Mage_Core_Adminhtml - Version 1.9.2.0

Version Notes

1.9.2.0

Download this release

Release Info

Developer Magento Core Team
Extension Mage_Core_Adminhtml
Version 1.9.2.0
Comparing to
See all releases


Code changes from version 1.9.1.1 to 1.9.2.0

Files changed (76) hide show
  1. app/code/core/Mage/Adminhtml/Block/Api/Buttons.php +8 -1
  2. app/code/core/Mage/Adminhtml/Block/Cache.php +5 -2
  3. app/code/core/Mage/Adminhtml/Block/Catalog/Product/Attribute/Set/Grid.php +1 -1
  4. app/code/core/Mage/Adminhtml/Block/Catalog/Product/Edit.php +7 -3
  5. app/code/core/Mage/Adminhtml/Block/Catalog/Product/Edit/Tab/Alerts/Price.php +6 -0
  6. app/code/core/Mage/Adminhtml/Block/Catalog/Product/Edit/Tab/Alerts/Stock.php +5 -0
  7. app/code/core/Mage/Adminhtml/Block/Catalog/Product/Edit/Tab/Categories.php +11 -14
  8. app/code/core/Mage/Adminhtml/Block/Catalog/Product/Edit/Tab/Tag/Customer.php +5 -0
  9. app/code/core/Mage/Adminhtml/Block/Cms/Page/Grid/Renderer/Action.php +13 -8
  10. app/code/core/Mage/Adminhtml/Block/Customer/Edit/Tab/Account.php +3 -1
  11. app/code/core/Mage/Adminhtml/Block/Customer/Online/Grid.php +6 -0
  12. app/code/core/Mage/Adminhtml/Block/Customer/Online/Grid/Renderer/Ip.php +7 -2
  13. app/code/core/Mage/Adminhtml/Block/Newsletter/Subscriber/Grid.php +6 -0
  14. app/code/core/Mage/Adminhtml/Block/Permissions/Buttons.php +7 -1
  15. app/code/core/Mage/Adminhtml/Block/Permissions/Roles.php +10 -0
  16. app/code/core/Mage/Adminhtml/Block/Permissions/Tab/Rolesedit.php +29 -3
  17. app/code/core/Mage/Adminhtml/Block/Report/Grid/Column/Renderer/Currency.php +3 -2
  18. app/code/core/Mage/Adminhtml/Block/Review/Edit.php +5 -1
  19. app/code/core/Mage/Adminhtml/Block/Review/Edit/Form.php +1 -1
  20. app/code/core/Mage/Adminhtml/Block/Review/Main.php +1 -2
  21. app/code/core/Mage/Adminhtml/Block/Review/Rating/Detailed.php +1 -1
  22. app/code/core/Mage/Adminhtml/Block/Sales/Order/Create/Sidebar/Cart.php +3 -1
  23. app/code/core/Mage/Adminhtml/Block/Sales/Order/Creditmemo/View.php +4 -3
  24. app/code/core/Mage/Adminhtml/Block/Sales/Order/Invoice/View.php +6 -4
  25. app/code/core/Mage/Adminhtml/Block/Sales/Order/Shipment/View.php +6 -4
  26. app/code/core/Mage/Adminhtml/Block/Sales/Order/View.php +37 -17
  27. app/code/core/Mage/Adminhtml/Block/Store/Switcher.php +1 -1
  28. app/code/core/Mage/Adminhtml/Block/System/Design/Edit.php +5 -1
  29. app/code/core/Mage/Adminhtml/Block/Tag/Customer/Grid.php +5 -0
  30. app/code/core/Mage/Adminhtml/Block/Tag/Grid/Customers.php +28 -21
  31. app/code/core/Mage/Adminhtml/Block/Tag/Tag/Edit.php +11 -4
  32. app/code/core/Mage/Adminhtml/Block/Tax/Rate/Toolbar/Save.php +7 -1
  33. app/code/core/Mage/Adminhtml/Block/Urlrewrite/Edit.php +10 -3
  34. app/code/core/Mage/Adminhtml/Block/Widget/Form/Container.php +15 -3
  35. app/code/core/Mage/Adminhtml/Block/Widget/Grid/Column/Filter/Price.php +15 -7
  36. app/code/core/Mage/Adminhtml/Block/Widget/Grid/Column/Renderer/Currency.php +1 -1
  37. app/code/core/Mage/Adminhtml/Block/Widget/Grid/Column/Renderer/Ip.php +5 -1
  38. app/code/core/Mage/Adminhtml/Block/Widget/Grid/Column/Renderer/Price.php +1 -1
  39. app/code/core/Mage/Adminhtml/Controller/Action.php +1 -1
  40. app/code/core/Mage/Adminhtml/Helper/Sales.php +1 -0
  41. app/code/core/Mage/Adminhtml/Model/Sales/Order/Create.php +40 -35
  42. app/code/core/Mage/Adminhtml/Model/System/Config/Backend/Baseurl.php +16 -0
  43. app/code/core/Mage/Adminhtml/controllers/AjaxController.php +10 -0
  44. app/code/core/Mage/Adminhtml/controllers/Catalog/Category/WidgetController.php +10 -0
  45. app/code/core/Mage/Adminhtml/controllers/Catalog/Product/DatafeedsController.php +10 -0
  46. app/code/core/Mage/Adminhtml/controllers/Catalog/Product/ReviewController.php +2 -1
  47. app/code/core/Mage/Adminhtml/controllers/Catalog/Product/WidgetController.php +10 -0
  48. app/code/core/Mage/Adminhtml/controllers/Catalog/ProductController.php +1 -0
  49. app/code/core/Mage/Adminhtml/controllers/Cms/Block/WidgetController.php +10 -0
  50. app/code/core/Mage/Adminhtml/controllers/Cms/Page/WidgetController.php +11 -0
  51. app/code/core/Mage/Adminhtml/controllers/Cms/PageController.php +2 -1
  52. app/code/core/Mage/Adminhtml/controllers/Cms/WysiwygController.php +10 -0
  53. app/code/core/Mage/Adminhtml/controllers/Customer/System/Config/ValidatevatController.php +10 -0
  54. app/code/core/Mage/Adminhtml/controllers/CustomerController.php +1 -0
  55. app/code/core/Mage/Adminhtml/controllers/JsonController.php +10 -0
  56. app/code/core/Mage/Adminhtml/controllers/NotificationController.php +5 -4
  57. app/code/core/Mage/Adminhtml/controllers/Permissions/RoleController.php +46 -5
  58. app/code/core/Mage/Adminhtml/controllers/Report/CustomerController.php +2 -1
  59. app/code/core/Mage/Adminhtml/controllers/Report/ProductController.php +2 -1
  60. app/code/core/Mage/Adminhtml/controllers/Report/ReviewController.php +2 -1
  61. app/code/core/Mage/Adminhtml/controllers/Report/SalesController.php +2 -1
  62. app/code/core/Mage/Adminhtml/controllers/Report/ShopcartController.php +2 -1
  63. app/code/core/Mage/Adminhtml/controllers/Report/TagController.php +3 -2
  64. app/code/core/Mage/Adminhtml/controllers/ReportController.php +2 -1
  65. app/code/core/Mage/Adminhtml/controllers/Rss/CatalogController.php +10 -6
  66. app/code/core/Mage/Adminhtml/controllers/Rss/OrderController.php +10 -6
  67. app/code/core/Mage/Adminhtml/controllers/Sales/Billing/AgreementController.php +2 -1
  68. app/code/core/Mage/Adminhtml/controllers/Sales/Order/View/GiftmessageController.php +10 -0
  69. app/code/core/Mage/Adminhtml/controllers/Sales/Recurring/ProfileController.php +10 -0
  70. app/code/core/Mage/Adminhtml/controllers/Sales/TransactionsController.php +2 -1
  71. app/code/core/Mage/Adminhtml/controllers/System/Config/System/StorageController.php +10 -0
  72. app/code/core/Mage/Adminhtml/controllers/TagController.php +2 -1
  73. app/code/core/Mage/Adminhtml/controllers/Tax/RateController.php +5 -4
  74. app/code/core/Mage/Adminhtml/controllers/TaxController.php +10 -0
  75. app/locale/en_US/Mage_Adminhtml.csv +6 -1
  76. package.xml +6 -6
app/code/core/Mage/Adminhtml/Block/Api/Buttons.php CHANGED
@@ -65,7 +65,14 @@ class Mage_Adminhtml_Block_Api_Buttons extends Mage_Adminhtml_Block_Template
65
  $this->getLayout()->createBlock('adminhtml/widget_button')
66
  ->setData(array(
67
  'label' => Mage::helper('adminhtml')->__('Delete Role'),
68
- 'onclick' => 'deleteConfirm(\'' . Mage::helper('adminhtml')->__('Are you sure you want to do this?') . '\', \'' . $this->getUrl('*/*/delete', array('rid' => $this->getRequest()->getParam('rid'))) . '\')',
 
