getMetaDescription();
@@ -71,7 +71,7 @@ class Mage_Catalog_Block_Product_View extends Mage_Catalog_Block_Product_Abstrac
$headBlock->setDescription(Mage::helper('core/string')->substr($product->getDescription(), 0, 255));
}
if ($this->helper('catalog/product')->canUseCanonicalTag()) {
- $params = array('_ignore_category'=>true);
+ $params = array('_ignore_category' => true);
$headBlock->addLinkRel('canonical', $product->getUrlModel()->getUrl($product, $params));
}
}
@@ -117,7 +117,7 @@ class Mage_Catalog_Block_Product_View extends Mage_Catalog_Block_Product_Abstrac
return $this->getCustomAddToCartUrl();
}
- if ($this->getRequest()->getParam('wishlist_next')){
+ if ($this->getRequest()->getParam('wishlist_next')) {
$additional['wishlist_next'] = 1;
}
@@ -191,9 +191,9 @@ class Mage_Catalog_Block_Product_View extends Mage_Catalog_Block_Product_Abstrac
);
$responseObject = new Varien_Object();
- Mage::dispatchEvent('catalog_product_view_config', array('response_object'=>$responseObject));
+ Mage::dispatchEvent('catalog_product_view_config', array('response_object' => $responseObject));
if (is_array($responseObject->getAdditionalOptions())) {
- foreach ($responseObject->getAdditionalOptions() as $option=>$value) {
+ foreach ($responseObject->getAdditionalOptions() as $option => $value) {
$config[$option] = $value;
}
}
diff --git app/code/core/Mage/Catalog/Helper/Image.php app/code/core/Mage/Catalog/Helper/Image.php
index cafed95..02afd32 100644
--- app/code/core/Mage/Catalog/Helper/Image.php
+++ app/code/core/Mage/Catalog/Helper/Image.php
@@ -31,6 +31,8 @@
*/
class Mage_Catalog_Helper_Image extends Mage_Core_Helper_Abstract
{
+ const XML_NODE_PRODUCT_MAX_DIMENSION = 'catalog/product_image/max_dimension';
+
/**
* Current model
*
@@ -631,10 +633,16 @@ class Mage_Catalog_Helper_Image extends Mage_Core_Helper_Abstract
* @throws Mage_Core_Exception
*/
public function validateUploadFile($filePath) {
- if (!getimagesize($filePath)) {
+ $maxDimension = Mage::getStoreConfig(self::XML_NODE_PRODUCT_MAX_DIMENSION);
+ $imageInfo = getimagesize($filePath);
+ if (!$imageInfo) {
Mage::throwException($this->__('Disallowed file type.'));
}
+ if ($imageInfo[0] > $maxDimension || $imageInfo[1] > $maxDimension) {
+ Mage::throwException($this->__('Disalollowed file format.'));
+ }
+
$_processor = new Varien_Image($filePath);
return $_processor->getMimeType() !== null;
}
diff --git app/code/core/Mage/Catalog/Helper/Product/Compare.php app/code/core/Mage/Catalog/Helper/Product/Compare.php
index d38d2ba..5860121 100644
--- app/code/core/Mage/Catalog/Helper/Product/Compare.php
+++ app/code/core/Mage/Catalog/Helper/Product/Compare.php
@@ -79,17 +79,17 @@ class Mage_Catalog_Helper_Product_Compare extends Mage_Core_Helper_Url
*/
public function getListUrl()
{
- $itemIds = array();
- foreach ($this->getItemCollection() as $item) {
- $itemIds[] = $item->getId();
- }
+ $itemIds = array();
+ foreach ($this->getItemCollection() as $item) {
+ $itemIds[] = $item->getId();
+ }
- $params = array(
- 'items'=>implode(',', $itemIds),
+ $params = array(
+ 'items' => implode(',', $itemIds),
Mage_Core_Controller_Front_Action::PARAM_NAME_URL_ENCODED => $this->getEncodedUrl()
- );
+ );
- return $this->_getUrl('catalog/product_compare', $params);
+ return $this->_getUrl('catalog/product_compare', $params);
}
/**
@@ -102,7 +102,8 @@ class Mage_Catalog_Helper_Product_Compare extends Mage_Core_Helper_Url
{
return array(
'product' => $product->getId(),
- Mage_Core_Controller_Front_Action::PARAM_NAME_URL_ENCODED => $this->getEncodedUrl()
+ Mage_Core_Controller_Front_Action::PARAM_NAME_URL_ENCODED => $this->getEncodedUrl(),
+ Mage_Core_Model_Url::FORM_KEY => $this->_getSingletonModel('core/session')->getFormKey()
);
}
@@ -128,7 +129,8 @@ class Mage_Catalog_Helper_Product_Compare extends Mage_Core_Helper_Url
$beforeCompareUrl = Mage::getSingleton('catalog/session')->getBeforeCompareUrl();
$params = array(
- 'product'=>$product->getId(),
+ 'product' => $product->getId(),
+ Mage_Core_Model_Url::FORM_KEY => $this->_getSingletonModel('core/session')->getFormKey(),
Mage_Core_Controller_Front_Action::PARAM_NAME_URL_ENCODED => $this->getEncodedUrl($beforeCompareUrl)
);
@@ -143,10 +145,11 @@ class Mage_Catalog_Helper_Product_Compare extends Mage_Core_Helper_Url
*/
public function getAddToCartUrl($product)
{
- $beforeCompareUrl = Mage::getSingleton('catalog/session')->getBeforeCompareUrl();
+ $beforeCompareUrl = $this->_getSingletonModel('catalog/session')->getBeforeCompareUrl();
$params = array(
- 'product'=>$product->getId(),
- Mage_Core_Controller_Front_Action::PARAM_NAME_URL_ENCODED => $this->getEncodedUrl($beforeCompareUrl)
+ 'product' => $product->getId(),
+ Mage_Core_Controller_Front_Action::PARAM_NAME_URL_ENCODED => $this->getEncodedUrl($beforeCompareUrl),
+ Mage_Core_Model_Url::FORM_KEY => $this->_getSingletonModel('core/session')->getFormKey()
);
return $this->_getUrl('checkout/cart/add', $params);
@@ -161,7 +164,7 @@ class Mage_Catalog_Helper_Product_Compare extends Mage_Core_Helper_Url
public function getRemoveUrl($item)
{
$params = array(
- 'product'=>$item->getId(),
+ 'product' => $item->getId(),
Mage_Core_Controller_Front_Action::PARAM_NAME_URL_ENCODED => $this->getEncodedUrl()
);
return $this->_getUrl('catalog/product_compare/remove', $params);
diff --git app/code/core/Mage/Catalog/Model/Resource/Layer/Filter/Price.php app/code/core/Mage/Catalog/Model/Resource/Layer/Filter/Price.php
index 544c549..dca2307 100755
--- app/code/core/Mage/Catalog/Model/Resource/Layer/Filter/Price.php
+++ app/code/core/Mage/Catalog/Model/Resource/Layer/Filter/Price.php
@@ -269,7 +269,7 @@ class Mage_Catalog_Model_Resource_Layer_Filter_Price extends Mage_Core_Model_Res
'range' => $rangeExpr,
'count' => $countExpr
));
- $select->group($rangeExpr)->order("$rangeExpr ASC");
+ $select->group('range')->order('range ' . Varien_Data_Collection::SORT_ORDER_ASC);
return $this->_getReadAdapter()->fetchPairs($select);
}
diff --git app/code/core/Mage/Catalog/controllers/Product/CompareController.php app/code/core/Mage/Catalog/controllers/Product/CompareController.php
index 5855daa..32f9b4b 100644
--- app/code/core/Mage/Catalog/controllers/Product/CompareController.php
+++ app/code/core/Mage/Catalog/controllers/Product/CompareController.php
@@ -74,6 +74,11 @@ class Mage_Catalog_Product_CompareController extends Mage_Core_Controller_Front_
*/
public function addAction()
{
+ if (!$this->_validateFormKey()) {
+ $this->_redirectReferer();
+ return;
+ }
+
$productId = (int) $this->getRequest()->getParam('product');
if ($productId
&& (Mage::getSingleton('log/visitor')->getId() || Mage::getSingleton('customer/session')->isLoggedIn())
diff --git app/code/core/Mage/Catalog/etc/config.xml app/code/core/Mage/Catalog/etc/config.xml
index 9f49002..b7728a8 100644
--- app/code/core/Mage/Catalog/etc/config.xml
+++ app/code/core/Mage/Catalog/etc/config.xml
@@ -771,6 +771,9 @@
<product>
<default_tax_group>2</default_tax_group>
</product>
+ <product_image>
+ <max_dimension>5000</max_dimension>
+ </product_image>
<seo>
<product_url_suffix>.html</product_url_suffix>
<category_url_suffix>.html</category_url_suffix>
diff --git app/code/core/Mage/Catalog/etc/system.xml app/code/core/Mage/Catalog/etc/system.xml
index 40268ec..7324482 100644
--- app/code/core/Mage/Catalog/etc/system.xml
+++ app/code/core/Mage/Catalog/etc/system.xml
@@ -185,6 +185,24 @@
</lines_perpage>
</fields>
</sitemap>
+ <product_image translate="label">
+ <label>Product Image</label>
+ <sort_order>200</sort_order>
+ <show_in_default>1</show_in_default>
+ <show_in_website>1</show_in_website>
+ <show_in_store>1</show_in_store>
+ <fields>
+ <max_dimension translate="label comment">
+ <label>Maximum resolution for upload image</label>
+ <comment>Maximum width and height resolutions for upload image</comment>
+ <frontend_type>text</frontend_type>
+ <sort_order>10</sort_order>
+ <show_in_default>1</show_in_default>
+ <show_in_website>1</show_in_website>
+ <show_in_store>1</show_in_store>
+ </max_dimension>
+ </fields>
+ </product_image>
<placeholder translate="label">
<label>Product Image Placeholders</label>
<clone_fields>1</clone_fields>
diff --git app/code/core/Mage/Centinel/Model/Api.php app/code/core/Mage/Centinel/Model/Api.php
index 13b1b36..9ef06d9 100644
--- app/code/core/Mage/Centinel/Model/Api.php
+++ app/code/core/Mage/Centinel/Model/Api.php
@@ -25,11 +25,6 @@
*/
/**
- * 3D Secure Validation Library for Payment
- */
-include_once '3Dsecure/CentinelClient.php';
-
-/**
* 3D Secure Validation Api
*/
class Mage_Centinel_Model_Api extends Varien_Object
@@ -73,19 +68,19 @@ class Mage_Centinel_Model_Api extends Varien_Object
/**
* Centinel validation client
*
- * @var CentinelClient
+ * @var Mage_Centinel_Model_Api_Client
*/
protected $_clientInstance = null;
/**
* Return Centinel thin client object
*
- * @return CentinelClient
+ * @return Mage_Centinel_Model_Api_Client
*/
protected function _getClientInstance()
{
if (empty($this->_clientInstance)) {
- $this->_clientInstance = new CentinelClient();
+ $this->_clientInstance = new Mage_Centinel_Model_Api_Client();
}
return $this->_clientInstance;
}
@@ -136,7 +131,7 @@ class Mage_Centinel_Model_Api extends Varien_Object
* @param $method string
* @param $data array
*
- * @return CentinelClient
+ * @return Mage_Centinel_Model_Api_Client
*/
protected function _call($method, $data)
{
diff --git app/code/core/Mage/Centinel/Model/Api/Client.php app/code/core/Mage/Centinel/Model/Api/Client.php
new file mode 100644
index 0000000..e91a482
--- /dev/null
+++ app/code/core/Mage/Centinel/Model/Api/Client.php
@@ -0,0 +1,79 @@
+<?php
+/**
+ * Magento
+ *
+ * NOTICE OF LICENSE
+ *
+ * This source file is subject to the Open Software License (OSL 3.0)
+ * that is bundled with this package in the file LICENSE.txt.
