#!/bin/bash# Patch apllying tool template# v0.1.2# (c) Copyright 2013. Mag

1. #!/bin/bash
2. # Patch apllying tool template
3. # v0.1.2
4. # (c) Copyright 2013. Magento Inc.
5. #
6. # DO NOT CHANGE ANY LINE IN THIS FILE.
7.  
8. # 1. Check required system tools
9. _check_installed_tools() {
10. local missed=""
11.  
12. until [ -z "$1" ]; do
13. type -t $1 >/dev/null 2>/dev/null
14. if (( $? != 0 )); then
15. missed="$missed $1"
16. fi
17. shift
18. done
19.  
20. echo $missed
21. }
22.  
23. REQUIRED_UTILS='sed patch'
24. MISSED_REQUIRED_TOOLS=`_check_installed_tools $REQUIRED_UTILS`
25. if (( `echo $MISSED_REQUIRED_TOOLS | wc -w` > 0 ));
26. then
27. echo -e "Error! Some required system tools, that are utilized in this sh script, are not installed:\nTool(s) \"$MISSED_REQUIRED_TOOLS\" is(are) missed, please install it(them)."
28. exit 1
29. fi
30.  
31. # 2. Determine bin path for system tools
32. CAT_BIN=`which cat`
33. PATCH_BIN=`which patch`
34. SED_BIN=`which sed`
35. PWD_BIN=`which pwd`
36. BASENAME_BIN=`which basename`
37.  
38. BASE_NAME=`$BASENAME_BIN "$0"`
39.  
40. # 3. Help menu
41. if [ "$1" = "-?" -o "$1" = "-h" -o "$1" = "--help" ]
42. then
43. $CAT_BIN << EOFH
44. Usage: sh $BASE_NAME [--help] [-R|--revert] [--list]
45. Apply embedded patch.
46.  
47. -R, --revert Revert previously applied embedded patch
48. --list Show list of applied patches
49. --help Show this help message
50. EOFH
51. exit 0
52. fi
53.  
54. # 4. Get "revert" flag and "list applied patches" flag
55. REVERT_FLAG=
56. SHOW_APPLIED_LIST=0
57. if [ "$1" = "-R" -o "$1" = "--revert" ]
58. then
59. REVERT_FLAG=-R
60. fi
61. if [ "$1" = "--list" ]
62. then
63. SHOW_APPLIED_LIST=1
64. fi
65.  
66. # 5. File pathes
67. CURRENT_DIR=`$PWD_BIN`/
68. APP_ETC_DIR=`echo "$CURRENT_DIR""app/etc/"`
69. APPLIED_PATCHES_LIST_FILE=`echo "$APP_ETC_DIR""applied.patches.list"`
70.  
71. # 6. Show applied patches list if requested
72. if [ "$SHOW_APPLIED_LIST" -eq 1 ] ; then
73. echo -e "Applied/reverted patches list:"
74. if [ -e "$APPLIED_PATCHES_LIST_FILE" ]
75. then
76. if [ ! -r "$APPLIED_PATCHES_LIST_FILE" ]
77. then
78. echo "ERROR: \"$APPLIED_PATCHES_LIST_FILE\" must be readable so applied patches list can be shown."
79. exit 1
80. else
81. $SED_BIN -n "/SUP-\|SUPEE-/p" $APPLIED_PATCHES_LIST_FILE
82. fi
83. else
84. echo "<empty>"
85. fi
86. exit 0
87. fi
88.  
89. # 7. Check applied patches track file and its directory
90. _check_files() {
91. if [ ! -e "$APP_ETC_DIR" ]
92. then
93. echo "ERROR: \"$APP_ETC_DIR\" must exist for proper tool work."
94. exit 1
95. fi
96.  
97. if [ ! -w "$APP_ETC_DIR" ]
98. then
99. echo "ERROR: \"$APP_ETC_DIR\" must be writeable for proper tool work."
100. exit 1
101. fi
102.  
103. if [ -e "$APPLIED_PATCHES_LIST_FILE" ]
104. then
105. if [ ! -w "$APPLIED_PATCHES_LIST_FILE" ]
106. then
107. echo "ERROR: \"$APPLIED_PATCHES_LIST_FILE\" must be writeable for proper tool work."
108. exit 1
109. fi
110. fi
111. }
112.  
113. _check_files
114.  
115. # 8. Apply/revert patch
116. # Note: there is no need to check files permissions for files to be patched.
117. # "patch" tool will not modify any file if there is not enough permissions for all files to be modified.
118. # Get start points for additional information and patch data
119. SKIP_LINES=$((`$SED_BIN -n "/^__PATCHFILE_FOLLOWS__$/=" "$CURRENT_DIR""$BASE_NAME"` + 1))
120. ADDITIONAL_INFO_LINE=$(($SKIP_LINES - 3))p
121.  
122. _apply_revert_patch() {
123. DRY_RUN_FLAG=
124. if [ "$1" = "dry-run" ]
125. then
126. DRY_RUN_FLAG=" --dry-run"
127. echo "Checking if patch can be applied/reverted successfully..."
128. fi
129. PATCH_APPLY_REVERT_RESULT=`$SED_BIN -e '1,/^__PATCHFILE_FOLLOWS__$/d' "$CURRENT_DIR""$BASE_NAME" | $PATCH_BIN $DRY_RUN_FLAG $REVERT_FLAG -p0`
130. PATCH_APPLY_REVERT_STATUS=$?
131. if [ $PATCH_APPLY_REVERT_STATUS -eq 1 ] ; then
132. echo -e "ERROR: Patch can't be applied/reverted successfully.\n\n$PATCH_APPLY_REVERT_RESULT"
133. exit 1
134. fi
135. if [ $PATCH_APPLY_REVERT_STATUS -eq 2 ] ; then
136. echo -e "ERROR: Patch can't be applied/reverted successfully."
137. exit 2
138. fi
139. }
140.  
141. REVERTED_PATCH_MARK=
142. if [ -n "$REVERT_FLAG" ]
143. then
144. REVERTED_PATCH_MARK=" | REVERTED"
145. fi
146.  
147. _apply_revert_patch dry-run
148. _apply_revert_patch
149.  
150. # 9. Track patch applying result
151. echo "Patch was applied/reverted successfully."
152. ADDITIONAL_INFO=`$SED_BIN -n ""$ADDITIONAL_INFO_LINE"" "$CURRENT_DIR""$BASE_NAME"`
153. APPLIED_REVERTED_ON_DATE=`date -u +"%F %T UTC"`
154. APPLIED_REVERTED_PATCH_INFO=`echo -n "$APPLIED_REVERTED_ON_DATE"" | ""$ADDITIONAL_INFO""$REVERTED_PATCH_MARK"`
155. echo -e "$APPLIED_REVERTED_PATCH_INFO\n$PATCH_APPLY_REVERT_RESULT\n\n" >> "$APPLIED_PATCHES_LIST_FILE"
156.  
157. exit 0
158.  
159.  
160. SUPEE-7405-CE-1-6-2-0 | CE_1.6.2.0 | v1 | 3641e0c27c0ea27fbd0cf4aa7f93897695d4a396 | Thu Jan 14 10:53:16 2016 +0200 | ba4ae17ba0..3641e0c27c
161.  
162. __PATCHFILE_FOLLOWS__
163. diff --git app/code/core/Mage/Admin/Model/Observer.php app/code/core/Mage/Admin/Model/Observer.php
164. index 7aba3c0..3092a0f 100644
165. --- app/code/core/Mage/Admin/Model/Observer.php
166. +++ app/code/core/Mage/Admin/Model/Observer.php
167. @@ -41,16 +41,14 @@ class Mage_Admin_Model_Observer
168. */
169. public function actionPreDispatchAdmin($observer)
170. {
171. - $session = Mage::getSingleton('admin/session');
172. /** @var $session Mage_Admin_Model_Session */
173. + $session = Mage::getSingleton('admin/session');
174.  
175. - /**
176. - * @var $request Mage_Core_Controller_Request_Http
177. - */
178. + /** @var $request Mage_Core_Controller_Request_Http */
179. $request = Mage::app()->getRequest();
180. $user = $session->getUser();
181.  
182. - $requestedActionName = $request->getActionName();
183. + $requestedActionName = strtolower($request->getActionName());
184. $openActions = array(
185. 'forgotpassword',
186. 'resetpassword',
187. @@ -65,11 +63,26 @@ class Mage_Admin_Model_Observer
188. }
189. if (!$user || !$user->getId()) {
190. if ($request->getPost('login')) {
191. - $postLogin = $request->getPost('login');
192. - $username = isset($postLogin['username']) ? $postLogin['username'] : '';
193. - $password = isset($postLogin['password']) ? $postLogin['password'] : '';
194. - $user = $session->login($username, $password, $request);
195. - $request->setPost('login', null);
196. +
197. + /** @var Mage_Core_Model_Session $coreSession */
198. + $coreSession = Mage::getSingleton('core/session');
199. +
200. + if ($coreSession->validateFormKey($request->getPost("form_key"))) {
201. + $postLogin = $request->getPost('login');
202. + $username = isset($postLogin['username']) ? $postLogin['username'] : '';
203. + $password = isset($postLogin['password']) ? $postLogin['password'] : '';
204. + $session->login($username, $password, $request);
205. + $request->setPost('login', null);
206. + } else {
207. + if ($request && !$request->getParam('messageSent')) {
208. + Mage::getSingleton('adminhtml/session')->addError(
209. + Mage::helper('adminhtml')->__('Invalid Form Key. Please refresh the page.')
210. + );
211. + $request->setParam('messageSent', true);
212. + }
213. + }
214. +
215. + $coreSession->renewFormKey();
216. }
217. if (!$request->getInternallyForwarded()) {
218. $request->setInternallyForwarded();
219. diff --git app/code/core/Mage/Admin/Model/Redirectpolicy.php app/code/core/Mage/Admin/Model/Redirectpolicy.php
220. new file mode 100644
221. index 0000000..2dad8af
222. --- /dev/null
223. +++ app/code/core/Mage/Admin/Model/Redirectpolicy.php
224. @@ -0,0 +1,72 @@
225. +<?php
226. +/**
227. + * Magento
228. + *
229. + * NOTICE OF LICENSE
230. + *
231. + * This source file is subject to the Open Software License (OSL 3.0)
232. + * that is bundled with this package in the file LICENSE.txt.
233. + * It is also available through the world-wide-web at this URL:
234. + * http://opensource.org/licenses/osl-3.0.php
235. + * If you did not receive a copy of the license and are unable to
236. + * obtain it through the world-wide-web, please send an email
237. + * to license@magentocommerce.com so we can send you a copy immediately.
238. + *
239. + * DISCLAIMER
240. + *
241. + * Do not edit or add to this file if you wish to upgrade Magento to newer
242. + * versions in the future. If you wish to customize Magento for your
243. + * needs please refer to http://www.magentocommerce.com for more information.
244. + *
245. + * @category Mage
246. + * @package Mage_Admin
247. + * @copyright Copyright (c) 2014 Magento Inc. (http://www.magentocommerce.com)
248. + * @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
249. + */
250. +
251. +/**
252. + * Admin redirect policy model, guard admin from direct link to store/category/product deletion
253. + *
254. + * @category Mage
255. + * @package Mage_Admin
256. + * @author Magento Core Team <core@magentocommerce.com>
257. + */
258. +class Mage_Admin_Model_Redirectpolicy
259. +{
260. + /**
261. + * @var Mage_Adminhtml_Model_Url
262. + */
263. + protected $_urlModel;
264. +
265. + /**
266. + * @param array $parameters array('urlModel' => object)
267. + */
268. + public function __construct($parameters = array())
269. + {
270. + /** @var Mage_Adminhtml_Model_Url _urlModel */
271. + $this->_urlModel = (!empty($parameters['urlModel'])) ?
272. + $parameters['urlModel'] : Mage::getModel('adminhtml/url');
273. + }
274. +
275. + /**
276. + * Redirect to startup page after logging in if request contains any params (except security key)
277. + *
278. + * @param Mage_Admin_Model_User $user
279. + * @param Zend_Controller_Request_Http $request
280. + * @param string|null $alternativeUrl
281. + * @return null|string
282. + */
283. + public function getRedirectUrl(Mage_Admin_Model_User $user, Zend_Controller_Request_Http $request = null,
284. + $alternativeUrl = null)
285. + {
286. + if (empty($request)) {
287. + return;
288. + }
289. + $countRequiredParams = ($this->_urlModel->useSecretKey()
290. + && $request->getParam(Mage_Adminhtml_Model_Url::SECRET_KEY_PARAM_NAME)) ? 1 : 0;
291. + $countGetParams = count($request->getUserParams()) + count($request->getQuery());
292. +
293. + return ($countGetParams > $countRequiredParams) ?
294. + $this->_urlModel->getUrl($user->getStartupPageUrl()) : $alternativeUrl;
295. + }
296. +}
297. diff --git app/code/core/Mage/Admin/Model/Resource/User.php app/code/core/Mage/Admin/Model/Resource/User.php
298. index 36164a1..096d7c4 100755
299. --- app/code/core/Mage/Admin/Model/Resource/User.php
300. +++ app/code/core/Mage/Admin/Model/Resource/User.php
301. @@ -178,7 +178,7 @@ class Mage_Admin_Model_Resource_User extends Mage_Core_Model_Resource_Db_Abstrac
302. */
303. protected function _afterSave(Mage_Core_Model_Abstract $user)
304. {
305. - $user->setExtra(unserialize($user->getExtra()));
306. + $this->_unserializeExtraData($user);
307. return $this;
308. }
309.  
310. @@ -190,10 +190,7 @@ class Mage_Admin_Model_Resource_User extends Mage_Core_Model_Resource_Db_Abstrac
311. */
312. protected function _afterLoad(Mage_Core_Model_Abstract $user)
313. {
314. - if (is_string($user->getExtra())) {
315. - $user->setExtra(unserialize($user->getExtra()));
316. - }
317. - return parent::_afterLoad($user);
318. + return parent::_afterLoad($this->_unserializeExtraData($user));
319. }
320.  
321. /**
322. @@ -460,4 +457,21 @@ class Mage_Admin_Model_Resource_User extends Mage_Core_Model_Resource_Db_Abstrac
323.  
324. return $this;
325. }
326. +
327. + /**
328. + * Unserializes user extra data
329. + *
330. + * @param Mage_Core_Model_Abstract $user
331. + * @return Mage_Core_Model_Abstract
332. + */
333. + protected function _unserializeExtraData(Mage_Core_Model_Abstract $user)
334. + {
335. + try {
336. + $unsterilizedData = Mage::helper('core/unserializeArray')->unserialize($user->getExtra());
337. + $user->setExtra($unsterilizedData);
338. + } catch (Exception $e) {
339. + $user->setExtra(false);
340. + }
341. + return $user;
342. + }
343. }
344. diff --git app/code/core/Mage/Admin/Model/Session.php app/code/core/Mage/Admin/Model/Session.php
345. index 3f5cecb..625d610 100644
346. --- app/code/core/Mage/Admin/Model/Session.php
347. +++ app/code/core/Mage/Admin/Model/Session.php
348. @@ -43,11 +43,38 @@ class Mage_Admin_Model_Session extends Mage_Core_Model_Session_Abstract
349. protected $_isFirstPageAfterLogin;
350.  
351. /**
352. + * @var Mage_Admin_Model_Redirectpolicy
353. + */
354. + protected $_urlPolicy;
355. +
356. + /**
357. + * @var Mage_Core_Controller_Response_Http
358. + */
359. + protected $_response;
360. +
361. + /**
362. + * @var Mage_Core_Model_Factory
363. + */
364. + protected $_factory;
365. +
366. + /**
367. * Class constructor
368. *
369. */
370. - public function __construct()
371. + public function __construct($parameters = array())
372. {
373. + /** @var Mage_Admin_Model_Redirectpolicy _urlPolicy */
374. + $this->_urlPolicy = (!empty($parameters['redirectPolicy'])) ?
375. + $parameters['redirectPolicy'] : Mage::getModel('admin/redirectpolicy');
376. +
377. + /** @var Mage_Core_Controller_Response_Http _response */
378. + $this->_response = (!empty($parameters['response'])) ?
379. + $parameters['response'] : new Mage_Core_Controller_Response_Http();
380. +
381. + /** @var $user Mage_Core_Model_Factory */
382. + $this->_factory = (!empty($parameters['factory'])) ?
383. + $parameters['factory'] : Mage::getModel('core/factory');
384. +
385. $this->init('admin');
386. }
387.  
388. @@ -87,7 +114,7 @@ class Mage_Admin_Model_Session extends Mage_Core_Model_Session_Abstract
389.  