 
 
 
 
 
 
69
  'class' => 'delete'
70
  ))
71
  );
65
  $this->getLayout()->createBlock('adminhtml/widget_button')
66
  ->setData(array(
67
  'label' => Mage::helper('adminhtml')->__('Delete Role'),
68
+ 'onclick' => 'deleteConfirm(\''
69
+ . Mage::helper('core')->jsQuoteEscape(
70
+ Mage::helper('adminhtml')->__('Are you sure you want to do this?'),
71
+ true
72
+ )
73
+ . '\', \''
74
+ . $this->getUrl('*/*/delete', array('rid' => $this->getRequest()->getParam('rid')))
75
+ . '\')',
76
  'class' => 'delete'
77
  ))
78
  );
app/code/core/Mage/Adminhtml/Block/Cache.php CHANGED
@@ -41,10 +41,13 @@ class Mage_Adminhtml_Block_Cache extends Mage_Adminhtml_Block_Widget_Grid_Contai
41
  'class' => 'delete',
42
  ));
43
 
44
- $message = Mage::helper('core')->__('Cache storage may contain additional data. Are you sure that you want flush it?');
 
 
45
  $this->_addButton('flush_system', array(
46
  'label' => Mage::helper('core')->__('Flush Cache Storage'),
47
- 'onclick' => 'confirmSetLocation(\''.$message.'\', \'' . $this->getFlushStorageUrl() .'\')',
 
