diff --git a/app/code/core/Mage/Admin/Model/Session.php b/app/code/core/Mage/Admin/Model/Session.php
index 96095e266b3..1c0a434a235 100644
--- a/app/code/core/Mage/Admin/Model/Session.php
+++ b/app/code/core/Mage/Admin/Model/Session.php
@@ -138,6 +138,9 @@ public function login($username, $password, $request = null)
Mage::throwException(Mage::helper('adminhtml')->__('Invalid User Name or Password.'));
}
} catch (Mage_Core_Exception $e) {
+ $e->setMessage(
+ Mage::helper('adminhtml')->__('You did not sign in correctly or your account is temporarily disabled.')
+ );
Mage::dispatchEvent('admin_session_user_login_failed',
array('user_name' => $username, 'exception' => $e));
if ($request && !$request->getParam('messageSent')) {
diff --git a/app/code/core/Mage/Adminhtml/Block/Checkout/Formkey.php b/app/code/core/Mage/Adminhtml/Block/Checkout/Formkey.php
new file mode 100644
index 00000000000..bd57adb37ff
--- /dev/null
+++ b/app/code/core/Mage/Adminhtml/Block/Checkout/Formkey.php
@@ -0,0 +1,52 @@
+ Admin section
+ *
+ * @return string
+ */
+ public function getSecurityAdminUrl()
+ {
+ return Mage::helper("adminhtml")->getUrl('adminhtml/system_config/edit/section/admin');
+ }
+}
diff --git a/app/code/core/Mage/Adminhtml/Block/Notification/Symlink.php b/app/code/core/Mage/Adminhtml/Block/Notification/Symlink.php
new file mode 100644
index 00000000000..0d668462492
--- /dev/null
+++ b/app/code/core/Mage/Adminhtml/Block/Notification/Symlink.php
@@ -0,0 +1,36 @@
+_convertDate($value['from'], $value['locale']);
+ $value['from'] = $this->_convertDate($this->stripTags($value['from']), $value['locale']);
}
if (!empty($value['to'])) {
$value['orig_to'] = $value['to'];
- $value['to'] = $this->_convertDate($value['to'], $value['locale']);
+ $value['to'] = $this->_convertDate($this->stripTags($value['to']), $value['locale']);
}
}
if (empty($value['from']) && empty($value['to'])) {
diff --git a/app/code/core/Mage/Adminhtml/Model/Config/Data.php b/app/code/core/Mage/Adminhtml/Model/Config/Data.php
index 62750055069..0f357906c48 100644
--- a/app/code/core/Mage/Adminhtml/Model/Config/Data.php
+++ b/app/code/core/Mage/Adminhtml/Model/Config/Data.php
@@ -167,6 +167,9 @@ public function save()
if (is_object($fieldConfig)) {
$configPath = (string)$fieldConfig->config_path;
if (!empty($configPath) && strrpos($configPath, '/') > 0) {
+ if (!Mage::getSingleton('admin/session')->isAllowed($configPath)) {
+ Mage::throwException('Access denied.');
+ }
// Extend old data with specified section group
$groupPath = substr($configPath, 0, strrpos($configPath, '/'));
if (!isset($oldConfigAdditionalGroups[$groupPath])) {
diff --git a/app/code/core/Mage/Adminhtml/controllers/Catalog/Product/GalleryController.php b/app/code/core/Mage/Adminhtml/controllers/Catalog/Product/GalleryController.php
index 0120ce2c466..91a5ff8e3c2 100644
--- a/app/code/core/Mage/Adminhtml/controllers/Catalog/Product/GalleryController.php
+++ b/app/code/core/Mage/Adminhtml/controllers/Catalog/Product/GalleryController.php
@@ -42,6 +42,11 @@ public function uploadAction()
Mage::helper('catalog/image'), 'validateUploadFile');
$uploader->setAllowRenameFiles(true);
$uploader->setFilesDispersion(true);
+ $uploader->addValidateCallback(
+ Mage_Core_Model_File_Validator_Image::NAME,
+ Mage::getModel('core/file_validator_image'),
+ 'validate'
+ );
$result = $uploader->save(
Mage::getSingleton('catalog/product_media_config')->getBaseTmpMediaPath()
);
diff --git a/app/code/core/Mage/Checkout/controllers/MultishippingController.php b/app/code/core/Mage/Checkout/controllers/MultishippingController.php
index a393d361a51..229e92d6b34 100644
