Skip to content
This repository has been archived by the owner on Nov 19, 2024. It is now read-only.

Commit

Permalink
Updated to pristine copy of 1.9.4.5 from magento.com
Browse files Browse the repository at this point in the history
  • Loading branch information
EricSeastrand committed Apr 28, 2020
1 parent 1920a54 commit c1938e7
Show file tree
Hide file tree
Showing 88 changed files with 790 additions and 399 deletions.
10 changes: 10 additions & 0 deletions RELEASE_NOTES.txt
Original file line number Diff line number Diff line change
@@ -1,3 +1,13 @@
==== 1.9.4.5 ====
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
] NOTE: Current Release Notes are maintained at: [
] [
] http://devdocs.magento.com/guides/m1x/ce19-ee114/ce1.9_release-notes.html [
] [
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

==== 1.9.4.4 ====
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Expand Down
2 changes: 1 addition & 1 deletion app/Mage.php
Original file line number Diff line number Diff line change
Expand Up @@ -174,7 +174,7 @@ public static function getVersionInfo()
'major' => '1',
'minor' => '9',
'revision' => '4',
'patch' => '4',
'patch' => '5',
'stability' => '',
'number' => '',
);
Expand Down
30 changes: 30 additions & 0 deletions app/code/core/Mage/Admin/Model/Observer.php
Original file line number Diff line number Diff line change
Expand Up @@ -123,4 +123,34 @@ public function actionPreDispatchAdmin($observer)
public function actionPostDispatchAdmin($event)
{
}

/**
* Validate admin password and upgrade hash version
*
* @param Varien_Event_Observer $observer
*/
public function actionAdminAuthenticate($observer)
{
$password = $observer->getEvent()->getPassword();
$user = $observer->getEvent()->getUser();
$authResult = $observer->getEvent()->getResult();

if (!$authResult) {
return;
}

if (
!(bool) $user->getPasswordUpgraded()
&& !Mage::helper('core')->getEncryptor()->validateHashByVersion(
$password,
$user->getPassword(),
Mage_Core_Model_Encryption::HASH_VERSION_SHA256
)
) {
Mage::getModel('admin/user')->load($user->getId())
->setNewPassword($password)->setForceNewPassword(true)
->save();
$user->setPasswordUpgraded(true);
}
}
}
24 changes: 23 additions & 1 deletion app/code/core/Mage/Admin/Model/Session.php
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,13 @@
class Mage_Admin_Model_Session extends Mage_Core_Model_Session_Abstract
{

/**
* Session admin SID config path
*
* @const
*/
const XML_PATH_ALLOW_SID_FOR_ADMIN_AREA = 'web/session/use_admin_sid';

/**
* Whether it is the first page after successfull login
*
Expand Down Expand Up @@ -107,7 +114,12 @@ protected function logoutIndirect()
$user = $this->getUser();
if ($user) {
$extraData = $user->getExtra();
if (isset($extraData['indirect_login']) && $this->getIndirectLogin()) {
if (
!is_null(Mage::app()->getRequest()->getParam('SID'))
&& !$this->allowAdminSid()
|| isset($extraData['indirect_login'])
&& $this->getIndirectLogin()
) {
$this->unsetData('user');
$this->setIndirectLogin(false);
}
Expand Down Expand Up @@ -299,4 +311,14 @@ protected function _loginFailed($e, $request, $username, $message)
$request->setParam('messageSent', true);
}
}

/**
* Check is allowed to use SID for admin area
*
* @return bool
*/
protected function allowAdminSid()
{
return (bool) Mage::getStoreConfig(self::XML_PATH_ALLOW_SID_FOR_ADMIN_AREA);
}
}
2 changes: 1 addition & 1 deletion app/code/core/Mage/Admin/Model/User.php
Original file line number Diff line number Diff line change
Expand Up @@ -470,7 +470,7 @@ public function hasAssigned2Role($user)
*/
protected function _getEncodedPassword($password)
{
return $this->_getHelper('core')->getHashPassword($password, self::HASH_SALT_LENGTH);
return $this->_getHelper('core')->getHash($password, self::HASH_SALT_LENGTH);
}