+ * It is also available through the world-wide-web at this URL:
+ * http://opensource.org/licenses/osl-3.0.php
+ * If you did not receive a copy of the license and are unable to
+ * obtain it through the world-wide-web, please send an email
+ * to license@magento.com so we can send you a copy immediately.
+ *
+ * DISCLAIMER
+ *
+ * Do not edit or add to this file if you wish to upgrade Magento to newer
+ * versions in the future. If you wish to customize Magento for your
+ * needs please refer to http://www.magento.com for more information.
+ *
+ * @category Mage
+ * @package Mage_Centinel
+ * @copyright Copyright (c) 2006-2014 X.commerce, Inc. (http://www.magento.com)
+ * @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
+ */
+
+/**
+ * 3D Secure Validation Library for Payment
+ */
+include_once '3Dsecure/CentinelClient.php';
+
+/**
+ * 3D Secure Validation Api
+ */
+class Mage_Centinel_Model_Api_Client extends CentinelClient
+{
+ public function sendHttp($url, $connectTimeout = "", $timeout)
+ {
+ // verify that the URL uses a supported protocol.
+ if ((strpos($url, "http://") === 0) || (strpos($url, "https://") === 0)) {
+
+ //Construct the payload to POST to the url.
+ $data = $this->getRequestXml();
+
+ // create a new cURL resource
+ $ch = curl_init($url);
+
+ // set URL and other appropriate options
+ curl_setopt($ch, CURLOPT_POST ,1);
+ curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
+ curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
+ curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+ curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
+ curl_setopt($ch, CURLOPT_TIMEOUT, $timeout);
+
+ // Execute the request.
+ $result = curl_exec($ch);
+ $succeeded = curl_errno($ch) == 0 ? true : false;
+
+ // close cURL resource, and free up system resources
+ curl_close($ch);
+
+ // If Communication was not successful set error result, otherwise
+ if (!$succeeded) {
+ $result = $this->setErrorResponse(CENTINEL_ERROR_CODE_8030, CENTINEL_ERROR_CODE_8030_DESC);
+ }
+
+ // Assert that we received an expected Centinel Message in reponse.
+ if (strpos($result, "<CardinalMPI>") === false) {
+ $result = $this->setErrorResponse(CENTINEL_ERROR_CODE_8010, CENTINEL_ERROR_CODE_8010_DESC);
+ }
+ } else {
+ $result = $this->setErrorResponse(CENTINEL_ERROR_CODE_8000, CENTINEL_ERROR_CODE_8000_DESC);
+ }
+ $parser = new XMLParser;
+ $parser->deserializeXml($result);
+ $this->response = $parser->deserializedResponse;
+ }
+}
diff --git app/code/core/Mage/Checkout/Helper/Cart.php app/code/core/Mage/Checkout/Helper/Cart.php
index 33ba781..38c333d 100644
--- app/code/core/Mage/Checkout/Helper/Cart.php
+++ app/code/core/Mage/Checkout/Helper/Cart.php
@@ -31,6 +31,9 @@
*/
class Mage_Checkout_Helper_Cart extends Mage_Core_Helper_Url
{
+ /**
+ * Redirect to Cart path
+ */
const XML_PATH_REDIRECT_TO_CART = 'checkout/cart/redirect_to_cart';
/**
@@ -47,16 +50,16 @@ class Mage_Checkout_Helper_Cart extends Mage_Core_Helper_Url
* Retrieve url for add product to cart
*
* @param Mage_Catalog_Model_Product $product
+ * @param array $additional
* @return string
*/
public function getAddUrl($product, $additional = array())
{
- $continueUrl = Mage::helper('core')->urlEncode($this->getCurrentUrl());
- $urlParamName = Mage_Core_Controller_Front_Action::PARAM_NAME_URL_ENCODED;
-
$routeParams = array(
- $urlParamName => $continueUrl,
- 'product' => $product->getEntityId()
+ Mage_Core_Controller_Front_Action::PARAM_NAME_URL_ENCODED => $this->_getHelperInstance('core')
+ ->urlEncode($this->getCurrentUrl()),
+ 'product' => $product->getEntityId(),
+ Mage_Core_Model_Url::FORM_KEY => $this->_getSingletonModel('core/session')->getFormKey()
);
if (!empty($additional)) {
@@ -77,6 +80,17 @@ class Mage_Checkout_Helper_Cart extends Mage_Core_Helper_Url
}
/**
+ * Return helper instance
+ *
+ * @param string $helperName
+ * @return Mage_Core_Helper_Abstract
+ */
+ protected function _getHelperInstance($helperName)
+ {
+ return Mage::helper($helperName);
+ }
+
+ /**
* Retrieve url for remove product from cart
*
* @param Mage_Sales_Quote_Item $item
@@ -85,7 +99,7 @@ class Mage_Checkout_Helper_Cart extends Mage_Core_Helper_Url
public function getRemoveUrl($item)
{
$params = array(
- 'id'=>$item->getId(),
+ 'id' => $item->getId(),
Mage_Core_Controller_Front_Action::PARAM_NAME_BASE64_URL => $this->getCurrentBase64Url()
);
return $this->_getUrl('checkout/cart/delete', $params);
diff --git app/code/core/Mage/Checkout/controllers/CartController.php app/code/core/Mage/Checkout/controllers/CartController.php
index 4e41521..db69872 100644
--- app/code/core/Mage/Checkout/controllers/CartController.php
+++ app/code/core/Mage/Checkout/controllers/CartController.php
@@ -70,6 +70,7 @@ class Mage_Checkout_CartController extends Mage_Core_Controller_Front_Action
* Set back redirect url to response
*
* @return Mage_Checkout_CartController
+ * @throws Mage_Exception
*/
protected function _goBack()
{
@@ -166,9 +167,15 @@ class Mage_Checkout_CartController extends Mage_Core_Controller_Front_Action
/**
* Add product to shopping cart action
+ *
+ * @return void
*/
public function addAction()
{
+ if (!$this->_validateFormKey()) {
+ $this->_goBack();
+ return;
+ }
$cart = $this->_getCart();
$params = $this->getRequest()->getParams();
try {
@@ -207,7 +214,7 @@ class Mage_Checkout_CartController extends Mage_Core_Controller_Front_Action
);
if (!$this->_getSession()->getNoCartRedirect(true)) {
- if (!$cart->getQuote()->getHasError()){
+ if (!$cart->getQuote()->getHasError()) {
$message = $this->__('%s was added to your shopping cart.', Mage::helper('core')->escapeHtml($product->getName()));
$this->_getSession()->addSuccess($message);
}
@@ -236,34 +243,41 @@ class Mage_Checkout_CartController extends Mage_Core_Controller_Front_Action
}
}
+ /**
+ * Add products in group to shopping cart action
+ */
public function addgroupAction()
{
$orderItemIds = $this->getRequest()->getParam('order_items', array());
- if (is_array($orderItemIds)) {
- $itemsCollection = Mage::getModel('sales/order_item')
- ->getCollection()
- ->addIdFilter($orderItemIds)
- ->load();
- /* @var $itemsCollection Mage_Sales_Model_Mysql4_Order_Item_Collection */
- $cart = $this->_getCart();
- foreach ($itemsCollection as $item) {
- try {
- $cart->addOrderItem($item, 1);
- } catch (Mage_Core_Exception $e) {
- if ($this->_getSession()->getUseNotice(true)) {
- $this->_getSession()->addNotice($e->getMessage());
- } else {
- $this->_getSession()->addError($e->getMessage());
- }
- } catch (Exception $e) {
- $this->_getSession()->addException($e, $this->__('Cannot add the item to shopping cart.'));
- Mage::logException($e);
- $this->_goBack();
+
+ if (!is_array($orderItemIds) || !$this->_validateFormKey()) {
+ $this->_goBack();
+ return;
+ }
+
+ $itemsCollection = Mage::getModel('sales/order_item')
+ ->getCollection()
+ ->addIdFilter($orderItemIds)
+ ->load();
+ /* @var $itemsCollection Mage_Sales_Model_Mysql4_Order_Item_Collection */
+ $cart = $this->_getCart();
+ foreach ($itemsCollection as $item) {
+ try {
+ $cart->addOrderItem($item, 1);
+ } catch (Mage_Core_Exception $e) {
+ if ($this->_getSession()->getUseNotice(true)) {
+ $this->_getSession()->addNotice($e->getMessage());
+ } else {
+ $this->_getSession()->addError($e->getMessage());
}
+ } catch (Exception $e) {
+ $this->_getSession()->addException($e, $this->__('Cannot add the item to shopping cart.'));
+ Mage::logException($e);
+ $this->_goBack();
}
- $cart->save();
- $this->_getSession()->setCartWasUpdated(true);
}
+ $cart->save();
+ $this->_getSession()->setCartWasUpdated(true);
$this->_goBack();
}
@@ -347,8 +361,8 @@ class Mage_Checkout_CartController extends Mage_Core_Controller_Front_Action
array('item' => $item, 'request' => $this->getRequest(), 'response' => $this->getResponse())
);
if (!$this->_getSession()->getNoCartRedirect(true)) {
- if (!$cart->getQuote()->getHasError()){
- $message = $this->__('%s was updated in your shopping cart.', Mage::helper('core')->htmlEscape($item->getProduct()->getName()));
+ if (!$cart->getQuote()->getHasError()) {
+ $message = $this->__('%s was updated in your shopping cart.', Mage::helper('core')->escapeHtml($item->getProduct()->getName()));
$this->_getSession()->addSuccess($message);
}
$this->_goBack();
@@ -382,6 +396,11 @@ class Mage_Checkout_CartController extends Mage_Core_Controller_Front_Action
*/
public function updatePostAction()
{
+ if (!$this->_validateFormKey()) {
+ $this->_redirect('*/*/');
+ return;
+ }
+
$updateAction = (string)$this->getRequest()->getParam('update_cart_action');
switch ($updateAction) {
@@ -492,6 +511,11 @@ class Mage_Checkout_CartController extends Mage_Core_Controller_Front_Action
$this->_goBack();
}
+ /**
+ * Estimate update action
+ *
+ * @return null
+ */
public function estimateUpdatePostAction()
{
$code = (string) $this->getRequest()->getParam('estimate_method');
diff --git app/code/core/Mage/Checkout/controllers/OnepageController.php app/code/core/Mage/Checkout/controllers/OnepageController.php
index e62cb91..55d0833 100644
--- app/code/core/Mage/Checkout/controllers/OnepageController.php
+++ app/code/core/Mage/Checkout/controllers/OnepageController.php
@@ -24,16 +24,27 @@
* @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
*/
-
+/**
+ * Class Onepage controller
+ */
class Mage_Checkout_OnepageController extends Mage_Checkout_Controller_Action