48
  'class' => 'delete',
49
  ));
50
  }
41
  'class' => 'delete',
42
  ));
43
 
44
+ $confirmationMessage = Mage::helper('core')->jsQuoteEscape(
45
+ Mage::helper('core')->__('Cache storage may contain additional data. Are you sure that you want flush it?')
46
+ );
47
  $this->_addButton('flush_system', array(
48
  'label' => Mage::helper('core')->__('Flush Cache Storage'),
49
+ 'onclick' => 'confirmSetLocation(\'' . $confirmationMessage . '\', \'' . $this->getFlushStorageUrl()
50
+ . '\')',
51
  'class' => 'delete',
52
  ));
53
  }
app/code/core/Mage/Adminhtml/Block/Catalog/Product/Attribute/Set/Grid.php CHANGED
@@ -38,7 +38,7 @@ class Mage_Adminhtml_Block_Catalog_Product_Attribute_Set_Grid extends Mage_Admin
38
  {
39
  parent::__construct();
40
  $this->setId('setGrid');
41
- $this->setDefaultSort('set_id');
42
  $this->setDefaultDir('ASC');
43
  $this->setSaveParametersInSession(true);
44
  }
38
  {
39
  parent::__construct();
40
  $this->setId('setGrid');
41
+ $this->setDefaultSort('set_name');
42
  $this->setDefaultDir('ASC');
43
  $this->setSaveParametersInSession(true);
44
  }
app/code/core/Mage/Adminhtml/Block/Catalog/Product/Edit.php CHANGED
@@ -104,12 +104,16 @@ class Mage_Adminhtml_Block_Catalog_Product_Edit extends Mage_Adminhtml_Block_Wid
104
  );
105
  }
106
  if ($this->getProduct()->isDeleteable()) {
 
 
 
 
107
  $this->setChild('delete_button',
108
- $this->getLayout()->createBlock('adminhtml/widget_button')
109
  ->setData(array(
110
  'label' => Mage::helper('catalog')->__('Delete'),
111
- 'onclick' => 'confirmSetLocation(\''
112
- . Mage::helper('catalog')->__('Are you sure?').'\', \''.$this->getDeleteUrl().'\')',
113
  'class' => 'delete'
114
  ))
115
  );
104
  );
105
  }
106
  if ($this->getProduct()->isDeleteable()) {
107
+
108
+ $confirmationMessage = Mage::helper('core')->jsQuoteEscape(
109
+ Mage::helper('catalog')->__('Are you sure?')
110
+ );
111
  $this->setChild('delete_button',
112
+ $this->getLayout()->createBlock('adminhtml/widget_button')
113
  ->setData(array(
114
  'label' => Mage::helper('catalog')->__('Delete'),
115
+ 'onclick' => 'confirmSetLocation(\'' . $confirmationMessage
116
+ . '\', \'' . $this->getDeleteUrl() . '\')',
117
  'class' => 'delete'
118
  ))
119
  );
app/code/core/Mage/Adminhtml/Block/Catalog/Product/Edit/Tab/Alerts/Price.php CHANGED
@@ -69,6 +69,12 @@ class Mage_Adminhtml_Block_Catalog_Product_Edit_Tab_Alerts_Price extends Mage_Ad
69
  'index' => 'firstname',
70
  ));
71
 
 
 
 
 
 
 
72
  $this->addColumn('lastname', array(
73
  'header' => Mage::helper('catalog')->__('Last Name'),
74
  'index' => 'lastname',
69
  'index' => 'firstname',
70
  ));
71
 
72
+ $this->addColumn('middlename', array(
73
+ 'header' => Mage::helper('catalog')->__('Middle Name'),
74
+ 'index' => 'middlename',
75
+ ));
76
+
77
+
78
  $this->addColumn('lastname', array(
79
  'header' => Mage::helper('catalog')->__('Last Name'),
80
  'index' => 'lastname',
app/code/core/Mage/Adminhtml/Block/Catalog/Product/Edit/Tab/Alerts/Stock.php CHANGED
@@ -69,6 +69,11 @@ class Mage_Adminhtml_Block_Catalog_Product_Edit_Tab_Alerts_Stock extends Mage_Ad
69
  'index' => 'firstname',
70
  ));
71
 
 
 
 
 
 
72
  $this->addColumn('lastname', array(
73
  'header' => Mage::helper('catalog')->__('Last Name'),
74
  'index' => 'lastname',
69
  'index' => 'firstname',
70
  ));
71
 
72
+ $this->addColumn('middlename', array(
73
+ 'header' => Mage::helper('catalog')->__('Middle Name'),
74
+ 'index' => 'middlename',
75
+ ));
76
+
77
  $this->addColumn('lastname', array(
78
  'header' => Mage::helper('catalog')->__('Last Name'),
79
  'index' => 'lastname',
app/code/core/Mage/Adminhtml/Block/Catalog/Product/Edit/Tab/Categories.php CHANGED
@@ -185,22 +185,16 @@ class Mage_Adminhtml_Block_Catalog_Product_Edit_Tab_Categories extends Mage_Admi
185
  */
186
  protected function _isParentSelectedCategory($node)
187
  {
188
- $result = false;
189
- // Contains string with all category IDs of children (not exactly direct) of the node
190
- $allChildren = $node->getAllChildren();
191
- if ($allChildren) {
192
- $selectedCategoryIds = $this->getCategoryIds();
193
- $allChildrenArr = explode(',', $allChildren);
194
- for ($i = 0, $cnt = count($selectedCategoryIds); $i < $cnt; $i++) {
195
- $isSelf = $node->getId() == $selectedCategoryIds[$i];
196
- if (!$isSelf && in_array($selectedCategoryIds[$i], $allChildrenArr)) {
197
- $result = true;
198
- break;
199
  }
200
  }
201
  }
202
 