/**
Expand Down
10 changes: 10 additions & 0 deletions app/code/core/Mage/Admin/etc/config.xml
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,16 @@
<class>Mage_Admin_Block</class>
</admin>
</blocks>
<events>
<admin_user_authenticate_after>
<observers>
<admin_user_login>
<class>Mage_Admin_Model_Observer</class>
<method>actionAdminAuthenticate</method>
</admin_user_login>
</observers>
</admin_user_authenticate_after>
</events>
</global>
<default>
<admin>
Expand Down
2 changes: 1 addition & 1 deletion app/code/core/Mage/Api/Model/User.php
Original file line number Diff line number Diff line change
Expand Up @@ -342,7 +342,7 @@ public function hasAssigned2Role($user)
*/
protected function _getEncodedApiKey($apiKey)
{
return $this->_getHelper('core')->getHashPassword($apiKey, Mage_Admin_Model_User::HASH_SALT_LENGTH);
return $this->_getHelper('core')->getHash($apiKey, Mage_Admin_Model_User::HASH_SALT_LENGTH);
}

/**
Expand Down
22 changes: 22 additions & 0 deletions app/code/core/Mage/Api2/Model/Observer.php
Original file line number Diff line number Diff line change
Expand Up @@ -83,4 +83,26 @@ public function catalogAttributeSaveAfter(Varien_Event_Observer $observer)

return $this;
}

/**
* Upgrade API key hash when api user has logged in
*
* @param Varien_Event_Observer $observer
*/
public function upgradeApiKey($observer)
{
$apiKey = $observer->getEvent()->getApiKey();
$model = $observer->getEvent()->getModel();
if (
!(bool) $model->getApiPasswordUpgraded()
&& !Mage::helper('core')->getEncryptor()->validateHashByVersion(
$apiKey,
$model->getApiKey(),
Mage_Core_Model_Encryption::HASH_VERSION_SHA256
)
) {
Mage::getModel('api/user')->load($model->getId())->setNewApiKey($apiKey)->save();
$model->setApiPasswordUpgraded(true);
}
}
}
8 changes: 8 additions & 0 deletions app/code/core/Mage/Api2/etc/config.xml
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,14 @@
</api2>
</observers>
</admin_user_save_after>
<api_user_authenticated>
<observers>
<api2_upgrade_key>
<class>Mage_Api2_Model_Observer</class>
<method>upgradeApiKey</method>
</api2_upgrade_key>
</observers>
</api_user_authenticated>
</events>
<api2>
<auth_adapters>
Expand Down
8 changes: 7 additions & 1 deletion app/code/core/Mage/Core/Model/Encryption.php
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@
class Mage_Core_Model_Encryption
{
const HASH_VERSION_MD5 = 0;
const HASH_VERSION_SHA256 = 1;
const HASH_VERSION_SHA512 = 2;

/**
Expand Down Expand Up @@ -79,7 +80,9 @@ public function getHash($password, $salt = false)
if (is_integer($salt)) {
$salt = $this->_helper->getRandomString($salt);
}
return $salt === false ? $this->hash($password) : $this->hash($salt . $password) . ':' . $salt;
return $salt === false
? $this->hash($password)
: $this->hash($salt . $password, self::HASH_VERSION_SHA256) . ':' . $salt;
}

/**
Expand Down Expand Up @@ -110,6 +113,8 @@ public function hash($data, $version = self::HASH_VERSION_MD5)
{
if (self::HASH_VERSION_LATEST === $version && $version === $this->_helper->getVersionHash($this)) {
return password_hash($data, PASSWORD_DEFAULT);
} elseif (self::HASH_VERSION_SHA256 == $version) {
return hash('sha256', $data);
} elseif (self::HASH_VERSION_SHA512 == $version) {
return hash('sha512', $data);
}
Expand All @@ -128,6 +133,7 @@ public function validateHash($password, $hash)
{
return $this->validateHashByVersion($password, $hash, self::HASH_VERSION_LATEST)
|| $this->validateHashByVersion($password, $hash, self::HASH_VERSION_SHA512)
|| $this->validateHashByVersion($password, $hash, self::HASH_VERSION_SHA256)
|| $this->validateHashByVersion($password, $hash, self::HASH_VERSION_MD5);
}