{
+ /**
+ * Functions for concrete method
+ *
+ * @var array
+ */
protected $_sectionUpdateFunctions = array(
'payment-method' => '_getPaymentMethodsHtml',
'shipping-method' => '_getShippingMethodsHtml',
'review' => '_getReviewHtml',
);
- /** @var Mage_Sales_Model_Order */
+ /**
+ * Order instance
+ *
+ * @var Mage_Sales_Model_Order
+ */
protected $_order;
/**
@@ -50,7 +61,7 @@ class Mage_Checkout_OnepageController extends Mage_Checkout_Controller_Action
$checkoutSessionQuote->removeAllAddresses();
}
- if(!$this->_canShowForUnregisteredUsers()){
+ if (!$this->_canShowForUnregisteredUsers()) {
$this->norouteAction();
$this->setFlag('',self::FLAG_NO_DISPATCH,true);
return;
@@ -59,6 +70,11 @@ class Mage_Checkout_OnepageController extends Mage_Checkout_Controller_Action
return $this;
}
+ /**
+ * Send headers in case if session is expired
+ *
+ * @return Mage_Checkout_OnepageController
+ */
protected function _ajaxRedirectResponse()
{
$this->getResponse()
@@ -123,6 +139,12 @@ class Mage_Checkout_OnepageController extends Mage_Checkout_Controller_Action
return $output;
}
+ /**
+ * Return block content from the 'checkout_onepage_additional'
+ * This is the additional content for shipping method
+ *
+ * @return string
+ */
protected function _getAdditionalHtml()
{
$layout = $this->getLayout();
@@ -180,7 +202,7 @@ class Mage_Checkout_OnepageController extends Mage_Checkout_Controller_Action
return;
}
Mage::getSingleton('checkout/session')->setCartWasUpdated(false);
- Mage::getSingleton('customer/session')->setBeforeAuthUrl(Mage::getUrl('*/*/*', array('_secure'=>true)));
+ Mage::getSingleton('customer/session')->setBeforeAuthUrl(Mage::getUrl('*/*/*', array('_secure' => true)));
$this->getOnepage()->initCheckout();
$this->loadLayout();
$this->_initLayoutMessages('customer/session');
@@ -200,6 +222,9 @@ class Mage_Checkout_OnepageController extends Mage_Checkout_Controller_Action
$this->renderLayout();
}
+ /**
+ * Shipping action
+ */
public function shippingMethodAction()
{
if ($this->_expireAjax()) {
@@ -209,6 +234,9 @@ class Mage_Checkout_OnepageController extends Mage_Checkout_Controller_Action
$this->renderLayout();
}
+ /**
+ * Review action
+ */
public function reviewAction()
{
if ($this->_expireAjax()) {
@@ -244,6 +272,9 @@ class Mage_Checkout_OnepageController extends Mage_Checkout_Controller_Action
$this->renderLayout();
}
+ /**
+ * Failure action
+ */
public function failureAction()
{
$lastQuoteId = $this->getOnepage()->getCheckout()->getLastQuoteId();
@@ -259,6 +290,9 @@ class Mage_Checkout_OnepageController extends Mage_Checkout_Controller_Action
}
+ /**
+ * Additional action
+ */
public function getAdditionalAction()
{
$this->getResponse()->setBody($this->_getAdditionalHtml());
@@ -383,10 +417,10 @@ class Mage_Checkout_OnepageController extends Mage_Checkout_Controller_Action
/*
$result will have erro data if shipping method is empty
*/
- if(!$result) {
+ if (!$result) {
Mage::dispatchEvent('checkout_controller_onepage_save_shipping_method',
- array('request'=>$this->getRequest(),
- 'quote'=>$this->getOnepage()->getQuote()));
+ array('request' => $this->getRequest(),
+ 'quote' => $this->getOnepage()->getQuote()));
$this->getOnepage()->getQuote()->collectTotals();
$this->getResponse()->setBody(Mage::helper('core')->jsonEncode($result));
@@ -452,7 +486,8 @@ class Mage_Checkout_OnepageController extends Mage_Checkout_Controller_Action
/**
* Get Order by quoteId
*
- * @return Mage_Sales_Model_Order
+ * @return Mage_Core_Model_Abstract|Mage_Sales_Model_Order
+ * @throws Mage_Payment_Model_Info_Exception
*/
protected function _getOrder()
{
@@ -489,15 +524,21 @@ class Mage_Checkout_OnepageController extends Mage_Checkout_Controller_Action
*/
public function saveOrderAction()
{
+ if (!$this->_validateFormKey()) {
+ return $this->_redirect('*/*');
+ }
+
if ($this->_expireAjax()) {
return;
}
$result = array();
try {
- if ($requiredAgreements = Mage::helper('checkout')->getRequiredAgreementIds()) {
+ $requiredAgreements = Mage::helper('checkout')->getRequiredAgreementIds();
+ if ($requiredAgreements) {
$postedAgreements = array_keys($this->getRequest()->getPost('agreement', array()));
- if ($diff = array_diff($requiredAgreements, $postedAgreements)) {
+ $diff = array_diff($requiredAgreements, $postedAgreements);
+ if ($diff) {
$result['success'] = false;
$result['error'] = true;
$result['error_messages'] = $this->__('Please agree to all the terms and conditions before placing the order.');
@@ -515,7 +556,7 @@ class Mage_Checkout_OnepageController extends Mage_Checkout_Controller_Action
$result['error'] = false;
} catch (Mage_Payment_Model_Info_Exception $e) {
$message = $e->getMessage();
- if( !empty($message) ) {
+ if ( !empty($message) ) {
$result['error_messages'] = $message;
}
$result['goto_section'] = 'payment';
@@ -530,12 +571,13 @@ class Mage_Checkout_OnepageController extends Mage_Checkout_Controller_Action
$result['error'] = true;
$result['error_messages'] = $e->getMessage();
- if ($gotoSection = $this->getOnepage()->getCheckout()->getGotoSection()) {
+ $gotoSection = $this->getOnepage()->getCheckout()->getGotoSection();
+ if ($gotoSection) {
$result['goto_section'] = $gotoSection;
$this->getOnepage()->getCheckout()->setGotoSection(null);
}
-
- if ($updateSection = $this->getOnepage()->getCheckout()->getUpdateSection()) {
+ $updateSection = $this->getOnepage()->getCheckout()->getUpdateSection();
+ if ($updateSection) {
if (isset($this->_sectionUpdateFunctions[$updateSection])) {
$updateSectionFunction = $this->_sectionUpdateFunctions[$updateSection];
$result['update_section'] = array(
diff --git app/code/core/Mage/Core/Block/Abstract.php app/code/core/Mage/Core/Block/Abstract.php
index 1e1659d..a58fc26 100644
--- app/code/core/Mage/Core/Block/Abstract.php
+++ app/code/core/Mage/Core/Block/Abstract.php
@@ -38,6 +38,10 @@
abstract class Mage_Core_Block_Abstract extends Varien_Object
{
/**
+ * Prefix for cache key
+ */
+ const CACHE_KEY_PREFIX = 'BLOCK_';
+ /**
* Cache group Tag
*/
const CACHE_GROUP = 'block_html';
@@ -1233,7 +1237,13 @@ abstract class Mage_Core_Block_Abstract extends Varien_Object
public function getCacheKey()
{
if ($this->hasData('cache_key')) {
- return $this->getData('cache_key');
+ $cacheKey = $this->getData('cache_key');
+ if (strpos($cacheKey, self::CACHE_KEY_PREFIX) !== 0) {
+ $cacheKey = self::CACHE_KEY_PREFIX . $cacheKey;
+ $this->setData('cache_key', $cacheKey);
+ }
+
+ return $cacheKey;
}
/**
* don't prevent recalculation by saving generated cache key
diff --git app/code/core/Mage/Core/Helper/Url.php app/code/core/Mage/Core/Helper/Url.php
index 2fd8608..a899975 100644
--- app/code/core/Mage/Core/Helper/Url.php
+++ app/code/core/Mage/Core/Helper/Url.php
@@ -51,7 +51,7 @@ class Mage_Core_Helper_Url extends Mage_Core_Helper_Abstract
$port = (in_array($port, $defaultPorts)) ? '' : ':' . $port;
}
$url = $request->getScheme() . '://' . $request->getHttpHost() . $port . $request->getServer('REQUEST_URI');
- return $url;
+ return $this->escapeUrl($url);
// return $this->_getUrl('*/*/*', array('_current' => true, '_use_rewrite' => true));
}
@@ -65,7 +65,13 @@ class Mage_Core_Helper_Url extends Mage_Core_Helper_Abstract
return $this->urlEncode($this->getCurrentUrl());
}
- public function getEncodedUrl($url=null)
+ /**
+ * Return encoded url
+ *
+ * @param null|string $url
+ * @return string
+ */
+ public function getEncodedUrl($url = null)
{
if (!$url) {
$url = $this->getCurrentUrl();
@@ -83,6 +89,12 @@ class Mage_Core_Helper_Url extends Mage_Core_Helper_Abstract
return Mage::getBaseUrl();
}
+ /**
+ * Formatting string
+ *
+ * @param string $string
+ * @return string
+ */
protected function _prepareString($string)
{
$string = preg_replace('#[^0-9a-z]+#i', '-', $string);
@@ -104,7 +116,7 @@ class Mage_Core_Helper_Url extends Mage_Core_Helper_Abstract
$startDelimiter = (false === strpos($url,'?'))? '?' : '&';
$arrQueryParams = array();
- foreach($param as $key=>$value) {
+ foreach ($param as $key => $value) {
if (is_numeric($key) || is_object($value)) {
continue;
}
@@ -128,6 +140,7 @@ class Mage_Core_Helper_Url extends Mage_Core_Helper_Abstract
*
* @param string $url
* @param string $paramKey
+ * @param boolean $caseSensitive
* @return string
*/
public function removeRequestParam($url, $paramKey, $caseSensitive = false)
@@ -143,4 +156,16 @@ class Mage_Core_Helper_Url extends Mage_Core_Helper_Abstract
}
return $url;
}
+
+ /**
+ * Return singleton model instance
+ *
+ * @param string $name
+ * @param array $arguments
+ * @return Mage_Core_Model_Abstract
+ */
+ protected function _getSingletonModel($name, $arguments = array())
+ {
+ return Mage::getSingleton($name, $arguments);
+ }
}
diff --git app/code/core/Mage/Core/Model/Encryption.php app/code/core/Mage/Core/Model/Encryption.php
index 4de64a2..cec49c8 100644
--- app/code/core/Mage/Core/Model/Encryption.php
+++ app/code/core/Mage/Core/Model/Encryption.php
@@ -98,9 +98,9 @@ class Mage_Core_Model_Encryption
$hashArr = explode(':', $hash);
switch (count($hashArr)) {
case 1:
- return $this->hash($password) === $hash;
+ return hash_equals($this->hash($password), $hash);
case 2:
- return $this->hash($hashArr[1] . $password) === $hashArr[0];
+ return hash_equals($this->hash($hashArr[1] . $password), $hashArr[0]);
}
Mage::throwException('Invalid hash.');
}
diff --git app/code/core/Mage/Core/Model/Input/Filter/MaliciousCode.php app/code/core/Mage/Core/Model/Input/Filter/MaliciousCode.php
