Skip to content

Commit

Permalink
Merge branch 'next' into tinymce6
Browse files Browse the repository at this point in the history
  • Loading branch information
fballiano authored May 9, 2023
2 parents 51f3fd9 + 36f4fdb commit 15c441e
Show file tree
Hide file tree
Showing 31 changed files with 105 additions and 135 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ jobs:
strategy:
matrix:
operating-system: [ubuntu-latest]
php-versions: ['7.4']
php-versions: ['8.1']
steps:
- name: Checkout repository
uses: actions/checkout@master
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/sonar.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ jobs:
max-parallel: 5
matrix:
os: [ubuntu-latest]
php: ['7.4', '8.1']
php: ['8.1', '8.2']
steps:
- uses: actions/checkout@v3
- name: Setup PHP
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/syntax-php.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ jobs:

strategy:
matrix:
php: ['7.4', '8.1', '8.2']
php: ['8.1', '8.2']

name: PHP Syntax ${{ matrix.php }}

Expand Down
1 change: 0 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -272,7 +272,6 @@ If you see SQL errors after upgrading please remember to check for this specific
- `catalog/product_image/progressive_threshold`
- `catalog/search/search_separator`
- `dev/log/max_level`
- `newsletter/security/enable_form_key`
- `sitemap/category/lastmod`
- `sitemap/page/lastmod`
- `sitemap/product/lastmod`
Expand Down
11 changes: 11 additions & 0 deletions app/Mage.php
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,17 @@

Varien_Autoload::register();

/** AUTOLOADER PATCH **/
$autoloaderPath = getenv('COMPOSER_VENDOR_PATH');
if (!$autoloaderPath) {
$autoloaderPath = dirname(BP) . DS . 'vendor';
if (!is_dir($autoloaderPath)) {
$autoloaderPath = BP . DS . 'vendor';
}
}
require $autoloaderPath . DS . 'autoload.php';
/** AUTOLOADER PATCH **/

/* Support additional includes, such as composer's vendor/autoload.php files */
foreach (glob(BP . DS . 'app' . DS . 'etc' . DS . 'includes' . DS . '*.php') as $path) {
include_once $path;
Expand Down
11 changes: 10 additions & 1 deletion app/code/core/Mage/Adminhtml/Block/Checkout/Formkey.php
Original file line number Diff line number Diff line change
Expand Up @@ -29,16 +29,25 @@ class Mage_Adminhtml_Block_Checkout_Formkey extends Mage_Adminhtml_Block_Templat
*/
public function canShow()
{
return !Mage::getStoreConfigFlag('admin/security/validate_formkey_checkout');
return !Mage::helper('core')->isFormKeyEnabled();
}

/**
* Get url for edit Advanced -> Admin section
*
* @return string
* @deprecated
*/
public function getSecurityAdminUrl()
{
return Mage::helper("adminhtml")->getUrl('adminhtml/system_config/edit/section/admin');
}

/**
* @return string
*/
public function getEnableCSRFUrl()
{
return Mage::helper("adminhtml")->getUrl('adminhtml/system_config/edit/section/system');
}
}
4 changes: 2 additions & 2 deletions app/code/core/Mage/Captcha/Model/Zend.php
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ class Mage_Captcha_Model_Zend extends Zend_Captcha_Image implements Mage_Captcha
/**
* Generated word
*
* @var string|null
* @var string
*/
protected $_word;

Expand Down Expand Up @@ -483,7 +483,7 @@ protected function _setWord($word)
protected function _clearWord()
{
$this->getSession()->unsetData($this->_getFormIdKey(self::SESSION_WORD));
$this->_word = null;
$this->_word = '';
return $this;
}

Expand Down
5 changes: 5 additions & 0 deletions app/code/core/Mage/Catalog/Helper/Image.php
Original file line number Diff line number Diff line change
Expand Up @@ -564,13 +564,18 @@ protected function getImageFile()
*/
protected function parseSize($string)
{
if ($string === null) {
return false;
}