203
- return $result;
204
  }
205
 
206
  /**
@@ -273,9 +267,12 @@ class Mage_Adminhtml_Block_Catalog_Product_Edit_Tab_Categories extends Mage_Admi
273
  $collection = Mage::getResourceModel('catalog/category_collection');
274
 
275
  if ($rootId) {
276
- $collection->addFieldToFilter('parent_id', $rootId);
 
 
 
277
  } else {
278
- $collection->addFieldToFilter('entity_id', array('in'=>$categoryIds));
279
  }
280
 
281
  foreach ($collection as $item) {
185
  */
186
  protected function _isParentSelectedCategory($node)
187
  {
188
+ foreach ($this->_getSelectedNodes() as $selected) {
189
+ if ($selected) {
190
+ $pathIds = explode('/', $selected->getPathId());
191
+ if (in_array($node->getId(), $pathIds)) {
192
+ return true;
 
 
 
 
 
 
193
  }
194
  }
195
  }
196
 
197
+ return false;
198
  }
199
 
200
  /**
267
  $collection = Mage::getResourceModel('catalog/category_collection');
268
 
269
  if ($rootId) {
270
+ $collection->addFieldToFilter(array(
271
+ array('attribute' => 'parent_id', 'eq' => $rootId),
272
+ array('attribute' => 'entity_id', 'in' => $categoryIds)
273
+ ));
274
  } else {
275
+ $collection->addFieldToFilter('entity_id', array('in' => $categoryIds));
276
  }
277
 
278
  foreach ($collection as $item) {
app/code/core/Mage/Adminhtml/Block/Catalog/Product/Edit/Tab/Tag/Customer.php CHANGED
@@ -69,6 +69,11 @@ class Mage_Adminhtml_Block_Catalog_Product_Edit_Tab_Tag_Customer extends Mage_Ad
69
  'index' => 'firstname',
70
  ));
71
 
 
 
 
 
 
72
  $this->addColumn('lastname', array(
73
  'header' => Mage::helper('catalog')->__('Last Name'),
74
  'index' => 'lastname',
69
  'index' => 'firstname',
70
  ));
71
 
72
+ $this->addColumn('middlename', array(
73
+ 'header' => Mage::helper('catalog')->__('Middle Name'),
74
+ 'index' => 'middlename',
75
+ ));
76
+
77
  $this->addColumn('lastname', array(
78
  'header' => Mage::helper('catalog')->__('Last Name'),
79
  'index' => 'lastname',
app/code/core/Mage/Adminhtml/Block/Cms/Page/Grid/Renderer/Action.php CHANGED
@@ -29,13 +29,18 @@ class Mage_Adminhtml_Block_Cms_Page_Grid_Renderer_Action
29
  {
30
  public function render(Varien_Object $row)
31
  {
32
- $urlModel = Mage::getModel('core/url')->setStore($row->getData('_first_store_id'));
33
- $href = $urlModel->getUrl(
34
- $row->getIdentifier(), array(
35
- '_current' => false,
36
- '_query' => '___store='.$row->getStoreCode()
37
- )
38
- );
39
- return '<a href="'.$href.'" target="_blank">'.$this->__('Preview').'</a>';
 
 
 
 
 
40
  }
41
  }
29
  {
30
  public function render(Varien_Object $row)
31
  {
32
+ Mage::dispatchEvent('adminhtml_cms_page_grid_renderer_action_before_render', array('row' => $row));
33
+ if ($row->getPreviewUrl()) {
34
+ $href = $row->getPreviewUrl();
35
+ } else {
36
+ $urlModel = Mage::getModel('core/url')->setStore($row->getData('_first_store_id'));
37
+ $href = $urlModel->getUrl(
38
+ $row->getIdentifier(), array(
39
+ '_current' => false,
40
+ '_query' => '___store=' . $row->getStoreCode(),
41
+ )
42
+ );
43
+ }
44
+ return '<a href="' . $href . '" target="_blank">' . $this->__('Preview') . '</a>';
45
  }
46
  }
app/code/core/Mage/Adminhtml/Block/Customer/Edit/Tab/Account.php CHANGED
@@ -98,7 +98,9 @@ class Mage_Adminhtml_Block_Customer_Edit_Tab_Account extends Mage_Adminhtml_Bloc
98
  var {$prefix}_websites = " . Mage::helper('core')->jsonEncode($websites) .";
99
  Validation.add(
100
  'validate-website-has-store',
101
- '" . Mage::helper('customer')->__('Please select a website which contains store view') . "',
 
 
102
  function(v, elem){
103
  return {$prefix}_websites[elem.value] == true;
104
  }
98
  var {$prefix}_websites = " . Mage::helper('core')->jsonEncode($websites) .";
99
  Validation.add(
100
  'validate-website-has-store',
101
+ '" . Mage::helper('core')->jsQuoteEscape(
102
+ Mage::helper('customer')->__('Please select a website which contains store view')
103
+ ) . "',
104
  function(v, elem){
105
  return {$prefix}_websites[elem.value] == true;
106
  }
app/code/core/Mage/Adminhtml/Block/Customer/Online/Grid.php CHANGED
@@ -87,6 +87,12 @@ class Mage_Adminhtml_Block_Customer_Online_Grid extends Mage_Adminhtml_Block_Wid
87
  'index' => 'customer_firstname'
88
  ));
89
 
 
 
 
 
 
 
90
  $this->addColumn('lastname', array(
91
  'header' => Mage::helper('customer')->__('Last Name'),
92
  'default' => Mage::helper('customer')->__('n/a'),
87
  'index' => 'customer_firstname'
88
  ));
89
 