390. try {
391. /* @var $user Mage_Admin_Model_User */
392. - $user = Mage::getModel('admin/user');
393. + $user = $this->_factory->getModel('admin/user');
394. $user->login($username, $password);
395. if ($user->getId()) {
396. $this->renewSession();
397. @@ -98,14 +125,17 @@ class Mage_Admin_Model_Session extends Mage_Core_Model_Session_Abstract
398. $this->setIsFirstPageAfterLogin(true);
399. $this->setUser($user);
400. $this->setAcl(Mage::getResourceModel('admin/acl')->loadAcl());
401. - if ($requestUri = $this->_getRequestUri($request)) {
402. +
403. + $alternativeUrl = $this->_getRequestUri($request);
404. + $redirectUrl = $this->_urlPolicy->getRedirectUrl($user, $request, $alternativeUrl);
405. + if ($redirectUrl) {
406. Mage::dispatchEvent('admin_session_user_login_success', array('user' => $user));
407. - header('Location: ' . $requestUri);
408. - exit;
409. + $this->_response->clearHeaders()
410. + ->setRedirect($redirectUrl)
411. + ->sendHeadersAndExit();
412. }
413. - }
414. - else {
415. - Mage::throwException(Mage::helper('adminhtml')->__('Invalid Username or Password.'));
416. + } else {
417. + Mage::throwException(Mage::helper('adminhtml')->__('Invalid User Name or Password.'));
418. }
419. }
420. catch (Mage_Core_Exception $e) {
421. diff --git app/code/core/Mage/Admin/Model/User.php app/code/core/Mage/Admin/Model/User.php
422. index f9b37be..1ecb287 100644
423. --- app/code/core/Mage/Admin/Model/User.php
424. +++ app/code/core/Mage/Admin/Model/User.php
425. @@ -498,7 +498,7 @@ class Mage_Admin_Model_User extends Mage_Core_Model_Abstract
426. */
427. public function validate()
428. {
429. - $errors = array();
430. + $errors = new ArrayObject();
431.  
432. if (!Zend_Validate::is($this->getUsername(), 'NotEmpty')) {
433. $errors[] = Mage::helper('adminhtml')->__('User Name is required field.');
434. @@ -530,16 +530,21 @@ class Mage_Admin_Model_User extends Mage_Core_Model_Abstract
435. if ($this->hasPasswordConfirmation() && $this->getNewPassword() != $this->getPasswordConfirmation()) {
436. $errors[] = Mage::helper('adminhtml')->__('Password confirmation must be same as password.');
437. }
438. +
439. + Mage::dispatchEvent('admin_user_validate', array(
440. + 'user' => $this,
441. + 'errors' => $errors,
442. + ));
443. }
444.  
445. if ($this->userExists()) {
446. $errors[] = Mage::helper('adminhtml')->__('A user with the same user name or email aleady exists.');
447. }
448.  
449. - if (empty($errors)) {
450. + if (count($errors) === 0) {
451. return true;
452. }
453. - return $errors;
454. + return (array)$errors;
455. }
456.  
457. /**
458. diff --git app/code/core/Mage/Adminhtml/Block/Sales/Order/View/Tab/History.php app/code/core/Mage/Adminhtml/Block/Sales/Order/View/Tab/History.php
459. index 2d62888..e56ccaf 100644
460. --- app/code/core/Mage/Adminhtml/Block/Sales/Order/View/Tab/History.php
461. +++ app/code/core/Mage/Adminhtml/Block/Sales/Order/View/Tab/History.php
462. @@ -162,8 +162,14 @@ class Mage_Adminhtml_Block_Sales_Order_View_Tab_History
463. */
464. public function getItemComment(array $item)
465. {
466. - $allowedTags = array('b','br','strong','i','u');
467. - return (isset($item['comment']) ? $this->escapeHtml($item['comment'], $allowedTags) : '');
468. + $strItemComment = '';
469. + if (isset($item['comment'])) {
470. + $allowedTags = array('b', 'br', 'strong', 'i', 'u', 'a');
471. + /** @var Mage_Adminhtml_Helper_Sales $salesHelper */
472. + $salesHelper = Mage::helper('adminhtml/sales');
473. + $strItemComment = $salesHelper->escapeHtmlWithLinks($item['comment'], $allowedTags);
474. + }
475. + return $strItemComment;
476. }
477.  
478. /**
479. diff --git app/code/core/Mage/Adminhtml/Block/Widget/Grid.php app/code/core/Mage/Adminhtml/Block/Widget/Grid.php
480. index 607f172..65ff615 100644
481. --- app/code/core/Mage/Adminhtml/Block/Widget/Grid.php
482. +++ app/code/core/Mage/Adminhtml/Block/Widget/Grid.php
483. @@ -970,7 +970,10 @@ class Mage_Adminhtml_Block_Widget_Grid extends Mage_Adminhtml_Block_Widget
484. $row[] = $column->getRowFieldExport($item);
485. }
486. }
487. - $adapter->streamWriteCsv($row);
488. +
489. + $adapter->streamWriteCsv(
490. + Mage::helper("core")->getEscapedCSVData($row)
491. + );
492. }
493.  
494. /**
495. @@ -1000,7 +1003,9 @@ class Mage_Adminhtml_Block_Widget_Grid extends Mage_Adminhtml_Block_Widget
496. $this->_exportIterateCollection('_exportCsvItem', array($io));
497.  
498. if ($this->getCountTotals()) {
499. - $io->streamWriteCsv($this->_getExportTotals());
500. + $io->streamWriteCsv(
501. + Mage::helper("core")->getEscapedCSVData($this->_getExportTotals())
502. + );
503. }
504.  
505. $io->streamUnlock();
506. @@ -1644,5 +1649,4 @@ class Mage_Adminhtml_Block_Widget_Grid extends Mage_Adminhtml_Block_Widget
507. $res = parent::getRowUrl($item);
508. return ($res ? $res : '#');
509. }
510. -
511. }
512. diff --git app/code/core/Mage/Adminhtml/Helper/Catalog/Product/Edit/Action/Attribute.php app/code/core/Mage/Adminhtml/Helper/Catalog/Product/Edit/Action/Attribute.php
513. index 0c447db..46c8740 100644
514. --- app/code/core/Mage/Adminhtml/Helper/Catalog/Product/Edit/Action/Attribute.php
515. +++ app/code/core/Mage/Adminhtml/Helper/Catalog/Product/Edit/Action/Attribute.php
516. @@ -87,7 +87,7 @@ class Mage_Adminhtml_Helper_Catalog_Product_Edit_Action_Attribute extends Mage_C
517. {
518. $session = Mage::getSingleton('adminhtml/session');
519.  
520. - if ($this->_getRequest()->isPost() && $this->_getRequest()->getActionName() == 'edit') {
521. + if ($this->_getRequest()->isPost() && strtolower($this->_getRequest()->getActionName()) == 'edit') {
522. $session->setProductIds($this->_getRequest()->getParam('product', null));
523. }
524.  
525. diff --git app/code/core/Mage/Adminhtml/Helper/Sales.php app/code/core/Mage/Adminhtml/Helper/Sales.php
526. index ea23e93..a222234 100644
527. --- app/code/core/Mage/Adminhtml/Helper/Sales.php
528. +++ app/code/core/Mage/Adminhtml/Helper/Sales.php
529. @@ -110,4 +110,47 @@ class Mage_Adminhtml_Helper_Sales extends Mage_Core_Helper_Abstract
530. }
531. return $collection;
532. }
533. +
534. + /**
535. + * Escape string preserving links
536. + *
537. + * @param array|string $data
538. + * @param null|array $allowedTags
539. + * @return string
540. + */
541. + public function escapeHtmlWithLinks($data, $allowedTags = null)
542. + {
543. + if (!empty($data) && is_array($allowedTags) && in_array('a', $allowedTags)) {
544. + $links = [];
545. + $i = 1;
546. + $regexp = "/<a\s[^>]*href\s*?=\s*?([\"\']??)([^\" >]*?)\\1[^>]*>(.*)<\/a>/siU";
547. + while (preg_match($regexp, $data, $matches)) {
548. + //Revert the sprintf escaping
549. + $url = str_replace('%%', '%', $matches[2]);
550. + $text = str_replace('%%', '%', $matches[3]);
551. + //Check for an valid url
552. + if ($url) {
553. + $urlScheme = strtolower(parse_url($url, PHP_URL_SCHEME));
554. + if ($urlScheme !== 'http' && $urlScheme !== 'https') {
555. + $url = null;
556. + }
557. + }
558. + //Use hash tag as fallback
559. + if (!$url) {
560. + $url = '#';
561. + }
562. + //Recreate a minimalistic secure a tag
563. + $links[] = sprintf(
564. + '<a href="%s">%s</a>',
565. + htmlspecialchars($url, ENT_QUOTES, 'UTF-8', false),
566. + parent::escapeHtml($text)
567. + );
568. + $data = str_replace($matches[0], '%' . $i . '$s', $data);
569. + ++$i;
570. + }
571. + $data = parent::escapeHtml($data, $allowedTags);
572. + return vsprintf($data, $links);
573. + }
574. + return parent::escapeHtml($data, $allowedTags);
575. + }
576. }
577. diff --git app/code/core/Mage/Adminhtml/Model/System/Config/Backend/File.php app/code/core/Mage/Adminhtml/Model/System/Config/Backend/File.php
578. index a27d8b2..b50839e 100644
579. --- app/code/core/Mage/Adminhtml/Model/System/Config/Backend/File.php
580. +++ app/code/core/Mage/Adminhtml/Model/System/Config/Backend/File.php
581. @@ -47,7 +47,7 @@ class Mage_Adminhtml_Model_System_Config_Backend_File extends Mage_Core_Model_Co
582. $this->setValue('');
583. }
584.  
585. - if ($_FILES['groups']['tmp_name'][$this->getGroupId()]['fields'][$this->getField()]['value']){
586. + if ($_FILES['groups']['tmp_name'][$this->getGroupId()]['fields'][$this->getField()]['value']) {
587.  
588. $uploadDir = $this->_getUploadDir();
589.  
590. @@ -60,6 +60,7 @@ class Mage_Adminhtml_Model_System_Config_Backend_File extends Mage_Core_Model_Co
591. $uploader = new Mage_Core_Model_File_Uploader($file);
592. $uploader->setAllowedExtensions($this->_getAllowedExtensions());
593. $uploader->setAllowRenameFiles(true);
594. + $this->addValidators( $uploader );
595. $result = $uploader->save($uploadDir);
596.  
597. } catch (Exception $e) {
598. @@ -181,4 +182,14 @@ class Mage_Adminhtml_Model_System_Config_Backend_File extends Mage_Core_Model_Co
599. {
600. return array();
601. }
602. +
603. + /**
604. + * Add validators for uploading
605. + *
606. + * @param Mage_Core_Model_File_Uploader $uploader
607. + */
608. + protected function addValidators(Mage_Core_Model_File_Uploader $uploader)
609. + {
610. + $uploader->addValidateCallback('size', $this, 'validateMaxSize');
611. + }
612. }
613. diff --git app/code/core/Mage/Adminhtml/Model/System/Config/Backend/Image.php app/code/core/Mage/Adminhtml/Model/System/Config/Backend/Image.php
614. index ad148be..2715310 100644
615. --- app/code/core/Mage/Adminhtml/Model/System/Config/Backend/Image.php
616. +++ app/code/core/Mage/Adminhtml/Model/System/Config/Backend/Image.php
617. @@ -43,4 +43,17 @@ class Mage_Adminhtml_Model_System_Config_Backend_Image extends Mage_Adminhtml_Mo
618. {
619. return array('jpg', 'jpeg', 'gif', 'png');
620. }
621. +
622. + /**
623. + * Overwritten parent method for adding validators
624. + *
625. + * @param Mage_Core_Model_File_Uploader $uploader
626. + */
627. + protected function addValidators(Mage_Core_Model_File_Uploader $uploader)
628. + {
629. + parent::addValidators($uploader);
630. + $validator = new Mage_Core_Model_File_Validator_Image();
631. + $validator->setAllowedImageTypes($this->_getAllowedExtensions());
632. + $uploader->addValidateCallback(Mage_Core_Model_File_Validator_Image::NAME, $validator, 'validate');
633. + }
634. }
635. diff --git app/code/core/Mage/Adminhtml/Model/System/Config/Backend/Image/Favicon.php app/code/core/Mage/Adminhtml/Model/System/Config/Backend/Image/Favicon.php
636. index dfa5d05..4803877 100644
637. --- app/code/core/Mage/Adminhtml/Model/System/Config/Backend/Image/Favicon.php
638. +++ app/code/core/Mage/Adminhtml/Model/System/Config/Backend/Image/Favicon.php
639. @@ -77,7 +77,7 @@ class Mage_Adminhtml_Model_System_Config_Backend_Image_Favicon extends Mage_Admi
640. */
641. protected function _getAllowedExtensions()
642. {
643. - return array('ico', 'png', 'gif', 'jpeg', 'apng', 'svg');
644. + return array('ico', 'png', 'gif', 'jpg', 'jpeg', 'apng');
645. }
646.  
647. /**
648. @@ -86,7 +86,8 @@ class Mage_Adminhtml_Model_System_Config_Backend_Image_Favicon extends Mage_Admi
649. * @param $token
650. * @return string
651. */
652. - protected function _getUploadRoot($token) {
653. + protected function _getUploadRoot($token)
654. + {
655. return Mage::getBaseDir($token);
656. }
657. }
658. diff --git app/code/core/Mage/Adminhtml/controllers/IndexController.php app/code/core/Mage/Adminhtml/controllers/IndexController.php
659. index 667e35b..69a55b9 100644
660. --- app/code/core/Mage/Adminhtml/controllers/IndexController.php
661. +++ app/code/core/Mage/Adminhtml/controllers/IndexController.php
662. @@ -229,39 +229,52 @@ class Mage_Adminhtml_IndexController extends Mage_Adminhtml_Controller_Action
663. */
664. public function forgotpasswordAction()
665. {
666. - $email = (string) $this->getRequest()->getParam('email');
667. + $email = '';
668. $params = $this->getRequest()->getParams();
669.  
670. - if (!empty($email) && !empty($params)) {
671. - // Validate received data to be an email address
672. - if (!Zend_Validate::is($email, 'EmailAddress')) {
673. - $this->_getSession()->addError($this->__('Invalid email address.'));
674. - $this->_outTemplate('forgotpassword');
675. - return;
676. - }
677. - $collection = Mage::getResourceModel('admin/user_collection');
678. - /** @var $collection Mage_Admin_Model_Mysql4_User_Collection */
679. - $collection->addFieldToFilter('email', $email);
680. - $collection->load(false);
681. -
682. - if ($collection->getSize() > 0) {
683. - foreach ($collection as $item) {
684. - $user = Mage::getModel('admin/user')->load($item->getId());
685. - if ($user->getId()) {
686. - $newResetPasswordLinkToken = Mage::helper('admin')->generateResetPasswordLinkToken();
687. - $user->changeResetPasswordLinkToken($newResetPasswordLinkToken);
688. - $user->save();
689. - $user->sendPasswordResetConfirmationEmail();
690. + if (!(empty($params))) {
691. + $email = (string)$this->getRequest()->getParam('email');
692. +
693. + if ($this->_validateFormKey()) {
694. + if (!empty($email)) {
695. + // Validate received data to be an email address
696. + if (Zend_Validate::is($email, 'EmailAddress')) {
697. + $collection = Mage::getResourceModel('admin/user_collection');
698. + /** @var $collection Mage_Admin_Model_Resource_User_Collection */
699. + $collection->addFieldToFilter('email', $email);
700. + $collection->load(false);
701. +
702. + if ($collection->getSize() > 0) {
703. + foreach ($collection as $item) {
704. + /** @var Mage_Admin_Model_User $user */
705. + $user = Mage::getModel('admin/user')->load($item->getId());
706. + if ($user->getId()) {
707. + $newResetPasswordLinkToken = Mage::helper('admin')->generateResetPasswordLinkToken();
708. + $user->changeResetPasswordLinkToken($newResetPasswordLinkToken);
709. + $user->save();
710. + $user->sendPasswordResetConfirmationEmail();
711. + }
712. + break;
713. + }
714. + }
715. + $this->_getSession()
716. + ->addSuccess(
717. + $this->__(
718. + 'If there is an account associated with %s you will receive an email with a link to reset your password.',
719. + Mage::helper('adminhtml')->escapeHtml($email)
720. + )
721. + );
722. + $this->_redirect('*/*/login');
723. + return;
724. + } else {
725. + $this->_getSession()->addError($this->__('Invalid email address.'));
726. }
727. - break;
728. + } else {
729. + $this->_getSession()->addError($this->__('The email address is empty.'));
730. }
731. + } else {
732. + $this->_getSession()->addError($this->__('Invalid Form Key. Please refresh the page.'));
733. }
734. - $this->_getSession()
735. - ->addSuccess(Mage::helper('adminhtml')->__('If there is an account associated with %s you will receive an email with a link to reset your password.', Mage::helper('adminhtml')->htmlEscape($email)));
736. - $this->_redirect('*/*/login');
737. - return;
738. - } elseif (!empty($params)) {
739. - $this->_getSession()->addError(Mage::helper('adminhtml')->__('The email address is empty.'));
740. }
741.  
