#!/bin/bash
#!/bin/bash
# Patch apllying tool template
# Patch apllying tool template
# v0.1.2
# v0.1.2
# (c) Copyright 2013. Magento Inc.
# (c) Copyright 2013. Magento Inc.
#
#
# DO NOT CHANGE ANY LINE IN THIS FILE.
# DO NOT CHANGE ANY LINE IN THIS FILE.
# 1. Check required system tools
# 1. Check required system tools
_check_installed_tools() {
_check_installed_tools() {
local missed=""
local missed=""
until [ -z "$1" ]; do
until [ -z "$1" ]; do
type -t $1 >/dev/null 2>/dev/null
type -t $1 >/dev/null 2>/dev/null
if (( $? != 0 )); then
if (( $? != 0 )); then
missed="$missed $1"
missed="$missed $1"
fi
fi
shift
shift
done
done
echo $missed
echo $missed
}
}
REQUIRED_UTILS='sed patch'
REQUIRED_UTILS='sed patch'
MISSED_REQUIRED_TOOLS=`_check_installed_tools $REQUIRED_UTILS`
MISSED_REQUIRED_TOOLS=`_check_installed_tools $REQUIRED_UTILS`
if (( `echo $MISSED_REQUIRED_TOOLS | wc -w` > 0 ));
if (( `echo $MISSED_REQUIRED_TOOLS | wc -w` > 0 ));
then
then
echo -e "Error! Some required system tools, that are utilized in this sh script, are not installed:\nTool(s) \"$MISSED_REQUIRED_TOOLS\" is(are) missed, please install it(them)."
echo -e "Error! Some required system tools, that are utilized in this sh script, are not installed:\nTool(s) \"$MISSED_REQUIRED_TOOLS\" is(are) missed, please install it(them)."
exit 1
exit 1
fi
fi
# 2. Determine bin path for system tools
# 2. Determine bin path for system tools
CAT_BIN=`which cat`
CAT_BIN=`which cat`
PATCH_BIN=`which patch`
PATCH_BIN=`which patch`
SED_BIN=`which sed`
SED_BIN=`which sed`
PWD_BIN=`which pwd`
PWD_BIN=`which pwd`
BASENAME_BIN=`which basename`
BASENAME_BIN=`which basename`
BASE_NAME=`$BASENAME_BIN "$0"`
BASE_NAME=`$BASENAME_BIN "$0"`
# 3. Help menu
# 3. Help menu
if [ "$1" = "-?" -o "$1" = "-h" -o "$1" = "--help" ]
if [ "$1" = "-?" -o "$1" = "-h" -o "$1" = "--help" ]
then
then
$CAT_BIN << EOFH
$CAT_BIN << EOFH
Usage: sh $BASE_NAME [--help] [-R|--revert] [--list]
Usage: sh $BASE_NAME [--help] [-R|--revert] [--list]
Apply embedded patch.
Apply embedded patch.
-R, --revert Revert previously applied embedded patch
-R, --revert Revert previously applied embedded patch
--list Show list of applied patches
--list Show list of applied patches
--help Show this help message
--help Show this help message
EOFH
EOFH
exit 0
exit 0
fi
fi
# 4. Get "revert" flag and "list applied patches" flag
# 4. Get "revert" flag and "list applied patches" flag
REVERT_FLAG=
REVERT_FLAG=
SHOW_APPLIED_LIST=0
SHOW_APPLIED_LIST=0
if [ "$1" = "-R" -o "$1" = "--revert" ]
if [ "$1" = "-R" -o "$1" = "--revert" ]
then
then
REVERT_FLAG=-R
REVERT_FLAG=-R
fi
fi
if [ "$1" = "--list" ]
if [ "$1" = "--list" ]
then
then
SHOW_APPLIED_LIST=1
SHOW_APPLIED_LIST=1
fi
fi
# 5. File pathes
# 5. File pathes
CURRENT_DIR=`$PWD_BIN`/
CURRENT_DIR=`$PWD_BIN`/
APP_ETC_DIR=`echo "$CURRENT_DIR""app/etc/"`
APP_ETC_DIR=`echo "$CURRENT_DIR""app/etc/"`
APPLIED_PATCHES_LIST_FILE=`echo "$APP_ETC_DIR""applied.patches.list"`
APPLIED_PATCHES_LIST_FILE=`echo "$APP_ETC_DIR""applied.patches.list"`
# 6. Show applied patches list if requested
# 6. Show applied patches list if requested
if [ "$SHOW_APPLIED_LIST" -eq 1 ] ; then
if [ "$SHOW_APPLIED_LIST" -eq 1 ] ; then
echo -e "Applied/reverted patches list:"
echo -e "Applied/reverted patches list:"
if [ -e "$APPLIED_PATCHES_LIST_FILE" ]
if [ -e "$APPLIED_PATCHES_LIST_FILE" ]
then
then
if [ ! -r "$APPLIED_PATCHES_LIST_FILE" ]
if [ ! -r "$APPLIED_PATCHES_LIST_FILE" ]
then
then
echo "ERROR: \"$APPLIED_PATCHES_LIST_FILE\" must be readable so applied patches list can be shown."
echo "ERROR: \"$APPLIED_PATCHES_LIST_FILE\" must be readable so applied patches list can be shown."
exit 1
exit 1
else
else
$SED_BIN -n "/SUP-\|SUPEE-/p" $APPLIED_PATCHES_LIST_FILE
$SED_BIN -n "/SUP-\|SUPEE-/p" $APPLIED_PATCHES_LIST_FILE
fi
fi
else
else
echo "<empty>"
echo "<empty>"
fi
fi
exit 0
exit 0
fi
fi
# 7. Check applied patches track file and its directory
# 7. Check applied patches track file and its directory
_check_files() {
_check_files() {
if [ ! -e "$APP_ETC_DIR" ]
if [ ! -e "$APP_ETC_DIR" ]
then
then
echo "ERROR: \"$APP_ETC_DIR\" must exist for proper tool work."
echo "ERROR: \"$APP_ETC_DIR\" must exist for proper tool work."
exit 1
exit 1
fi
fi
if [ ! -w "$APP_ETC_DIR" ]
if [ ! -w "$APP_ETC_DIR" ]
then
then
echo "ERROR: \"$APP_ETC_DIR\" must be writeable for proper tool work."
echo "ERROR: \"$APP_ETC_DIR\" must be writeable for proper tool work."
exit 1
exit 1
fi
fi
if [ -e "$APPLIED_PATCHES_LIST_FILE" ]
if [ -e "$APPLIED_PATCHES_LIST_FILE" ]
then
then
if [ ! -w "$APPLIED_PATCHES_LIST_FILE" ]
if [ ! -w "$APPLIED_PATCHES_LIST_FILE" ]
then
then
echo "ERROR: \"$APPLIED_PATCHES_LIST_FILE\" must be writeable for proper tool work."
echo "ERROR: \"$APPLIED_PATCHES_LIST_FILE\" must be writeable for proper tool work."