--- a/app/code/core/Mage/Checkout/controllers/MultishippingController.php
+++ b/app/code/core/Mage/Checkout/controllers/MultishippingController.php
@@ -233,6 +233,12 @@ public function addressesPostAction()
$this->_redirect('*/multishipping_address/newShipping');
return;
}
+
+ if ($this->isFormkeyValidationOnCheckoutEnabled() && !$this->_validateFormKey()) {
+ $this->_redirect('*/*/addresses');
+ return;
+ }
+
try {
if ($this->getRequest()->getParam('continue', false)) {
$this->_getCheckout()->setCollectRatesFlag(true);
@@ -353,6 +359,11 @@ public function backToShippingAction()
*/
public function shippingPostAction()
{
+ if ($this->isFormkeyValidationOnCheckoutEnabled() && !$this->_validateFormKey()) {
+ $this->_redirect('*/*/shipping');
+ return;
+ }
+
$shippingMethods = $this->getRequest()->getPost('shipping_method');
try {
Mage::dispatchEvent(
@@ -462,6 +473,11 @@ public function overviewAction()
return $this;
}
+ if ($this->isFormkeyValidationOnCheckoutEnabled() && !$this->_validateFormKey()) {
+ $this->_redirect('*/*/billing');
+ return;
+ }
+
$this->_getState()->setActiveStep(Mage_Checkout_Model_Type_Multishipping_State::STEP_OVERVIEW);
try {
diff --git a/app/code/core/Mage/Checkout/controllers/OnepageController.php b/app/code/core/Mage/Checkout/controllers/OnepageController.php
index 05cf6a98edc..98bd359bc4d 100644
--- a/app/code/core/Mage/Checkout/controllers/OnepageController.php
+++ b/app/code/core/Mage/Checkout/controllers/OnepageController.php
@@ -349,6 +349,11 @@ public function saveMethodAction()
if ($this->_expireAjax()) {
return;
}
+
+ if ($this->isFormkeyValidationOnCheckoutEnabled() && !$this->_validateFormKey()) {
+ return;
+ }
+
if ($this->getRequest()->isPost()) {
$method = $this->getRequest()->getPost('method');
$result = $this->getOnepage()->saveCheckoutMethod($method);
@@ -364,6 +369,11 @@ public function saveBillingAction()
if ($this->_expireAjax()) {
return;
}
+
+ if ($this->isFormkeyValidationOnCheckoutEnabled() && !$this->_validateFormKey()) {
+ return;
+ }
+
if ($this->getRequest()->isPost()) {
$data = $this->getRequest()->getPost('billing', array());
$customerAddressId = $this->getRequest()->getPost('billing_address_id', false);
@@ -406,6 +416,11 @@ public function saveShippingAction()
if ($this->_expireAjax()) {
return;
}
+
+ if ($this->isFormkeyValidationOnCheckoutEnabled() && !$this->_validateFormKey()) {
+ return;
+ }
+
if ($this->getRequest()->isPost()) {
$data = $this->getRequest()->getPost('shipping', array());
$customerAddressId = $this->getRequest()->getPost('shipping_address_id', false);
@@ -430,6 +445,11 @@ public function saveShippingMethodAction()
if ($this->_expireAjax()) {
return;
}
+
+ if ($this->isFormkeyValidationOnCheckoutEnabled() && !$this->_validateFormKey()) {
+ return;
+ }
+
if ($this->getRequest()->isPost()) {
$data = $this->getRequest()->getPost('shipping_method', '');
$result = $this->getOnepage()->saveShippingMethod($data);
@@ -464,6 +484,11 @@ public function savePaymentAction()
if ($this->_expireAjax()) {
return;
}
+
+ if ($this->isFormkeyValidationOnCheckoutEnabled() && !$this->_validateFormKey()) {
+ return;
+ }
+
try {
if (!$this->getRequest()->isPost()) {
$this->_ajaxRedirectResponse();
diff --git a/app/code/core/Mage/Checkout/etc/system.xml b/app/code/core/Mage/Checkout/etc/system.xml
index b3c609470ac..8479e9d8910 100644
--- a/app/code/core/Mage/Checkout/etc/system.xml
+++ b/app/code/core/Mage/Checkout/etc/system.xml
@@ -232,5 +232,23 @@
+
+
+
+
+
+
+ select
+ adminhtml/system_config_source_yesno
+ 4
+ Important! Enabling this option means
+ that your custom templates used in checkout process contain form_key output.