742. $data = array(
743. @@ -299,10 +312,10 @@ class Mage_Adminhtml_IndexController extends Mage_Adminhtml_Controller_Action
744. */
745. public function resetPasswordPostAction()
746. {
747. - $resetPasswordLinkToken = (string) $this->getRequest()->getQuery('token');
748. - $userId = (int) $this->getRequest()->getQuery('id');
749. - $password = (string) $this->getRequest()->getPost('password');
750. - $passwordConfirmation = (string) $this->getRequest()->getPost('confirmation');
751. + $resetPasswordLinkToken = (string)$this->getRequest()->getQuery('token');
752. + $userId = (int)$this->getRequest()->getQuery('id');
753. + $password = (string)$this->getRequest()->getPost('password');
754. + $passwordConfirmation = (string)$this->getRequest()->getPost('confirmation');
755.  
756. try {
757. $this->_validateResetPasswordLinkToken($userId, $resetPasswordLinkToken);
758. @@ -312,6 +325,12 @@ class Mage_Adminhtml_IndexController extends Mage_Adminhtml_Controller_Action
759. return;
760. }
761.  
762. + if (!$this->_validateFormKey()) {
763. + $this->_getSession()->addError(Mage::helper('adminhtml')->__('Invalid Form Key. Please refresh the page.'));
764. + $this->_redirect('*/*/');
765. + return;
766. + }
767. +
768. $errorMessages = array();
769. if (iconv_strlen($password) <= 0) {
770. array_push($errorMessages, Mage::helper('adminhtml')->__('New password field cannot be empty.'));
771. diff --git app/code/core/Mage/Authorizenet/Helper/Admin.php app/code/core/Mage/Authorizenet/Helper/Admin.php
772. new file mode 100644
773. index 0000000..0241294
774. --- /dev/null
775. +++ app/code/core/Mage/Authorizenet/Helper/Admin.php
776. @@ -0,0 +1,77 @@
777. +<?php
778. +/**
779. + * Magento
780. + *
781. + * NOTICE OF LICENSE
782. + *
783. + * This source file is subject to the Open Software License (OSL 3.0)
784. + * that is bundled with this package in the file LICENSE.txt.
785. + * It is also available through the world-wide-web at this URL:
786. + * http://opensource.org/licenses/osl-3.0.php
787. + * If you did not receive a copy of the license and are unable to
788. + * obtain it through the world-wide-web, please send an email
789. + * to license@magentocommerce.com so we can send you a copy immediately.
790. + *
791. + * DISCLAIMER
792. + *
793. + * Do not edit or add to this file if you wish to upgrade Magento to newer
794. + * versions in the future. If you wish to customize Magento for your
795. + * needs please refer to http://www.magentocommerce.com for more information.
796. + *
797. + * @category Mage
798. + * @package Mage_Authorizenet
799. + * @copyright Copyright (c) 2011 Magento Inc. (http://www.magentocommerce.com)
800. + * @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
801. + */
802. +
803. +/**
804. + * Authorizenet Admin Data Helper
805. + *
806. + * @category Mage
807. + * @package Mage_Authorizenet
808. + * @author Magento Core Team <core@magentocommerce.com>
809. + */
810. +class Mage_Authorizenet_Helper_Admin extends Mage_Authorizenet_Helper_Data
811. +{
812. +
813. + /**
814. + * Retrieve place order url
815. + * @param array $params
816. + * @return string
817. + */
818. + public function getSuccessOrderUrl($params)
819. + {
820. + $url = parent::getSuccessOrderUrl($params);
821. +
822. + if ($params['controller_action_name'] === 'sales_order_create'
823. + or $params['controller_action_name'] === 'sales_order_edit'
824. + ) {
825. + /** @var Mage_Sales_Model_Order $order */
826. + $order = Mage::getModel('sales/order');
827. + $order->loadByIncrementId($params['x_invoice_num']);
828. +
829. + $url = $this->getAdminUrl('adminhtml/sales_order/view', array('order_id' => $order->getId()));
830. + }
831. +
832. + return $url;
833. + }
834. +
835. + /**
836. + * Retrieve save order url params
837. + *
838. + * @param string $controller
839. + * @return array
840. + */
841. + public function getSaveOrderUrlParams($controller)
842. + {
843. + $route = parent::getSaveOrderUrlParams($controller);
844. +
845. + if ($controller === "sales_order_create" or $controller === "sales_order_edit") {
846. + $route['action'] = 'save';
847. + $route['controller'] = 'sales_order_create';
848. + $route['module'] = 'admin';
849. + }
850. +
851. + return $route;
852. + }
853. +}
854. diff --git app/code/core/Mage/Authorizenet/Helper/Data.php app/code/core/Mage/Authorizenet/Helper/Data.php
855. index ea24707..7400f45 100755
856. --- app/code/core/Mage/Authorizenet/Helper/Data.php
857. +++ app/code/core/Mage/Authorizenet/Helper/Data.php
858. @@ -72,51 +72,23 @@ class Mage_Authorizenet_Helper_Data extends Mage_Core_Helper_Abstract
859. public function getSaveOrderUrlParams($controller)
860. {
861. $route = array();
862. - switch ($controller) {
863. - case 'onepage':
864. - $route['action'] = 'saveOrder';
865. - $route['controller'] = 'onepage';
866. - $route['module'] = 'checkout';
867. - break;
868. -
869. - case 'sales_order_create':
870. - case 'sales_order_edit':
871. - $route['action'] = 'save';
872. - $route['controller'] = 'sales_order_create';
873. - $route['module'] = 'admin';
874. - break;
875. -
876. - default:
877. - break;
878. + if ($controller === "onepage") {
879. + $route['action'] = 'saveOrder';
880. + $route['controller'] = 'onepage';
881. + $route['module'] = 'checkout';
882. }
883.  
884. return $route;
885. }
886.  
887. /**
888. - * Retrieve redirect ifrmae url
889. - *
890. - * @param array params
891. + * Retrieve redirect iframe url
892. + * @param $params
893. * @return string
894. */
895. public function getRedirectIframeUrl($params)
896. {
897. - switch ($params['controller_action_name']) {
898. - case 'onepage':
899. - $route = 'authorizenet/directpost_payment/redirect';
900. - break;
901. -
902. - case 'sales_order_create':
903. - case 'sales_order_edit':
904. - $route = 'adminhtml/authorizenet_directpost_payment/redirect';
905. - break;
906. -
907. - default:
908. - $route = 'authorizenet/directpost_payment/redirect';
909. - break;
910. - }
911. -
912. - return $this->_getUrl($route, $params);
913. + return $this->_getUrl('authorizenet/directpost_payment/redirect', $params);
914. }
915.  
916. /**
917. @@ -147,25 +119,7 @@ class Mage_Authorizenet_Helper_Data extends Mage_Core_Helper_Abstract
918. */
919. public function getSuccessOrderUrl($params)
920. {
921. - $param = array();
922. - switch ($params['controller_action_name']) {
923. - case 'onepage':
924. - $route = 'checkout/onepage/success';
925. - break;
926. -
927. - case 'sales_order_create':
928. - case 'sales_order_edit':
929. - $route = 'adminhtml/sales_order/view';
930. - $order = Mage::getModel('sales/order')->loadByIncrementId($params['x_invoice_num']);
931. - $param['order_id'] = $order->getId();
932. - return $this->getAdminUrl($route, $param);
933. -
934. - default :
935. - $route = 'checkout/onepage/success';
936. - break;
937. - }
938. -
939. - return $this->_getUrl($route, $param);
940. + return $this->_getUrl('checkout/onepage/success', array());
941. }
942.  
943. /**
944. diff --git app/code/core/Mage/Authorizenet/controllers/Adminhtml/Authorizenet/Directpost/PaymentController.php app/code/core/Mage/Authorizenet/controllers/Adminhtml/Authorizenet/Directpost/PaymentController.php
945. index 87a0c56..5d65a74 100644
946. --- app/code/core/Mage/Authorizenet/controllers/Adminhtml/Authorizenet/Directpost/PaymentController.php
947. +++ app/code/core/Mage/Authorizenet/controllers/Adminhtml/Authorizenet/Directpost/PaymentController.php
948. @@ -86,9 +86,9 @@ class Mage_Authorizenet_Adminhtml_Authorizenet_Directpost_PaymentController
949. }
950.  
951. if (isset($paymentParam['method'])) {
952. - $saveOrderFlag = Mage::getStoreConfig('payment/'.$paymentParam['method'].'/create_order_before');
953. +
954. $result = array();
955. - $params = Mage::helper('authorizenet')->getSaveOrderUrlParams($controller);
956. +
957. //create order partially
958. $this->_getOrderCreateModel()->setPaymentData($paymentParam);
959. $this->_getOrderCreateModel()->getQuote()->getPayment()->addData($paymentParam);
960. @@ -170,7 +170,7 @@ class Mage_Authorizenet_Adminhtml_Authorizenet_Directpost_PaymentController
961. && isset($redirectParams['x_invoice_num'])
962. && isset($redirectParams['controller_action_name'])
963. ) {
964. - $params['redirect_parent'] = Mage::helper('authorizenet')->getSuccessOrderUrl($redirectParams);
965. + $params['redirect_parent'] = Mage::helper('authorizenet/admin')->getSuccessOrderUrl($redirectParams);
966. $this->_getDirectPostSession()->unsetData('quote_id');
967. //cancel old order
968. $oldOrder = $this->_getOrderCreateModel()->getSession()->getOrder();
969. diff --git app/code/core/Mage/Catalog/Block/Product/View/Options/Type/Select.php app/code/core/Mage/Catalog/Block/Product/View/Options/Type/Select.php
970. index abdb1ca..20d74b0 100644
971. --- app/code/core/Mage/Catalog/Block/Product/View/Options/Type/Select.php
972. +++ app/code/core/Mage/Catalog/Block/Product/View/Options/Type/Select.php
973. @@ -126,7 +126,7 @@ class Mage_Catalog_Block_Product_View_Options_Type_Select
974.  
975. $selectHtml .= '<li>' .
976. '<input type="'.$type.'" class="'.$class.' '.$require.' product-custom-option"' . ($this->getSkipJsReloadPrice() ? '' : ' onclick="opConfig.reloadPrice()"') . ' name="options['.$_option->getId().']'.$arraySign.'" id="options_'.$_option->getId().'_'.$count.'" value="' . $htmlValue . '" ' . $checked . ' price="' . $this->helper('core')->currencyByStore($_value->getPrice(true), $store, false) . '" />' .
977. - '<span class="label"><label for="options_'.$_option->getId().'_'.$count.'">'.$_value->getTitle().' '.$priceStr.'</label></span>';
978. + '<span class="label"><label for="options_'.$_option->getId().'_'.$count.'">'. $this->escapeHtml($_value->getTitle()) . ' '.$priceStr.'</label></span>';
979. if ($_option->getIsRequire()) {
980. $selectHtml .= '<script type="text/javascript">' .
981. '$(\'options_'.$_option->getId().'_'.$count.'\').advaiceContainer = \'options-'.$_option->getId().'-container\';' .
982. diff --git app/code/core/Mage/Catalog/Model/Category/Attribute/Backend/Image.php app/code/core/Mage/Catalog/Model/Category/Attribute/Backend/Image.php
983. index 1d67a50..21714eb 100644
984. --- app/code/core/Mage/Catalog/Model/Category/Attribute/Backend/Image.php
985. +++ app/code/core/Mage/Catalog/Model/Category/Attribute/Backend/Image.php
986. @@ -57,6 +57,11 @@ class Mage_Catalog_Model_Category_Attribute_Backend_Image extends Mage_Eav_Model
987. $uploader = new Mage_Core_Model_File_Uploader($this->getAttribute()->getName());
988. $uploader->setAllowedExtensions(array('jpg','jpeg','gif','png'));
989. $uploader->setAllowRenameFiles(true);
990. + $uploader->addValidateCallback(
991. + Mage_Core_Model_File_Validator_Image::NAME,
992. + new Mage_Core_Model_File_Validator_Image(),
993. + "validate"
994. + );
995. $result = $uploader->save($path);
996.  
997. $object->setData($this->getAttribute()->getName(), $result['file']);
998. diff --git app/code/core/Mage/Catalog/Model/Resource/Product/Attribute/Backend/Image.php app/code/core/Mage/Catalog/Model/Resource/Product/Attribute/Backend/Image.php
999. index 6ea7078..f827da7 100755
1000. --- app/code/core/Mage/Catalog/Model/Resource/Product/Attribute/Backend/Image.php
1001. +++ app/code/core/Mage/Catalog/Model/Resource/Product/Attribute/Backend/Image.php
1002. @@ -57,17 +57,24 @@ class Mage_Catalog_Model_Resource_Product_Attribute_Backend_Image
1003. $uploader->setAllowedExtensions(array('jpg', 'jpeg', 'gif', 'png'));
1004. $uploader->setAllowRenameFiles(true);
1005. $uploader->setFilesDispersion(true);
1006. - } catch (Exception $e){
1007. + $uploader->addValidateCallback(
1008. + Mage_Core_Model_File_Validator_Image::NAME,
1009. + new Mage_Core_Model_File_Validator_Image(),
1010. + "validate"
1011. + );
1012. + $uploader->save(Mage::getBaseDir('media') . '/catalog/product');
1013. +
1014. + $fileName = $uploader->getUploadedFileName();
1015. + if ($fileName) {
1016. + $object->setData($this->getAttribute()->getName(), $fileName);
1017. + $this->getAttribute()->getEntity()
1018. + ->saveAttribute($object, $this->getAttribute()->getName());
1019. + }
1020. +
1021. + } catch (Exception $e) {
1022. return $this;
1023. }
1024. - $uploader->save(Mage::getBaseDir('media') . '/catalog/product');
1025.  