exit 1
exit 1
fi
fi
fi
fi
}
}
_check_files
_check_files
# 8. Apply/revert patch
# 8. Apply/revert patch
# Note: there is no need to check files permissions for files to be patched.
# Note: there is no need to check files permissions for files to be patched.
# "patch" tool will not modify any file if there is not enough permissions for all files to be modified.
# "patch" tool will not modify any file if there is not enough permissions for all files to be modified.
# Get start points for additional information and patch data
# Get start points for additional information and patch data
SKIP_LINES=$((`$SED_BIN -n "/^__PATCHFILE_FOLLOWS__$/=" "$CURRENT_DIR""$BASE_NAME"` + 1))
SKIP_LINES=$((`$SED_BIN -n "/^__PATCHFILE_FOLLOWS__$/=" "$CURRENT_DIR""$BASE_NAME"` + 1))
ADDITIONAL_INFO_LINE=$(($SKIP_LINES - 3))p
ADDITIONAL_INFO_LINE=$(($SKIP_LINES - 3))p
_apply_revert_patch() {
_apply_revert_patch() {
DRY_RUN_FLAG=
DRY_RUN_FLAG=
if [ "$1" = "dry-run" ]
if [ "$1" = "dry-run" ]
then
then
DRY_RUN_FLAG=" --dry-run"
DRY_RUN_FLAG=" --dry-run"
echo "Checking if patch can be applied/reverted successfully..."
echo "Checking if patch can be applied/reverted successfully..."
fi
fi
PATCH_APPLY_REVERT_RESULT=`$SED_BIN -e '1,/^__PATCHFILE_FOLLOWS__$/d' "$CURRENT_DIR""$BASE_NAME" | $PATCH_BIN $DRY_RUN_FLAG $REVERT_FLAG -p0`
PATCH_APPLY_REVERT_RESULT=`$SED_BIN -e '1,/^__PATCHFILE_FOLLOWS__$/d' "$CURRENT_DIR""$BASE_NAME" | $PATCH_BIN $DRY_RUN_FLAG $REVERT_FLAG -p0`
PATCH_APPLY_REVERT_STATUS=$?
PATCH_APPLY_REVERT_STATUS=$?
if [ $PATCH_APPLY_REVERT_STATUS -eq 1 ] ; then
if [ $PATCH_APPLY_REVERT_STATUS -eq 1 ] ; then
echo -e "ERROR: Patch can't be applied/reverted successfully.\n\n$PATCH_APPLY_REVERT_RESULT"
echo -e "ERROR: Patch can't be applied/reverted successfully.\n\n$PATCH_APPLY_REVERT_RESULT"
exit 1
exit 1
fi
fi
if [ $PATCH_APPLY_REVERT_STATUS -eq 2 ] ; then
if [ $PATCH_APPLY_REVERT_STATUS -eq 2 ] ; then
echo -e "ERROR: Patch can't be applied/reverted successfully."
echo -e "ERROR: Patch can't be applied/reverted successfully."
exit 2
exit 2
fi
fi
}
}
REVERTED_PATCH_MARK=
REVERTED_PATCH_MARK=
if [ -n "$REVERT_FLAG" ]
if [ -n "$REVERT_FLAG" ]
then
then
REVERTED_PATCH_MARK=" | REVERTED"
REVERTED_PATCH_MARK=" | REVERTED"
fi
fi
_apply_revert_patch dry-run
_apply_revert_patch dry-run
_apply_revert_patch
_apply_revert_patch
# 9. Track patch applying result
# 9. Track patch applying result
echo "Patch was applied/reverted successfully."
echo "Patch was applied/reverted successfully."
ADDITIONAL_INFO=`$SED_BIN -n ""$ADDITIONAL_INFO_LINE"" "$CURRENT_DIR""$BASE_NAME"`
ADDITIONAL_INFO=`$SED_BIN -n ""$ADDITIONAL_INFO_LINE"" "$CURRENT_DIR""$BASE_NAME"`
APPLIED_REVERTED_ON_DATE=`date -u +"%F %T UTC"`
APPLIED_REVERTED_ON_DATE=`date -u +"%F %T UTC"`
APPLIED_REVERTED_PATCH_INFO=`echo -n "$APPLIED_REVERTED_ON_DATE"" | ""$ADDITIONAL_INFO""$REVERTED_PATCH_MARK"`
APPLIED_REVERTED_PATCH_INFO=`echo -n "$APPLIED_REVERTED_ON_DATE"" | ""$ADDITIONAL_INFO""$REVERTED_PATCH_MARK"`
echo -e "$APPLIED_REVERTED_PATCH_INFO\n$PATCH_APPLY_REVERT_RESULT\n\n" >> "$APPLIED_PATCHES_LIST_FILE"
echo -e "$APPLIED_REVERTED_PATCH_INFO\n$PATCH_APPLY_REVERT_RESULT\n\n" >> "$APPLIED_PATCHES_LIST_FILE"
exit 0
exit 0
SUPEE-10570_CE_v1.7.0.2 | CE_1.7.0.2 | v1 | db062d5d697829711015bbb35d60dd91bf28b98f | Sat Feb 17 04:55:51 2018 +0200 | ce-1.7.0.2-dev
SUPEE-10570_CE_v1.7.0.2 | CE_1.7.0.2 | v1 | c065be10fea462017ef4e0ca75431a6879aef36f | Tue Feb 27 22:52:33 2018 +0200 | ce-1.7.0.2-dev
__PATCHFILE_FOLLOWS__
__PATCHFILE_FOLLOWS__
diff --git app/Mage.php app/Mage.php
diff --git app/Mage.php app/Mage.php
index 0243f5d..264479e 100644
index 0243f5d..264479e 100644
--- app/Mage.php
--- app/Mage.php
+++ app/Mage.php
+++ app/Mage.php
@@ -843,6 +843,7 @@ final class Mage
@@ -843,6 +843,7 @@ final class Mage
$message = print_r($message, true);
$message = print_r($message, true);
}
}
+ $message = addcslashes($message, '<?');
+ $message = addcslashes($message, '<?');
$loggers[$file]->log($message, $level);
$loggers[$file]->log($message, $level);
}
}
catch (Exception $e) {
catch (Exception $e) {
diff --git app/code/core/Mage/Admin/Helper/Data.php app/code/core/Mage/Admin/Helper/Data.php
diff --git app/code/core/Mage/Admin/Helper/Data.php app/code/core/Mage/Admin/Helper/Data.php
index b7d7673..f751b0b 100644
index b7d7673..f751b0b 100644
--- app/code/core/Mage/Admin/Helper/Data.php
--- app/code/core/Mage/Admin/Helper/Data.php
+++ app/code/core/Mage/Admin/Helper/Data.php
+++ app/code/core/Mage/Admin/Helper/Data.php
@@ -58,4 +58,14 @@ class Mage_Admin_Helper_Data extends Mage_Core_Helper_Abstract
@@ -58,4 +58,14 @@ class Mage_Admin_Helper_Data extends Mage_Core_Helper_Abstract
{
{
return (int) Mage::getConfig()->getNode(self::XML_PATH_ADMIN_RESET_PASSWORD_LINK_EXPIRATION_PERIOD);
return (int) Mage::getConfig()->getNode(self::XML_PATH_ADMIN_RESET_PASSWORD_LINK_EXPIRATION_PERIOD);
}
}
+
+
+ /**
+ /**
+ * Get disallowed names for block
+ * Get disallowed names for block
+ *
+ *
+ * @return bool
+ * @return bool
+ */
+ */
+ public function getDisallowedBlockNames()
+ public function getDisallowedBlockNames()
+ {
+ {
+ return Mage::getResourceModel('admin/block')->getDisallowedBlockNames();