index 55da2fb..0d4128e 100644
--- app/code/core/Mage/Core/Model/Input/Filter/MaliciousCode.php
+++ app/code/core/Mage/Core/Model/Input/Filter/MaliciousCode.php
@@ -65,7 +65,13 @@ class Mage_Core_Model_Input_Filter_MaliciousCode implements Zend_Filter_Interfac
*/
public function filter($value)
{
- return preg_replace($this->_expressions, '', $value);
+ $result = false;
+ do {
+ $subject = $result ? $result : $value;
+ $result = preg_replace($this->_expressions, '', $subject, -1, $count);
+ } while ($count !== 0);
+
+ return $result;
}
/**
diff --git app/code/core/Mage/Core/Model/Url.php app/code/core/Mage/Core/Model/Url.php
index c87bf48..28086af 100644
--- app/code/core/Mage/Core/Model/Url.php
+++ app/code/core/Mage/Core/Model/Url.php
@@ -89,14 +89,31 @@ class Mage_Core_Model_Url extends Varien_Object
const DEFAULT_ACTION_NAME = 'index';
/**
- * Configuration paths
+ * XML base url path unsecure
*/
const XML_PATH_UNSECURE_URL = 'web/unsecure/base_url';
+
+ /**
+ * XML base url path secure
+ */
const XML_PATH_SECURE_URL = 'web/secure/base_url';
+
+ /**
+ * XML path for using in adminhtml
+ */
const XML_PATH_SECURE_IN_ADMIN = 'default/web/secure/use_in_adminhtml';
+
+ /**
+ * XML path for using in frontend
+ */
const XML_PATH_SECURE_IN_FRONT = 'web/secure/use_in_frontend';
/**
+ * Param name for form key functionality
+ */
+ const FORM_KEY = 'form_key';
+
+ /**
* Configuration data cache
*
* @var array
@@ -483,7 +500,7 @@ class Mage_Core_Model_Url extends Varien_Object
}
$routePath = $this->getActionPath();
if ($this->getRouteParams()) {
- foreach ($this->getRouteParams() as $key=>$value) {
+ foreach ($this->getRouteParams() as $key => $value) {
if (is_null($value) || false === $value || '' === $value || !is_scalar($value)) {
continue;
}
@@ -939,8 +956,8 @@ class Mage_Core_Model_Url extends Varien_Object
/**
* Build url by requested path and parameters
*
- * @param string|null $routePath
- * @param array|null $routeParams
+ * @param string|null $routePath
+ * @param array|null $routeParams
* @return string
*/
public function getUrl($routePath = null, $routeParams = null)
@@ -974,6 +991,7 @@ class Mage_Core_Model_Url extends Varien_Object
$noSid = (bool)$routeParams['_nosid'];
unset($routeParams['_nosid']);
}
+
$url = $this->getRouteUrl($routePath, $routeParams);
/**
* Apply query params, need call after getRouteUrl for rewrite _current values
@@ -1007,6 +1025,18 @@ class Mage_Core_Model_Url extends Varien_Object
}
/**
+ * Return singleton model instance
+ *
+ * @param string $name
+ * @param array $arguments
+ * @return Mage_Core_Model_Abstract
+ */
+ protected function _getSingletonModel($name, $arguments = array())
+ {
+ return Mage::getSingleton($name, $arguments);
+ }
+
+ /**
* Check and add session id to URL
*
* @param string $url
diff --git app/code/core/Mage/Core/functions.php app/code/core/Mage/Core/functions.php
index fbd0acc..ac6cfc2 100644
--- app/code/core/Mage/Core/functions.php
+++ app/code/core/Mage/Core/functions.php
@@ -375,3 +375,38 @@ if ( !function_exists('sys_get_temp_dir') ) {
}
}
}
+
+if (!function_exists('hash_equals')) {
+ /**
+ * Compares two strings using the same time whether they're equal or not.
+ * A difference in length will leak
+ *
+ * @param string $known_string
+ * @param string $user_string
+ * @return boolean Returns true when the two strings are equal, false otherwise.
+ */
+ function hash_equals($known_string, $user_string)
+ {
+ $result = 0;
+
+ if (!is_string($known_string)) {
+ trigger_error("hash_equals(): Expected known_string to be a string", E_USER_WARNING);
+ return false;
+ }
+
+ if (!is_string($user_string)) {
+ trigger_error("hash_equals(): Expected user_string to be a string", E_USER_WARNING);
+ return false;
+ }
+
+ if (strlen($known_string) != strlen($user_string)) {
+ return false;
+ }
+
+ for ($i = 0; $i < strlen($known_string); $i++) {
+ $result |= (ord($known_string[$i]) ^ ord($user_string[$i]));
+ }
+
+ return 0 === $result;
+ }
+}
diff --git app/code/core/Mage/Customer/Block/Address/Book.php app/code/core/Mage/Customer/Block/Address/Book.php
index 2b295c5..9bc7c69 100644
--- app/code/core/Mage/Customer/Block/Address/Book.php
+++ app/code/core/Mage/Customer/Block/Address/Book.php
@@ -56,7 +56,8 @@ class Mage_Customer_Block_Address_Book extends Mage_Core_Block_Template
public function getDeleteUrl()
{
- return $this->getUrl('customer/address/delete');
+ return $this->getUrl('customer/address/delete',
+ array(Mage_Core_Model_Url::FORM_KEY => Mage::getSingleton('core/session')->getFormKey()));
}
public function getAddressEditUrl($address)
diff --git app/code/core/Mage/Customer/controllers/AccountController.php app/code/core/Mage/Customer/controllers/AccountController.php
index 60be0f7..7361168 100644
--- app/code/core/Mage/Customer/controllers/AccountController.php
+++ app/code/core/Mage/Customer/controllers/AccountController.php
@@ -140,6 +140,11 @@ class Mage_Customer_AccountController extends Mage_Core_Controller_Front_Action
*/
public function loginPostAction()
{
+ if (!$this->_validateFormKey()) {
+ $this->_redirect('*/*/');
+ return;
+ }
+
if ($this->_getSession()->isLoggedIn()) {
$this->_redirect('*/*/');
return;
@@ -157,8 +162,8 @@ class Mage_Customer_AccountController extends Mage_Core_Controller_Front_Action
} catch (Mage_Core_Exception $e) {
switch ($e->getCode()) {
case Mage_Customer_Model_Customer::EXCEPTION_EMAIL_NOT_CONFIRMED:
- $value = Mage::helper('customer')->getEmailConfirmationUrl($login['username']);
- $message = Mage::helper('customer')->__('This account is not confirmed. <a href="%s">Click here</a> to resend confirmation email.', $value);
+ $value = $this->_getHelper('customer')->getEmailConfirmationUrl($login['username']);
+ $message = $this->_getHelper('customer')->__('This account is not confirmed. <a href="%s">Click here</a> to resend confirmation email.', $value);
break;
case Mage_Customer_Model_Customer::EXCEPTION_INVALID_EMAIL_OR_PASSWORD:
$message = $e->getMessage();
@@ -188,7 +193,7 @@ class Mage_Customer_AccountController extends Mage_Core_Controller_Front_Action
if (!$session->getBeforeAuthUrl() || $session->getBeforeAuthUrl() == Mage::getBaseUrl()) {
// Set default URL to redirect customer to
- $session->setBeforeAuthUrl(Mage::helper('customer')->getAccountUrl());
+ $session->setBeforeAuthUrl($this->_getHelper('customer')->getAccountUrl());
// Redirect customer to the last page visited after logging in
if ($session->isLoggedIn()) {
if (!Mage::getStoreConfigFlag(
@@ -197,8 +202,8 @@ class Mage_Customer_AccountController extends Mage_Core_Controller_Front_Action
$referer = $this->getRequest()->getParam(Mage_Customer_Helper_Data::REFERER_QUERY_PARAM_NAME);
if ($referer) {
// Rebuild referer URL to handle the case when SID was changed
- $referer = Mage::getModel('core/url')
- ->getRebuiltUrl(Mage::helper('core')->urlDecode($referer));
+ $referer = $this->_getModel('core/url')
+ ->getRebuiltUrl($this->_getHelper('core')->urlDecode($referer));
if ($this->_isUrlInternal($referer)) {
$session->setBeforeAuthUrl($referer);
}
@@ -207,10 +212,10 @@ class Mage_Customer_AccountController extends Mage_Core_Controller_Front_Action
$session->setBeforeAuthUrl($session->getAfterAuthUrl(true));
}
} else {
- $session->setBeforeAuthUrl(Mage::helper('customer')->getLoginUrl());
+ $session->setBeforeAuthUrl($this->_getHelper('customer')->getLoginUrl());
}
- } else if ($session->getBeforeAuthUrl() == Mage::helper('customer')->getLogoutUrl()) {
- $session->setBeforeAuthUrl(Mage::helper('customer')->getDashboardUrl());
+ } else if ($session->getBeforeAuthUrl() == $this->_getHelper('customer')->getLogoutUrl()) {
+ $session->setBeforeAuthUrl($this->_getHelper('customer')->getDashboardUrl());
} else {
if (!$session->getAfterAuthUrl()) {
$session->setAfterAuthUrl($session->getBeforeAuthUrl());
@@ -267,125 +272,254 @@ class Mage_Customer_AccountController extends Mage_Core_Controller_Front_Action
return;
}
+ /** @var $session Mage_Customer_Model_Session */
$session = $this->_getSession();
if ($session->isLoggedIn()) {
$this->_redirect('*/*/');
return;
}
- if ($this->getRequest()->isPost()) {
- $errors = array();
+ if (!$this->getRequest()->isPost()) {
+ $errUrl = $this->_getUrl('*/*/create', array('_secure' => true));
+ $this->_redirectError($errUrl);
+ return;
+ }
- if (!$customer = Mage::registry('current_customer')) {
- $customer = Mage::getModel('customer/customer')->setId(null);
+ $customer = $this->_getCustomer();
+
+ try {
+ $errors = $this->_getCustomerErrors($customer);
+
+ if (empty($errors)) {
+ $customer->save();
+ $this->_dispatchRegisterSuccess($customer);
+ $this->_successProcessRegistration($customer);
+ return;
+ } else {
+ $this->_addSessionError($errors);
+ }
+ } catch (Mage_Core_Exception $e) {
+ $session->setCustomerFormData($this->getRequest()->getPost());
+ if ($e->getCode() === Mage_Customer_Model_Customer::EXCEPTION_EMAIL_EXISTS) {
+ $url = $this->_getUrl('customer/account/forgotpassword');
+ $message = $this->__('There is already an account with this email address. If you are sure that it is your email address, <a href="%s">click here</a> to get your password and access your account.', $url);
+ } else {
+ $message = Mage::helper('core')->escapeHtml($e->getMessage());
}
+ $session->addError($message);
+ } catch (Exception $e) {