Expand Down
1 change: 1 addition & 0 deletions app/code/core/Mage/Core/etc/config.xml
Original file line number Diff line number Diff line change
Expand Up @@ -413,6 +413,7 @@
<use_http_x_forwarded_for>0</use_http_x_forwarded_for>
<use_http_user_agent>0</use_http_user_agent>
<use_frontend_sid>1</use_frontend_sid>
<use_admin_sid>0</use_admin_sid>
</session>
<browser_capabilities>
<cookies>1</cookies>
Expand Down
2 changes: 1 addition & 1 deletion app/code/core/Mage/Customer/Model/Customer.php
Original file line number Diff line number Diff line change
Expand Up @@ -404,7 +404,7 @@ public function setPassword($password)
public function hashPassword($password, $salt = null)
{
return $this->_getHelper('core')
->getHashPassword(trim($password), (bool) $salt ? $salt : Mage_Admin_Model_User::HASH_SALT_LENGTH);
->getHash(trim($password), (bool) $salt ? $salt : Mage_Admin_Model_User::HASH_SALT_LENGTH);
}

/**
Expand Down
29 changes: 29 additions & 0 deletions app/code/core/Mage/Customer/Model/Observer.php
Original file line number Diff line number Diff line change
Expand Up @@ -230,4 +230,33 @@ public function deleteCustomerFlowPassword()
$condition = array('requested_date < ?' => Mage::getModel('core/date')->date(null, '-1 day'));
$connection->delete($connection->getTableName('customer_flowpassword'), $condition);
}

/**
* Upgrade customer password hash when customer has logged in
*
* @param Varien_Event_Observer $observer
*/
public function actionUpgradeCustomerPassword($observer)
{
$password = $observer->getEvent()->getPassword();
$model = $observer->getEvent()->getModel();

$encryptor = Mage::helper('core')->getEncryptor();
$hashVersionArray = [
Mage_Core_Model_Encryption::HASH_VERSION_MD5,
Mage_Core_Model_Encryption::HASH_VERSION_SHA256,
Mage_Core_Model_Encryption::HASH_VERSION_SHA512,
Mage_Core_Model_Encryption::HASH_VERSION_LATEST,
];
$currentVersionHash = null;
foreach ($hashVersionArray as $hashVersion) {
if ($encryptor->validateHashByVersion($password, $model->getPasswordHash(), $hashVersion)) {
$currentVersionHash = $hashVersion;
break;
}
}
if (Mage_Core_Model_Encryption::HASH_VERSION_SHA256 !== $currentVersionHash) {
$model->changePassword($password, false);
}
}
}
8 changes: 8 additions & 0 deletions app/code/core/Mage/Customer/etc/config.xml
Original file line number Diff line number Diff line change
Expand Up @@ -443,6 +443,14 @@
</customer_addres_after_save_viv_observer>
</observers>
</customer_address_save_after>
<customer_customer_authenticated>
<observers>
<customer_upgrade_password>
<class>Mage_Customer_Model_Observer</class>
<method>actionUpgradeCustomerPassword</method>
</customer_upgrade_password>
</observers>
</customer_customer_authenticated>
</events>
</global>
<adminhtml>
Expand Down
5 changes: 4 additions & 1 deletion app/code/core/Mage/Dataflow/Model/Profile.php
Original file line number Diff line number Diff line change
Expand Up @@ -179,7 +179,10 @@ protected function _afterSave()
$uploader->save($path);
$uploadFile = $uploader->getUploadedFileName();