+ return Mage::getResourceModel('admin/block')->getDisallowedBlockNames();
+ }
+ }
}
}
diff --git app/code/core/Mage/Admin/Model/Block.php app/code/core/Mage/Admin/Model/Block.php
diff --git app/code/core/Mage/Admin/Model/Block.php app/code/core/Mage/Admin/Model/Block.php
index b33db1b..a672f4e 100644
index b33db1b..a672f4e 100644
--- app/code/core/Mage/Admin/Model/Block.php
--- app/code/core/Mage/Admin/Model/Block.php
+++ app/code/core/Mage/Admin/Model/Block.php
+++ app/code/core/Mage/Admin/Model/Block.php
@@ -53,6 +53,10 @@ class Mage_Admin_Model_Block extends Mage_Core_Model_Abstract
@@ -53,6 +53,10 @@ class Mage_Admin_Model_Block extends Mage_Core_Model_Abstract
if (!Zend_Validate::is($this->getBlockName(), 'NotEmpty')) {
if (!Zend_Validate::is($this->getBlockName(), 'NotEmpty')) {
$errors[] = Mage::helper('adminhtml')->__('Block Name is required field.');
$errors[] = Mage::helper('adminhtml')->__('Block Name is required field.');
}
}
+ $disallowedBlockNames = Mage::helper('admin')->getDisallowedBlockNames();
+ $disallowedBlockNames = Mage::helper('admin')->getDisallowedBlockNames();
+ if (in_array($this->getBlockName(), $disallowedBlockNames)) {
+ if (in_array($this->getBlockName(), $disallowedBlockNames)) {
+ $errors[] = Mage::helper('adminhtml')->__('Block Name is disallowed.');
+ $errors[] = Mage::helper('adminhtml')->__('Block Name is disallowed.');
+ }
+ }
if (!Zend_Validate::is($this->getBlockName(), 'Regex', array('/^[-_a-zA-Z0-9\/]*$/'))) {
if (!Zend_Validate::is($this->getBlockName(), 'Regex', array('/^[-_a-zA-Z0-9\/]*$/'))) {
$errors[] = Mage::helper('adminhtml')->__('Block Name is incorrect.');
$errors[] = Mage::helper('adminhtml')->__('Block Name is incorrect.');
}
}
diff --git app/code/core/Mage/Admin/Model/Resource/Block.php app/code/core/Mage/Admin/Model/Resource/Block.php
diff --git app/code/core/Mage/Admin/Model/Resource/Block.php app/code/core/Mage/Admin/Model/Resource/Block.php
index 99b1c33..2e3e699 100644
index 99b1c33..2e3e699 100644
--- app/code/core/Mage/Admin/Model/Resource/Block.php
--- app/code/core/Mage/Admin/Model/Resource/Block.php
+++ app/code/core/Mage/Admin/Model/Resource/Block.php
+++ app/code/core/Mage/Admin/Model/Resource/Block.php
@@ -33,6 +33,14 @@
@@ -33,6 +33,14 @@
*/
*/
class Mage_Admin_Model_Resource_Block extends Mage_Core_Model_Resource_Db_Abstract
class Mage_Admin_Model_Resource_Block extends Mage_Core_Model_Resource_Db_Abstract
{
{
+
+
+ /**
+ /**
+ * Disallowed names for block
+ * Disallowed names for block
+ *
+ *
+ * @var array
+ * @var array
+ */
+ */
+ protected $disallowedBlockNames = array('install/end');
+ protected $disallowedBlockNames = array('install/end');
+
+
/**
/**
* Define main table
* Define main table
*
*
@@ -41,4 +49,14 @@ class Mage_Admin_Model_Resource_Block extends Mage_Core_Model_Resource_Db_Abstra
@@ -41,4 +49,14 @@ class Mage_Admin_Model_Resource_Block extends Mage_Core_Model_Resource_Db_Abstra
{
{
$this->_init('admin/permission_block', 'block_id');
$this->_init('admin/permission_block', 'block_id');
}
}
+
+
+ /**
+ /**
+ * Get disallowed names for block
+ * Get disallowed names for block
+ *
+ *
+ * @return array
+ * @return array
+ */
+ */
+ public function getDisallowedBlockNames()
+ public function getDisallowedBlockNames()
+ {
+ {
+ return $this->disallowedBlockNames;
+ return $this->disallowedBlockNames;
+ }
+ }
}
}
diff --git app/code/core/Mage/Admin/Model/User.php app/code/core/Mage/Admin/Model/User.php
diff --git app/code/core/Mage/Admin/Model/User.php app/code/core/Mage/Admin/Model/User.php
index 57ec644..33eb862 100644
index 57ec644..33eb862 100644
--- app/code/core/Mage/Admin/Model/User.php
--- app/code/core/Mage/Admin/Model/User.php
+++ app/code/core/Mage/Admin/Model/User.php
+++ app/code/core/Mage/Admin/Model/User.php
@@ -366,7 +366,7 @@ class Mage_Admin_Model_User extends Mage_Core_Model_Abstract
@@ -366,7 +366,7 @@ class Mage_Admin_Model_User extends Mage_Core_Model_Abstract
/**
/**
* Login user
* Login user
*
*
- * @param string $login
- * @param string $login
+ * @param string $username
+ * @param string $username
* @param string $password
* @param string $password
* @return Mage_Admin_Model_User
* @return Mage_Admin_Model_User
*/
*/
@@ -374,6 +374,7 @@ class Mage_Admin_Model_User extends Mage_Core_Model_Abstract
@@ -374,6 +374,7 @@ class Mage_Admin_Model_User extends Mage_Core_Model_Abstract
{
{
if ($this->authenticate($username, $password)) {
if ($this->authenticate($username, $password)) {
$this->getResource()->recordLogin($this);
$this->getResource()->recordLogin($this);
+ Mage::getSingleton('core/session')->renewFormKey();
+ Mage::getSingleton('core/session')->renewFormKey();
}
}
return $this;
return $this;
}
}
diff --git app/code/core/Mage/Adminhtml/Block/Catalog/Category/Edit/Form.php app/code/core/Mage/Adminhtml/Block/Catalog/Category/Edit/Form.php
diff --git app/code/core/Mage/Adminhtml/Block/Catalog/Category/Edit/Form.php app/code/core/Mage/Adminhtml/Block/Catalog/Category/Edit/Form.php
index 565e537..776af99 100644
index 565e537..776af99 100644
--- app/code/core/Mage/Adminhtml/Block/Catalog/Category/Edit/Form.php
--- app/code/core/Mage/Adminhtml/Block/Catalog/Category/Edit/Form.php