+ $session->setCustomerFormData($this->getRequest()->getPost())
+ ->addException($e, $this->__('Cannot save the customer.'));
+ }
+ $url = $this->_getUrl('*/*/create', array('_secure' => true));
+ $this->_redirectError($url);
+ }
- /* @var $customerForm Mage_Customer_Model_Form */
- $customerForm = Mage::getModel('customer/form');
- $customerForm->setFormCode('customer_account_create')
- ->setEntity($customer);
+ /**
+ * Success Registration
+ *
+ * @param Mage_Customer_Model_Customer $customer
+ * @return Mage_Customer_AccountController
+ */
+ protected function _successProcessRegistration(Mage_Customer_Model_Customer $customer)
+ {
+ $session = $this->_getSession();
+ if ($customer->isConfirmationRequired()) {
+ /** @var $app Mage_Core_Model_App */
+ $app = $this->_getApp();
+ /** @var $store Mage_Core_Model_Store*/
+ $store = $app->getStore();
+ $customer->sendNewAccountEmail(
+ 'confirmation',
+ $session->getBeforeAuthUrl(),
+ $store->getId()
+ );
+ $customerHelper = $this->_getHelper('customer');
+ $session->addSuccess($this->__('Account confirmation is required. Please, check your email for the confirmation link. To resend the confirmation email please <a href="%s">click here</a>.',
+ $customerHelper->getEmailConfirmationUrl($customer->getEmail())));
+ $url = $this->_getUrl('*/*/index', array('_secure' => true));
+ } else {
+ $session->setCustomerAsLoggedIn($customer);
+ $session->renewSession();
+ $url = $this->_welcomeCustomer($customer);
+ }
+ $this->_redirectSuccess($url);
+ return $this;
+ }
- $customerData = $customerForm->extractData($this->getRequest());
+ /**
+ * Get Customer Model
+ *
+ * @return Mage_Customer_Model_Customer
+ */
+ protected function _getCustomer()
+ {
+ $customer = $this->_getFromRegistry('current_customer');
+ if (!$customer) {
+ $customer = $this->_getModel('customer/customer')->setId(null);
+ }
+ if ($this->getRequest()->getParam('is_subscribed', false)) {
+ $customer->setIsSubscribed(1);
+ }
+ /**
+ * Initialize customer group id
+ */
+ $customer->getGroupId();
+
+ return $customer;
+ }
- if ($this->getRequest()->getParam('is_subscribed', false)) {
- $customer->setIsSubscribed(1);
+ /**
+ * Add session error method
+ *
+ * @param string|array $errors
+ */
+ protected function _addSessionError($errors)
+ {
+ $session = $this->_getSession();
+ $session->setCustomerFormData($this->getRequest()->getPost());
+ if (is_array($errors)) {
+ foreach ($errors as $errorMessage) {
+ $session->addError(Mage::helper('core')->escapeHtml($errorMessage));
}
+ } else {
+ $session->addError($this->__('Invalid customer data'));
+ }
+ }
- /**
- * Initialize customer group id
- */
- $customer->getGroupId();
-
- if ($this->getRequest()->getPost('create_address')) {
- /* @var $address Mage_Customer_Model_Address */
- $address = Mage::getModel('customer/address');
- /* @var $addressForm Mage_Customer_Model_Form */
- $addressForm = Mage::getModel('customer/form');
- $addressForm->setFormCode('customer_register_address')
- ->setEntity($address);
-
- $addressData = $addressForm->extractData($this->getRequest(), 'address', false);
- $addressErrors = $addressForm->validateData($addressData);
- if ($addressErrors === true) {
- $address->setId(null)
- ->setIsDefaultBilling($this->getRequest()->getParam('default_billing', false))
- ->setIsDefaultShipping($this->getRequest()->getParam('default_shipping', false));
- $addressForm->compactData($addressData);
- $customer->addAddress($address);
-
- $addressErrors = $address->validate();
- if (is_array($addressErrors)) {
- $errors = array_merge($errors, $addressErrors);
- }
- } else {
- $errors = array_merge($errors, $addressErrors);
- }
+ /**
+ * Validate customer data and return errors if they are
+ *
+ * @param Mage_Customer_Model_Customer $customer
+ * @return array|string
+ */
+ protected function _getCustomerErrors($customer)
+ {
+ $errors = array();
+ $request = $this->getRequest();
+ if ($request->getPost('create_address')) {
+ $errors = $this->_getErrorsOnCustomerAddress($customer);
+ }
+ $customerForm = $this->_getCustomerForm($customer);
+ $customerData = $customerForm->extractData($request);
+ $customerErrors = $customerForm->validateData($customerData);
+ if ($customerErrors !== true) {
+ $errors = array_merge($customerErrors, $errors);
+ } else {
+ $customerForm->compactData($customerData);
+ $customer->setPassword($request->getPost('password'));
+ $customer->setConfirmation($request->getPost('confirmation'));
+ $customerErrors = $customer->validate();
+ if (is_array($customerErrors)) {
+ $errors = array_merge($customerErrors, $errors);
}
+ }
+ return $errors;
+ }
- try {
- $customerErrors = $customerForm->validateData($customerData);
- if ($customerErrors !== true) {
- $errors = array_merge($customerErrors, $errors);
- } else {
- $customerForm->compactData($customerData);
- $customer->setPassword($this->getRequest()->getPost('password'));
- $customer->setConfirmation($this->getRequest()->getPost('confirmation'));
- $customerErrors = $customer->validate();
- if (is_array($customerErrors)) {
- $errors = array_merge($customerErrors, $errors);
- }
- }
+ /**
+ * Get Customer Form Initalized Model
+ *
+ * @param Mage_Customer_Model_Customer $customer
+ * @return Mage_Customer_Model_Form
+ */
+ protected function _getCustomerForm($customer)
+ {
+ /* @var $customerForm Mage_Customer_Model_Form */
+ $customerForm = $this->_getModel('customer/form');
+ $customerForm->setFormCode('customer_account_create');
+ $customerForm->setEntity($customer);
+ return $customerForm;
+ }
- $validationResult = count($errors) == 0;
+ /**
+ * Get Helper
+ *
+ * @param string $path
+ * @return Mage_Core_Helper_Abstract
+ */
+ protected function _getHelper($path)
+ {
+ return Mage::helper($path);
+ }
- if (true === $validationResult) {
- $customer->save();
+ /**
+ * Get App
+ *
+ * @return Mage_Core_Model_App
+ */
+ protected function _getApp()
+ {
+ return Mage::app();
+ }
- Mage::dispatchEvent('customer_register_success',
- array('account_controller' => $this, 'customer' => $customer)
- );
-
- if ($customer->isConfirmationRequired()) {
- $customer->sendNewAccountEmail(
- 'confirmation',
- $session->getBeforeAuthUrl(),
- Mage::app()->getStore()->getId()
- );
- $session->addSuccess($this->__('Account confirmation is required. Please, check your email for the confirmation link. To resend the confirmation email please <a href="%s">click here</a>.', Mage::helper('customer')->getEmailConfirmationUrl($customer->getEmail())));
- $this->_redirectSuccess(Mage::getUrl('*/*/index', array('_secure'=>true)));
- return;
- } else {
- $session->setCustomerAsLoggedIn($customer);
- $url = $this->_welcomeCustomer($customer);
- $this->_redirectSuccess($url);
- return;
- }
- } else {
- $session->setCustomerFormData($this->getRequest()->getPost());
- if (is_array($errors)) {
- foreach ($errors as $errorMessage) {
- $session->addError(Mage::helper('core')->escapeHtml($errorMessage));
- }
- } else {
- $session->addError($this->__('Invalid customer data'));
- }
- }
- } catch (Mage_Core_Exception $e) {
- $session->setCustomerFormData($this->getRequest()->getPost());
- if ($e->getCode() === Mage_Customer_Model_Customer::EXCEPTION_EMAIL_EXISTS) {
- $url = Mage::getUrl('customer/account/forgotpassword');
- $message = $this->__('There is already an account with this email address. If you are sure that it is your email address, <a href="%s">click here</a> to get your password and access your account.', $url);
- } else {
- $message = Mage::helper('core')->escapeHtml($e->getMessage());
- }
- $session->addError($message);
- } catch (Exception $e) {
- $session->setCustomerFormData($this->getRequest()->getPost())
- ->addException($e, $this->__('Cannot save the customer.'));
- }
+ /**
+ * Dispatch Event
+ *
+ * @param Mage_Customer_Model_Customer $customer
+ */
+ protected function _dispatchRegisterSuccess($customer)
+ {
+ Mage::dispatchEvent('customer_register_success',
+ array('account_controller' => $this, 'customer' => $customer)
+ );
+ }
+
+ /**
+ * Get errors on provided customer address
+ *
+ * @param Mage_Customer_Model_Customer $customer
+ * @return array $errors
+ */
+ protected function _getErrorsOnCustomerAddress($customer)
+ {
+ $errors = array();
+ /* @var $address Mage_Customer_Model_Address */
+ $address = $this->_getModel('customer/address');
+ /* @var $addressForm Mage_Customer_Model_Form */
+ $addressForm = $this->_getModel('customer/form');
+ $addressForm->setFormCode('customer_register_address')
+ ->setEntity($address);
+
+ $addressData = $addressForm->extractData($this->getRequest(), 'address', false);
+ $addressErrors = $addressForm->validateData($addressData);
+ if (is_array($addressErrors)) {
+ $errors = $addressErrors;
}
+ $address->setId(null)
+ ->setIsDefaultBilling($this->getRequest()->getParam('default_billing', false))
+ ->setIsDefaultShipping($this->getRequest()->getParam('default_shipping', false));
+ $addressForm->compactData($addressData);
+ $customer->addAddress($address);
+
+ $addressErrors = $address->validate();
+ if (is_array($addressErrors)) {
+ $errors = array_merge($errors, $addressErrors);
+ }
+ return $errors;
+ }
- $this->_redirectError(Mage::getUrl('*/*/create', array('_secure' => true)));
+ /**
+ * Get model by path
+ *
+ * @param string $path
+ * @param array|null $arguments
+ * @return false|Mage_Core_Model_Abstract
+ */