1026. - $fileName = $uploader->getUploadedFileName();
1027. - if ($fileName) {
1028. - $object->setData($this->getAttribute()->getName(), $fileName);
1029. - $this->getAttribute()->getEntity()
1030. - ->saveAttribute($object, $this->getAttribute()->getName());
1031. - }
1032. return $this;
1033. }
1034. }
1035. diff --git app/code/core/Mage/CatalogIndex/etc/config.xml app/code/core/Mage/CatalogIndex/etc/config.xml
1036. index 6abeb39..791c096 100644
1037. --- app/code/core/Mage/CatalogIndex/etc/config.xml
1038. +++ app/code/core/Mage/CatalogIndex/etc/config.xml
1039. @@ -87,169 +87,14 @@
1040. </catalogindex_setup>
1041. </resources>
1042. <events>
1043. -
1044. -
1045. -
1046. -
1047. -
1048. -
1049. -
1050. -
1051. -
1052. -
1053. -
1054. -
1055. -
1056. -
1057. -
1058. -
1059. -
1060. -
1061. -
1062. -
1063. -
1064. -
1065. -
1066. -
1067. -
1068. -
1069. -
1070. -
1071. -
1072. -
1073. -
1074. -
1075. -
1076. -
1077. -
1078. -
1079. -
1080. -
1081. -
1082. -
1083. -
1084. -
1085. -
1086. -
1087. -
1088. -
1089. -
1090. -
1091. -
1092. -
1093. -
1094. -
1095. -
1096. -
1097. -
1098. -
1099. -
1100. -
1101. -
1102. -
1103. -
1104. -
1105. -
1106. -
1107. -
1108. -
1109. -
1110. -
1111. -
1112. -
1113. -
1114. -
1115. -
1116. -
1117. -
1118. -
1119. -
1120. -
1121. -
1122. -
1123. -
1124. -
1125. -
1126. -
1127. -
1128. -
1129. -
1130. -
1131. -
1132. -
1133. -
1134. -
1135. -
1136. -
1137. -
1138. -
1139. -
1140. -
1141. -
1142. -
1143. -
1144. -
1145. -
1146. -
1147. -
1148. -
1149. -
1150. -
1151. -
1152. -
1153. -
1154. -
1155. -
1156. -
1157. -
1158. -
1159. -
1160. -
1161. -
1162. -
1163. -
1164. -
1165. -
1166. -
1167. -
1168. -
1169. -
1170. -
1171. -
1172. -
1173. -
1174. -
1175. -
1176. -
1177. -
1178. -
1179. -
1180. -
1181. -
1182. </events>
1183. </global>
1184. <adminhtml>
1185. <events>
1186. -
1187. -
1188. -
1189. -
1190. -
1191. -
1192. -
1193. -
1194. </events>
1195. </adminhtml>
1196. <crontab>
1197. <jobs>
1198. -
1199. -
1200. -
1201. -
1202. -
1203. -
1204. -
1205. -
1206. </jobs>
1207. </crontab>
1208. </config>
1209. diff --git app/code/core/Mage/CatalogInventory/Helper/Minsaleqty.php app/code/core/Mage/CatalogInventory/Helper/Minsaleqty.php
1210. index 108e994..8769ae6 100644
1211. --- app/code/core/Mage/CatalogInventory/Helper/Minsaleqty.php
1212. +++ app/code/core/Mage/CatalogInventory/Helper/Minsaleqty.php
1213. @@ -80,7 +80,11 @@ class Mage_CatalogInventory_Helper_Minsaleqty
1214. Mage_Customer_Model_Group::CUST_GROUP_ALL => $this->_fixQty($value)
1215. );
1216. } else if (is_string($value) && !empty($value)) {
1217. - return unserialize($value);
1218. + try {
1219. + return Mage::helper('core/unserializeArray')->unserialize($value);
1220. + } catch (Exception $e) {
1221. + return array();
1222. + }
1223. } else {
1224. return array();
1225. }
1226. diff --git app/code/core/Mage/Checkout/Block/Cart/Item/Renderer.php app/code/core/Mage/Checkout/Block/Cart/Item/Renderer.php
1227. index fe36e85..73ce074 100644
1228. --- app/code/core/Mage/Checkout/Block/Cart/Item/Renderer.php
1229. +++ app/code/core/Mage/Checkout/Block/Cart/Item/Renderer.php
1230. @@ -207,6 +207,7 @@ class Mage_Checkout_Block_Cart_Item_Renderer extends Mage_Core_Block_Template
1231. 'checkout/cart/delete',
1232. array(
1233. 'id'=>$this->getItem()->getId(),
1234. + 'form_key' => Mage::getSingleton('core/session')->getFormKey(),
1235. Mage_Core_Controller_Front_Action::PARAM_NAME_URL_ENCODED => $this->helper('core/url')->getEncodedUrl()
1236. )
1237. );
1238. diff --git app/code/core/Mage/Checkout/controllers/CartController.php app/code/core/Mage/Checkout/controllers/CartController.php
1239. index 35903de..3233084 100644
1240. --- app/code/core/Mage/Checkout/controllers/CartController.php
1241. +++ app/code/core/Mage/Checkout/controllers/CartController.php
1242. @@ -86,7 +86,7 @@ class Mage_Checkout_CartController extends Mage_Core_Controller_Front_Action
1243. ) {
1244. $this->getResponse()->setRedirect($backUrl);
1245. } else {
1246. - if (($this->getRequest()->getActionName() == 'add') && !$this->getRequest()->getParam('in_cart')) {
1247. + if ((strtolower($this->getRequest()->getActionName()) == 'add') && !$this->getRequest()->getParam('in_cart')) {
1248. $this->_getSession()->setContinueShoppingUrl($this->_getRefererUrl());
1249. }
1250. $this->_redirect('checkout/cart');
1251. @@ -407,16 +407,21 @@ class Mage_Checkout_CartController extends Mage_Core_Controller_Front_Action
1252. */
1253. public function deleteAction()
1254. {
1255. - $id = (int) $this->getRequest()->getParam('id');
1256. - if ($id) {
1257. - try {
1258. - $this->_getCart()->removeItem($id)
1259. - ->save();
1260. - } catch (Exception $e) {
1261. - $this->_getSession()->addError($this->__('Cannot remove the item.'));
1262. - Mage::logException($e);
1263. + if ($this->_validateFormKey()) {
1264. + $id = (int)$this->getRequest()->getParam('id');
1265. + if ($id) {
1266. + try {
1267. + $this->_getCart()->removeItem($id)
1268. + ->save();
1269. + } catch (Exception $e) {
1270. + $this->_getSession()->addError($this->__('Cannot remove the item.'));
1271. + Mage::logException($e);
1272. + }
1273. }
1274. + } else {
1275. + $this->_getSession()->addError($this->__('Cannot remove the item.'));
1276. }
1277. +
1278. $this->_redirectReferer(Mage::getUrl('*/*'));
1279. }
1280.  
1281. diff --git app/code/core/Mage/Checkout/controllers/OnepageController.php app/code/core/Mage/Checkout/controllers/OnepageController.php
1282. index 5365301..d68b639 100644
1283. --- app/code/core/Mage/Checkout/controllers/OnepageController.php
1284. +++ app/code/core/Mage/Checkout/controllers/OnepageController.php
1285. @@ -72,7 +72,7 @@ class Mage_Checkout_OnepageController extends Mage_Checkout_Controller_Action
1286. $this->_ajaxRedirectResponse();
1287. return true;
1288. }
1289. - $action = $this->getRequest()->getActionName();
1290. + $action = strtolower($this->getRequest()->getActionName());
1291. if (Mage::getSingleton('checkout/session')->getCartWasUpdated(true)
1292. && !in_array($action, array('index', 'progress'))) {
1293. $this->_ajaxRedirectResponse();
1294. diff --git app/code/core/Mage/Core/Controller/Response/Http.php app/code/core/Mage/Core/Controller/Response/Http.php
1295. index 0add065..e7a8e8d 100644
1296. --- app/code/core/Mage/Core/Controller/Response/Http.php
1297. +++ app/code/core/Mage/Core/Controller/Response/Http.php
1298. @@ -104,4 +104,13 @@ class Mage_Core_Controller_Response_Http extends Zend_Controller_Response_Http
1299.  
1300. return parent::setRedirect(self::$_transportObject->getUrl(), self::$_transportObject->getCode());
1301. }
1302. +
1303. + /**
1304. + * Method send already collected headers and exit from script
1305. + */
1306. + public function sendHeadersAndExit()
1307. + {
1308. + $this->sendHeaders();
1309. + exit;
1310. + }
1311. }
1312. diff --git app/code/core/Mage/Core/Helper/Data.php app/code/core/Mage/Core/Helper/Data.php
1313. index 6b60236..66e3b0d 100644
1314. --- app/code/core/Mage/Core/Helper/Data.php
1315. +++ app/code/core/Mage/Core/Helper/Data.php
1316. @@ -805,4 +805,49 @@ XML;
1317. $value = (string) Mage::getConfig()->getNode($path);
1318. return (bool) $value;
1319. }
1320. +
1321. + /**
1322. + * Escaping CSV-data
1323. + *
1324. + * Security enchancement for CSV data processing by Excel-like applications.
1325. + * @see https://bugzilla.mozilla.org/show_bug.cgi?id=1054702
1326. + *
1327. + * @param $data
1328. + * @return array
1329. + */
1330. + public function getEscapedCSVData(array $data)
1331. + {
1332. + if (Mage::getStoreConfigFlag(Mage_ImportExport_Model_Export_Adapter_Csv::CONFIG_ESCAPING_FLAG)) {
1333. + foreach ($data as $key => $value) {
1334. + $value = (string)$value;
1335. +
1336. + $firstLetter = substr($value, 0, 1);
1337. + if ($firstLetter !== false and in_array($firstLetter, array("=", "+", "-"))) {
1338. + $data[$key] = ' ' . $value;
1339. + }
1340. + }
1341. + }
1342. + return $data;
1343. + }
1344. +
1345. + /**
1346. + * UnEscapes CSV data
1347. + *
1348. + * @param mixed $data
1349. + * @return mixed array
1350. + */
1351. + public function unEscapeCSVData($data)
1352. + {
1353. + if (is_array($data) and Mage::getStoreConfigFlag(Mage_ImportExport_Model_Export_Adapter_Csv::CONFIG_ESCAPING_FLAG)) {
1354. +
1355. + foreach ($data as $key => $value) {
1356. + $value = (string)$value;
1357. +
1358. + if (preg_match("/^ [=\-+]/", $value)) {
1359. + $data[$key] = ltrim($value);
1360. + }
1361. + }
1362. + }
1363. + return $data;
1364. + }
1365. }
1366. diff --git app/code/core/Mage/Core/Model/App.php app/code/core/Mage/Core/Model/App.php
1367. index 0c8556c..b950c30 100644
1368. --- app/code/core/Mage/Core/Model/App.php
1369. +++ app/code/core/Mage/Core/Model/App.php
1370. @@ -1238,6 +1238,7 @@ class Mage_Core_Model_App
1371.  
1372. public function dispatchEvent($eventName, $args)
1373. {
1374. + $eventName = strtolower($eventName);
1375. foreach ($this->_events as $area=>$events) {
1376. if (!isset($events[$eventName])) {
1377. $eventConfig = $this->getConfig()->getEventConfig($area, $eventName);
1378. diff --git app/code/core/Mage/Core/Model/Config.php app/code/core/Mage/Core/Model/Config.php
1379. index ee9fd31..66a77b1 100644
1380. --- app/code/core/Mage/Core/Model/Config.php
1381. +++ app/code/core/Mage/Core/Model/Config.php
1382. @@ -958,6 +958,12 @@ class Mage_Core_Model_Config extends Mage_Core_Model_Config_Base
1383. foreach ($fileName as $configFile) {
1384. $configFile = $this->getModuleDir('etc', $modName).DS.$configFile;
1385. if ($mergeModel->loadFile($configFile)) {
1386. +
1387. + $this->_makeEventsLowerCase(Mage_Core_Model_App_Area::AREA_GLOBAL, $mergeModel);
1388. + $this->_makeEventsLowerCase(Mage_Core_Model_App_Area::AREA_FRONTEND, $mergeModel);
1389. + $this->_makeEventsLowerCase(Mage_Core_Model_App_Area::AREA_ADMIN, $mergeModel);
1390. + $this->_makeEventsLowerCase(Mage_Core_Model_App_Area::AREA_ADMINHTML, $mergeModel);
1391. +
1392. $mergeToObject->extend($mergeModel, true);
1393. }
1394. }
1395. @@ -1156,7 +1162,7 @@ class Mage_Core_Model_Config extends Mage_Core_Model_Config_Base
1396. }
1397.  
1398. foreach ($events as $event) {
1399. - $eventName = $event->getName();
1400. + $eventName = strtolower($event->getName());
1401. $observers = $event->observers->children();
1402. foreach ($observers as $observer) {
1403. switch ((string)$observer->type) {
1404. @@ -1632,4 +1638,42 @@ class Mage_Core_Model_Config extends Mage_Core_Model_Config_Base
1405. }
1406. return false;
1407. }
1408. +
1409. + /**
1410. + * Makes all events to lower-case
1411. + *
1412. + * @param string $area
1413. + * @param Mage_Core_Model_Config_Base $mergeModel
1414. + */
1415. + protected function _makeEventsLowerCase($area, Mage_Core_Model_Config_Base $mergeModel)
1416. + {
1417. + $events = $mergeModel->getNode($area . "/" . Mage_Core_Model_App_Area::PART_EVENTS);
1418. + if ($events !== false) {
1419. + $children = clone $events->children();
1420. + /** @var Mage_Core_Model_Config_Element $event */
1421. + foreach ($children as $event) {
1422. + if ($this->_isNodeNameHasUpperCase($event)) {
1423. + $oldName = $event->getName();
1424. + $newEventName = strtolower($oldName);
1425. + if (!isset($events->$newEventName)) {
1426. + /** @var Mage_Core_Model_Config_Element $newNode */
1427. + $newNode = $events->addChild($newEventName, $event);
1428. + $newNode->extend($event);
1429. + }
1430. + unset($events->$oldName);
1431. + }
1432. + }
1433. + }
1434. + }
1435. +
1436. + /**
1437. + * Checks is event name has upper-case letters
1438. + *
1439. + * @param Mage_Core_Model_Config_Element $event
1440. + * @return bool
1441. + */
1442. + protected function _isNodeNameHasUpperCase(Mage_Core_Model_Config_Element $event)
1443. + {
1444. + return (strtolower($event->getName()) !== (string)$event->getName());
1445. + }
1446. }
1447. diff --git app/code/core/Mage/Core/Model/Email/Template/Filter.php app/code/core/Mage/Core/Model/Email/Template/Filter.php
1448. index f47d002..cfc91fd 100644
1449. --- app/code/core/Mage/Core/Model/Email/Template/Filter.php
1450. +++ app/code/core/Mage/Core/Model/Email/Template/Filter.php
1451. @@ -166,11 +166,14 @@ class Mage_Core_Model_Email_Template_Filter extends Varien_Filter_Template
1452. $skipParams = array('type', 'id', 'output');
1453. $blockParameters = $this->_getIncludeParameters($construction[2]);
1454. $layout = Mage::app()->getLayout();
1455. + $block = null;
1456.  
1457. if (isset($blockParameters['type'])) {
1458. if ($this->_permissionBlock->isTypeAllowed($blockParameters['type'])) {
1459. $type = $blockParameters['type'];
1460. $block = $layout->createBlock($type, null, $blockParameters);
1461. + } else {
1462. + Mage::log('Security problem: ' . $blockParameters['type'] . ' has not been whitelisted.');
1463. }
1464. } elseif (isset($blockParameters['id'])) {
1465. $block = $layout->createBlock('cms/block');
1466. @@ -187,11 +190,10 @@ class Mage_Core_Model_Email_Template_Filter extends Varien_Filter_Template
1467. }
1468. $block->setDataUsingMethod($k, $v);
1469. }
1470. - }
1471. -
1472. - if (!$block) {
1473. + } else {
1474. return '';
1475. }
1476. +
1477. if (isset($blockParameters['output'])) {
1478. $method = $blockParameters['output'];
1479. }
1480. diff --git app/code/core/Mage/Core/Model/Factory.php app/code/core/Mage/Core/Model/Factory.php
1481. new file mode 100644
1482. index 0000000..7914926
1483. --- /dev/null
1484. +++ app/code/core/Mage/Core/Model/Factory.php
1485. @@ -0,0 +1,144 @@
1486. +<?php
1487. +/**
1488. + * Magento
1489. + *
1490. + * NOTICE OF LICENSE
1491. + *
1492. + * This source file is subject to the Open Software License (OSL 3.0)
1493. + * that is bundled with this package in the file LICENSE.txt.
1494. + * It is also available through the world-wide-web at this URL:
1495. + * http://opensource.org/licenses/osl-3.0.php
1496. + * If you did not receive a copy of the license and are unable to
1497. + * obtain it through the world-wide-web, please send an email
1498. + * to license@magentocommerce.com so we can send you a copy immediately.
1499. + *
1500. + * DISCLAIMER
1501. + *
1502. + * Do not edit or add to this file if you wish to upgrade Magento to newer
1503. + * versions in the future. If you wish to customize Magento for your
1504. + * needs please refer to http://www.magentocommerce.com for more information.