+++ app/code/core/Mage/Adminhtml/Block/Catalog/Category/Edit/Form.php
+++ app/code/core/Mage/Adminhtml/Block/Catalog/Category/Edit/Form.php
@@ -185,7 +185,7 @@ class Mage_Adminhtml_Block_Catalog_Category_Edit_Form extends Mage_Adminhtml_Blo
@@ -185,7 +185,7 @@ class Mage_Adminhtml_Block_Catalog_Category_Edit_Form extends Mage_Adminhtml_Blo
{
{
if ($this->hasStoreRootCategory()) {
if ($this->hasStoreRootCategory()) {
if ($this->getCategoryId()) {
if ($this->getCategoryId()) {
- return $this->getCategoryName();
- return $this->getCategoryName();
+ return $this->escapeHtml($this->getCategoryName());
+ return $this->escapeHtml($this->getCategoryName());
} else {
} else {
$parentId = (int) $this->getRequest()->getParam('parent');
$parentId = (int) $this->getRequest()->getParam('parent');
if ($parentId && ($parentId != Mage_Catalog_Model_Category::TREE_ROOT_ID)) {
if ($parentId && ($parentId != Mage_Catalog_Model_Category::TREE_ROOT_ID)) {
diff --git app/code/core/Mage/Adminhtml/Block/Catalog/Product/Grid.php app/code/core/Mage/Adminhtml/Block/Catalog/Product/Grid.php
diff --git app/code/core/Mage/Adminhtml/Block/Catalog/Product/Grid.php app/code/core/Mage/Adminhtml/Block/Catalog/Product/Grid.php
index 8035655..76d487a 100644
index 8035655..76d487a 100644
--- app/code/core/Mage/Adminhtml/Block/Catalog/Product/Grid.php
--- app/code/core/Mage/Adminhtml/Block/Catalog/Product/Grid.php
+++ app/code/core/Mage/Adminhtml/Block/Catalog/Product/Grid.php
+++ app/code/core/Mage/Adminhtml/Block/Catalog/Product/Grid.php
@@ -161,7 +161,7 @@ class Mage_Adminhtml_Block_Catalog_Product_Grid extends Mage_Adminhtml_Block_Wid
@@ -161,7 +161,7 @@ class Mage_Adminhtml_Block_Catalog_Product_Grid extends Mage_Adminhtml_Block_Wid
if ($store->getId()) {
if ($store->getId()) {
$this->addColumn('custom_name',
$this->addColumn('custom_name',
array(
array(
- 'header'=> Mage::helper('catalog')->__('Name in %s', $store->getName()),
- 'header'=> Mage::helper('catalog')->__('Name in %s', $store->getName()),
+ 'header'=> Mage::helper('catalog')->__('Name in %s', $this->escapeHtml($store->getName())),
+ 'header'=> Mage::helper('catalog')->__('Name in %s', $this->escapeHtml($store->getName())),
'index' => 'custom_name',
'index' => 'custom_name',
));
));
}
}
diff --git app/code/core/Mage/Adminhtml/Block/Newsletter/Template/Grid/Renderer/Sender.php app/code/core/Mage/Adminhtml/Block/Newsletter/Template/Grid/Renderer/Sender.php
diff --git app/code/core/Mage/Adminhtml/Block/Newsletter/Template/Grid/Renderer/Sender.php app/code/core/Mage/Adminhtml/Block/Newsletter/Template/Grid/Renderer/Sender.php
index ad90b21..47c3418 100644
index ad90b21..47c3418 100644
--- app/code/core/Mage/Adminhtml/Block/Newsletter/Template/Grid/Renderer/Sender.php
--- app/code/core/Mage/Adminhtml/Block/Newsletter/Template/Grid/Renderer/Sender.php
+++ app/code/core/Mage/Adminhtml/Block/Newsletter/Template/Grid/Renderer/Sender.php
+++ app/code/core/Mage/Adminhtml/Block/Newsletter/Template/Grid/Renderer/Sender.php
@@ -38,10 +38,10 @@ class Mage_Adminhtml_Block_Newsletter_Template_Grid_Renderer_Sender extends Mage
@@ -38,10 +38,10 @@ class Mage_Adminhtml_Block_Newsletter_Template_Grid_Renderer_Sender extends Mage
{
{
$str = '';
$str = '';
if($row->getTemplateSenderName()) {
if($row->getTemplateSenderName()) {
- $str .= htmlspecialchars($row->getTemplateSenderName()) . ' ';
- $str .= htmlspecialchars($row->getTemplateSenderName()) . ' ';
+ $str .= $this->escapeHtml($row->getTemplateSenderName()) . ' ';
+ $str .= $this->escapeHtml($row->getTemplateSenderName()) . ' ';
}
}
if($row->getTemplateSenderEmail()) {
if($row->getTemplateSenderEmail()) {
- $str .= '[' . $row->getTemplateSenderEmail() . ']';
- $str .= '[' . $row->getTemplateSenderEmail() . ']';
+ $str .= '[' .$this->escapeHtml($row->getTemplateSenderEmail()) . ']';
+ $str .= '[' .$this->escapeHtml($row->getTemplateSenderEmail()) . ']';
}
}
if($str == '') {
if($str == '') {
$str .= '---';
$str .= '---';
diff --git app/code/core/Mage/Adminhtml/Block/Sales/Order/Grid.php app/code/core/Mage/Adminhtml/Block/Sales/Order/Grid.php
diff --git app/code/core/Mage/Adminhtml/Block/Sales/Order/Grid.php app/code/core/Mage/Adminhtml/Block/Sales/Order/Grid.php
index a835e2c..6a976c9 100644
index a835e2c..6a976c9 100644
--- app/code/core/Mage/Adminhtml/Block/Sales/Order/Grid.php
--- app/code/core/Mage/Adminhtml/Block/Sales/Order/Grid.php
+++ app/code/core/Mage/Adminhtml/Block/Sales/Order/Grid.php
+++ app/code/core/Mage/Adminhtml/Block/Sales/Order/Grid.php
@@ -78,6 +78,7 @@ class Mage_Adminhtml_Block_Sales_Order_Grid extends Mage_Adminhtml_Block_Widget_
@@ -78,6 +78,7 @@ class Mage_Adminhtml_Block_Sales_Order_Grid extends Mage_Adminhtml_Block_Widget_
'type' => 'store',
'type' => 'store',
'store_view'=> true,
'store_view'=> true,
'display_deleted' => true,
'display_deleted' => true,
+ 'escape' => true,
+ 'escape' => true,
));
));
}
}
diff --git app/code/core/Mage/Adminhtml/Block/Sales/Order/View/Info.php app/code/core/Mage/Adminhtml/Block/Sales/Order/View/Info.php
diff --git app/code/core/Mage/Adminhtml/Block/Sales/Order/View/Info.php app/code/core/Mage/Adminhtml/Block/Sales/Order/View/Info.php