+ Otherwise checkout may not work.]]>
+ 1
+
+
+
+
+
diff --git a/app/code/core/Mage/Cms/Model/Wysiwyg/Images/Storage.php b/app/code/core/Mage/Cms/Model/Wysiwyg/Images/Storage.php
index caae938195a..9a4133afb1d 100644
--- a/app/code/core/Mage/Cms/Model/Wysiwyg/Images/Storage.php
+++ b/app/code/core/Mage/Cms/Model/Wysiwyg/Images/Storage.php
@@ -283,6 +283,11 @@ public function uploadFile($targetPath, $type = null)
}
$uploader->setAllowRenameFiles(true);
$uploader->setFilesDispersion(false);
+ $uploader->addValidateCallback(
+ Mage_Core_Model_File_Validator_Image::NAME,
+ Mage::getModel('core/file_validator_image'),
+ 'validate'
+ );
$result = $uploader->save($targetPath);
if (!$result) {
diff --git a/app/code/core/Mage/Core/Controller/Front/Action.php b/app/code/core/Mage/Core/Controller/Front/Action.php
index da94389f091..3b6eb0883bc 100644
--- a/app/code/core/Mage/Core/Controller/Front/Action.php
+++ b/app/code/core/Mage/Core/Controller/Front/Action.php
@@ -188,4 +188,14 @@ protected function _isFormKeyEnabled()
{
return Mage::getStoreConfigFlag(self::XML_CSRF_USE_FLAG_CONFIG_PATH);
}
+
+ /**
+ * Check if form_key validation enabled on checkout process
+ *
+ * @return bool
+ */
+ protected function isFormkeyValidationOnCheckoutEnabled()
+ {
+ return Mage::getStoreConfigFlag('admin/security/validate_formkey_checkout');
+ }
}
diff --git a/app/code/core/Mage/Core/Controller/Request/Http.php b/app/code/core/Mage/Core/Controller/Request/Http.php
index 26cddf119a7..6827e2017fd 100644
--- a/app/code/core/Mage/Core/Controller/Request/Http.php
+++ b/app/code/core/Mage/Core/Controller/Request/Http.php
@@ -148,7 +148,10 @@ public function setPathInfo($pathInfo = null)
$baseUrl = $this->getBaseUrl();
$pathInfo = substr($requestUri, strlen($baseUrl));
- if ((null !== $baseUrl) && (false === $pathInfo)) {
+ if ($baseUrl && $pathInfo && (0 !== stripos($pathInfo, '/'))) {
+ $pathInfo = '';
+ $this->setActionName('noRoute');
+ } elseif ((null !== $baseUrl) && (false === $pathInfo)) {
$pathInfo = '';
} elseif (null === $baseUrl) {
$pathInfo = $requestUri;
diff --git a/app/code/core/Mage/Core/Model/File/Validator/Image.php b/app/code/core/Mage/Core/Model/File/Validator/Image.php
index ca925bfb86b..e24f8b983b4 100644
--- a/app/code/core/Mage/Core/Model/File/Validator/Image.php
+++ b/app/code/core/Mage/Core/Model/File/Validator/Image.php
@@ -88,10 +88,33 @@ public function setAllowedImageTypes(array $imageFileExtensions = array())
*/
public function validate($filePath)
{
- $fileInfo = getimagesize($filePath);
- if (is_array($fileInfo) and isset($fileInfo[2])) {
- if ($this->isImageType($fileInfo[2])) {
- return null;
+ list($imageWidth, $imageHeight, $fileType) = getimagesize($filePath);
+ if ($fileType) {
+ if ($this->isImageType($fileType)) {
+ //replace tmp image with re-sampled copy to exclude images with malicious data
+ $image = imagecreatefromstring(file_get_contents($filePath));
+ if ($image !== false) {
+ $img = imagecreatetruecolor($imageWidth, $imageHeight);