+ public function _getModel($path, $arguments = array())
+ {
+ return Mage::getModel($path, $arguments);
+ }
+
+ /**
+ * Get model from registry by path
+ *
+ * @param string $path
+ * @return mixed
+ */
+ protected function _getFromRegistry($path)
+ {
+ return Mage::registry($path);
}
/**
@@ -403,14 +537,16 @@ class Mage_Customer_AccountController extends Mage_Core_Controller_Front_Action
);
if ($this->_isVatValidationEnabled()) {
// Show corresponding VAT message to customer
- $configAddressType = Mage::helper('customer/address')->getTaxCalculationAddressType();
+ $configAddressType = $this->_getHelper('customer/address')->getTaxCalculationAddressType();
$userPrompt = '';
switch ($configAddressType) {
case Mage_Customer_Model_Address_Abstract::TYPE_SHIPPING:
- $userPrompt = $this->__('If you are a registered VAT customer, please click <a href="%s">here</a> to enter you shipping address for proper VAT calculation', Mage::getUrl('customer/address/edit'));
+ $userPrompt = $this->__('If you are a registered VAT customer, please click <a href="%s">here</a> to enter you shipping address for proper VAT calculation',
+ $this->_getUrl('customer/address/edit'));
break;
default:
- $userPrompt = $this->__('If you are a registered VAT customer, please click <a href="%s">here</a> to enter you billing address for proper VAT calculation', Mage::getUrl('customer/address/edit'));
+ $userPrompt = $this->__('If you are a registered VAT customer, please click <a href="%s">here</a> to enter you billing address for proper VAT calculation',
+ $this->_getUrl('customer/address/edit'));
}
$this->_getSession()->addSuccess($userPrompt);
}
@@ -421,7 +557,7 @@ class Mage_Customer_AccountController extends Mage_Core_Controller_Front_Action
Mage::app()->getStore()->getId()
);
- $successUrl = Mage::getUrl('*/*/index', array('_secure'=>true));
+ $successUrl = $this->_getUrl('*/*/index', array('_secure' => true));
if ($this->_getSession()->getBeforeAuthUrl()) {
$successUrl = $this->_getSession()->getBeforeAuthUrl(true);
}
@@ -433,7 +569,8 @@ class Mage_Customer_AccountController extends Mage_Core_Controller_Front_Action
*/
public function confirmAction()
{
- if ($this->_getSession()->isLoggedIn()) {
+ $session = $this->_getSession();
+ if ($session->isLoggedIn()) {
$this->_redirect('*/*/');
return;
}
@@ -447,7 +584,7 @@ class Mage_Customer_AccountController extends Mage_Core_Controller_Front_Action
// load customer by id (try/catch in case if it throws exceptions)
try {
- $customer = Mage::getModel('customer/customer')->load($id);
+ $customer = $this->_getModel('customer/customer')->load($id);
if ((!$customer) || (!$customer->getId())) {
throw new Exception('Failed to load customer by id.');
}
@@ -471,21 +608,22 @@ class Mage_Customer_AccountController extends Mage_Core_Controller_Front_Action
throw new Exception($this->__('Failed to confirm customer account.'));
}
+ $session->renewSession();
// log in and send greeting email, then die happy
- $this->_getSession()->setCustomerAsLoggedIn($customer);
+ $session->setCustomerAsLoggedIn($customer);
$successUrl = $this->_welcomeCustomer($customer, true);
$this->_redirectSuccess($backUrl ? $backUrl : $successUrl);
return;
}
// die happy
- $this->_redirectSuccess(Mage::getUrl('*/*/index', array('_secure'=>true)));
+ $this->_redirectSuccess($this->_getUrl('*/*/index', array('_secure' => true)));
return;
}
catch (Exception $e) {
// die unhappy
$this->_getSession()->addError($e->getMessage());
- $this->_redirectError(Mage::getUrl('*/*/index', array('_secure'=>true)));
+ $this->_redirectError($this->_getUrl('*/*/index', array('_secure' => true)));
return;
}
}
@@ -495,7 +633,7 @@ class Mage_Customer_AccountController extends Mage_Core_Controller_Front_Action
*/
public function confirmationAction()
{
- $customer = Mage::getModel('customer/customer');
+ $customer = $this->_getModel('customer/customer');
if ($this->_getSession()->isLoggedIn()) {
$this->_redirect('*/*/');
return;
@@ -516,10 +654,10 @@ class Mage_Customer_AccountController extends Mage_Core_Controller_Front_Action
$this->_getSession()->addSuccess($this->__('This email does not require confirmation.'));
}
$this->_getSession()->setUsername($email);
- $this->_redirectSuccess(Mage::getUrl('*/*/index', array('_secure' => true)));
+ $this->_redirectSuccess($this->_getUrl('*/*/index', array('_secure' => true)));
} catch (Exception $e) {
$this->_getSession()->addException($e, $this->__('Wrong email.'));
- $this->_redirectError(Mage::getUrl('*/*/*', array('email' => $email, '_secure' => true)));
+ $this->_redirectError($this->_getUrl('*/*/*', array('email' => $email, '_secure' => true)));
}
return;
}
@@ -535,6 +673,18 @@ class Mage_Customer_AccountController extends Mage_Core_Controller_Front_Action
}
/**
+ * Get Url method
+ *
+ * @param string $url
+ * @param array $params
+ * @return string
+ */
+ protected function _getUrl($url, $params = array())
+ {
+ return Mage::getUrl($url, $params);
+ }
+
+ /**
* Forgot customer password page
*/
public function forgotPasswordAction()
@@ -565,13 +715,13 @@ class Mage_Customer_AccountController extends Mage_Core_Controller_Front_Action
}
/** @var $customer Mage_Customer_Model_Customer */
- $customer = Mage::getModel('customer/customer')
+ $customer = $this->_getModel('customer/customer')
->setWebsiteId(Mage::app()->getStore()->getWebsiteId())
->loadByEmail($email);
if ($customer->getId()) {
try {
- $newResetPasswordLinkToken = Mage::helper('customer')->generateResetPasswordLinkToken();
+ $newResetPasswordLinkToken = $this->_getHelper('customer')->generateResetPasswordLinkToken();
$customer->changeResetPasswordLinkToken($newResetPasswordLinkToken);
$customer->sendPasswordResetConfirmationEmail();
} catch (Exception $exception) {
@@ -581,7 +731,9 @@ class Mage_Customer_AccountController extends Mage_Core_Controller_Front_Action
}
}
$this->_getSession()
- ->addSuccess(Mage::helper('customer')->__('If there is an account associated with %s you will receive an email with a link to reset your password.', Mage::helper('customer')->htmlEscape($email)));
+ ->addSuccess($this->_getHelper('customer')
+ ->__('If there is an account associated with %s you will receive an email with a link to reset your password.',
+ $this->_getHelper('customer')->escapeHtml($email)));
$this->_redirect('*/*/');
return;
} else {
@@ -626,16 +778,14 @@ class Mage_Customer_AccountController extends Mage_Core_Controller_Front_Action
->_redirect('*/*/changeforgotten');
} catch (Exception $exception) {
- $this->_getSession()->addError(Mage::helper('customer')->__('Your password reset link has expired.'));
+ $this->_getSession()->addError($this->_getHelper('customer')->__('Your password reset link has expired.'));
$this->_redirect('*/*/forgotpassword');
}
}
/**
* Reset forgotten password
- *
* Used to handle data recieved from reset forgotten password form
- *
*/
public function resetPasswordPostAction()
{
@@ -646,17 +796,17 @@ class Mage_Customer_AccountController extends Mage_Core_Controller_Front_Action
try {
$this->_validateResetPasswordLinkToken($customerId, $resetPasswordLinkToken);
} catch (Exception $exception) {
- $this->_getSession()->addError(Mage::helper('customer')->__('Your password reset link has expired.'));
+ $this->_getSession()->addError($this->_getHelper('customer')->__('Your password reset link has expired.'));
$this->_redirect('*/*/');
return;
}
$errorMessages = array();
if (iconv_strlen($password) <= 0) {
- array_push($errorMessages, Mage::helper('customer')->__('New password field cannot be empty.'));
+ array_push($errorMessages, $this->_getHelper('customer')->__('New password field cannot be empty.'));
}
/** @var $customer Mage_Customer_Model_Customer */
- $customer = Mage::getModel('customer/customer')->load($customerId);
+ $customer = $this->_getModel('customer/customer')->load($customerId);
$customer->setPassword($password);
$customer->setConfirmation($passwordConfirmation);
@@ -684,7 +834,7 @@ class Mage_Customer_AccountController extends Mage_Core_Controller_Front_Action
$this->_getSession()->unsetData(self::TOKEN_SESSION_NAME);
$this->_getSession()->unsetData(self::CUSTOMER_ID_SESSION_NAME);
- $this->_getSession()->addSuccess(Mage::helper('customer')->__('Your password has been updated.'));
+ $this->_getSession()->addSuccess($this->_getHelper('customer')->__('Your password has been updated.'));
$this->_redirect('*/*/login');
} catch (Exception $exception) {
$this->_getSession()->addException($exception, $this->__('Cannot save a new password.'));
@@ -708,18 +858,18 @@ class Mage_Customer_AccountController extends Mage_Core_Controller_Front_Action
|| empty($customerId)
|| $customerId < 0
) {
- throw Mage::exception('Mage_Core', Mage::helper('customer')->__('Invalid password reset token.'));
+ throw Mage::exception('Mage_Core', $this->_getHelper('customer')->__('Invalid password reset token.'));
}
/** @var $customer Mage_Customer_Model_Customer */
- $customer = Mage::getModel('customer/customer')->load($customerId);
+ $customer = $this->_getModel('customer/customer')->load($customerId);
if (!$customer || !$customer->getId()) {
- throw Mage::exception('Mage_Core', Mage::helper('customer')->__('Wrong customer account specified.'));
+ throw Mage::exception('Mage_Core', $this->_getHelper('customer')->__('Wrong customer account specified.'));
}
$customerToken = $customer->getRpToken();