$size = explode('x', strtolower($string));
if (count($size) === 2) {
return [
'width' => ($size[0] > 0) ? $size[0] : null,
'heigth' => ($size[1] > 0) ? $size[1] : null,
];
}

return false;
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -227,7 +227,7 @@ public function addressesPostAction()
return;
}

if ($this->isFormkeyValidationOnCheckoutEnabled() && !$this->_validateFormKey()) {
if (!$this->_validateFormKey()) {
$this->_redirect('*/*/addresses');
return;
}
Expand Down Expand Up @@ -348,7 +348,7 @@ public function backToShippingAction()
*/
public function shippingPostAction()
{
if ($this->isFormkeyValidationOnCheckoutEnabled() && !$this->_validateFormKey()) {
if (!$this->_validateFormKey()) {
$this->_redirect('*/*/shipping');
return;
}
Expand Down Expand Up @@ -461,7 +461,7 @@ public function overviewAction()
return $this;
}

if ($this->isFormkeyValidationOnCheckoutEnabled() && !$this->_validateFormKey()) {
if (!$this->_validateFormKey()) {
$this->_redirect('*/*/billing');
return;
}
Expand Down
10 changes: 5 additions & 5 deletions app/code/core/Mage/Checkout/controllers/OnepageController.php
Original file line number Diff line number Diff line change
Expand Up @@ -354,7 +354,7 @@ public function saveBillingAction()
return;
}

if ($this->isFormkeyValidationOnCheckoutEnabled() && !$this->_validateFormKey()) {
if (!$this->_validateFormKey()) {
return;
}

Expand Down Expand Up @@ -401,7 +401,7 @@ public function saveShippingAction()
return;
}

if ($this->isFormkeyValidationOnCheckoutEnabled() && !$this->_validateFormKey()) {
if (!$this->_validateFormKey()) {
return;
}

Expand Down Expand Up @@ -430,7 +430,7 @@ public function saveShippingMethodAction()
return;
}

if ($this->isFormkeyValidationOnCheckoutEnabled() && !$this->_validateFormKey()) {
if (!$this->_validateFormKey()) {
return;
}

Expand Down Expand Up @@ -470,7 +470,7 @@ public function savePaymentAction()
return;
}

if ($this->isFormkeyValidationOnCheckoutEnabled() && !$this->_validateFormKey()) {
if (!$this->_validateFormKey()) {
return;
}

Expand Down Expand Up @@ -553,7 +553,7 @@ protected function _initInvoice()
*/
public function saveOrderAction()
{
if ($this->isFormkeyValidationOnCheckoutEnabled() && !$this->_validateFormKey()) {
if (!$this->_validateFormKey()) {
$this->_redirect('*/*');
return;
}
Expand Down
18 changes: 0 additions & 18 deletions app/code/core/Mage/Checkout/etc/system.xml
Original file line number Diff line number Diff line change
Expand Up @@ -215,23 +215,5 @@
</payment_failed>
</groups>
</checkout>
<admin>
<groups>
<security>
<fields>
<validate_formkey_checkout translate="label">
<label>Enable Form Key Validation On Checkout</label>
<frontend_type>select</frontend_type>
<source_model>adminhtml/system_config_source_yesno</source_model>
<sort_order>4</sort_order>
<comment><![CDATA[<strong style="color:red">Important!</strong> Enabling this option means
that your custom templates used in checkout process contain form_key output.
Otherwise checkout may not work.]]></comment>
<show_in_default>1</show_in_default>
</validate_formkey_checkout>
</fields>
</security>
</groups>
</admin>
</sections>
</config>
Original file line number Diff line number Diff line change
Expand Up @@ -779,12 +779,4 @@
}
}

$setup->insert(
$this->getTable('core_config_data'),
[
'path' => 'admin/security/validate_formkey_checkout',
'value' => '1'
]
);

$installer->endSetup();
6 changes: 4 additions & 2 deletions app/code/core/Mage/Core/Controller/Front/Action.php
Original file line number Diff line number Diff line change
Expand Up @@ -177,16 +177,18 @@ protected function _validateFormKey()
*/
protected function _isFormKeyEnabled()
{
return Mage::getStoreConfigFlag(self::XML_CSRF_USE_FLAG_CONFIG_PATH);
return Mage::helper('core')->isFormKeyEnabled();
}