+ imagecopyresampled($img, $image, 0, 0, 0, 0, $imageWidth, $imageHeight, $imageWidth, $imageHeight);
+ switch ($fileType) {
+ case IMAGETYPE_GIF:
+ imagegif($img, $filePath);
+ break;
+ case IMAGETYPE_JPEG:
+ imagejpeg($img, $filePath, 100);
+ break;
+ case IMAGETYPE_PNG:
+ imagepng($img, $filePath);
+ break;
+ default:
+ return;
+ }
+ imagedestroy($img);
+ imagedestroy($image);
+ return null;
+ } else {
+ throw Mage::exception('Mage_Core', Mage::helper('core')->__('Invalid image.'));
+ }
}
}
throw Mage::exception('Mage_Core', Mage::helper('core')->__('Invalid MIME type.'));
@@ -106,5 +129,4 @@ protected function isImageType($nImageType)
{
return in_array($nImageType, $this->_allowedImageTypes);
}
-
}
diff --git a/app/code/core/Mage/Core/etc/system.xml b/app/code/core/Mage/Core/etc/system.xml
index 97b7b20602a..5dcd7b8e597 100644
--- a/app/code/core/Mage/Core/etc/system.xml
+++ b/app/code/core/Mage/Core/etc/system.xml
@@ -597,26 +597,6 @@
-
-
- text
- 25
- 1
- 1
- 1
-
-
-
- select
- adminhtml/system_config_source_yesno
- 10
- 1
- 1
- 1
- Warning! Enabling this feature is not recommended on production environments because it represents a potential security risk.
-
-
-
text
diff --git a/app/code/core/Mage/Dataflow/Model/Convert/Adapter/Zend/Cache.php b/app/code/core/Mage/Dataflow/Model/Convert/Adapter/Zend/Cache.php
index 90f449c06db..0fe19b5d5cb 100644
--- a/app/code/core/Mage/Dataflow/Model/Convert/Adapter/Zend/Cache.php
+++ b/app/code/core/Mage/Dataflow/Model/Convert/Adapter/Zend/Cache.php
@@ -40,6 +40,9 @@ public function getResource()
if (!$this->_resource) {
$this->_resource = Zend_Cache::factory($this->getVar('frontend', 'Core'), $this->getVar('backend', 'File'));
}
+ if ($this->_resource->getBackend() instanceof Zend_Cache_Backend_Static) {
+ throw new Exception(Mage::helper('dataflow')->__('Backend name "Static" not supported.'));
+ }
return $this->_resource;
}
diff --git a/app/code/core/Mage/Dataflow/Model/Convert/Container/Abstract.php b/app/code/core/Mage/Dataflow/Model/Convert/Container/Abstract.php
index c68824d2acd..594418c8528 100644
--- a/app/code/core/Mage/Dataflow/Model/Convert/Container/Abstract.php
+++ b/app/code/core/Mage/Dataflow/Model/Convert/Container/Abstract.php
@@ -47,6 +47,18 @@ abstract class Mage_Dataflow_Model_Convert_Container_Abstract
protected $_position;
+ /**
+ * Detect serialization of data
+ *
+ * @param mixed $data
+ * @return bool
+ */
+ protected function isSerialized($data)
+ {
+ $pattern = '/^a:\d+:\{(i:\d+;|s:\d+:\".+\";|N;|O:\d+:\"\w+\":\d+:\{\w:\d+:)+|^O:\d+:\"\w+\":\d+:\{s:\d+:\"/';
+ return (is_string($data) && preg_match($pattern, $data));
+ }
+
public function getVar($key, $default=null)
{
if (!isset($this->_vars[$key]) || (!is_array($this->_vars[$key]) && strlen($this->_vars[$key]) == 0)) {
@@ -102,13 +114,45 @@ public function getData()
public function setData($data)
{
- if ($this->getProfile()) {
- $this->getProfile()->getContainer()->setData($data);
+ if ($this->validateDataSerialized($data)) {
+ if ($this->getProfile()) {
+ $this->getProfile()->getContainer()->setData($data);