if (strcmp($customerToken, $resetPasswordLinkToken) != 0 || $customer->isResetPasswordLinkTokenExpired()) {
- throw Mage::exception('Mage_Core', Mage::helper('customer')->__('Your password reset link has expired.'));
+ throw Mage::exception('Mage_Core', $this->_getHelper('customer')->__('Your password reset link has expired.'));
}
}
@@ -741,7 +891,7 @@ class Mage_Customer_AccountController extends Mage_Core_Controller_Front_Action
if (!empty($data)) {
$customer->addData($data);
}
- if ($this->getRequest()->getParam('changepass')==1){
+ if ($this->getRequest()->getParam('changepass') == 1) {
$customer->setChangePassword(1);
}
@@ -764,7 +914,7 @@ class Mage_Customer_AccountController extends Mage_Core_Controller_Front_Action
$customer = $this->_getSession()->getCustomer();
/** @var $customerForm Mage_Customer_Model_Form */
- $customerForm = Mage::getModel('customer/form');
+ $customerForm = $this->_getModel('customer/form');
$customerForm->setFormCode('customer_account_edit')
->setEntity($customer);
@@ -785,7 +935,7 @@ class Mage_Customer_AccountController extends Mage_Core_Controller_Front_Action
$confPass = $this->getRequest()->getPost('confirmation');
$oldPass = $this->_getSession()->getCustomer()->getPasswordHash();
- if (Mage::helper('core/string')->strpos($oldPass, ':')) {
+ if ($this->_getHelper('core/string')->strpos($oldPass, ':')) {
list($_salt, $salt) = explode(':', $oldPass);
} else {
$salt = false;
@@ -863,7 +1013,7 @@ class Mage_Customer_AccountController extends Mage_Core_Controller_Front_Action
*/
protected function _isVatValidationEnabled($store = null)
{
- return Mage::helper('customer/address')->isVatValidationEnabled($store);
+ return $this->_getHelper('customer/address')->isVatValidationEnabled($store);
}
/**
diff --git app/code/core/Mage/Customer/controllers/AddressController.php app/code/core/Mage/Customer/controllers/AddressController.php
index 22dcc23..ab0916f 100644
--- app/code/core/Mage/Customer/controllers/AddressController.php
+++ app/code/core/Mage/Customer/controllers/AddressController.php
@@ -163,6 +163,9 @@ class Mage_Customer_AddressController extends Mage_Core_Controller_Front_Action
public function deleteAction()
{
+ if (!$this->_validateFormKey()) {
+ return $this->_redirect('*/*/');
+ }
$addressId = $this->getRequest()->getParam('id', false);
if ($addressId) {
diff --git app/code/core/Mage/Dataflow/Model/Profile.php app/code/core/Mage/Dataflow/Model/Profile.php
index b6062cd..20bdf0e 100644
--- app/code/core/Mage/Dataflow/Model/Profile.php
+++ app/code/core/Mage/Dataflow/Model/Profile.php
@@ -64,10 +64,14 @@ class Mage_Dataflow_Model_Profile extends Mage_Core_Model_Abstract
protected function _afterLoad()
{
+ $guiData = '';
if (is_string($this->getGuiData())) {
- $guiData = unserialize($this->getGuiData());
- } else {
- $guiData = '';
+ try {
+ $guiData = Mage::helper('core/unserializeArray')
+ ->unserialize($this->getGuiData());
+ } catch (Exception $e) {
+ Mage::logException($e);
+ }
}
$this->setGuiData($guiData);
@@ -127,7 +131,13 @@ class Mage_Dataflow_Model_Profile extends Mage_Core_Model_Abstract
protected function _afterSave()
{
if (is_string($this->getGuiData())) {
- $this->setGuiData(unserialize($this->getGuiData()));
+ try {
+ $guiData = Mage::helper('core/unserializeArray')
+ ->unserialize($this->getGuiData());
+ $this->setGuiData($guiData);
+ } catch (Exception $e) {
+ Mage::logException($e);
+ }
}
$profileHistory = Mage::getModel('dataflow/profile_history');
diff --git app/code/core/Mage/Downloadable/Block/Adminhtml/Catalog/Product/Edit/Tab/Downloadable/Links.php app/code/core/Mage/Downloadable/Block/Adminhtml/Catalog/Product/Edit/Tab/Downloadable/Links.php
index 6156e3b..d88c7fd 100644
--- app/code/core/Mage/Downloadable/Block/Adminhtml/Catalog/Product/Edit/Tab/Downloadable/Links.php
+++ app/code/core/Mage/Downloadable/Block/Adminhtml/Catalog/Product/Edit/Tab/Downloadable/Links.php
@@ -32,7 +32,7 @@
* @author Magento Core Team <core@magentocommerce.com>
*/
class Mage_Downloadable_Block_Adminhtml_Catalog_Product_Edit_Tab_Downloadable_Links
- extends Mage_Adminhtml_Block_Template
+ extends Mage_Uploader_Block_Single
{
/**
* Purchased Separately Attribute cache
@@ -245,6 +245,7 @@ class Mage_Downloadable_Block_Adminhtml_Catalog_Product_Edit_Tab_Downloadable_Li
*/
protected function _prepareLayout()
{
+ parent::_prepareLayout();
$this->setChild(
'upload_button',
$this->getLayout()->createBlock('adminhtml/widget_button')->addData(array(
@@ -254,6 +255,10 @@ class Mage_Downloadable_Block_Adminhtml_Catalog_Product_Edit_Tab_Downloadable_Li
'onclick' => 'Downloadable.massUploadByType(\'links\');Downloadable.massUploadByType(\'linkssample\')'
))
);
+ $this->_addElementIdsMapping(array(
+ 'container' => $this->getHtmlId() . '-new',
+ 'delete' => $this->getHtmlId() . '-delete'
+ ));
}
/**
@@ -273,33 +278,56 @@ class Mage_Downloadable_Block_Adminhtml_Catalog_Product_Edit_Tab_Downloadable_Li
*/
public function getConfigJson($type='links')
{
- $this->getConfig()->setUrl(Mage::getModel('adminhtml/url')->addSessionParam()
- ->getUrl('*/downloadable_file/upload', array('type' => $type, '_secure' => true)));
- $this->getConfig()->setParams(array('form_key' => $this->getFormKey()));
- $this->getConfig()->setFileField($type);
- $this->getConfig()->setFilters(array(
- 'all' => array(
- 'label' => Mage::helper('adminhtml')->__('All Files'),
- 'files' => array('*.*')
+
+ $this->getUploaderConfig()
+ ->setFileParameterName($type)
+ ->setTarget(
+ Mage::getModel('adminhtml/url')
+ ->addSessionParam()
+ ->getUrl('*/downloadable_file/upload', array('type' => $type, '_secure' => true))
+ );
+ $this->getMiscConfig()
+ ->setReplaceBrowseWithRemove(true)
+ ;
+ return Mage::helper('core')->jsonEncode(parent::getJsonConfig());
+ }
+
+ /**
+ * @return string
+ */
+ public function getBrowseButtonHtml($type = '')
+ {
+ return $this->getChild('browse_button')
+ // Workaround for IE9
+ ->setBeforeHtml(
+ '<div style="display:inline-block; " id="downloadable_link_{{id}}_' . $type . 'file-browse">'
)
- ));
- $this->getConfig()->setReplaceBrowseWithRemove(true);
- $this->getConfig()->setWidth('32');
- $this->getConfig()->setHideUploadButton(true);
- return Mage::helper('core')->jsonEncode($this->getConfig()->getData());
+ ->setAfterHtml('</div>')
+ ->setId('downloadable_link_{{id}}_' . $type . 'file-browse_button')
+ ->toHtml();
}
+
/**
- * Retrive config object
+ * @return string
+ */
+ public function getDeleteButtonHtml($type = '')
+ {
+ return $this->getChild('delete_button')
+ ->setLabel('')
+ ->setId('downloadable_link_{{id}}_' . $type . 'file-delete')
+ ->setStyle('display:none; width:31px;')
+ ->toHtml();
+ }
+
+ /**
+ * Retrieve config object
*
- * @return Varien_Config
+ * @deprecated
+ * @return $this
*/
public function getConfig()
{
- if(is_null($this->_config)) {
- $this->_config = new Varien_Object();
- }
-
- return $this->_config;
+ return $this;
}
}
diff --git app/code/core/Mage/Downloadable/Block/Adminhtml/Catalog/Product/Edit/Tab/Downloadable/Samples.php app/code/core/Mage/Downloadable/Block/Adminhtml/Catalog/Product/Edit/Tab/Downloadable/Samples.php
index 94e9040..0d2b560 100644
--- app/code/core/Mage/Downloadable/Block/Adminhtml/Catalog/Product/Edit/Tab/Downloadable/Samples.php
+++ app/code/core/Mage/Downloadable/Block/Adminhtml/Catalog/Product/Edit/Tab/Downloadable/Samples.php
@@ -32,7 +32,7 @@
* @author Magento Core Team <core@magentocommerce.com>
*/
class Mage_Downloadable_Block_Adminhtml_Catalog_Product_Edit_Tab_Downloadable_Samples
- extends Mage_Adminhtml_Block_Widget
+ extends Mage_Uploader_Block_Single
{
/**
* Class constructor
@@ -148,6 +148,7 @@ class Mage_Downloadable_Block_Adminhtml_Catalog_Product_Edit_Tab_Downloadable_Sa
*/
protected function _prepareLayout()
{
+ parent::_prepareLayout();
$this->setChild(
'upload_button',
$this->getLayout()->createBlock('adminhtml/widget_button')
@@ -158,6 +159,11 @@ class Mage_Downloadable_Block_Adminhtml_Catalog_Product_Edit_Tab_Downloadable_Sa
'onclick' => 'Downloadable.massUploadByType(\'samples\')'
))
);
+
+ $this->_addElementIdsMapping(array(
+ 'container' => $this->getHtmlId() . '-new',
+ 'delete' => $this->getHtmlId() . '-delete'
+ ));
}
/**
@@ -171,40 +177,59 @@ class Mage_Downloadable_Block_Adminhtml_Catalog_Product_Edit_Tab_Downloadable_Sa
}
/**
- * Retrive config json
+ * Retrieve config json
*
* @return string
*/
public function getConfigJson()
{
- $this->getConfig()->setUrl(Mage::getModel('adminhtml/url')
- ->addSessionParam()
- ->getUrl('*/downloadable_file/upload', array('type' => 'samples', '_secure' => true)));
- $this->getConfig()->setParams(array('form_key' => $this->getFormKey()));
- $this->getConfig()->setFileField('samples');
- $this->getConfig()->setFilters(array(
- 'all' => array(
- 'label' => Mage::helper('adminhtml')->__('All Files'),
- 'files' => array('*.*')
- )
- ));
- $this->getConfig()->setReplaceBrowseWithRemove(true);
- $this->getConfig()->setWidth('32');
- $this->getConfig()->setHideUploadButton(true);
- return Mage::helper('core')->jsonEncode($this->getConfig()->getData());
+ $this->getUploaderConfig()
+ ->setFileParameterName('samples')
+ ->setTarget(
+ Mage::getModel('adminhtml/url')
+ ->addSessionParam()
+ ->getUrl('*/downloadable_file/upload', array('type' => 'samples', '_secure' => true))
+ );
+ $this->getMiscConfig()
+ ->setReplaceBrowseWithRemove(true)
+ ;
+ return Mage::helper('core')->jsonEncode(parent::getJsonConfig());