90
+ $this->addColumn('middlename', array(
91
+ 'header' => Mage::helper('customer')->__('Middle Name'),
92
+ 'default' => Mage::helper('customer')->__('n/a'),
93
+ 'index' => 'customer_middlename'
94
+ ));
95
+
96
  $this->addColumn('lastname', array(
97
  'header' => Mage::helper('customer')->__('Last Name'),
98
  'default' => Mage::helper('customer')->__('n/a'),
app/code/core/Mage/Adminhtml/Block/Customer/Online/Grid/Renderer/Ip.php CHANGED
@@ -31,12 +31,17 @@
31
  * @package Mage_Adminhtml
32
  * @author Magento Core Team <core@magentocommerce.com>
33
  */
34
- class Mage_Adminhtml_Block_Customer_Online_Grid_Renderer_Ip extends Mage_Adminhtml_Block_Widget_Grid_Column_Renderer_Abstract
 
35
  {
36
 
37
  public function render(Varien_Object $row)
38
  {
39
- return long2ip($row->getData($this->getColumn()->getIndex()));
 
 
 
 
40
  }
41
 
42
  }
31
  * @package Mage_Adminhtml
32
  * @author Magento Core Team <core@magentocommerce.com>
33
  */
34
+ class Mage_Adminhtml_Block_Customer_Online_Grid_Renderer_Ip
35
+ extends Mage_Adminhtml_Block_Widget_Grid_Column_Renderer_Abstract
36
  {
37
 
38
  public function render(Varien_Object $row)
39
  {
40
+ /**
41
+ * The output of the "inet_ntop" function was disabled to prevent an error throwing
42
+ * in case when the database value is not an ipv6 or an ipv4 binary representation (ex. NULL).
43
+ */
44
+ return @inet_ntop($row->getData($this->getColumn()->getIndex()));
45
  }
46
 
47
  }
app/code/core/Mage/Adminhtml/Block/Newsletter/Subscriber/Grid.php CHANGED
@@ -99,6 +99,12 @@ class Mage_Adminhtml_Block_Newsletter_Subscriber_Grid extends Mage_Adminhtml_Blo
99
  'default' => '----'
100
  ));
101
 
 
 
 
 
 
 
102
  $this->addColumn('lastname', array(
103
  'header' => Mage::helper('newsletter')->__('Customer Last Name'),
104
  'index' => 'customer_lastname',
99
  'default' => '----'
100
  ));
101
 
102
+ $this->addColumn('middlename', array(
103
+ 'header' => Mage::helper('newsletter')->__('Customer Middle Name'),
104
+ 'index' => 'customer_middlename',
105
+ 'default' => '----'
106
+ ));
107
+
108
  $this->addColumn('lastname', array(
109
  'header' => Mage::helper('newsletter')->__('Customer Last Name'),
110
  'index' => 'customer_lastname',
app/code/core/Mage/Adminhtml/Block/Permissions/Buttons.php CHANGED
@@ -65,7 +65,13 @@ class Mage_Adminhtml_Block_Permissions_Buttons extends Mage_Adminhtml_Block_Temp
65
  $this->getLayout()->createBlock('adminhtml/widget_button')
66
  ->setData(array(
67
  'label' => Mage::helper('adminhtml')->__('Delete Role'),
68
- 'onclick' => 'deleteConfirm(\'' . Mage::helper('adminhtml')->__('Are you sure you want to do this?') . '\', \'' . $this->getUrl('*/*/delete', array('rid' => $this->getRequest()->getParam('rid'))) . '\')',
 
 
 
 
 
 
69
  'class' => 'delete'
70
  ))
71
  );
65
  $this->getLayout()->createBlock('adminhtml/widget_button')
66
  ->setData(array(
67
  'label' => Mage::helper('adminhtml')->__('Delete Role'),
68
+ 'onclick' => 'deleteConfirm(\''
69
+ . MAge::helper('core')->jsQuoteEscape(
70
+ Mage::helper('adminhtml')->__('Are you sure you want to do this?')
71
+ )
72
+ . '\', \''
73
+ . $this->getUrl('*/*/delete', array('rid' => $this->getRequest()->getParam('rid')))
74
+ . '\')',
75
  'class' => 'delete'
76
  ))
77
  );
app/code/core/Mage/Adminhtml/Block/Permissions/Roles.php CHANGED
@@ -43,6 +43,16 @@ class Mage_Adminhtml_Block_Permissions_Roles extends Mage_Adminhtml_Block_Templa
43
  return $this->getUrl('*/*/editrole');
44
  }
45
 
 
 
 
 
 
 
 
 
 
 
46
  /**
47
  * Get grid HTML
48
  *
43
  return $this->getUrl('*/*/editrole');
44
  }
45
 
46
+ /**
47
+ * Get URL for refreshing role-rule relations
48
+ *
49
+ * @return string
50
+ */
51
+ public function getRefreshRolesUrl()
52
+ {
53
+ return $this->getUrl('*/*/refreshroles');
54
+ }
55
+
56
  /**
57
  * Get grid HTML
58
  *
app/code/core/Mage/Adminhtml/Block/Permissions/Tab/Rolesedit.php CHANGED
@@ -34,6 +34,15 @@
34
  class Mage_Adminhtml_Block_Permissions_Tab_Rolesedit extends Mage_Adminhtml_Block_Widget_Form
35
  implements Mage_Adminhtml_Block_Widget_Tab_Interface
36
  {
 