1505. + *
1506. + * @category Mage
1507. + * @package Mage_Core
1508. + * @copyright Copyright (c) 2006-2015 X.commerce, Inc. (http://www.magento.com)
1509. + * @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
1510. + */
1511. +
1512. +/**
1513. + * Factory class
1514. + *
1515. + * @category Mage
1516. + * @package Mage_Core
1517. + * @author Magento Core Team <core@magentocommerce.com>
1518. + */
1519. +class Mage_Core_Model_Factory
1520. +{
1521. + /**
1522. + * Xml path to url rewrite model class alias
1523. + */
1524. + const XML_PATH_URL_REWRITE_MODEL = 'global/url_rewrite/model';
1525. +
1526. + const XML_PATH_INDEX_INDEX_MODEL = 'global/index/index_model';
1527. +
1528. + /**
1529. + * Config instance
1530. + *
1531. + * @var Mage_Core_Model_Config
1532. + */
1533. + protected $_config;
1534. +
1535. + /**
1536. + * Initialize factory
1537. + *
1538. + * @param array $arguments
1539. + */
1540. + public function __construct(array $arguments = array())
1541. + {
1542. + $this->_config = !empty($arguments['config']) ? $arguments['config'] : Mage::getConfig();
1543. + }
1544. +
1545. + /**
1546. + * Retrieve model object
1547. + *
1548. + * @param string $modelClass
1549. + * @param array|object $arguments
1550. + * @return bool|Mage_Core_Model_Abstract
1551. + */
1552. + public function getModel($modelClass = '', $arguments = array())
1553. + {
1554. + return Mage::getModel($modelClass, $arguments);
1555. + }
1556. +
1557. + /**
1558. + * Retrieve model object singleton
1559. + *
1560. + * @param string $modelClass
1561. + * @param array $arguments
1562. + * @return Mage_Core_Model_Abstract
1563. + */
1564. + public function getSingleton($modelClass = '', array $arguments = array())
1565. + {
1566. + return Mage::getSingleton($modelClass, $arguments);
1567. + }
1568. +
1569. + /**
1570. + * Retrieve object of resource model
1571. + *
1572. + * @param string $modelClass
1573. + * @param array $arguments
1574. + * @return Object
1575. + */
1576. + public function getResourceModel($modelClass, $arguments = array())
1577. + {
1578. + return Mage::getResourceModel($modelClass, $arguments);
1579. + }
1580. +
1581. + /**
1582. + * Retrieve helper instance
1583. + *
1584. + * @param string $helperClass
1585. + * @return Mage_Core_Helper_Abstract
1586. + */
1587. + public function getHelper($helperClass)
1588. + {
1589. + return Mage::helper($helperClass);
1590. + }
1591. +
1592. + /**
1593. + * Get config instance
1594. + *
1595. + * @return Mage_Core_Model_Config
1596. + */
1597. + public function getConfig()
1598. + {
1599. + return $this->_config;
1600. + }
1601. +
1602. + /**
1603. + * Retrieve url_rewrite instance
1604. + *
1605. + * @return Mage_Core_Model_Url_Rewrite
1606. + */
1607. + public function getUrlRewriteInstance()
1608. + {
1609. + return $this->getModel($this->getUrlRewriteClassAlias());
1610. + }
1611. +
1612. + /**
1613. + * Retrieve alias for url_rewrite model
1614. + *
1615. + * @return string
1616. + */
1617. + public function getUrlRewriteClassAlias()
1618. + {
1619. + return (string)$this->_config->getNode(self::XML_PATH_URL_REWRITE_MODEL);
1620. + }
1621. +
1622. + /**
1623. + * @return string
1624. + */
1625. + public function getIndexClassAlias()
1626. + {
1627. + return (string)$this->_config->getNode(self::XML_PATH_INDEX_INDEX_MODEL);
1628. + }
1629. +}
1630. diff --git app/code/core/Mage/Core/Model/File/Validator/Image.php app/code/core/Mage/Core/Model/File/Validator/Image.php
1631. new file mode 100644
1632. index 0000000..3fb8e3a
1633. --- /dev/null
1634. +++ app/code/core/Mage/Core/Model/File/Validator/Image.php
1635. @@ -0,0 +1,109 @@
1636. +<?php
1637. +/**
1638. + * Magento
1639. + *
1640. + * NOTICE OF LICENSE
1641. + *
1642. + * This source file is subject to the Open Software License (OSL 3.0)
1643. + * that is bundled with this package in the file LICENSE.txt.
1644. + * It is also available through the world-wide-web at this URL:
1645. + * http://opensource.org/licenses/osl-3.0.php
1646. + * If you did not receive a copy of the license and are unable to
1647. + * obtain it through the world-wide-web, please send an email
1648. + * to license@magentocommerce.com so we can send you a copy immediately.
1649. + *
1650. + * DISCLAIMER
1651. + *
1652. + * Do not edit or add to this file if you wish to upgrade Magento to newer
1653. + * versions in the future. If you wish to customize Magento for your
1654. + * needs please refer to http://www.magentocommerce.com for more information.
1655. + *
1656. + * @category Mage
1657. + * @package Mage_Core
1658. + * @copyright Copyright (c) 2006-2015 X.commerce, Inc. (http://www.magento.com)
1659. + * @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
1660. + */
1661. +
1662. +/**
1663. + * Validator for check is uploaded file is image
1664. + *
1665. + * @category Mage
1666. + * @package Mage_Core
1667. + * @author Magento Core Team <core@magentocommerce.com>
1668. + */
1669. +class Mage_Core_Model_File_Validator_Image
1670. +{
1671. + const NAME = "isImage";
1672. +
1673. + protected $_allowedImageTypes = array(
1674. + IMAGETYPE_JPEG,
1675. + IMAGETYPE_GIF,
1676. + IMAGETYPE_JPEG2000,
1677. + IMAGETYPE_PNG,
1678. + IMAGETYPE_ICO,
1679. + IMAGETYPE_TIFF_II,
1680. + IMAGETYPE_TIFF_MM
1681. + );
1682. +
1683. + /**
1684. + * Setter for allowed image types
1685. + *
1686. + * @param array $imageFileExtensions
1687. + * @return $this
1688. + */
1689. + public function setAllowedImageTypes(array $imageFileExtensions = array())
1690. + {
1691. + $map = array(
1692. + 'tif' => array(IMAGETYPE_TIFF_II, IMAGETYPE_TIFF_MM),
1693. + 'tiff' => array(IMAGETYPE_TIFF_II, IMAGETYPE_TIFF_MM),
1694. + 'jpg' => array(IMAGETYPE_JPEG, IMAGETYPE_JPEG2000),
1695. + 'jpe' => array(IMAGETYPE_JPEG, IMAGETYPE_JPEG2000),
1696. + 'jpeg' => array(IMAGETYPE_JPEG, IMAGETYPE_JPEG2000),
1697. + 'gif' => array(IMAGETYPE_GIF),
1698. + 'png' => array(IMAGETYPE_PNG),
1699. + 'ico' => array(IMAGETYPE_ICO),
1700. + 'apng' => array(IMAGETYPE_PNG)
1701. + );
1702. +
1703. + $this->_allowedImageTypes = array();
1704. +
1705. + foreach ($imageFileExtensions as $extension) {
1706. + if (isset($map[$extension])) {
1707. + foreach ($map[$extension] as $imageType) {
1708. + $this->_allowedImageTypes[$imageType] = $imageType;
1709. + }
1710. + }
1711. + }
1712. +
1713. + return $this;
1714. + }
1715. +
1716. + /**
1717. + * Validation callback for checking is file is image
1718. + *
1719. + * @param string $filePath Path to temporary uploaded file
1720. + * @return null
1721. + * @throws Mage_Core_Exception
1722. + */
1723. + public function validate($filePath)
1724. + {
1725. + $fileInfo = getimagesize($filePath);
1726. + if (is_array($fileInfo) and isset($fileInfo[2])) {
1727. + if ($this->isImageType($fileInfo[2])) {
1728. + return null;
1729. + }
1730. + }
1731. + throw Mage::exception('Mage_Core', Mage::helper('core')->__('Invalid MIME type.'));
1732. + }
1733. +
1734. + /**
1735. + * Returns is image by image type
1736. + * @param int $nImageType
1737. + * @return bool
1738. + */
1739. + protected function isImageType($nImageType)
1740. + {
1741. + return in_array($nImageType, $this->_allowedImageTypes);
1742. + }
1743. +
1744. +}
1745. diff --git app/code/core/Mage/Core/Model/Input/Filter/MaliciousCode.php app/code/core/Mage/Core/Model/Input/Filter/MaliciousCode.php
1746. index d170299..a559a6d 100644
1747. --- app/code/core/Mage/Core/Model/Input/Filter/MaliciousCode.php
1748. +++ app/code/core/Mage/Core/Model/Input/Filter/MaliciousCode.php
1749. @@ -50,11 +50,11 @@ class Mage_Core_Model_Input_Filter_MaliciousCode implements Zend_Filter_Interfac
1750. //js in the style attribute
1751. '/style=[^<]*((expression\s*?\([^<]*?\))|(behavior\s*:))[^<]*(?=\>)/Uis',
1752. //js attributes
1753. - '/(ondblclick|onclick|onkeydown|onkeypress|onkeyup|onmousedown|onmousemove|onmouseout|onmouseover|onmouseup|onload|onunload|onerror)=[^<]*(?=\>)/Uis',
1754. + '/(ondblclick|onclick|onkeydown|onkeypress|onkeyup|onmousedown|onmousemove|onmouseout|onmouseover|onmouseup|onload|onunload|onerror)\s*=[^<]*(?=\>)/Uis',
1755. //tags
1756. '/<\/?(script|meta|link|frame|iframe).*>/Uis',
1757. //base64 usage
1758. - '/src=[^<]*base64[^<]*(?=\>)/Uis',
1759. + '/src\s*=[^<]*base64[^<]*(?=\>)/Uis',
1760. );
1761.  
1762. /**
1763. diff --git app/code/core/Mage/Core/Model/Session.php app/code/core/Mage/Core/Model/Session.php
1764. index a188c5f..c0cc867 100644
1765. --- app/code/core/Mage/Core/Model/Session.php
1766. +++ app/code/core/Mage/Core/Model/Session.php
1767. @@ -33,7 +33,7 @@
1768. */
1769. class Mage_Core_Model_Session extends Mage_Core_Model_Session_Abstract
1770. {
1771. - public function __construct($data=array())
1772. + public function __construct($data = array())
1773. {
1774. $name = isset($data['name']) ? $data['name'] : null;
1775. $this->init('core', $name);
1776. @@ -47,8 +47,27 @@ class Mage_Core_Model_Session extends Mage_Core_Model_Session_Abstract
1777. public function getFormKey()
1778. {
1779. if (!$this->getData('_form_key')) {
1780. - $this->setData('_form_key', Mage::helper('core')->getRandomString(16));
1781. + $this->renewFormKey();
1782. }
1783. return $this->getData('_form_key');
1784. }
1785. +
1786. + /**
1787. + * Creates new Form key
1788. + */
1789. + public function renewFormKey()
1790. + {
1791. + $this->setData('_form_key', Mage::helper('core')->getRandomString(16));
1792. + }
1793. +
1794. + /**
1795. + * Validates Form key
1796. + *
1797. + * @param string|null $formKey
1798. + * @return bool
1799. + */
1800. + public function validateFormKey($formKey)
1801. + {
1802. + return ($formKey === $this->getFormKey());
1803. + }
1804. }
1805. diff --git app/code/core/Mage/Customer/controllers/AccountController.php app/code/core/Mage/Customer/controllers/AccountController.php
1806. index 43b3c4c..49cb60a 100644
1807. --- app/code/core/Mage/Customer/controllers/AccountController.php
1808. +++ app/code/core/Mage/Customer/controllers/AccountController.php
1809. @@ -68,7 +68,7 @@ class Mage_Customer_AccountController extends Mage_Core_Controller_Front_Action
1810. return;
1811. }
1812.  
1813. - $action = $this->getRequest()->getActionName();
1814. + $action = strtolower($this->getRequest()->getActionName());
1815. $openActions = array(
1816. 'create',
1817. 'login',
1818. diff --git app/code/core/Mage/Dataflow/Model/Convert/Parser/Csv.php app/code/core/Mage/Dataflow/Model/Convert/Parser/Csv.php
1819. index 7a8407d..450a6dd 100644
1820. --- app/code/core/Mage/Dataflow/Model/Convert/Parser/Csv.php
1821. +++ app/code/core/Mage/Dataflow/Model/Convert/Parser/Csv.php
1822. @@ -252,7 +252,7 @@ class Mage_Dataflow_Model_Convert_Parser_Csv extends Mage_Dataflow_Model_Convert
1823. * Retrieve csv string from array
1824. *
1825. * @param array $fields
1826. - * @return sting
1827. + * @return string
1828. */
1829. public function getCsvString($fields = array()) {
1830. $delimiter = $this->getVar('delimiter', ',');
1831. @@ -264,11 +264,10 @@ class Mage_Dataflow_Model_Convert_Parser_Csv extends Mage_Dataflow_Model_Convert
1832. }
1833.  
1834. $str = '';
1835. -
1836. foreach ($fields as $value) {
1837. - if (substr($value, 0, 1) === '=') {
1838. - $value = ' ' . $value;
1839. - }
1840. +
1841. + $escapedValue = Mage::helper("core")->getEscapedCSVData(array($value));
1842. + $value = $escapedValue[0];
1843.  
1844. if (strpos($value, $delimiter) !== false ||
1845. empty($enclosure) ||
1846. diff --git app/code/core/Mage/Downloadable/controllers/CustomerController.php app/code/core/Mage/Downloadable/controllers/CustomerController.php
1847. index 70faeea..ec092f80 100644
1848. --- app/code/core/Mage/Downloadable/controllers/CustomerController.php
1849. +++ app/code/core/Mage/Downloadable/controllers/CustomerController.php
1850. @@ -40,7 +40,7 @@ class Mage_Downloadable_CustomerController extends Mage_Core_Controller_Front_Ac
1851. public function preDispatch()
1852. {
1853. parent::preDispatch();
1854. - $action = $this->getRequest()->getActionName();
1855. +
1856. $loginUrl = Mage::helper('customer')->getLoginUrl();
1857.  
1858. if (!Mage::getSingleton('customer/session')->authenticate($this, $loginUrl)) {
1859. diff --git app/code/core/Mage/ImportExport/Model/Export/Adapter/Abstract.php app/code/core/Mage/ImportExport/Model/Export/Adapter/Abstract.php
1860. index 6229267..e9af6c3 100644
1861. --- app/code/core/Mage/ImportExport/Model/Export/Adapter/Abstract.php
1862. +++ app/code/core/Mage/ImportExport/Model/Export/Adapter/Abstract.php
1863. @@ -137,6 +137,15 @@ abstract class Mage_ImportExport_Model_Export_Adapter_Abstract
1864. }
1865.  
1866. /**
1867. + * Returns destination path
1868. + * @return string
1869. + */
1870. + public function getDestination()
1871. + {
1872. + return $this->_destination;
1873. + }
1874. +
1875. + /**
1876. * Write row data to source file.
1877. *
1878. * @param array $rowData
1879. diff --git app/code/core/Mage/ImportExport/Model/Export/Adapter/Csv.php app/code/core/Mage/ImportExport/Model/Export/Adapter/Csv.php
1880. index 7f1a604..a834b9a 100644
1881. --- app/code/core/Mage/ImportExport/Model/Export/Adapter/Csv.php
1882. +++ app/code/core/Mage/ImportExport/Model/Export/Adapter/Csv.php
1883. @@ -33,6 +33,9 @@
1884. */
1885. class Mage_ImportExport_Model_Export_Adapter_Csv extends Mage_ImportExport_Model_Export_Adapter_Abstract
1886. {
1887. + /** config string for escaping export */
1888. + const CONFIG_ESCAPING_FLAG = 'system/export_csv/escaping';
1889. +
1890. /**
1891. * Field delimiter.
1892. *
1893. @@ -115,11 +118,7 @@ class Mage_ImportExport_Model_Export_Adapter_Csv extends Mage_ImportExport_Model
1894. * @see https://bugzilla.mozilla.org/show_bug.cgi?id=1054702
1895. */
1896. $data = array_merge($this->_headerCols, array_intersect_key($rowData, $this->_headerCols));
1897. - foreach ($data as $key => $value) {
1898. - if (substr($value, 0, 1) === '=') {
1899. - $data[$key] = ' ' . $value;
1900. - }
1901. - }
1902. + $data = Mage::helper("core")->getEscapedCSVData($data);
1903.  
1904. fputcsv(
1905. $this->_fileHandler,
1906. @@ -130,4 +129,5 @@ class Mage_ImportExport_Model_Export_Adapter_Csv extends Mage_ImportExport_Model
1907.  
1908. return $this;
1909. }
1910. +
1911. }
1912. diff --git app/code/core/Mage/ImportExport/Model/Import/Entity/Abstract.php app/code/core/Mage/ImportExport/Model/Import/Entity/Abstract.php
1913. index 50b37d1..cd58ada 100644
1914. --- app/code/core/Mage/ImportExport/Model/Import/Entity/Abstract.php
1915. +++ app/code/core/Mage/ImportExport/Model/Import/Entity/Abstract.php
1916. @@ -273,6 +273,9 @@ abstract class Mage_ImportExport_Model_Import_Entity_Abstract
1917. $nextRowBackup = array();
1918. $maxDataSize = Mage::getResourceHelper('importexport')->getMaxDataSize();
1919.  
1920. + /** @var Mage_Core_Helper_Data $coreHelper */
1921. + $coreHelper = Mage::helper("core");
1922. +
1923. $source->rewind();
1924. $this->_dataSourceModel->cleanBunches();
1925.  
1926. @@ -289,7 +292,7 @@ abstract class Mage_ImportExport_Model_Import_Entity_Abstract
1927. if ($this->_errorsCount >= $this->_errorsLimit) { // errors limit check
1928. return;
1929. }
1930. - $rowData = $source->current();
1931. + $rowData = $coreHelper->unEscapeCSVData($source->current());
1932.  
1933. $this->_processedRowsCount++;
1934.  