}
/**
- * Retrive config object
+ * @return string
+ */
+ public function getBrowseButtonHtml()
+ {
+ return $this->getChild('browse_button')
+ // Workaround for IE9
+ ->setBeforeHtml('<div style="display:inline-block; " id="downloadable_sample_{{id}}_file-browse">')
+ ->setAfterHtml('</div>')
+ ->setId('downloadable_sample_{{id}}_file-browse_button')
+ ->toHtml();
+ }
+
+
+ /**
+ * @return string
+ */
+ public function getDeleteButtonHtml()
+ {
+ return $this->getChild('delete_button')
+ ->setLabel('')
+ ->setId('downloadable_sample_{{id}}_file-delete')
+ ->setStyle('display:none; width:31px;')
+ ->toHtml();
+ }
+
+ /**
+ * Retrieve config object
*
- * @return Varien_Config
+ * @deprecated
+ * @return $this
*/
public function getConfig()
{
- if(is_null($this->_config)) {
- $this->_config = new Varien_Object();
- }
-
- return $this->_config;
+ return $this;
}
}
diff --git app/code/core/Mage/Downloadable/Helper/File.php app/code/core/Mage/Downloadable/Helper/File.php
index 8ec4dfb..6241fb9 100644
--- app/code/core/Mage/Downloadable/Helper/File.php
+++ app/code/core/Mage/Downloadable/Helper/File.php
@@ -33,15 +33,35 @@
*/
class Mage_Downloadable_Helper_File extends Mage_Core_Helper_Abstract
{
+ /**
+ * @see Mage_Uploader_Helper_File::getMimeTypes
+ * @var array
+ */
+ protected $_mimeTypes;
+
+ /**
+ * @var Mage_Uploader_Helper_File
+ */
+ protected $_fileHelper;
+
+ /**
+ * Populate self::_mimeTypes array with values that set in config or pre-defined
+ */
public function __construct()
{
- $nodes = Mage::getConfig()->getNode('global/mime/types');
- if ($nodes) {
- $nodes = (array)$nodes;
- foreach ($nodes as $key => $value) {
- self::$_mimeTypes[$key] = $value;
- }
+ $this->_mimeTypes = $this->_getFileHelper()->getMimeTypes();
+ }
+
+ /**
+ * @return Mage_Uploader_Helper_File
+ */
+ protected function _getFileHelper()
+ {
+ if (!$this->_fileHelper) {
+ $this->_fileHelper = Mage::helper('uploader/file');
}
+
+ return $this->_fileHelper;
}
/**
@@ -152,628 +172,48 @@ class Mage_Downloadable_Helper_File extends Mage_Core_Helper_Abstract
return $file;
}
+ /**
+ * Get MIME type for $filePath
+ *
+ * @param $filePath
+ * @return string
+ */
public function getFileType($filePath)
{
$ext = substr($filePath, strrpos($filePath, '.')+1);
return $this->_getFileTypeByExt($ext);
}
+ /**
+ * Get MIME type by file extension
+ *
+ * @param $ext
+ * @return string
+ * @deprecated
+ */
protected function _getFileTypeByExt($ext)
{
- $type = 'x' . $ext;
- if (isset(self::$_mimeTypes[$type])) {
- return self::$_mimeTypes[$type];
- }
- return 'application/octet-stream';
+ return $this->_getFileHelper()->getMimeTypeByExtension($ext);
}
+ /**
+ * Get all MIME types
+ *
+ * @return array
+ */
public function getAllFileTypes()
{
- return array_values(self::getAllMineTypes());
+ return array_values($this->getAllMineTypes());
}
+ /**
+ * Get list of all MIME types
+ *
+ * @return array
+ */
public function getAllMineTypes()
{
- return self::$_mimeTypes;
+ return $this->_mimeTypes;
}
- protected static $_mimeTypes =
- array(
- 'x123' => 'application/vnd.lotus-1-2-3',
- 'x3dml' => 'text/vnd.in3d.3dml',
- 'x3g2' => 'video/3gpp2',
- 'x3gp' => 'video/3gpp',
- 'xace' => 'application/x-ace-compressed',
- 'xacu' => 'application/vnd.acucobol',
- 'xaep' => 'application/vnd.audiograph',
- 'xai' => 'application/postscript',
- 'xaif' => 'audio/x-aiff',
-
- 'xaifc' => 'audio/x-aiff',
- 'xaiff' => 'audio/x-aiff',
- 'xami' => 'application/vnd.amiga.ami',
- 'xapr' => 'application/vnd.lotus-approach',
- 'xasf' => 'video/x-ms-asf',
- 'xaso' => 'application/vnd.accpac.simply.aso',
- 'xasx' => 'video/x-ms-asf',
- 'xatom' => 'application/atom+xml',
- 'xatomcat' => 'application/atomcat+xml',
-
- 'xatomsvc' => 'application/atomsvc+xml',
- 'xatx' => 'application/vnd.antix.game-component',
- 'xau' => 'audio/basic',
- 'xavi' => 'video/x-msvideo',
- 'xbat' => 'application/x-msdownload',
- 'xbcpio' => 'application/x-bcpio',
- 'xbdm' => 'application/vnd.syncml.dm+wbxml',
- 'xbh2' => 'application/vnd.fujitsu.oasysprs',
- 'xbmi' => 'application/vnd.bmi',
-
- 'xbmp' => 'image/bmp',
- 'xbox' => 'application/vnd.previewsystems.box',
- 'xboz' => 'application/x-bzip2',
- 'xbtif' => 'image/prs.btif',
- 'xbz' => 'application/x-bzip',
- 'xbz2' => 'application/x-bzip2',
- 'xcab' => 'application/vnd.ms-cab-compressed',
- 'xccxml' => 'application/ccxml+xml',
- 'xcdbcmsg' => 'application/vnd.contact.cmsg',
-
- 'xcdkey' => 'application/vnd.mediastation.cdkey',
- 'xcdx' => 'chemical/x-cdx',
- 'xcdxml' => 'application/vnd.chemdraw+xml',
- 'xcdy' => 'application/vnd.cinderella',
- 'xcer' => 'application/pkix-cert',
- 'xcgm' => 'image/cgm',
- 'xchat' => 'application/x-chat',
- 'xchm' => 'application/vnd.ms-htmlhelp',
- 'xchrt' => 'application/vnd.kde.kchart',
-
- 'xcif' => 'chemical/x-cif',
- 'xcii' => 'application/vnd.anser-web-certificate-issue-initiation',
- 'xcil' => 'application/vnd.ms-artgalry',
- 'xcla' => 'application/vnd.claymore',
- 'xclkk' => 'application/vnd.crick.clicker.keyboard',
- 'xclkp' => 'application/vnd.crick.clicker.palette',
- 'xclkt' => 'application/vnd.crick.clicker.template',
- 'xclkw' => 'application/vnd.crick.clicker.wordbank',
- 'xclkx' => 'application/vnd.crick.clicker',
-
- 'xclp' => 'application/x-msclip',
- 'xcmc' => 'application/vnd.cosmocaller',
- 'xcmdf' => 'chemical/x-cmdf',
- 'xcml' => 'chemical/x-cml',
- 'xcmp' => 'application/vnd.yellowriver-custom-menu',
- 'xcmx' => 'image/x-cmx',
- 'xcom' => 'application/x-msdownload',
- 'xconf' => 'text/plain',
- 'xcpio' => 'application/x-cpio',
-
- 'xcpt' => 'application/mac-compactpro',
- 'xcrd' => 'application/x-mscardfile',
- 'xcrl' => 'application/pkix-crl',
- 'xcrt' => 'application/x-x509-ca-cert',
- 'xcsh' => 'application/x-csh',
- 'xcsml' => 'chemical/x-csml',
- 'xcss' => 'text/css',
- 'xcsv' => 'text/csv',
- 'xcurl' => 'application/vnd.curl',
-
- 'xcww' => 'application/prs.cww',
- 'xdaf' => 'application/vnd.mobius.daf',
- 'xdavmount' => 'application/davmount+xml',
- 'xdd2' => 'application/vnd.oma.dd2+xml',
- 'xddd' => 'application/vnd.fujixerox.ddd',
- 'xdef' => 'text/plain',
- 'xder' => 'application/x-x509-ca-cert',
- 'xdfac' => 'application/vnd.dreamfactory',
- 'xdis' => 'application/vnd.mobius.dis',
-
- 'xdjv' => 'image/vnd.djvu',
- 'xdjvu' => 'image/vnd.djvu',
- 'xdll' => 'application/x-msdownload',
- 'xdna' => 'application/vnd.dna',
- 'xdoc' => 'application/msword',
- 'xdot' => 'application/msword',
- 'xdp' => 'application/vnd.osgi.dp',
- 'xdpg' => 'application/vnd.dpgraph',
- 'xdsc' => 'text/prs.lines.tag',
-
- 'xdtd' => 'application/xml-dtd',
- 'xdvi' => 'application/x-dvi',
- 'xdwf' => 'model/vnd.dwf',
- 'xdwg' => 'image/vnd.dwg',
- 'xdxf' => 'image/vnd.dxf',
- 'xdxp' => 'application/vnd.spotfire.dxp',
- 'xecelp4800' => 'audio/vnd.nuera.ecelp4800',
- 'xecelp7470' => 'audio/vnd.nuera.ecelp7470',
- 'xecelp9600' => 'audio/vnd.nuera.ecelp9600',
-
- 'xecma' => 'application/ecmascript',
- 'xedm' => 'application/vnd.novadigm.edm',
- 'xedx' => 'application/vnd.novadigm.edx',
- 'xefif' => 'application/vnd.picsel',
- 'xei6' => 'application/vnd.pg.osasli',
- 'xeml' => 'message/rfc822',
- 'xeol' => 'audio/vnd.digital-winds',
- 'xeot' => 'application/vnd.ms-fontobject',
- 'xeps' => 'application/postscript',
-
- 'xesf' => 'application/vnd.epson.esf',
- 'xetx' => 'text/x-setext',
- 'xexe' => 'application/x-msdownload',
- 'xext' => 'application/vnd.novadigm.ext',
- 'xez' => 'application/andrew-inset',
- 'xez2' => 'application/vnd.ezpix-album',
- 'xez3' => 'application/vnd.ezpix-package',
- 'xfbs' => 'image/vnd.fastbidsheet',
- 'xfdf' => 'application/vnd.fdf',
-
- 'xfe_launch' => 'application/vnd.denovo.fcselayout-link',
- 'xfg5' => 'application/vnd.fujitsu.oasysgp',
- 'xfli' => 'video/x-fli',
- 'xflo' => 'application/vnd.micrografx.flo',
- 'xflw' => 'application/vnd.kde.kivio',
- 'xflx' => 'text/vnd.fmi.flexstor',
- 'xfly' => 'text/vnd.fly',
- 'xfnc' => 'application/vnd.frogans.fnc',
- 'xfpx' => 'image/vnd.fpx',
-
- 'xfsc' => 'application/vnd.fsc.weblaunch',
- 'xfst' => 'image/vnd.fst',
- 'xftc' => 'application/vnd.fluxtime.clip',
- 'xfti' => 'application/vnd.anser-web-funds-transfer-initiation',
- 'xfvt' => 'video/vnd.fvt',
- 'xfzs' => 'application/vnd.fuzzysheet',
- 'xg3' => 'image/g3fax',
- 'xgac' => 'application/vnd.groove-account',
- 'xgdl' => 'model/vnd.gdl',
-
- 'xghf' => 'application/vnd.groove-help',
- 'xgif' => 'image/gif',
- 'xgim' => 'application/vnd.groove-identity-message',
- 'xgph' => 'application/vnd.flographit',
- 'xgram' => 'application/srgs',
- 'xgrv' => 'application/vnd.groove-injector',
- 'xgrxml' => 'application/srgs+xml',
- 'xgtar' => 'application/x-gtar',
- 'xgtm' => 'application/vnd.groove-tool-message',
-
- 'xgtw' => 'model/vnd.gtw',
- 'xh261' => 'video/h261',
- 'xh263' => 'video/h263',
- 'xh264' => 'video/h264',
- 'xhbci' => 'application/vnd.hbci',
- 'xhdf' => 'application/x-hdf',
- 'xhlp' => 'application/winhlp',
- 'xhpgl' => 'application/vnd.hp-hpgl',
- 'xhpid' => 'application/vnd.hp-hpid',
-
- 'xhps' => 'application/vnd.hp-hps',
- 'xhqx' => 'application/mac-binhex40',
- 'xhtke' => 'application/vnd.kenameaapp',
- 'xhtm' => 'text/html',
- 'xhtml' => 'text/html',
- 'xhvd' => 'application/vnd.yamaha.hv-dic',
- 'xhvp' => 'application/vnd.yamaha.hv-voice',
- 'xhvs' => 'application/vnd.yamaha.hv-script',
- 'xice' => '#x-conference/x-cooltalk',
-