index e93731e..b5d1789 100644
index e93731e..b5d1789 100644
--- app/code/core/Mage/Adminhtml/Block/Sales/Order/View/Info.php
--- app/code/core/Mage/Adminhtml/Block/Sales/Order/View/Info.php
+++ app/code/core/Mage/Adminhtml/Block/Sales/Order/View/Info.php
+++ app/code/core/Mage/Adminhtml/Block/Sales/Order/View/Info.php
@@ -64,7 +64,7 @@ class Mage_Adminhtml_Block_Sales_Order_View_Info extends Mage_Adminhtml_Block_Sa
@@ -64,7 +64,7 @@ class Mage_Adminhtml_Block_Sales_Order_View_Info extends Mage_Adminhtml_Block_Sa
$store->getGroup()->getName(),
$store->getGroup()->getName(),
$store->getName()
$store->getName()
);
);
- return implode('<br/>', $name);
- return implode('<br/>', $name);
+ return implode('<br/>', array_map(array($this, 'escapeHtml'), $name));
+ return implode('<br/>', array_map(array($this, 'escapeHtml'), $name));
}
}
return null;
return null;
}
}
diff --git app/code/core/Mage/Adminhtml/Block/System/Store/Edit/Form.php app/code/core/Mage/Adminhtml/Block/System/Store/Edit/Form.php
diff --git app/code/core/Mage/Adminhtml/Block/System/Store/Edit/Form.php app/code/core/Mage/Adminhtml/Block/System/Store/Edit/Form.php
index 6312c52..0f62d2b 100644
index 6312c52..0f62d2b 100644
--- app/code/core/Mage/Adminhtml/Block/System/Store/Edit/Form.php
--- app/code/core/Mage/Adminhtml/Block/System/Store/Edit/Form.php
+++ app/code/core/Mage/Adminhtml/Block/System/Store/Edit/Form.php
+++ app/code/core/Mage/Adminhtml/Block/System/Store/Edit/Form.php
@@ -245,7 +245,7 @@ class Mage_Adminhtml_Block_System_Store_Edit_Form extends Mage_Adminhtml_Block_W
@@ -245,7 +245,7 @@ class Mage_Adminhtml_Block_System_Store_Edit_Form extends Mage_Adminhtml_Block_W
$values[] = array('label'=>$group->getName(),'value'=>$group->getId());
$values[] = array('label'=>$group->getName(),'value'=>$group->getId());
}
}
}
}
- $groups[] = array('label'=>$website->getName(),'value'=>$values);
- $groups[] = array('label'=>$website->getName(),'value'=>$values);
+ $groups[] = array('label' => $this->escapeHtml($website->getName()), 'value' => $values);
+ $groups[] = array('label' => $this->escapeHtml($website->getName()), 'value' => $values);
}
}
$fieldset->addField('store_group_id', 'select', array(
$fieldset->addField('store_group_id', 'select', array(
'name' => 'store[group_id]',
'name' => 'store[group_id]',
diff --git app/code/core/Mage/Adminhtml/Block/Tag/Assigned/Grid.php app/code/core/Mage/Adminhtml/Block/Tag/Assigned/Grid.php
diff --git app/code/core/Mage/Adminhtml/Block/Tag/Assigned/Grid.php app/code/core/Mage/Adminhtml/Block/Tag/Assigned/Grid.php
index 9cfb28c..82e18bf 100644
index 9cfb28c..82e18bf 100644
--- app/code/core/Mage/Adminhtml/Block/Tag/Assigned/Grid.php
--- app/code/core/Mage/Adminhtml/Block/Tag/Assigned/Grid.php
+++ app/code/core/Mage/Adminhtml/Block/Tag/Assigned/Grid.php
+++ app/code/core/Mage/Adminhtml/Block/Tag/Assigned/Grid.php
@@ -174,7 +174,7 @@ class Mage_Adminhtml_Block_Tag_Assigned_Grid extends Mage_Adminhtml_Block_Widget
@@ -174,7 +174,7 @@ class Mage_Adminhtml_Block_Tag_Assigned_Grid extends Mage_Adminhtml_Block_Widget
if ($store->getId()) {
if ($store->getId()) {
$this->addColumn('custom_name',
$this->addColumn('custom_name',
array(
array(
- 'header'=> Mage::helper('catalog')->__('Name in %s', $store->getName()),
- 'header'=> Mage::helper('catalog')->__('Name in %s', $store->getName()),
+ 'header'=> Mage::helper('catalog')->__('Name in %s', $this->escapeHtml($store->getName())),
+ 'header'=> Mage::helper('catalog')->__('Name in %s', $this->escapeHtml($store->getName())),
'index' => 'custom_name',
'index' => 'custom_name',
));
));
}
}
diff --git app/code/core/Mage/Adminhtml/Block/Widget/Grid/Column/Renderer/Store.php app/code/core/Mage/Adminhtml/Block/Widget/Grid/Column/Renderer/Store.php
diff --git app/code/core/Mage/Adminhtml/Block/Widget/Grid/Column/Renderer/Store.php app/code/core/Mage/Adminhtml/Block/Widget/Grid/Column/Renderer/Store.php
index 69850cf..714b5b1 100644
index 69850cf..714b5b1 100644
--- app/code/core/Mage/Adminhtml/Block/Widget/Grid/Column/Renderer/Store.php
--- app/code/core/Mage/Adminhtml/Block/Widget/Grid/Column/Renderer/Store.php
+++ app/code/core/Mage/Adminhtml/Block/Widget/Grid/Column/Renderer/Store.php
+++ app/code/core/Mage/Adminhtml/Block/Widget/Grid/Column/Renderer/Store.php
@@ -111,11 +111,11 @@ class Mage_Adminhtml_Block_Widget_Grid_Column_Renderer_Store
@@ -111,11 +111,11 @@ class Mage_Adminhtml_Block_Widget_Grid_Column_Renderer_Store
$data = $this->_getStoreModel()->getStoresStructure(false, $origStores);
$data = $this->_getStoreModel()->getStoresStructure(false, $origStores);
foreach ($data as $website) {
foreach ($data as $website) {
- $out .= $website['label'] . '<br/>';
- $out .= $website['label'] . '<br/>';
+ $out .= Mage::helper('core')->escapeHtml($website['label']) . '<br/>';
+ $out .= Mage::helper('core')->escapeHtml($website['label']) . '<br/>';
foreach ($website['children'] as $group) {
foreach ($website['children'] as $group) {
- $out .= str_repeat('&nbsp;', 3) . $group['label'] . '<br/>';
- $out .= str_repeat('&nbsp;', 3) . $group['label'] . '<br/>';
+ $out .= str_repeat('&nbsp;', 3) . Mage::helper('core')->escapeHtml($group['label']) . '<br/>';