1935. diff --git app/code/core/Mage/ImportExport/etc/config.xml app/code/core/Mage/ImportExport/etc/config.xml
1936. index d32d08f..8582d6f 100644
1937. --- app/code/core/Mage/ImportExport/etc/config.xml
1938. +++ app/code/core/Mage/ImportExport/etc/config.xml
1939. @@ -126,6 +126,11 @@
1940. </layout>
1941. </adminhtml>
1942. <default>
1943. + <system>
1944. + <export_csv>
1945. + <escaping>1</escaping>
1946. + </export_csv>
1947. + </system>
1948. <general>
1949. <file>
1950. <importexport_local_valid_paths>
1951. diff --git app/code/core/Mage/ImportExport/etc/system.xml app/code/core/Mage/ImportExport/etc/system.xml
1952. new file mode 100644
1953. index 0000000..1c06041
1954. --- /dev/null
1955. +++ app/code/core/Mage/ImportExport/etc/system.xml
1956. @@ -0,0 +1,54 @@
1957. +<?xml version="1.0"?>
1958. +<!--
1959. +/**
1960. + * Magento
1961. + *
1962. + * NOTICE OF LICENSE
1963. + *
1964. + * This source file is subject to the Open Software License (OSL 3.0)
1965. + * that is bundled with this package in the file LICENSE.txt.
1966. + * It is also available through the world-wide-web at this URL:
1967. + * http://opensource.org/licenses/osl-3.0.php
1968. + * If you did not receive a copy of the license and are unable to
1969. + * obtain it through the world-wide-web, please send an email
1970. + * to license@magentocommerce.com so we can send you a copy immediately.
1971. + *
1972. + * DISCLAIMER
1973. + *
1974. + * Do not edit or add to this file if you wish to upgrade Magento to newer
1975. + * versions in the future. If you wish to customize Magento for your
1976. + * needs please refer to http://www.magentocommerce.com for more information.
1977. + *
1978. + * @category Mage
1979. + * @package Mage_ImportExport
1980. + * @copyright Copyright (c) 2006-2015 X.commerce, Inc. (http://www.magento.com)
1981. + * @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
1982. + */
1983. +-->
1984. +<config>
1985. + <sections>
1986. + <system>
1987. + <groups>
1988. + <export_csv translate="label">
1989. + <label>Escape CSV fields</label>
1990. + <show_in_default>1</show_in_default>
1991. + <show_in_website>1</show_in_website>
1992. + <show_in_store>1</show_in_store>
1993. + <sort_order>500</sort_order>
1994. + <fields>
1995. + <escaping translate="label">
1996. + <label>Escape CSV fields</label>
1997. + <frontend_type>select</frontend_type>
1998. + <source_model>adminhtml/system_config_source_yesno</source_model>
1999. + <sort_order>1</sort_order>
2000. + <show_in_default>1</show_in_default>
2001. + <show_in_website>0</show_in_website>
2002. + <show_in_store>0</show_in_store>
2003. + <comment>Disabling this setting can increase security risk.</comment>
2004. + </escaping>
2005. + </fields>
2006. + </export_csv>
2007. + </groups>
2008. + </system>
2009. + </sections>
2010. +</config>
2011. diff --git app/code/core/Mage/Newsletter/Model/Observer.php app/code/core/Mage/Newsletter/Model/Observer.php
2012. index 26b3e1c..5327d26 100644
2013. --- app/code/core/Mage/Newsletter/Model/Observer.php
2014. +++ app/code/core/Mage/Newsletter/Model/Observer.php
2015. @@ -61,6 +61,7 @@ class Mage_Newsletter_Model_Observer
2016. $countOfQueue = 3;
2017. $countOfSubscritions = 20;
2018.  
2019. + /** @var Mage_Newsletter_Model_Resource_Queue_Collection $collection */
2020. $collection = Mage::getModel('newsletter/queue')->getCollection()
2021. ->setPageSize($countOfQueue)
2022. ->setCurPage(1)
2023. diff --git app/code/core/Mage/Newsletter/Model/Queue.php app/code/core/Mage/Newsletter/Model/Queue.php
2024. index 9962077..d5f60cf 100644
2025. --- app/code/core/Mage/Newsletter/Model/Queue.php
2026. +++ app/code/core/Mage/Newsletter/Model/Queue.php
2027. @@ -186,6 +186,7 @@ class Mage_Newsletter_Model_Queue extends Mage_Core_Model_Template
2028. return $this;
2029. }
2030.  
2031. + /** @var Mage_Newsletter_Model_Resource_Subscriber_Collection $collection */
2032. $collection = $this->getSubscribersCollection()
2033. ->useOnlyUnsent()
2034. ->showCustomerInfo()
2035. @@ -193,7 +194,7 @@ class Mage_Newsletter_Model_Queue extends Mage_Core_Model_Template
2036. ->setCurPage(1)
2037. ->load();
2038.  
2039. - /* @var $sender Mage_Core_Model_Email_Template */
2040. + /** @var Mage_Core_Model_Email_Template $sender */
2041. $sender = Mage::getModel('core/email_template');
2042. $sender->setSenderName($this->getNewsletterSenderName())
2043. ->setSenderEmail($this->getNewsletterSenderEmail())
2044. diff --git app/code/core/Mage/Page/etc/system.xml app/code/core/Mage/Page/etc/system.xml
2045. index 3e76f84..875ba18 100644
2046. --- app/code/core/Mage/Page/etc/system.xml
2047. +++ app/code/core/Mage/Page/etc/system.xml
2048. @@ -39,7 +39,7 @@
2049. <fields>
2050. <shortcut_icon translate="label comment">
2051. <label>Favicon Icon</label>
2052. - <comment>Allowed file types: ICO, PNG, GIF, JPEG, APNG, SVG. Not all browsers support all these formats!</comment>
2053. + <comment>Allowed file types: ICO, PNG, GIF, JPG, JPEG, APNG. Not all browsers support all these formats!</comment>
2054. <frontend_type>image</frontend_type>
2055. <backend_model>adminhtml/system_config_backend_image_favicon</backend_model>
2056. <base_url type="media" scope_info="1">favicon</base_url>
2057. diff --git app/code/core/Mage/Paypal/controllers/PayflowController.php app/code/core/Mage/Paypal/controllers/PayflowController.php
2058. index 9b52125..7ee974f 100644
2059. --- app/code/core/Mage/Paypal/controllers/PayflowController.php
2060. +++ app/code/core/Mage/Paypal/controllers/PayflowController.php
2061. @@ -66,7 +66,12 @@ class Mage_Paypal_PayflowController extends Mage_Core_Controller_Front_Action
2062. $session->unsLastRealOrderId();
2063. $redirectBlock->setGotoSuccessPage(true);
2064. } else {
2065. - $gotoSection = $this->_cancelPayment(strval($this->getRequest()->getParam('RESPMSG')));
2066. + $gotoSection = $this->_cancelPayment(
2067. + Mage::helper('core')
2068. + ->stripTags(
2069. + strval($this->getRequest()->getParam('RESPMSG'))
2070. + )
2071. + );
2072. $redirectBlock->setGotoSection($gotoSection);
2073. $redirectBlock->setErrorMsg($this->__('Payment has been declined. Please try again.'));
2074. }
2075. diff --git app/code/core/Mage/Paypal/controllers/PayflowadvancedController.php app/code/core/Mage/Paypal/controllers/PayflowadvancedController.php
2076. index 64c9840..afc99a1 100644
2077. --- app/code/core/Mage/Paypal/controllers/PayflowadvancedController.php
2078. +++ app/code/core/Mage/Paypal/controllers/PayflowadvancedController.php
2079. @@ -70,7 +70,12 @@ class Mage_Paypal_PayflowadvancedController extends Mage_Paypal_Controller_Expre
2080. $session->unsLastRealOrderId();
2081. $redirectBlock->setGotoSuccessPage(true);
2082. } else {
2083. - $gotoSection = $this->_cancelPayment(strval($this->getRequest()->getParam('RESPMSG')));
2084. + $gotoSection = $this->_cancelPayment(
2085. + Mage::helper('core')
2086. + ->stripTags(
2087. + strval($this->getRequest()->getParam('RESPMSG'))
2088. + )
2089. + );
2090. $redirectBlock->setGotoSection($gotoSection);
2091. $redirectBlock->setErrorMsg($this->__('Payment has been declined. Please try again.'));
2092. }
2093. diff --git app/code/core/Mage/Paypal/etc/config.xml app/code/core/Mage/Paypal/etc/config.xml
2094. index d804cf4..3b81bc8 100644
2095. --- app/code/core/Mage/Paypal/etc/config.xml
2096. +++ app/code/core/Mage/Paypal/etc/config.xml
2097. @@ -145,14 +145,14 @@
2098. </hss_save_order_after_submit>
2099. </observers>
2100. </checkout_submit_all_after>
2101. - <controller_action_postdispatch_checkout_onepage_saveOrder>
2102. + <controller_action_postdispatch_checkout_onepage_saveorder>
2103. <observers>
2104. <hss_save_order_onepage>
2105. <class>paypal/observer</class>
2106. <method>setResponseAfterSaveOrder</method>
2107. </hss_save_order_onepage>
2108. </observers>
2109. - </controller_action_postdispatch_checkout_onepage_saveOrder>
2110. + </controller_action_postdispatch_checkout_onepage_saveorder>
2111. </events>
2112. </frontend>
2113. <adminhtml>
2114. diff --git app/code/core/Mage/Persistent/etc/config.xml app/code/core/Mage/Persistent/etc/config.xml
2115. index 0a6f42d..e3e3126 100644
2116. --- app/code/core/Mage/Persistent/etc/config.xml
2117. +++ app/code/core/Mage/Persistent/etc/config.xml
2118. @@ -111,14 +111,14 @@
2119. </persistent>
2120. </observers>
2121. </controller_action_layout_load_before>
2122. - <controller_action_predispatch_customer_account_loginPost>
2123. + <controller_action_predispatch_customer_account_loginpost>
2124. <observers>
2125. <persistent>
2126. <class>persistent/observer_session</class>
2127. <method>setRememberMeCheckedStatus</method>
2128. </persistent>
2129. </observers>
2130. - </controller_action_predispatch_customer_account_loginPost>
2131. + </controller_action_predispatch_customer_account_loginpost>
2132. <controller_action_predispatch_customer_account_createpost>
2133. <observers>
2134. <persistent>
2135. @@ -175,22 +175,22 @@
2136. </persistent>
2137. </observers>
2138. </customer_customer_authenticated>
2139. - <controller_action_predispatch_persistent_index_unsetCookie>
2140. + <controller_action_predispatch_persistent_index_unsetcookie>
2141. <observers>
2142. <persistent>
2143. <class>persistent/observer</class>
2144. <method>preventClearCheckoutSession</method>
2145. </persistent>
2146. </observers>
2147. - </controller_action_predispatch_persistent_index_unsetCookie>
2148. - <controller_action_postdispatch_persistent_index_unsetCookie>
2149. + </controller_action_predispatch_persistent_index_unsetcookie>
2150. + <controller_action_postdispatch_persistent_index_unsetcookie>
2151. <observers>
2152. <persistent>
2153. <class>persistent/observer</class>
2154. <method>makePersistentQuoteGuest</method>
2155. </persistent>
2156. </observers>
2157. - </controller_action_postdispatch_persistent_index_unsetCookie>
2158. + </controller_action_postdispatch_persistent_index_unsetcookie>
2159. <sales_quote_save_before>
2160. <observers>
2161. <persistent>
2162. @@ -207,14 +207,14 @@
2163. </persistent>
2164. </observers>
2165. </custom_quote_process>
2166. - <controller_action_postdispatch_checkout_onepage_saveBilling>
2167. + <controller_action_postdispatch_checkout_onepage_savebilling>
2168. <observers>
2169. <persistent>
2170. <class>persistent/observer_session</class>
2171. <method>setRememberMeCheckedStatus</method>
2172. </persistent>
2173. </observers>
2174. - </controller_action_postdispatch_checkout_onepage_saveBilling>
2175. + </controller_action_postdispatch_checkout_onepage_savebilling>
2176. <customer_register_success>
2177. <observers>
2178. <persistent>
2179. diff --git app/code/core/Mage/Review/controllers/ProductController.php app/code/core/Mage/Review/controllers/ProductController.php
2180. index 4cf922e..82361cb 100644
2181. --- app/code/core/Mage/Review/controllers/ProductController.php
2182. +++ app/code/core/Mage/Review/controllers/ProductController.php
2183. @@ -50,7 +50,7 @@ class Mage_Review_ProductController extends Mage_Core_Controller_Front_Action
2184. return;
2185. }
2186.  
2187. - $action = $this->getRequest()->getActionName();
2188. + $action = strtolower($this->getRequest()->getActionName());
2189. if (!$allowGuest && $action == 'post' && $this->getRequest()->isPost()) {
2190. if (!Mage::getSingleton('customer/session')->isLoggedIn()) {
2191. $this->setFlag('', self::FLAG_NO_DISPATCH, true);
2192. @@ -160,9 +160,9 @@ class Mage_Review_ProductController extends Mage_Core_Controller_Front_Action
2193. }
2194.  
2195. if (($product = $this->_initProduct()) && !empty($data)) {
2196. - $session = Mage::getSingleton('core/session');
2197. + $session = Mage::getSingleton('core/session');
2198. /* @var $session Mage_Core_Model_Session */
2199. - $review = Mage::getModel('review/review')->setData($data);
2200. + $review = Mage::getModel('review/review')->setData($this->_cropReviewData($data));
2201. /* @var $review Mage_Review_Model_Review */
2202.  
2203. $validate = $review->validate();
2204. @@ -295,4 +295,23 @@ class Mage_Review_ProductController extends Mage_Core_Controller_Front_Action
2205. $update->addUpdate($product->getCustomLayoutUpdate());
2206. $this->generateLayoutXml()->generateLayoutBlocks();
2207. }
2208. +
2209. + /**
2210. + * Crops POST values
2211. + * @param array $reviewData
2212. + * @return array
2213. + */
2214. + protected function _cropReviewData(array $reviewData)
2215. + {
2216. + $croppedValues = array();
2217. + $allowedKeys = array_fill_keys(array('detail', 'title', 'nickname'), true);
2218. +
2219. + foreach ($reviewData as $key => $value) {
2220. + if (isset($allowedKeys[$key])) {
2221. + $croppedValues[$key] = $value;
2222. + }
2223. + }
2224. +
2225. + return $croppedValues;
2226. + }
2227. }
2228. diff --git app/code/core/Mage/Rss/Block/Catalog/Salesrule.php app/code/core/Mage/Rss/Block/Catalog/Salesrule.php
2229. index 931af4a..1fba27f 100644
2230. --- app/code/core/Mage/Rss/Block/Catalog/Salesrule.php
2231. +++ app/code/core/Mage/Rss/Block/Catalog/Salesrule.php
2232. @@ -85,7 +85,7 @@ class Mage_Rss_Block_Catalog_Salesrule extends Mage_Rss_Block_Abstract
2233. '<td style="text-decoration:none;">'.$sr->getDescription().
2234. '<br/>Discount Start Date: '.$this->formatDate($sr->getFromDate(), 'medium').
2235. ( $sr->getToDate() ? ('<br/>Discount End Date: '.$this->formatDate($sr->getToDate(), 'medium')):'').
2236. - ($sr->getCouponCode() ? '<br/> Coupon Code: '.$sr->getCouponCode().'' : '').
2237. + ($sr->getCouponCode() ? '<br/> Coupon Code: '. $this->escapeHtml($sr->getCouponCode()).'' : '').
2238. '</td>'.
2239. '</tr></table>';
2240. $data = array(
2241. diff --git app/code/core/Mage/Sales/Helper/Guest.php app/code/core/Mage/Sales/Helper/Guest.php
2242. index 8ecf8bc..c9669b7 100644
2243. --- app/code/core/Mage/Sales/Helper/Guest.php
2244. +++ app/code/core/Mage/Sales/Helper/Guest.php
2245. @@ -50,19 +50,15 @@ class Mage_Sales_Helper_Guest extends Mage_Core_Helper_Data
2246. }
2247.  
2248. $post = Mage::app()->getRequest()->getPost();
2249. -
2250. - $type = '';
2251. - $incrementId = '';
2252. - $lastName = '';
2253. - $email = '';
2254. - $zip = '';
2255. - $protectCode = '';
2256. - $errors = false;
2257. + $errors = false;
2258.  
2259. /** @var $order Mage_Sales_Model_Order */
2260. $order = Mage::getModel('sales/order');
2261. + /** @var Mage_Core_Model_Cookie $cookieModel */
2262. + $cookieModel = Mage::getSingleton('core/cookie');
2263. + $errorMessage = 'Entered data is incorrect. Please try again.';
2264.  
2265. - if (empty($post) && !Mage::getSingleton('core/cookie')->get($this->_cookieName)) {
2266. + if (empty($post) && !$cookieModel->get($this->_cookieName)) {
2267. Mage::app()->getResponse()->setRedirect(Mage::getUrl('sales/guest/form'));
2268. return false;
2269. } elseif (!empty($post) && isset($post['oar_order_id']) && isset($post['oar_type'])) {
2270. @@ -95,18 +91,26 @@ class Mage_Sales_Helper_Guest extends Mage_Core_Helper_Data
2271. $errors = true;
2272. }
2273.  