+ }
+
+ $this->_data = $data;
}
- $this->_data = $data;
+
return $this;
}
+ /**
+ * Validate serialized data
+ *
+ * @param mixed $data
+ * @return bool
+ */
+ public function validateDataSerialized($data = null)
+ {
+ if (is_null($data)) {
+ $data = $this->getData();
+ }
+
+ $result = true;
+ if ($this->isSerialized($data)) {
+ try {
+ $dataArray = Mage::helper('core/unserializeArray')->unserialize($data);
+ } catch (Exception $e) {
+ $result = false;
+ $this->addException(
+ "Invalid data, expecting serialized array.",
+ Mage_Dataflow_Model_Convert_Exception::FATAL
+ );
+ }
+ }
+
+ return $result;
+ }
+
public function validateDataString($data=null)
{
if (is_null($data)) {
@@ -140,7 +184,10 @@ public function validateDataGrid($data=null)
if (count($data)==0) {
return true;
}
- $this->addException("Invalid data type, expecting 2D grid array.", Mage_Dataflow_Model_Convert_Exception::FATAL);
+ $this->addException(
+ "Invalid data type, expecting 2D grid array.",
+ Mage_Dataflow_Model_Convert_Exception::FATAL
+ );
}
return true;
}
diff --git a/app/code/core/Mage/Dataflow/Model/Convert/Parser/Csv.php b/app/code/core/Mage/Dataflow/Model/Convert/Parser/Csv.php
index 960b2e5f462..229293101d2 100644
--- a/app/code/core/Mage/Dataflow/Model/Convert/Parser/Csv.php
+++ b/app/code/core/Mage/Dataflow/Model/Convert/Parser/Csv.php
@@ -62,13 +62,15 @@ public function parse()
$adapter = Mage::getModel($adapterName);
}
catch (Exception $e) {
- $message = Mage::helper('dataflow')->__('Declared adapter %s was not found.', $adapterName);
+ $message = Mage::helper('dataflow')
+ ->__('Declared adapter %s was not found.', $adapterName);
$this->addException($message, Mage_Dataflow_Model_Convert_Exception::FATAL);
return $this;
}
if (!method_exists($adapter, $adapterMethod)) {
- $message = Mage::helper('dataflow')->__('Method "%s" not defined in adapter %s.', $adapterMethod, $adapterName);
+ $message = Mage::helper('dataflow')
+ ->__('Method "%s" not defined in adapter %s.', $adapterMethod, $adapterName);
$this->addException($message, Mage_Dataflow_Model_Convert_Exception::FATAL);
return $this;
}
@@ -77,8 +79,8 @@ public function parse()
$batchIoAdapter = $this->getBatchModel()->getIoAdapter();
if (Mage::app()->getRequest()->getParam('files')) {
- $file = Mage::app()->getConfig()->getTempVarDir().'/import/'
- . urldecode(Mage::app()->getRequest()->getParam('files'));
+ $file = Mage::app()->getConfig()->getTempVarDir() . '/import/'
+ . str_replace('../', '', urldecode(Mage::app()->getRequest()->getParam('files')));
$this->_copy($file);
}
diff --git a/app/code/core/Mage/Dataflow/Model/Convert/Parser/Xml/Excel.php b/app/code/core/Mage/Dataflow/Model/Convert/Parser/Xml/Excel.php
index f25b007b15a..09609636619 100644
--- a/app/code/core/Mage/Dataflow/Model/Convert/Parser/Xml/Excel.php
+++ b/app/code/core/Mage/Dataflow/Model/Convert/Parser/Xml/Excel.php
@@ -69,7 +69,8 @@ public function parse()
}
if (!method_exists($adapter, $adapterMethod)) {