+ $out .= str_repeat('&nbsp;', 3) . Mage::helper('core')->escapeHtml($group['label']) . '<br/>';
foreach ($group['children'] as $store) {
foreach ($group['children'] as $store) {
- $out .= str_repeat('&nbsp;', 6) . $store['label'] . '<br/>';
- $out .= str_repeat('&nbsp;', 6) . $store['label'] . '<br/>';
+ $out .= str_repeat('&nbsp;', 6) . Mage::helper('core')->escapeHtml($store['label']) . '<br/>';
+ $out .= str_repeat('&nbsp;', 6) . Mage::helper('core')->escapeHtml($store['label']) . '<br/>';
}
}
}
}
}
}
diff --git app/code/core/Mage/Adminhtml/Block/Widget/Tabs.php app/code/core/Mage/Adminhtml/Block/Widget/Tabs.php
diff --git app/code/core/Mage/Adminhtml/Block/Widget/Tabs.php app/code/core/Mage/Adminhtml/Block/Widget/Tabs.php
index db804f3..2c90267 100644
index db804f3..2c90267 100644
--- app/code/core/Mage/Adminhtml/Block/Widget/Tabs.php
--- app/code/core/Mage/Adminhtml/Block/Widget/Tabs.php
+++ app/code/core/Mage/Adminhtml/Block/Widget/Tabs.php
+++ app/code/core/Mage/Adminhtml/Block/Widget/Tabs.php
@@ -289,9 +289,9 @@ class Mage_Adminhtml_Block_Widget_Tabs extends Mage_Adminhtml_Block_Widget
@@ -289,9 +289,9 @@ class Mage_Adminhtml_Block_Widget_Tabs extends Mage_Adminhtml_Block_Widget
public function getTabLabel($tab)
public function getTabLabel($tab)
{
{
if ($tab instanceof Mage_Adminhtml_Block_Widget_Tab_Interface) {
if ($tab instanceof Mage_Adminhtml_Block_Widget_Tab_Interface) {
- return $tab->getTabLabel();
- return $tab->getTabLabel();
+ return $this->escapeHtml($tab->getTabLabel());
+ return $this->escapeHtml($tab->getTabLabel());
}
}
- return $tab->getLabel();
- return $tab->getLabel();
+ return $this->escapeHtml($tab->getLabel());
+ return $this->escapeHtml($tab->getLabel());
}
}
public function getTabContent($tab)
public function getTabContent($tab)
diff --git app/code/core/Mage/Adminhtml/Model/Config/Data.php app/code/core/Mage/Adminhtml/Model/Config/Data.php
diff --git app/code/core/Mage/Adminhtml/Model/Config/Data.php app/code/core/Mage/Adminhtml/Model/Config/Data.php
index b6c0450..dc0e2ee 100644
index b6c0450..dc0e2ee 100644
--- app/code/core/Mage/Adminhtml/Model/Config/Data.php
--- app/code/core/Mage/Adminhtml/Model/Config/Data.php
+++ app/code/core/Mage/Adminhtml/Model/Config/Data.php
+++ app/code/core/Mage/Adminhtml/Model/Config/Data.php
@@ -117,6 +117,7 @@ class Mage_Adminhtml_Model_Config_Data extends Varien_Object
@@ -117,6 +117,7 @@ class Mage_Adminhtml_Model_Config_Data extends Varien_Object
}
}
foreach ($groupData['fields'] as $field => $fieldData) {
foreach ($groupData['fields'] as $field => $fieldData) {
+ $field = ltrim($field, '/');
+ $field = ltrim($field, '/');
$fieldConfig = $sections->descend($section . '/groups/' . $group . '/fields/' . $field);
$fieldConfig = $sections->descend($section . '/groups/' . $group . '/fields/' . $field);
if (!$fieldConfig && $clonedFields && isset($mappedFields[$field])) {
if (!$fieldConfig && $clonedFields && isset($mappedFields[$field])) {
$fieldConfig = $sections->descend($section . '/groups/' . $group . '/fields/'
$fieldConfig = $sections->descend($section . '/groups/' . $group . '/fields/'
diff --git app/code/core/Mage/Adminhtml/Model/System/Store.php app/code/core/Mage/Adminhtml/Model/System/Store.php
diff --git app/code/core/Mage/Adminhtml/Model/System/Store.php app/code/core/Mage/Adminhtml/Model/System/Store.php
index 0a5ee6a..73bc879 100644
index 0a5ee6a..73bc879 100644
--- app/code/core/Mage/Adminhtml/Model/System/Store.php
--- app/code/core/Mage/Adminhtml/Model/System/Store.php
+++ app/code/core/Mage/Adminhtml/Model/System/Store.php
+++ app/code/core/Mage/Adminhtml/Model/System/Store.php
@@ -151,7 +151,7 @@ class Mage_Adminhtml_Model_System_Store extends Varien_Object
@@ -151,7 +151,7 @@ class Mage_Adminhtml_Model_System_Store extends Varien_Object
}
}
if (!$websiteShow) {
if (!$websiteShow) {
$options[] = array(
$options[] = array(
- 'label' => $website->getName(),
- 'label' => $website->getName(),
+ 'label' => Mage::helper('core')->escapeHtml($website->getName()),
+ 'label' => Mage::helper('core')->escapeHtml($website->getName()),
'value' => array()
'value' => array()
);
);
$websiteShow = true;
$websiteShow = true;
@@ -161,13 +161,15 @@ class Mage_Adminhtml_Model_System_Store extends Varien_Object
@@ -161,13 +161,15 @@ class Mage_Adminhtml_Model_System_Store extends Varien_Object
$values = array();
$values = array();
}
}
$values[] = array(
$values[] = array(
- 'label' => str_repeat($nonEscapableNbspChar, 4) . $store->getName(),
- 'label' => str_repeat($nonEscapableNbspChar, 4) . $store->getName(),
+ 'label' => str_repeat($nonEscapableNbspChar, 4) .
+ 'label' => str_repeat($nonEscapableNbspChar, 4) .
+ Mage::helper('core')->escapeHtml($store->getName()),
+ Mage::helper('core')->escapeHtml($store->getName()),
'value' => $store->getId()
'value' => $store->getId()
);
);
}
}
if ($groupShow) {
if ($groupShow) {
$options[] = array(
$options[] = array(
- 'label' => str_repeat($nonEscapableNbspChar, 4) . $group->getName(),
- 'label' => str_repeat($nonEscapableNbspChar, 4) . $group->getName(),
+ 'label' => str_repeat($nonEscapableNbspChar, 4) .
+ 'label' => str_repeat($nonEscapableNbspChar, 4) .