/**
* Check if form_key validation enabled on checkout process
*
* @deprecated
* @see _isFormKeyEnabled
* @return bool
*/
protected function isFormkeyValidationOnCheckoutEnabled()
{
return Mage::getStoreConfigFlag('admin/security/validate_formkey_checkout');
return $this->_isFormKeyEnabled();
}
}
2 changes: 1 addition & 1 deletion app/code/core/Mage/Core/Controller/Varien/Action.php
Original file line number Diff line number Diff line change
Expand Up @@ -994,7 +994,7 @@ protected function _filterDates($array, $dateFields)
]);

foreach ($dateFields as $dateField) {
if (array_key_exists($dateField, $array) && !empty($dateField)) {
if ($dateField && !empty($array[$dateField])) {
$array[$dateField] = $filterInput->filter($array[$dateField]);
$array[$dateField] = $filterInternal->filter($array[$dateField]);
}
Expand Down
8 changes: 8 additions & 0 deletions app/code/core/Mage/Core/Helper/Data.php
Original file line number Diff line number Diff line change
Expand Up @@ -1000,4 +1000,12 @@ public function unEscapeCSVData($data)
}
return $data;
}

/**
* @return bool
*/
public function isFormKeyEnabled(): bool
{
return Mage::getStoreConfigFlag(Mage_Core_Controller_Front_Action::XML_CSRF_USE_FLAG_CONFIG_PATH);
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@
class Mage_Eav_Model_Adminhtml_System_Config_Source_Inputtype_Validator extends Zend_Validate_InArray
{
/**
* @var array<string, string>|null
* @inheritdoc
*/
protected $_messageTemplates;

Expand All @@ -34,7 +34,7 @@ public function __construct()
$haystack = $helper->getInputTypesValidatorData();

//reset message template and set custom
$this->_messageTemplates = null;
$this->_messageTemplates = [];
$this->_initMessageTemplates();

//parent construct with options
Expand Down
15 changes: 0 additions & 15 deletions app/code/core/Mage/Newsletter/controllers/SubscriberController.php
Original file line number Diff line number Diff line change
Expand Up @@ -21,11 +21,6 @@
*/
class Mage_Newsletter_SubscriberController extends Mage_Core_Controller_Front_Action
{
/**
* Use CSRF validation flag from newsletter config
*/
public const XML_CSRF_USE_FLAG_CONFIG_PATH = 'newsletter/security/enable_form_key';

/**
* New subscription action
*/
Expand Down Expand Up @@ -127,14 +122,4 @@ public function unsubscribeAction()
}
$this->_redirectReferer();
}

/**
* Check if form key validation is enabled in newsletter config.
*
* @return bool
*/
protected function _isFormKeyEnabled()
{
return Mage::getStoreConfigFlag(self::XML_CSRF_USE_FLAG_CONFIG_PATH);
}
}
3 changes: 0 additions & 3 deletions app/code/core/Mage/Newsletter/etc/config.xml
Original file line number Diff line number Diff line change
Expand Up @@ -185,9 +185,6 @@
<sending>
<set_return_path>0</set_return_path>
</sending>
<security>
<enable_form_key>0</enable_form_key>
</security>
</newsletter>
</default>
<crontab>
Expand Down
19 changes: 0 additions & 19 deletions app/code/core/Mage/Newsletter/etc/system.xml
Original file line number Diff line number Diff line change
Expand Up @@ -105,25 +105,6 @@
</un_email_template>
</fields>
</subscription>
<security translate="label">
<label>Security</label>
<sort_order>1</sort_order>
<show_in_default>1</show_in_default>
<show_in_website>1</show_in_website>
<show_in_store>1</show_in_store>
<fields>
<enable_form_key translate="label comment">
<label>Enable Form Key Validation</label>
<frontend_type>select</frontend_type>
<source_model>adminhtml/system_config_source_yesno</source_model>
<sort_order>1</sort_order>
<show_in_default>1</show_in_default>
<show_in_website>1</show_in_website>
<show_in_store>1</show_in_store>
<comment><![CDATA[<strong style="color:red">Important!</strong> Enabling this option means that your custom templates used for newsletter subscription must contain <code>form_key</code> block output. Otherwise newsletter subscription will not work.]]></comment>
</enable_form_key>
</fields>
</security>
</groups>
</newsletter>
</sections>
Expand Down
Loading

0 comments on commit 15c441e

Please sign in to comment.