- $message = Mage::helper('dataflow')->__('Method "%s" was not defined in adapter %s.', $adapterMethod, $adapterName);
+ $message = Mage::helper('dataflow')
+ ->__('Method "%s" was not defined in adapter %s.', $adapterMethod, $adapterName);
$this->addException($message, Mage_Dataflow_Model_Convert_Exception::FATAL);
return $this;
}
@@ -78,8 +79,8 @@ public function parse()
$batchIoAdapter = $this->getBatchModel()->getIoAdapter();
if (Mage::app()->getRequest()->getParam('files')) {
- $file = Mage::app()->getConfig()->getTempVarDir().'/import/'
- . urldecode(Mage::app()->getRequest()->getParam('files'));
+ $file = Mage::app()->getConfig()->getTempVarDir() . '/import/'
+ . str_replace('../', '', urldecode(Mage::app()->getRequest()->getParam('files')));
$this->_copy($file);
}
diff --git a/app/code/core/Mage/ImportExport/Model/Import/Uploader.php b/app/code/core/Mage/ImportExport/Model/Import/Uploader.php
index 3211d371315..76667e858a1 100644
--- a/app/code/core/Mage/ImportExport/Model/Import/Uploader.php
+++ b/app/code/core/Mage/ImportExport/Model/Import/Uploader.php
@@ -61,6 +61,11 @@ public function init()
$this->setAllowedExtensions(array_keys($this->_allowedMimeTypes));
$this->addValidateCallback('catalog_product_image',
Mage::helper('catalog/image'), 'validateUploadFile');
+ $this->addValidateCallback(
+ Mage_Core_Model_File_Validator_Image::NAME,
+ Mage::getModel('core/file_validator_image'),
+ 'validate'
+ );
$this->_uploadType = self::SINGLE_STYLE;
}
diff --git a/app/code/core/Mage/Sales/Model/Quote/Item.php b/app/code/core/Mage/Sales/Model/Quote/Item.php
index d4133439f38..f105beac95c 100644
--- a/app/code/core/Mage/Sales/Model/Quote/Item.php
+++ b/app/code/core/Mage/Sales/Model/Quote/Item.php
@@ -500,8 +500,9 @@ public function compare($item)
/** @var Unserialize_Parser $parser */
$parser = Mage::helper('core/unserializeArray');
- $_itemOptionValue = $parser->unserialize($itemOptionValue);
- $_optionValue = $parser->unserialize($optionValue);
+ $_itemOptionValue =
+ is_numeric($itemOptionValue) ? $itemOptionValue : $parser->unserialize($itemOptionValue);
+ $_optionValue = is_numeric($optionValue) ? $optionValue : $parser->unserialize($optionValue);
if (is_array($_itemOptionValue) && is_array($_optionValue)) {
$itemOptionValue = $_itemOptionValue;
diff --git a/app/code/core/Mage/Widget/Model/Widget/Instance.php b/app/code/core/Mage/Widget/Model/Widget/Instance.php
index c5512058485..e5d0134298a 100644
--- a/app/code/core/Mage/Widget/Model/Widget/Instance.php
+++ b/app/code/core/Mage/Widget/Model/Widget/Instance.php
@@ -347,7 +347,11 @@ public function getStoreIds()
public function getWidgetParameters()
{
if (is_string($this->getData('widget_parameters'))) {
- return unserialize($this->getData('widget_parameters'));
+ try {
+ return Mage::helper('core/unserializeArray')->unserialize($this->getData('widget_parameters'));
+ } catch (Exception $e) {
+ Mage::logException($e);
+ }
}
return (is_array($this->getData('widget_parameters'))) ? $this->getData('widget_parameters') : array();
}