+ Mage::helper('core')->escapeHtml($group->getName()),
+ Mage::helper('core')->escapeHtml($group->getName()),
'value' => $values
'value' => $values
);
);
}
}
diff --git app/code/core/Mage/Adminhtml/controllers/Catalog/ProductController.php app/code/core/Mage/Adminhtml/controllers/Catalog/ProductController.php
diff --git app/code/core/Mage/Adminhtml/controllers/Catalog/ProductController.php app/code/core/Mage/Adminhtml/controllers/Catalog/ProductController.php
index 5c3fb57..063d2d1 100644
index 5c3fb57..063d2d1 100644
--- app/code/core/Mage/Adminhtml/controllers/Catalog/ProductController.php
--- app/code/core/Mage/Adminhtml/controllers/Catalog/ProductController.php
+++ app/code/core/Mage/Adminhtml/controllers/Catalog/ProductController.php
+++ app/code/core/Mage/Adminhtml/controllers/Catalog/ProductController.php
@@ -709,6 +709,16 @@ class Mage_Adminhtml_Catalog_ProductController extends Mage_Adminhtml_Controller
@@ -709,6 +709,16 @@ class Mage_Adminhtml_Catalog_ProductController extends Mage_Adminhtml_Controller
$this->_filterStockData($data['product']['stock_data']);
$this->_filterStockData($data['product']['stock_data']);
$product = $this->_initProductSave();
$product = $this->_initProductSave();
+ // check sku attribute
+ // check sku attribute
+ $productSku = $product->getSku();
+ $productSku = $product->getSku();
+ if ($productSku && $productSku != Mage::helper('core')->stripTags($productSku)) {
+ if ($productSku && $productSku != Mage::helper('core')->stripTags($productSku)) {
+ $this->_getSession()->addError($this->__('HTML tags are not allowed in SKU attribute.'));
+ $this->_getSession()->addError($this->__('HTML tags are not allowed in SKU attribute.'));
+ $this->_redirect('*/*/edit', array(
+ $this->_redirect('*/*/edit', array(
+ 'id' => $productId,
+ 'id' => $productId,
+ '_current' => true
+ '_current' => true
+ ));
+ ));
+ return;
+ return;
+ }
+ }
try {
try {
$product->save();
$product->save();
diff --git app/code/core/Mage/Adminhtml/controllers/CustomerController.php app/code/core/Mage/Adminhtml/controllers/CustomerController.php
diff --git app/code/core/Mage/Adminhtml/controllers/CustomerController.php app/code/core/Mage/Adminhtml/controllers/CustomerController.php
index 8c29d29..81e67fd 100644
index 8c29d29..81e67fd 100644
--- app/code/core/Mage/Adminhtml/controllers/CustomerController.php
--- app/code/core/Mage/Adminhtml/controllers/CustomerController.php
+++ app/code/core/Mage/Adminhtml/controllers/CustomerController.php
+++ app/code/core/Mage/Adminhtml/controllers/CustomerController.php
@@ -314,6 +314,7 @@ class Mage_Adminhtml_CustomerController extends Mage_Adminhtml_Controller_Action
@@ -314,6 +314,7 @@ class Mage_Adminhtml_CustomerController extends Mage_Adminhtml_Controller_Action
// Force new customer confirmation
// Force new customer confirmation
if ($isNewCustomer) {
if ($isNewCustomer) {
$customer->setPassword($data['account']['password']);
$customer->setPassword($data['account']['password']);
+ $customer->setPasswordCreatedAt(time());
+ $customer->setPasswordCreatedAt(time());
$customer->setForceConfirmed(true);
$customer->setForceConfirmed(true);
if ($customer->getPassword() == 'auto') {
if ($customer->getPassword() == 'auto') {
$sendPassToEmail = true;
$sendPassToEmail = true;
diff --git app/code/core/Mage/Adminhtml/controllers/System/BackupController.php app/code/core/Mage/Adminhtml/controllers/System/BackupController.php
diff --git app/code/core/Mage/Adminhtml/controllers/System/BackupController.php app/code/core/Mage/Adminhtml/controllers/System/BackupController.php
index 7dfa172..bf8fa3d 100644
index 7dfa172..bf8fa3d 100644
--- app/code/core/Mage/Adminhtml/controllers/System/BackupController.php
--- app/code/core/Mage/Adminhtml/controllers/System/BackupController.php
+++ app/code/core/Mage/Adminhtml/controllers/System/BackupController.php
+++ app/code/core/Mage/Adminhtml/controllers/System/BackupController.php
@@ -34,6 +34,17 @@
@@ -34,6 +34,17 @@
class Mage_Adminhtml_System_BackupController extends Mage_Adminhtml_Controller_Action
class Mage_Adminhtml_System_BackupController extends Mage_Adminhtml_Controller_Action
{
{
/**
/**
+ * Controller predispatch method
+ * Controller predispatch method
+ *
+ *
+ * @return Mage_Adminhtml_Controller_Action
+ * @return Mage_Adminhtml_Controller_Action
+ */
+ */
+ public function preDispatch()
+ public function preDispatch()
+ {
+ {
+ $this->_setForcedFormKeyActions('create');
+ $this->_setForcedFormKeyActions('create');
+ return parent::preDispatch();
+ return parent::preDispatch();
+ }
+ }
+
+
+ /**
+ /**
* Backup list action
* Backup list action
*/
*/
public function indexAction()
public function indexAction()
diff --git app/code/core/Mage/Core/Model/Session/Abstract/Varien.php app/code/core/Mage/Core/Model/Session/Abstract/Varien.php
diff --git app/code/core/Mage/Core/Model/Session/Abstract/Varien.php app/code/core/Mage/Core/Model/Session/Abstract/Varien.php
index 74166ea..df0ca84 100644
index 74166ea..df0ca84 100644
--- app/code/core/Mage/Core/Model/Session/Abstract/Varien.php
--- app/code/core/Mage/Core/Model/Session/Abstract/Varien.php
+++ app/code/core/Mage/Core/Model/Session/Abstract/Varien.php
+++ app/code/core/Mage/Core/Model/Session/Abstract/Varien.php
@@ -32,6 +32,8 @@ class Mage_Core_Model_Session_Abstract_Varien extends Varien_Object
@@ -32,6 +32,8 @@ class Mage_Core_Model_Session_Abstract_Varien extends Varien_Object
const VALIDATOR_HTTP_X_FORVARDED_FOR_KEY = 'http_x_forwarded_for';
const VALIDATOR_HTTP_X_FORVARDED_FOR_KEY = 'http_x_forwarded_for';
const VALIDATOR_HTTP_VIA_KEY = 'http_via';
const VALIDATOR_HTTP_VIA_KEY = 'http_via';
const VALIDATOR_REMOTE_ADDR_KEY = 'remote_addr';
const VALIDATOR_REMOTE_ADDR_KEY = 'remote_addr';
+ const VALIDATOR_SESSION_EXPIRE_TIMESTAMP = 'session_expire_timestamp';
+ const VALIDATOR_SESSION_EXPIRE_TIMESTAMP = 'session_expire_timestamp';
+ const VALIDATOR_PASSWORD_CREATE_TIMESTAMP = 'password_create_timestamp';