 
 
 
 
 
 
 
 
37
  /**
38
  * Get tab label
39
  *
@@ -90,14 +99,31 @@ class Mage_Adminhtml_Block_Permissions_Tab_Rolesedit extends Mage_Adminhtml_Bloc
90
 
91
  $selrids = array();
92
 
 
93
  foreach ($rules_set->getItems() as $item) {
94
  $itemResourceId = $item->getResource_id();
95
- if (array_key_exists(strtolower($itemResourceId), $resources) && $item->getPermission() == 'allow') {
96
- $resources[$itemResourceId]['checked'] = true;
97
- array_push($selrids, $itemResourceId);
 
 
98
  }
99
  }
100
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
101
  $this->setSelectedResources($selrids);
102
 
103
  $this->setTemplate('permissions/rolesedit.phtml');
34
  class Mage_Adminhtml_Block_Permissions_Tab_Rolesedit extends Mage_Adminhtml_Block_Widget_Form
35
  implements Mage_Adminhtml_Block_Widget_Tab_Interface
36
  {
37
+ /**
38
+ * Retrieve an instance of the fallback helper
39
+ * @return Mage_Admin_Helper_Rules_Fallback
40
+ */
41
+ protected function _getFallbackHelper()
42
+ {
43
+ return Mage::helper('admin/rules_fallback');
44
+ }
45
+
46
  /**
47
  * Get tab label
48
  *
99
 
100
  $selrids = array();
101
 
102
+ /** @var $item Mage_Admin_Model_Rules */
103
  foreach ($rules_set->getItems() as $item) {
104
  $itemResourceId = $item->getResource_id();
105
+ if (array_key_exists(strtolower($itemResourceId), $resources)) {
106
+ if ($item->isAllowed()) {
107
+ $resources[$itemResourceId]['checked'] = true;
108
+ array_push($selrids, $itemResourceId);
109
+ }
110
  }
111
  }
112
 
113
+ $resourcesPermissionsMap = $rules_set->getResourcesPermissionsArray();
114
+ $undefinedResources = array_diff(array_keys($resources), array_keys($resourcesPermissionsMap));
115
+
116
+ foreach ($undefinedResources as $undefinedResourceId) {
117
+ if ($this->_getFallbackHelper()->fallbackResourcePermissions(
118
+ $resourcesPermissionsMap,
119
+ $undefinedResourceId
120
+ ) == Mage_Admin_Model_Rules::RULE_PERMISSION_ALLOWED
121
+ ) {
122
+ array_push($selrids, $undefinedResourceId);
123
+ }
124
+ }
125
+
126
+
127
  $this->setSelectedResources($selrids);
128
 
129
  $this->setTemplate('permissions/rolesedit.phtml');
app/code/core/Mage/Adminhtml/Block/Report/Grid/Column/Renderer/Currency.php CHANGED
@@ -32,7 +32,8 @@
32
  * @author Magento Core Team <core@magentocommerce.com>
33
  */
34
 
35
- class Mage_Adminhtml_Block_Report_Grid_Column_Renderer_Currency extends Mage_Adminhtml_Block_Widget_Grid_Column_Renderer_Currency
 
36
  {
37
  /**
38
  * Renders grid column
@@ -50,7 +51,7 @@ class Mage_Adminhtml_Block_Report_Grid_Column_Renderer_Currency extends Mage_Adm
50
  }
51
 
52
  $data = floatval($data) * $this->_getRate($row);
53
- $data = sprintf("%f", $data);
54
  $data = Mage::app()->getLocale()->currency($currency_code)->toCurrency($data);
55
  return $data;
56
  }
32
  * @author Magento Core Team <core@magentocommerce.com>
33
  */
34
 
35
+ class Mage_Adminhtml_Block_Report_Grid_Column_Renderer_Currency
36
+ extends Mage_Adminhtml_Block_Widget_Grid_Column_Renderer_Currency
37
  {
38
  /**
39
  * Renders grid column
51
  }
52
 
53
  $data = floatval($data) * $this->_getRate($row);
54
+ $data = sprintf("%F", $data);
55
  $data = Mage::app()->getLocale()->currency($currency_code)->toCurrency($data);
56
  return $data;
57
  }
app/code/core/Mage/Adminhtml/Block/Review/Edit.php CHANGED
@@ -77,7 +77,11 @@ class Mage_Adminhtml_Block_Review_Edit extends Mage_Adminhtml_Block_Widget_Form_
77
  'delete',
78
  'onclick',
79
  'deleteConfirm('
80
- . '\'' . Mage::helper('review')->__('Are you sure you want to do this?').'\', '
 
 
 
 
81
  . '\'' . $this->getUrl(
82
  '*/*/delete',
83
  array(
77
  'delete',
78
  'onclick',
79
  'deleteConfirm('
80
+ . '\''
81
+ . Mage::helper('core')->jsQuoteEscape(
82
+ Mage::helper('review')->__('Are you sure you want to do this?')
83
+ )
84
+ . '\', '
85
  . '\'' . $this->getUrl(
86
  '*/*/delete',
87
  array(
app/code/core/Mage/Adminhtml/Block/Review/Edit/Form.php CHANGED
@@ -54,7 +54,7 @@ class Mage_Adminhtml_Block_Review_Edit_Form extends Mage_Adminhtml_Block_Widget_
54
  ));
55
 