2274. - if (!$errors) {
2275. - $toCookie = base64_encode($order->getProtectCode());
2276. - Mage::getSingleton('core/cookie')->set($this->_cookieName, $toCookie, $this->_lifeTime, '/');
2277. + if ($errors === false && !is_null($order->getCustomerId())) {
2278. + $errorMessage = 'Please log in to view your order details.';
2279. + $errors = true;
2280. }
2281. - } elseif (Mage::getSingleton('core/cookie')->get($this->_cookieName)) {
2282. - $fromCookie = Mage::getSingleton('core/cookie')->get($this->_cookieName);
2283. - $protectCode = base64_decode($fromCookie);
2284. -
2285. - if (!empty($protectCode)) {
2286. - $order->loadByAttribute('protect_code', $protectCode);
2287.  
2288. - Mage::getSingleton('core/cookie')->renew($this->_cookieName, $this->_lifeTime, '/');
2289. + if (!$errors) {
2290. + $toCookie = base64_encode($order->getProtectCode() . ':' . $incrementId);
2291. + $cookieModel->set($this->_cookieName, $toCookie, $this->_lifeTime, '/');
2292. + }
2293. + } elseif ($cookieModel->get($this->_cookieName)) {
2294. + $cookie = $cookieModel->get($this->_cookieName);
2295. + $cookieOrder = $this->_loadOrderByCookie( $cookie );
2296. + if (!is_null($cookieOrder)) {
2297. + if( is_null( $cookieOrder->getCustomerId() ) ){
2298. + $cookieModel->renew($this->_cookieName, $this->_lifeTime, '/');
2299. + $order = $cookieOrder;
2300. + } else {
2301. + $errorMessage = 'Please log in to view your order details.';
2302. + $errors = true;
2303. + }
2304. } else {
2305. $errors = true;
2306. }
2307. @@ -117,9 +121,7 @@ class Mage_Sales_Helper_Guest extends Mage_Core_Helper_Data
2308. return true;
2309. }
2310.  
2311. - Mage::getSingleton('core/session')->addError(
2312. - $this->__('Entered data is incorrect. Please try again.')
2313. - );
2314. + Mage::getSingleton('core/session')->addError($this->__($errorMessage));
2315. Mage::app()->getResponse()->setRedirect(Mage::getUrl('sales/guest/form'));
2316. return false;
2317. }
2318. @@ -149,4 +151,40 @@ class Mage_Sales_Helper_Guest extends Mage_Core_Helper_Data
2319. );
2320. }
2321.  
2322. + /**
2323. + * Try to load order by cookie hash
2324. + *
2325. + * @param string|null $cookie
2326. + * @return null|Mage_Sales_Model_Order
2327. + */
2328. + protected function _loadOrderByCookie($cookie = null)
2329. + {
2330. + if (!is_null($cookie)) {
2331. + $cookieData = explode(':', base64_decode($cookie));
2332. + $protectCode = isset($cookieData[0]) ? $cookieData[0] : null;
2333. + $incrementId = isset($cookieData[1]) ? $cookieData[1] : null;
2334. +
2335. + if (!empty($protectCode) && !empty($incrementId)) {
2336. + /** @var $order Mage_Sales_Model_Order */
2337. + $order = Mage::getModel('sales/order');
2338. + $order->loadByIncrementId($incrementId);
2339. +
2340. + if ($order->getProtectCode() === $protectCode) {
2341. + return $order;
2342. + }
2343. + }
2344. + }
2345. + return null;
2346. + }
2347. +
2348. + /**
2349. + * Getter for $this->_cookieName
2350. + *
2351. + * @return string
2352. + */
2353. + public function getCookieName()
2354. + {
2355. + return $this->_cookieName;
2356. + }
2357. +
2358. }
2359. diff --git app/code/core/Mage/Sales/Model/Quote/Address.php app/code/core/Mage/Sales/Model/Quote/Address.php
2360. index d1099ac..9869bfd 100644
2361. --- app/code/core/Mage/Sales/Model/Quote/Address.php
2362. +++ app/code/core/Mage/Sales/Model/Quote/Address.php
2363. @@ -1022,7 +1022,12 @@ class Mage_Sales_Model_Quote_Address extends Mage_Customer_Model_Address_Abstrac
2364. */
2365. public function getAppliedTaxes()
2366. {
2367. - return unserialize($this->getData('applied_taxes'));
2368. + try {
2369. + $return = Mage::helper('core/unserializeArray')->unserialize($this->getData('applied_taxes'));
2370. + } catch (Exception $e) {
2371. + $return = array();
2372. + }
2373. + return $return;
2374. }
2375.  
2376. /**
2377. diff --git app/code/core/Mage/Sales/Model/Quote/Item.php app/code/core/Mage/Sales/Model/Quote/Item.php
2378. index 9dedada..681f04b 100644
2379. --- app/code/core/Mage/Sales/Model/Quote/Item.php
2380. +++ app/code/core/Mage/Sales/Model/Quote/Item.php
2381. @@ -492,25 +492,34 @@ class Mage_Sales_Model_Quote_Item extends Mage_Sales_Model_Quote_Item_Abstract
2382. }
2383. if ($itemOption = $item->getOptionByCode($option->getCode())) {
2384. $itemOptionValue = $itemOption->getValue();
2385. - $optionValue = $option->getValue();
2386. + $optionValue = $option->getValue();
2387.  
2388. // dispose of some options params, that can cramp comparing of arrays
2389. if (is_string($itemOptionValue) && is_string($optionValue)) {
2390. - $_itemOptionValue = @unserialize($itemOptionValue);
2391. - $_optionValue = @unserialize($optionValue);
2392. - if (is_array($_itemOptionValue) && is_array($_optionValue)) {
2393. - $itemOptionValue = $_itemOptionValue;
2394. - $optionValue = $_optionValue;
2395. - // looks like it does not break bundle selection qty
2396. - unset($itemOptionValue['qty'], $itemOptionValue['uenc'], $optionValue['qty'], $optionValue['uenc']);
2397. + try {
2398. + /** @var Unserialize_Parser $parser */
2399. + $parser = Mage::helper('core/unserializeArray');
2400. +
2401. + $_itemOptionValue = $parser->unserialize($itemOptionValue);
2402. + $_optionValue = $parser->unserialize($optionValue);
2403. +
2404. + if (is_array($_itemOptionValue) && is_array($_optionValue)) {
2405. + $itemOptionValue = $_itemOptionValue;
2406. + $optionValue = $_optionValue;
2407. + // looks like it does not break bundle selection qty
2408. + unset($itemOptionValue['qty'], $itemOptionValue['uenc']);
2409. + unset($optionValue['qty'], $optionValue['uenc']);
2410. + }
2411. +
2412. + } catch (Exception $e) {
2413. + Mage::logException($e);
2414. }
2415. }
2416.  
2417. if ($itemOptionValue != $optionValue) {
2418. return false;
2419. }
2420. - }
2421. - else {
2422. + } else {
2423. return false;
2424. }
2425. }
2426. diff --git app/code/core/Zend/Xml/Security.php app/code/core/Zend/Xml/Security.php
2427. index a3cdbc8..8b697b9 100644
2428. --- app/code/core/Zend/Xml/Security.php
2429. +++ app/code/core/Zend/Xml/Security.php
2430. @@ -14,16 +14,15 @@
2431. *
2432. * @category Zend
2433. * @package Zend_Xml
2434. - * @copyright Copyright (c) 2005-2014 Zend Technologies USA Inc. (http://www.zend.com)
2435. + * @copyright Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com)
2436. * @license http://framework.zend.com/license/new-bsd New BSD License
2437. * @version $Id$
2438. */
2439.  
2440. -
2441. /**
2442. * @category Zend
2443. * @package Zend_Xml_SecurityScan
2444. - * @copyright Copyright (c) 2005-2014 Zend Technologies USA Inc. (http://www.zend.com)
2445. + * @copyright Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com)
2446. * @license http://framework.zend.com/license/new-bsd New BSD License
2447. */
2448. class Zend_Xml_Security
2449. @@ -108,6 +107,9 @@ class Zend_Xml_Security
2450. foreach ($dom->childNodes as $child) {
2451. if ($child->nodeType === XML_DOCUMENT_TYPE_NODE) {
2452. if ($child->entities->length > 0) {
2453. + libxml_disable_entity_loader($loadEntities);
2454. + libxml_use_internal_errors($useInternalXmlErrors);
2455. +
2456. #require_once 'Exception.php';
2457. throw new Zend_Xml_Exception(self::ENTITY_DETECT);
2458. }
2459. @@ -157,24 +159,11 @@ class Zend_Xml_Security
2460. * (vs libxml checks) should be made, due to threading issues in libxml;
2461. * under php-fpm, threading becomes a concern.
2462. *
2463. - * However, PHP versions 5.5.22+ and 5.6.6+ contain a patch to the
2464. - * libxml support in PHP that makes the libxml checks viable; in such
2465. - * versions, this method will return false to enforce those checks, which
2466. - * are more strict and accurate than the heuristic checks.
2467. - *
2468. * @return boolean
2469. */
2470. public static function isPhpFpm()
2471. {
2472. - $isVulnerableVersion = (
2473. - version_compare(PHP_VERSION, '5.5.22', 'lt')
2474. - || (
2475. - version_compare(PHP_VERSION, '5.6', 'gte')
2476. - && version_compare(PHP_VERSION, '5.6.6', 'lt')
2477. - )
2478. - );
2479. -
2480. - if (substr(php_sapi_name(), 0, 3) === 'fpm' && $isVulnerableVersion) {
2481. + if (substr(php_sapi_name(), 0, 3) === 'fpm') {
2482. return true;
2483. }
2484. return false;
2485. diff --git app/design/adminhtml/default/default/template/authorizenet/directpost/iframe.phtml app/design/adminhtml/default/default/template/authorizenet/directpost/iframe.phtml
2486. index 1532c0a..eb2d9c7 100644
2487. --- app/design/adminhtml/default/default/template/authorizenet/directpost/iframe.phtml
2488. +++ app/design/adminhtml/default/default/template/authorizenet/directpost/iframe.phtml
2489. @@ -30,7 +30,8 @@
2490. ?>
2491. <?php
2492. $_params = $this->getParams();
2493. -$_helper = $this->helper('authorizenet');
2494. +/* @var $_helper Mage_Authorizenet_Helper_Admin */
2495. +$_helper = $this->helper('authorizenet/admin');
2496. ?>
2497. <html>
2498. <head>
2499. diff --git app/design/adminhtml/default/default/template/bundle/sales/creditmemo/create/items/renderer.phtml app/design/adminhtml/default/default/template/bundle/sales/creditmemo/create/items/renderer.phtml
2500. index 07e2569..6d6ceb2 100644
2501. --- app/design/adminhtml/default/default/template/bundle/sales/creditmemo/create/items/renderer.phtml
2502. +++ app/design/adminhtml/default/default/template/bundle/sales/creditmemo/create/items/renderer.phtml
2503. @@ -376,7 +376,7 @@
2504. <?php if ($this->getOrderOptions($_item->getOrderItem())): ?>
2505. <dl class="item-options">
2506. <?php foreach ($this->getOrderOptions($_item->getOrderItem()) as $option): ?>
2507. - <dt><?php echo $option['label'] ?></dt>
2508. + <dt><?php echo $this->escapeHtml($option['label']) ?></dt>
2509. <dd>
2510. <?php if (isset($option['custom_view']) && $option['custom_view']): ?>
2511. <?php echo $option['value'];?>
2512. diff --git app/design/adminhtml/default/default/template/bundle/sales/creditmemo/view/items/renderer.phtml app/design/adminhtml/default/default/template/bundle/sales/creditmemo/view/items/renderer.phtml
2513. index 2f31023..3cdbd82 100644
2514. --- app/design/adminhtml/default/default/template/bundle/sales/creditmemo/view/items/renderer.phtml
2515. +++ app/design/adminhtml/default/default/template/bundle/sales/creditmemo/view/items/renderer.phtml
2516. @@ -310,7 +310,7 @@
2517. <?php if ($this->getOrderOptions()): ?>
2518. <dl class="item-options">
2519. <?php foreach ($this->getOrderOptions() as $option): ?>
2520. - <dt><?php echo $option['label'] ?></dt>
2521. + <dt><?php echo $this->escapeHtml($option['label']) ?></dt>
2522. <dd>
2523. <?php if (isset($option['custom_view']) && $option['custom_view']): ?>
2524. <?php echo $option['value'];?>
2525. diff --git app/design/adminhtml/default/default/template/bundle/sales/invoice/create/items/renderer.phtml app/design/adminhtml/default/default/template/bundle/sales/invoice/create/items/renderer.phtml
2526. index d87f03d..8a8eb7b 100644
2527. --- app/design/adminhtml/default/default/template/bundle/sales/invoice/create/items/renderer.phtml
2528. +++ app/design/adminhtml/default/default/template/bundle/sales/invoice/create/items/renderer.phtml
2529. @@ -364,7 +364,7 @@
2530. <?php if ($this->getOrderOptions($_item->getOrderItem())): ?>
2531. <dl class="item-options">
2532. <?php foreach ($this->getOrderOptions($_item->getOrderItem()) as $option): ?>
2533. - <dt><?php echo $option['label'] ?></dt>
2534. + <dt><?php echo $this->escapeHtml($option['label']) ?></dt>
2535. <dd>
2536. <?php if (isset($option['custom_view']) && $option['custom_view']): ?>
2537. <?php echo $option['value'];?>
2538. diff --git app/design/adminhtml/default/default/template/bundle/sales/invoice/view/items/renderer.phtml app/design/adminhtml/default/default/template/bundle/sales/invoice/view/items/renderer.phtml
2539. index 128570e..7f70327 100644
2540. --- app/design/adminhtml/default/default/template/bundle/sales/invoice/view/items/renderer.phtml
2541. +++ app/design/adminhtml/default/default/template/bundle/sales/invoice/view/items/renderer.phtml
2542. @@ -309,7 +309,7 @@
2543. <?php if ($this->getOrderOptions()): ?>
2544. <dl class="item-options">
2545. <?php foreach ($this->getOrderOptions() as $option): ?>
2546. - <dt><?php echo $option['label'] ?></dt>
2547. + <dt><?php echo $this->escapeHtml($option['label']) ?></dt>
2548. <dd>
2549. <?php if (isset($option['custom_view']) && $option['custom_view']): ?>
2550. <?php echo $option['value'];?>
2551. diff --git app/design/adminhtml/default/default/template/bundle/sales/order/view/items/renderer.phtml app/design/adminhtml/default/default/template/bundle/sales/order/view/items/renderer.phtml
2552. index a5b7d26..c87a582 100644
2553. --- app/design/adminhtml/default/default/template/bundle/sales/order/view/items/renderer.phtml
2554. +++ app/design/adminhtml/default/default/template/bundle/sales/order/view/items/renderer.phtml
2555. @@ -379,7 +379,7 @@
2556. <?php if ($this->getOrderOptions()): ?>
2557. <dl class="item-options">
2558. <?php foreach ($this->getOrderOptions() as $option): ?>
2559. - <dt><?php echo $option['label'] ?>:</dt>
2560. + <dt><?php echo $this->escapeHtml($option['label']) ?>:</dt>
2561. <dd>
2562. <?php if (isset($option['custom_view']) && $option['custom_view']): ?>
2563. <?php echo $option['value'];?>
2564. diff --git app/design/adminhtml/default/default/template/bundle/sales/shipment/create/items/renderer.phtml app/design/adminhtml/default/default/template/bundle/sales/shipment/create/items/renderer.phtml
2565. index 643fd4b..ef66b81 100644
2566. --- app/design/adminhtml/default/default/template/bundle/sales/shipment/create/items/renderer.phtml
2567. +++ app/design/adminhtml/default/default/template/bundle/sales/shipment/create/items/renderer.phtml
2568. @@ -89,7 +89,7 @@
2569. <?php if ($this->getOrderOptions($_item->getOrderItem())): ?>
2570. <dl class="item-options">
2571. <?php foreach ($this->getOrderOptions($_item->getOrderItem()) as $option): ?>
2572. - <dt><?php echo $option['label'] ?></dt>
2573. + <dt><?php echo $this->escapeHtml($option['label']) ?></dt>
2574. <dd>
2575. <?php if (isset($option['custom_view']) && $option['custom_view']): ?>
2576. <?php echo $option['value'];?>
2577. diff --git app/design/adminhtml/default/default/template/bundle/sales/shipment/view/items/renderer.phtml app/design/adminhtml/default/default/template/bundle/sales/shipment/view/items/renderer.phtml
2578. index 96e66e7..4af3d9a 100644
2579. --- app/design/adminhtml/default/default/template/bundle/sales/shipment/view/items/renderer.phtml