+ const VALIDATOR_PASSWORD_CREATE_TIMESTAMP = 'password_create_timestamp';
/**
/**
* Configure and start session
* Configure and start session
@@ -322,6 +324,26 @@ class Mage_Core_Model_Session_Abstract_Varien extends Varien_Object
@@ -322,6 +324,26 @@ class Mage_Core_Model_Session_Abstract_Varien extends Varien_Object
}
}
/**
/**
+ * Use password creation timestamp in validator key
+ * Use password creation timestamp in validator key
+ *
+ *
+ * @return bool
+ * @return bool
+ */
+ */
+ public function useValidateSessionPasswordTimestamp()
+ public function useValidateSessionPasswordTimestamp()
+ {
+ {
+ return true;
+ return true;
+ }
+ }
+
+
+ /**
+ /**
+ * Use session expire timestamp in validator key
+ * Use session expire timestamp in validator key
+ *
+ *
+ * @return bool
+ * @return bool
+ */
+ */
+ public function useValidateSessionExpire()
+ public function useValidateSessionExpire()
+ {
+ {
+ return $this->getCookie()->getLifetime() > 0;
+ return $this->getCookie()->getLifetime() > 0;
+ }
+ }
+
+
+ /**
+ /**
* Retrieve skip User Agent validation strings (Flash etc)
* Retrieve skip User Agent validation strings (Flash etc)
*
*
* @return array
* @return array
@@ -389,6 +411,23 @@ class Mage_Core_Model_Session_Abstract_Varien extends Varien_Object
@@ -389,6 +411,23 @@ class Mage_Core_Model_Session_Abstract_Varien extends Varien_Object
}
}
return false;
return false;
}
}
+ if ($this->useValidateSessionPasswordTimestamp()
+ if ($this->useValidateSessionPasswordTimestamp()
+ && isset($validatorData[self::VALIDATOR_PASSWORD_CREATE_TIMESTAMP])
+ && isset($validatorData[self::VALIDATOR_PASSWORD_CREATE_TIMESTAMP])
+ && isset($sessionData[self::VALIDATOR_SESSION_EXPIRE_TIMESTAMP])
+ && isset($sessionData[self::VALIDATOR_SESSION_EXPIRE_TIMESTAMP])
+ && $validatorData[self::VALIDATOR_PASSWORD_CREATE_TIMESTAMP]
+ && $validatorData[self::VALIDATOR_PASSWORD_CREATE_TIMESTAMP]
+ > $sessionData[self::VALIDATOR_SESSION_EXPIRE_TIMESTAMP] - $this->getCookie()->getLifetime()
+ > $sessionData[self::VALIDATOR_SESSION_EXPIRE_TIMESTAMP] - $this->getCookie()->getLifetime()
+ ) {
+ ) {
+ return false;
+ return false;
+ }
+ }
+
+
+ if ($this->useValidateSessionExpire()
+ if ($this->useValidateSessionExpire()
+ && isset($sessionData[self::VALIDATOR_SESSION_EXPIRE_TIMESTAMP])
+ && isset($sessionData[self::VALIDATOR_SESSION_EXPIRE_TIMESTAMP])
+ && $sessionData[self::VALIDATOR_SESSION_EXPIRE_TIMESTAMP] < time() ) {
+ && $sessionData[self::VALIDATOR_SESSION_EXPIRE_TIMESTAMP] < time() ) {
+ return false;
+ return false;
+ } else {
+ } else {
+ $this->_data[self::VALIDATOR_KEY][self::VALIDATOR_SESSION_EXPIRE_TIMESTAMP]
+ $this->_data[self::VALIDATOR_KEY][self::VALIDATOR_SESSION_EXPIRE_TIMESTAMP]
+ = $validatorData[self::VALIDATOR_SESSION_EXPIRE_TIMESTAMP];
+ = $validatorData[self::VALIDATOR_SESSION_EXPIRE_TIMESTAMP];
+ }
+ }
return true;
return true;
}
}
@@ -423,6 +462,13 @@ class Mage_Core_Model_Session_Abstract_Varien extends Varien_Object
@@ -423,6 +462,13 @@ class Mage_Core_Model_Session_Abstract_Varien extends Varien_Object
$parts[self::VALIDATOR_HTTP_USER_AGENT_KEY] = (string)$_SERVER['HTTP_USER_AGENT'];
$parts[self::VALIDATOR_HTTP_USER_AGENT_KEY] = (string)$_SERVER['HTTP_USER_AGENT'];
}
}
+ if (isset($this->_data['visitor_data']['customer_id'])) {
+ if (isset($this->_data['visitor_data']['customer_id'])) {
+ $parts[self::VALIDATOR_PASSWORD_CREATE_TIMESTAMP] =
+ $parts[self::VALIDATOR_PASSWORD_CREATE_TIMESTAMP] =
+ Mage::helper('customer')->getPasswordTimestamp($this->_data['visitor_data']['customer_id']);
+ Mage::helper('customer')->getPasswordTimestamp($this->_data['visitor_data']['customer_id']);
+ }
+ }
+
+
+ $parts[self::VALIDATOR_SESSION_EXPIRE_TIMESTAMP] = time() + $this->getCookie()->getLifetime();
+ $parts[self::VALIDATOR_SESSION_EXPIRE_TIMESTAMP] = time() + $this->getCookie()->getLifetime();
+
+
return $parts;
return $parts;
}
}
diff --git app/code/core/Mage/Core/Model/Variable.php app/code/core/Mage/Core/Model/Variable.php
diff --git app/code/core/Mage/Core/Model/Variable.php app/code/core/Mage/Core/Model/Variable.php
index 56f163a..3539cbe 100644
index 56f163a..3539cbe 100644
--- app/code/core/Mage/Core/Model/Variable.php
--- app/code/core/Mage/Core/Model/Variable.php
+++ app/code/core/Mage/Core/Model/Variable.php
+++ app/code/core/Mage/Core/Model/Variable.php
@@ -141,7 +141,10 @@ class Mage_Core_Model_Variable extends Mage_Core_Model_Abstract
@@ -141,7 +141,10 @@ class Mage_Core_Model_Variable extends Mage_Core_Model_Abstract
foreach ($collection->toOptionArray() as $variable) {
foreach ($collection->toOptionArray() as $variable) {
$variables[] = array(
$variables[] = array(
'value' => '{{customVar code=' . $variable['value'] . '}}',
'value' => '{{customVar code=' . $variable['value'] . '}}',
- 'label' => Mage::helper('core')->__('%s', $variable['label'])
- 'label' => Mage::helper('core')->__('%s', $variable['label'])
+ 'label' => Mage::helper('core')->__(
+ 'label' => Mage::helper('core')->__(
+ '%s',
+ '%s',
+ Mage::helper('core')->escapeHtml($variable['label']
+ Mage::helper('core')->escapeHtml($variable['label']
+ ))
+ ))
);
);
}
}
if ($withGroup && $variables) {
if ($withGroup && $variables) {
diff --git app/code/core/Mage/Customer/Helper/Data.php app/code/core/Mage/Customer/Helper/Data.php
diff --git app/code/core/Mage/Customer/Helper/Data.php app/code/core/Mage/Customer/Helper/Data.php
index 4cc32b6..e95674f 100644
index 4cc32b6..e95674f 100644
--- app/code/core/Mage/Customer/Helper/Data.php
--- app/code/core/Mage/Customer/Helper/Data.php
+++ app/code/core/Mage/Customer/Helper/Data.php
+++ app/code/core/Mage/Customer/Helper/Data.php
@@ -609,6 +609,23 @@ class Mage_Customer_Helper_Data extends Mage_Core_Helper_Abstract
@@ -609,6 +609,23 @@ class Mage_Customer_Helper_Data extends Mage_Core_Helper_Abstract
}
}
/**
/**
+ * Get customer password creation timestamp or customer account creation timestamp
+ * Get customer password creation timestamp or customer account creation timestamp
+ *
+ *
+ *
+ *