if ($_FILES['file_' . ($index + 1)]['type'] == "text/csv") {
if (
$_FILES['file_' . ($index + 1)]['type'] == "text/csv"
|| $_FILES['file_' . ($index + 1)]['type'] == "application/vnd.ms-excel"
) {
$fileData = $csvParser->getData($path . $uploadFile);
$fileData = array_shift($fileData);
} else {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,10 @@
<h1><?php echo $this->__('Compare Products') ?></h1>
<a href="#" onclick="window.print(); return false;" class="link-print"><?php echo $this->__('Print This Page') ?></a>
</div>
<?php $_total=$this->getItems()->getSize() ?>
<?php
$_total = $this->getItems()->getSize();
$_params = $this->escapeHtml(json_encode(array('form_key' => $this->getFormKey())));
?>
<?php if($_total): ?>
<table class="data-table compare-table" id="product_comparison">
<?php $_i=0 ?>
Expand Down Expand Up @@ -65,13 +68,30 @@
<?php echo $this->getReviewsSummaryHtml($_item, 'short') ?>
<?php echo $this->getPriceHtml($_item, true, '-compare-list-top') ?>
<?php if($_item->isSaleable()): ?>
<p><button type="button" title="<?php echo Mage::helper('core')->quoteEscape($this->__('Add to Cart')) ?>" class="button btn-cart" onclick="setPLocation('<?php echo $this->helper('catalog/product_compare')->getAddToCartUrl($_item) ?>', true)"><span><span><?php echo $this->__('Add to Cart') ?></span></span></button></p>
<button type="button"
title="<?php echo Mage::helper('core')->quoteEscape($this->__('Add to Cart')) ?>"
class="button btn-cart"
onclick="customFormSubmitToParent(
'<?php echo $this->helper('catalog/product_compare')->getAddToCartUrlCustom($_item, false) ?>',
'<?php echo $_params ?>',
'post')">
<span><span><?php echo $this->__('Add to Cart') ?></span></span>
</button>
<?php else: ?>
<p class="availability out-of-stock"><span><?php echo $this->__('Out of stock') ?></span></p>
<?php endif; ?>
<?php if ($this->helper('wishlist')->isAllow()) : ?>
<ul class="add-to-links">
<li><a href="<?php echo $this->getAddToWishlistUrl($_item) ?>" class="link-wishlist"><?php echo $this->__('Add to Wishlist') ?></a></li>
<li>
<a href="#"
class="link-wishlist"
onclick="customFormSubmit(
'<?php echo $this->getAddToWishlistUrlCustom($_item, false) ?>',
'<?php echo $_params ?>',
'post')">
<?php echo $this->__('Add to Wishlist') ?>
</a>
</li>
</ul>
<?php endif; ?>
</td>
Expand Down Expand Up @@ -118,13 +138,32 @@
<td>
<?php echo $this->getPriceHtml($_item, true, '-compare-list-bottom') ?>
<?php if($_item->isSaleable()): ?>
<p><button type="button" title="<?php echo Mage::helper('core')->quoteEscape($this->__('Add to Cart')) ?>" class="button btn-cart" onclick="setPLocation('<?php echo $this->helper('catalog/product_compare')->getAddToCartUrl($_item) ?>', true)"><span><span><?php echo $this->__('Add to Cart') ?></span></span></button></p>
<p>
<button type="button"
title="<?php echo Mage::helper('core')->quoteEscape($this->__('Add to Cart')) ?>"
class="button btn-cart"
onclick="customFormSubmitToParent(
'<?php echo $this->helper('catalog/product_compare')->getAddToCartUrlCustom($_item, false) ?>',
'<?php echo $_params ?>',
'post')">
<span><span><?php echo $this->__('Add to Cart') ?></span></span>
</button>
</p>
<?php else: ?>
<p class="availability out-of-stock"><span><?php echo $this->__('Out of stock') ?></span></p>
<?php endif; ?>
<?php if ($this->helper('wishlist')->isAllow()) : ?>
<ul class="add-to-links">
<li><a href="<?php echo $this->getAddToWishlistUrl($_item);?>" class="link-wishlist"><?php echo $this->__('Add to Wishlist') ?></a></li>
<li>
<a href="#"
class="link-wishlist"
onclick="customFormSubmit(
'<?php echo $this->getAddToWishlistUrlCustom($_item, false) ?>',
'<?php echo $_params ?>',
'post')">
<?php echo $this->__('Add to Wishlist') ?>
</a>
</li>
</ul>
<?php endif; ?>
</td>
Expand Down
Loading

0 comments on commit c1938e7

Please sign in to comment.