2580. +++ app/design/adminhtml/default/default/template/bundle/sales/shipment/view/items/renderer.phtml
2581. @@ -89,7 +89,7 @@
2582. <?php if ($this->getOrderOptions($_item->getOrderItem())): ?>
2583. <dl class="item-options">
2584. <?php foreach ($this->getOrderOptions($_item->getOrderItem()) as $option): ?>
2585. - <dt><?php echo $option['label'] ?></dt>
2586. + <dt><?php echo $this->escapeHtml($option['label']) ?></dt>
2587. <dd>
2588. <?php if (isset($option['custom_view']) && $option['custom_view']): ?>
2589. <?php echo $option['value'];?>
2590. diff --git app/design/adminhtml/default/default/template/catalog/product/composite/fieldset/options/type/file.phtml app/design/adminhtml/default/default/template/catalog/product/composite/fieldset/options/type/file.phtml
2591. index 8bf3b9c..efb1999 100644
2592. --- app/design/adminhtml/default/default/template/catalog/product/composite/fieldset/options/type/file.phtml
2593. +++ app/design/adminhtml/default/default/template/catalog/product/composite/fieldset/options/type/file.phtml
2594. @@ -78,7 +78,7 @@
2595. <?php echo $this->getFormatedPrice() ?></dt>
2596. <dd<?php if ($_option->decoratedIsLast){?> class="last"<?php }?>>
2597. <?php if ($_fileExists): ?>
2598. - <span class="<?php echo $_fileNamed ?>"><?php echo $_fileInfo->getTitle(); ?></span>
2599. + <span class="<?php echo $_fileNamed ?>"><?php echo $this->escapeHtml($_fileInfo->getTitle()); ?></span>
2600. <a href="javascript:void(0)" class="label" onclick="opFile<?php echo $_rand; ?>.toggleFileChange($(this).next('.input-box'))">
2601. <?php echo Mage::helper('catalog')->__('Change') ?>
2602. </a>&nbsp;
2603. diff --git app/design/adminhtml/default/default/template/downloadable/sales/items/column/downloadable/creditmemo/name.phtml app/design/adminhtml/default/default/template/downloadable/sales/items/column/downloadable/creditmemo/name.phtml
2604. index ae058b6..b8988b0 100644
2605. --- app/design/adminhtml/default/default/template/downloadable/sales/items/column/downloadable/creditmemo/name.phtml
2606. +++ app/design/adminhtml/default/default/template/downloadable/sales/items/column/downloadable/creditmemo/name.phtml
2607. @@ -31,7 +31,7 @@
2608. <?php if ($this->getOrderOptions()): ?>
2609. <dl class="item-options">
2610. <?php foreach ($this->getOrderOptions() as $_option): ?>
2611. - <dt><?php echo $_option['label'] ?></dt>
2612. + <dt><?php echo $this->escapeHtml($_option['label']) ?></dt>
2613. <dd>
2614. <?php if (isset($_option['custom_view']) && $_option['custom_view']): ?>
2615. <?php echo $_option['value'];?>
2616. diff --git app/design/adminhtml/default/default/template/downloadable/sales/items/column/downloadable/invoice/name.phtml app/design/adminhtml/default/default/template/downloadable/sales/items/column/downloadable/invoice/name.phtml
2617. index 668a336..8bfcf31 100644
2618. --- app/design/adminhtml/default/default/template/downloadable/sales/items/column/downloadable/invoice/name.phtml
2619. +++ app/design/adminhtml/default/default/template/downloadable/sales/items/column/downloadable/invoice/name.phtml
2620. @@ -31,7 +31,7 @@
2621. <?php if ($this->getOrderOptions()): ?>
2622. <dl class="item-options">
2623. <?php foreach ($this->getOrderOptions() as $_option): ?>
2624. - <dt><?php echo $_option['label'] ?></dt>
2625. + <dt><?php echo $this->escapeHtml($_option['label']) ?></dt>
2626. <dd>
2627. <?php if (isset($_option['custom_view']) && $_option['custom_view']): ?>
2628. <?php echo $_option['value'];?>
2629. diff --git app/design/adminhtml/default/default/template/downloadable/sales/items/column/downloadable/name.phtml app/design/adminhtml/default/default/template/downloadable/sales/items/column/downloadable/name.phtml
2630. index 7bba1a4..11049de 100644
2631. --- app/design/adminhtml/default/default/template/downloadable/sales/items/column/downloadable/name.phtml
2632. +++ app/design/adminhtml/default/default/template/downloadable/sales/items/column/downloadable/name.phtml
2633. @@ -31,7 +31,7 @@
2634. <?php if ($this->getOrderOptions()): ?>
2635. <dl class="item-options">
2636. <?php foreach ($this->getOrderOptions() as $_option): ?>
2637. - <dt><?php echo $_option['label'] ?></dt>
2638. + <dt><?php echo $this->escapeHtml($_option['label']) ?></dt>
2639. <dd>
2640. <?php if (isset($_option['custom_view']) && $_option['custom_view']): ?>
2641. <?php echo $_option['value'];?>
2642. diff --git app/design/adminhtml/default/default/template/sales/items/column/name.phtml app/design/adminhtml/default/default/template/sales/items/column/name.phtml
2643. index 49d1880..cb4c03f 100644
2644. --- app/design/adminhtml/default/default/template/sales/items/column/name.phtml
2645. +++ app/design/adminhtml/default/default/template/sales/items/column/name.phtml
2646. @@ -36,7 +36,7 @@
2647. <?php if ($this->getOrderOptions()): ?>
2648. <dl class="item-options">
2649. <?php foreach ($this->getOrderOptions() as $_option): ?>
2650. - <dt><?php echo $_option['label'] ?></dt>
2651. + <dt><?php echo $this->escapeHtml($_option['label']) ?></dt>
2652. <dd>
2653. <?php if (isset($_option['custom_view']) && $_option['custom_view']): ?>
2654. <?php echo $this->getCustomizedOptionValue($_option); ?>
2655. diff --git app/design/adminhtml/default/default/template/sales/items/renderer/default.phtml app/design/adminhtml/default/default/template/sales/items/renderer/default.phtml
2656. index 6d94cce..e74b007 100644
2657. --- app/design/adminhtml/default/default/template/sales/items/renderer/default.phtml
2658. +++ app/design/adminhtml/default/default/template/sales/items/renderer/default.phtml
2659. @@ -30,7 +30,7 @@
2660. <?php if ($this->getOrderOptions()): ?>
2661. <ul class="item-options">
2662. <?php foreach ($this->getOrderOptions() as $option): ?>
2663. - <li><strong><?php echo $option['label'] ?>:</strong><br />
2664. + <li><strong><?php echo $this->escapeHtml($option['label']) ?>:</strong><br />
2665. <?php if (is_array($option['value'])): ?>
2666. <?php foreach ($option['value'] as $item): ?>
2667. <?php echo $this->getValueHtml($item) ?><br />
2668. diff --git app/design/adminhtml/default/default/template/sales/order/totals/discount.phtml app/design/adminhtml/default/default/template/sales/order/totals/discount.phtml
2669. index 6237213..097a01f 100644
2670. --- app/design/adminhtml/default/default/template/sales/order/totals/discount.phtml
2671. +++ app/design/adminhtml/default/default/template/sales/order/totals/discount.phtml
2672. @@ -32,7 +32,7 @@
2673. <tr>
2674. <td class="label">
2675. <?php if ($_order->getCouponCode()): ?>
2676. - <?php echo Mage::helper('sales')->__('Discount (%s)', $_order->getCouponCode()) ?>
2677. + <?php echo Mage::helper('sales')->__('Discount (%s)', $this->escapeHtml($_order->getCouponCode())) ?>
2678. <?php else: ?>
2679. <?php echo Mage::helper('sales')->__('Discount') ?>
2680. <?php endif; ?>
2681. diff --git app/design/adminhtml/default/default/template/sales/order/view/info.phtml app/design/adminhtml/default/default/template/sales/order/view/info.phtml
2682. index a0cc09e..328aac5 100644
2683. --- app/design/adminhtml/default/default/template/sales/order/view/info.phtml
2684. +++ app/design/adminhtml/default/default/template/sales/order/view/info.phtml
2685. @@ -84,7 +84,7 @@ $orderStoreDate = $this->formatDate($_order->getCreatedAtStoreDate(), 'medium',
2686. <?php if($_order->getRemoteIp()): ?>
2687. <tr>
2688. <td class="label"><label><?php echo Mage::helper('sales')->__('Placed from IP') ?></label></td>
2689. - <td class="value"><strong><?php echo $_order->getRemoteIp(); echo ($_order->getXForwardedFor())?' (' . $_order->getXForwardedFor() . ')':''; ?></strong></td>
2690. + <td class="value"><strong><?php echo $this->escapeHtml($_order->getRemoteIp()); echo ($_order->getXForwardedFor())?' (' . $this->escapeHtml($_order->getXForwardedFor()) . ')':''; ?></strong></td>
2691. </tr>
2692. <?php endif; ?>
2693. <?php if($_order->getGlobalCurrencyCode() != $_order->getBaseCurrencyCode()): ?>
2694. @@ -125,7 +125,7 @@ $orderStoreDate = $this->formatDate($_order->getCreatedAtStoreDate(), 'medium',
2695. </tr>
2696. <tr>
2697. <td class="label"><label><?php echo Mage::helper('sales')->__('Email') ?></label></td>
2698. - <td class="value"><a href="mailto:<?php echo $_order->getCustomerEmail() ?>"><strong><?php echo $_order->getCustomerEmail() ?></strong></a></td>
2699. + <td class="value"><a href="mailto:<?php echo $this->escapeHtml($_order->getCustomerEmail()) ?>"><strong><?php echo $this->escapeHtml($_order->getCustomerEmail()) ?></strong></a></td>
2700. </tr>
2701. <?php if ($_groupName = $this->getCustomerGroupName()) : ?>
2702. <tr>
2703. diff --git app/design/frontend/base/default/template/catalog/product/view/options/type/file.phtml app/design/frontend/base/default/template/catalog/product/view/options/type/file.phtml
2704. index bf7fd47..1a23133 100644
2705. --- app/design/frontend/base/default/template/catalog/product/view/options/type/file.phtml
2706. +++ app/design/frontend/base/default/template/catalog/product/view/options/type/file.phtml
2707. @@ -78,7 +78,7 @@
2708. <?php echo $this->getFormatedPrice() ?></dt>
2709. <dd<?php if ($_option->decoratedIsLast){?> class="last"<?php }?>>
2710. <?php if ($_fileExists): ?>
2711. - <span class="<?php echo $_fileNamed ?>"><?php echo $_fileInfo->getTitle(); ?></span>
2712. + <span class="<?php echo $_fileNamed ?>"><?php echo $this->escapeHtml($_fileInfo->getTitle()); ?></span>
2713. <a href="javascript:void(0)" class="label" onclick="opFile<?php echo $_rand; ?>.toggleFileChange($(this).next('.input-box'))">
2714. <?php echo Mage::helper('catalog')->__('Change') ?>
2715. </a>&nbsp;
2716. diff --git app/design/frontend/base/default/template/rss/order/details.phtml app/design/frontend/base/default/template/rss/order/details.phtml
2717. index d04541f..93ea2a1 100644
2718. --- app/design/frontend/base/default/template/rss/order/details.phtml
2719. +++ app/design/frontend/base/default/template/rss/order/details.phtml
2720. @@ -78,7 +78,7 @@ store name = $_order->getStore()->getGroup()->getName()
2721. </tr>
2722. <?php if ($_order->getDiscountAmount() > 0): ?>
2723. <tr>
2724. - <td colspan="2" align="right" style="padding:3px 9px"><?php echo (($_order->getCouponCode())? $this->__('Discount (%s)', $_order->getCouponCode()) : $this->__('Discount')) ?></td>
2725. + <td colspan="2" align="right" style="padding:3px 9px"><?php echo (($_order->getCouponCode())? $this->__('Discount (%s)', $this->escapeHtml($_order->getCouponCode())) : $this->__('Discount')) ?></td>
2726. <td align="right" style="padding:3px 9px"><?php echo $_order->formatPrice(0.00 - $_order->getDiscountAmount()) ?></td>
2727. </tr>
2728. <?php endif; ?>
2729. diff --git lib/Varien/File/Uploader.php lib/Varien/File/Uploader.php
2730. index 9ba8ca1..65ae1fd 100644
2731. --- lib/Varien/File/Uploader.php
2732. +++ lib/Varien/File/Uploader.php
2733. @@ -125,6 +125,13 @@ class Varien_File_Uploader
2734. protected $_allowedExtensions = null;
2735.  
2736. /**
2737. + * List of valid MIME-Types.
2738. + *
2739. + * @var array
2740. + */
2741. + protected $_validMimeTypes = array();
2742. +
2743. + /**
2744. * Validate callbacks storage
2745. *
2746. * @var array
2747. @@ -209,7 +216,7 @@ class Varien_File_Uploader
2748. $this->_result = $this->_moveFile($this->_file['tmp_name'], $destinationFile);
2749.  
2750. if ($this->_result) {
2751. - chmod($destinationFile, 0777);
2752. + chmod($destinationFile, 0640);
2753. if ($this->_enableFilesDispersion) {
2754. $fileName = str_replace(DIRECTORY_SEPARATOR, '/',
2755. self::_addDirSeparator($this->_dispretionPath)) . $fileName;
2756. @@ -257,6 +264,14 @@ class Varien_File_Uploader
2757. if (!$this->checkAllowedExtension($fileExtension)) {
2758. throw new Exception('Disallowed file type.');
2759. }
2760. +
2761. + /*
2762. + * Validate MIME-Types.
2763. + */
2764. + if (!$this->checkMimeType($this->_validMimeTypes)) {
2765. + throw new Exception('Invalid MIME type.');
2766. + }
2767. +
2768. //run validate callbacks
2769. foreach ($this->_validateCallbacks as $params) {
2770. if (is_object($params['object']) && method_exists($params['object'], $params['method'])) {
2771. @@ -344,14 +359,17 @@ class Varien_File_Uploader
2772. * @access public
2773. * @return bool
2774. */
2775. - public function checkMimeType($validTypes=Array())
2776. + public function checkMimeType($validTypes = array())
2777. {
2778. - if (count($validTypes) > 0) {
2779. - if (!in_array($this->_getMimeType(), $validTypes)) {
2780. - return false;
2781. + try {
2782. + if (count($validTypes) > 0) {
2783. + $validator = new Zend_Validate_File_MimeType($validTypes);
2784. + return $validator->isValid($this->_file['tmp_name']);
2785. }
2786. + return true;
2787. + } catch (Exception $e) {
2788. + return false;
2789. }
2790. - return true;
2791. }
2792.  
2793. /**
2794. @@ -425,6 +443,21 @@ class Varien_File_Uploader
2795. }
2796.  
2797. /**
2798. + * Set valid MIME-types.
2799. + *
2800. + * @param array $mimeTypes
2801. + * @return Varien_File_Uploader
2802. + */
2803. + public function setValidMimeTypes($mimeTypes = array())
2804. + {
2805. + $this->_validMimeTypes = array();
2806. + foreach ((array) $mimeTypes as $mimeType) {
2807. + $this->_validMimeTypes[] = $mimeType;
2808. + }
2809. + return $this;
2810. + }
2811. +
2812. + /**
2813. * Check if specified extension is allowed
2814. *
2815. * @param string $extension
2816. @@ -499,7 +532,7 @@ class Varien_File_Uploader
2817. $destinationFolder = substr($destinationFolder, 0, -1);
2818. }
2819.  
2820. - if (!(@is_dir($destinationFolder) || @mkdir($destinationFolder, 0777, true))) {
2821. + if (!(@is_dir($destinationFolder) || @mkdir($destinationFolder, 0750, true))) {
2822. throw new Exception("Unable to create directory '{$destinationFolder}'.");
2823. }
2824. return $this;
2825. diff --git lib/Varien/Io/File.php lib/Varien/Io/File.php
2826. index 042a8b9..6b1a7b7 100644
2827. --- lib/Varien/Io/File.php
2828. +++ lib/Varien/Io/File.php
2829. @@ -227,16 +227,6 @@ class Varien_Io_File extends Varien_Io_Abstract
2830. return false;
2831. }
2832.  
2833. - /**
2834. - * Security enchancement for CSV data processing by Excel-like applications.
2835. - * @see https://bugzilla.mozilla.org/show_bug.cgi?id=1054702
2836. - */
2837. - foreach ($row as $key => $value) {
2838. - if (substr($value, 0, 1) === '=') {
2839. - $row[$key] = ' ' . $value;
2840. - }
2841. - }
2842. -
2843. return @fputcsv($this->_streamHandler, $row, $delimiter, $enclosure);
2844. }