56
  if ($customer->getId()) {
57
- $customerText = Mage::helper('review')->__('<a href="%1$s" onclick="this.target=\'blank\'">%2$s %3$s</a> <a href="mailto:%4$s">(%4$s)</a>', $this->getUrl('*/customer/edit', array('id' => $customer->getId(), 'active_tab'=>'review')), $this->escapeHtml($customer->getFirstname()), $this->escapeHtml($customer->getLastname()), $this->escapeHtml($customer->getEmail()));
58
  } else {
59
  if (is_null($review->getCustomerId())) {
60
  $customerText = Mage::helper('review')->__('Guest');
54
  ));
55
 
56
  if ($customer->getId()) {
57
+ $customerText = Mage::helper('review')->__('<a href="%1$s" onclick="this.target=\'blank\'">%2$s</a> <a href="mailto:%3$s">(%3$s)</a>', $this->getUrl('*/customer/edit', array('id' => $customer->getId(), 'active_tab' => 'review')), $this->escapeHtml($customer->getName()), $this->escapeHtml($customer->getEmail()));
58
  } else {
59
  if (is_null($review->getCustomerId())) {
60
  $customerText = Mage::helper('review')->__('Guest');
app/code/core/Mage/Adminhtml/Block/Review/Main.php CHANGED
@@ -46,8 +46,7 @@ class Mage_Adminhtml_Block_Review_Main extends Mage_Adminhtml_Block_Widget_Grid_
46
  $customerName = '';
47
  if ($customerId) {
48
  $customer = Mage::getModel('customer/customer')->load($customerId);
49
- $customerName = $customer->getFirstname() . ' ' . $customer->getLastname();
50
- $customerName = $this->escapeHtml($customerName);
51
  }
52
  $productId = $this->getRequest()->getParam('productId', false);
53
  $productName = null;
46
  $customerName = '';
47
  if ($customerId) {
48
  $customer = Mage::getModel('customer/customer')->load($customerId);
49
+ $customerName = $this->escapeHtml($customer->getName());
 
50
  }
51
  $productId = $this->getRequest()->getParam('productId', false);
52
  $productName = null;
app/code/core/Mage/Adminhtml/Block/Review/Rating/Detailed.php CHANGED
@@ -71,7 +71,7 @@ class Mage_Adminhtml_Block_Review_Rating_Detailed extends Mage_Adminhtml_Block_T
71
  $ratingCollection = Mage::getModel('rating/rating')
72
  ->getResourceCollection()
73
  ->addEntityFilter('product')
74
- ->setStoreFilter(Mage::app()->getStore('default')->getId())
75
  ->setPositionOrder()
76
  ->load()
77
  ->addOptionToItems();
71
  $ratingCollection = Mage::getModel('rating/rating')
72
  ->getResourceCollection()
73
  ->addEntityFilter('product')
74
+ ->setStoreFilter(Mage::app()->getDefaultStoreView()->getId())
75
  ->setPositionOrder()
76
  ->load()
77
  ->addOptionToItems();
app/code/core/Mage/Adminhtml/Block/Sales/Order/Create/Sidebar/Cart.php CHANGED
@@ -104,7 +104,9 @@ class Mage_Adminhtml_Block_Sales_Order_Create_Sidebar_Cart
104
  */
105
  protected function _prepareLayout()
106
  {
107
- $deleteAllConfirmString = Mage::helper('sales')->__('Are you sure you want to delete all items from shopping cart?');
 
 
108
  $button = $this->getLayout()->createBlock('adminhtml/widget_button')->setData(array(
109
  'label' => Mage::helper('sales')->__('Clear Shopping Cart'),
110
  'onclick' => 'order.clearShoppingCart(\'' . $deleteAllConfirmString . '\')',
104
  */
105
  protected function _prepareLayout()
106
  {
107
+ $deleteAllConfirmString = Mage::helper('core')->jsQuoteEscape(
108
+ Mage::helper('sales')->__('Are you sure you want to delete all items from shopping cart?')
109
+ );
110
  $button = $this->getLayout()->createBlock('adminhtml/widget_button')->setData(array(
111
  'label' => Mage::helper('sales')->__('Clear Shopping Cart'),
112
  'onclick' => 'order.clearShoppingCart(\'' . $deleteAllConfirmString . '\')',
app/code/core/Mage/Adminhtml/Block/Sales/Order/Creditmemo/View.php CHANGED
@@ -60,11 +60,12 @@ class Mage_Adminhtml_Block_Sales_Order_Creditmemo_View extends Mage_Adminhtml_Bl
60
  }
61
 
62
  if ($this->_isAllowedAction('emails')) {
 
 
 
63
  $this->addButton('send_notification', array(
64
  'label' => Mage::helper('sales')->__('Send Email'),
65
- 'onclick' => 'confirmSetLocation(\''
66
- . Mage::helper('sales')->__('Are you sure you want to send Creditmemo email to customer?')
67
- . '\', \'' . $this->getEmailUrl() . '\')'
68
  ));
69
  }
70
 
60
  }
61
 
62
  if ($this->_isAllowedAction('emails')) {
63
+ $confirmationMessage = Mage::helper('core')->jsQuoteEscape(
64
+ Mage::helper('sales')->__('Are you sure you want to send Creditmemo email to customer?')
65
+ );
66
  $this->addButton('send_notification', array(
67
  'label' => Mage::helper('sales')->__('Send Email'),
68
+ 'onclick' => 'confirmSetLocation(\'' . $confirmationMessage . '\', \'' . $this->getEmailUrl() . '\')'
 