diff --git a/app/code/core/Mage/XmlConnect/Helper/Image.php b/app/code/core/Mage/XmlConnect/Helper/Image.php
index e8d6e295802..38d8ed37240 100644
--- a/app/code/core/Mage/XmlConnect/Helper/Image.php
+++ b/app/code/core/Mage/XmlConnect/Helper/Image.php
@@ -100,6 +100,11 @@ public function handleUpload($field)
$uploader = Mage::getModel('core/file_uploader', $field);
$uploader->setAllowedExtensions(array('jpg', 'jpeg', 'gif', 'png'));
$uploader->setAllowRenameFiles(true);
+ $uploader->addValidateCallback(
+ Mage_Core_Model_File_Validator_Image::NAME,
+ Mage::getModel('core/file_validator_image'),
+ 'validate'
+ );
$uploader->save($uploadDir);
$uploadedFilename = $uploader->getUploadedFileName();
$uploadedFilename = $this->_getResizedFilename($field, $uploadedFilename, true);
diff --git a/app/code/core/Mage/XmlConnect/controllers/Adminhtml/MobileController.php b/app/code/core/Mage/XmlConnect/controllers/Adminhtml/MobileController.php
index 28d4fae2022..dd567abab7a 100644
--- a/app/code/core/Mage/XmlConnect/controllers/Adminhtml/MobileController.php
+++ b/app/code/core/Mage/XmlConnect/controllers/Adminhtml/MobileController.php
@@ -567,7 +567,7 @@ public function deleteThemeAction()
$result = $themesHelper->deleteTheme($themeId);
if ($result) {
$response = array(
- 'message' => $this->__('Theme has been delete.'),
+ 'message' => $this->__('Theme has been deleted.'),
'themes' => $themesHelper->getAllThemesArray(true),
'themeSelector' => $themesHelper->getThemesSelector(),
'selectedTheme' => $themesHelper->getDefaultThemeName()
@@ -1393,6 +1393,11 @@ public function uploadImagesAction()
/** @var $uploader Mage_Core_Model_File_Uploader */
$uploader = Mage::getModel('core/file_uploader', $imageModel->getImageType());
$uploader->setAllowRenameFiles(true)->setAllowedExtensions(array('jpg', 'jpeg', 'gif', 'png'));
+ $uploader->addValidateCallback(
+ Mage_Core_Model_File_Validator_Image::NAME,
+ Mage::getModel('core/file_validator_image'),
+ 'validate'
+ );
$result = $uploader->save(Mage_XmlConnect_Model_Images::getBasePath(), $newFileName);
$result['thumbnail'] = Mage::getModel('xmlconnect/images')->getCustomSizeImageUrl(
$result['file'],
diff --git a/app/design/adminhtml/default/default/layout/main.xml b/app/design/adminhtml/default/default/layout/main.xml
index 7fc3eadd789..78ba06dc760 100644
--- a/app/design/adminhtml/default/default/layout/main.xml
+++ b/app/design/adminhtml/default/default/layout/main.xml
@@ -119,7 +119,8 @@ Default layout, loads most of the pages
-
+
+
diff --git a/app/design/adminhtml/default/default/template/notification/formkey.phtml b/app/design/adminhtml/default/default/template/notification/formkey.phtml
new file mode 100644
index 00000000000..37984652a7b
--- /dev/null
+++ b/app/design/adminhtml/default/default/template/notification/formkey.phtml
@@ -0,0 +1,38 @@
+
+canShow()): ?>
+
+ Important:
+ Formkey validation on checkout disabled. This may expose security risks.
+ We strongly recommend to Enable Form Key Validation On Checkout in
+ Admin / Security Section,
+ for protect your own checkout process.
+