 
69
  ));
70
  }
71
 
app/code/core/Mage/Adminhtml/Block/Sales/Order/Invoice/View.php CHANGED
@@ -63,11 +63,12 @@ class Mage_Adminhtml_Block_Sales_Order_Invoice_View extends Mage_Adminhtml_Block
63
  }
64
 
65
  if ($this->_isAllowedAction('emails')) {
 
 
 
66
  $this->addButton('send_notification', array(
67
  'label' => Mage::helper('sales')->__('Send Email'),
68
- 'onclick' => 'confirmSetLocation(\''
69
- . Mage::helper('sales')->__('Are you sure you want to send Invoice email to customer?')
70
- . '\', \'' . $this->getEmailUrl() . '\')'
71
  ));
72
  }
73
 
@@ -188,7 +189,8 @@ class Mage_Adminhtml_Block_Sales_Order_Invoice_View extends Mage_Adminhtml_Block
188
  {
189
  if ($flag) {
190
  if ($this->getInvoice()->getBackUrl()) {
191
- return $this->_updateButton('back', 'onclick', 'setLocation(\'' . $this->getInvoice()->getBackUrl() . '\')');
 
192
  }
193
  return $this->_updateButton('back', 'onclick', 'setLocation(\'' . $this->getUrl('*/sales_invoice/') . '\')');
194
  }
63
  }
64
 
65
  if ($this->_isAllowedAction('emails')) {
66
+ $confirmationMessage = Mage::helper('core')->jsQuoteEscape(
67
+ Mage::helper('sales')->__('Are you sure you want to send Invoice email to customer?')
68
+ );
69
  $this->addButton('send_notification', array(
70
  'label' => Mage::helper('sales')->__('Send Email'),
71
+ 'onclick' => 'confirmSetLocation(\'' . $confirmationMessage . '\', \'' . $this->getEmailUrl() . '\')'
 
 
72
  ));
73
  }
74
 
189
  {
190
  if ($flag) {
191
  if ($this->getInvoice()->getBackUrl()) {
192
+ return $this->_updateButton('back', 'onclick', 'setLocation(\'' . $this->getInvoice()->getBackUrl()
193
+ . '\')');
194
  }
195
  return $this->_updateButton('back', 'onclick', 'setLocation(\'' . $this->getUrl('*/sales_invoice/') . '\')');
196
  }
app/code/core/Mage/Adminhtml/Block/Sales/Order/Shipment/View.php CHANGED
@@ -46,10 +46,11 @@ class Mage_Adminhtml_Block_Sales_Order_Shipment_View extends Mage_Adminhtml_Bloc
46
  $this->_removeButton('delete');
47
  if (Mage::getSingleton('admin/session')->isAllowed('sales/order/actions/emails')) {
48
  $this->_updateButton('save', 'label', Mage::helper('sales')->__('Send Tracking Information'));
 
 
 
49
  $this->_updateButton('save',
50
- 'onclick', "deleteConfirm('"
51
- . Mage::helper('sales')->__('Are you sure you want to send Shipment email to customer?')
52
- . "', '" . $this->getEmailUrl() . "')"
53
  );
54
  }
55
 
@@ -110,7 +111,8 @@ class Mage_Adminhtml_Block_Sales_Order_Shipment_View extends Mage_Adminhtml_Bloc
110
  {
111
  if ($flag) {
112
  if ($this->getShipment()->getBackUrl()) {
113
- return $this->_updateButton('back', 'onclick', 'setLocation(\'' . $this->getShipment()->getBackUrl() . '\')');
 
114
  }
115
  return $this->_updateButton('back', 'onclick', 'setLocation(\'' . $this->getUrl('*/sales_shipment/') . '\')');
116
  }
46
  $this->_removeButton('delete');
47
  if (Mage::getSingleton('admin/session')->isAllowed('sales/order/actions/emails')) {
48
  $this->_updateButton('save', 'label', Mage::helper('sales')->__('Send Tracking Information'));
49
+ $confirmationMessage = Mage::helper('core')->jsQuoteEscape(
50
+ Mage::helper('sales')->__('Are you sure you want to send Shipment email to customer?')
51
+ );
52
  $this->_updateButton('save',
53
+ 'onclick', "deleteConfirm('" . $confirmationMessage . "', '" . $this->getEmailUrl() . "')"
 
 
54
  );
55
  }
56
 
111
  {
112
  if ($flag) {
113
  if ($this->getShipment()->getBackUrl()) {
114
+ return $this->_updateButton('back', 'onclick', 'setLocation(\'' . $this->getShipment()->getBackUrl()
115
+ . '\')');
116
  }
117
  return $this->_updateButton('back', 'onclick', 'setLocation(\'' . $this->getUrl('*/sales_shipment/') . '\')');
118
  }
app/code/core/Mage/Adminhtml/Block/Sales/Order/View.php CHANGED
@@ -47,11 +47,13 @@ class Mage_Adminhtml_Block_Sales_Order_View extends Mage_Adminhtml_Block_Widget_
47
  $this->_removeButton('save');
48
  $this->setId('sales_order_view');
49
  $order = $this->getOrder();
 
50
 
51
  if ($this->_isAllowedAction('edit') && $order->canEdit()) {
52
- $onclickJs = 'deleteConfirm(\''
53
- . Mage::helper('sales')->__('Are you sure? This order will be canceled and a new one will be created instead')
54
- . '\', \'' . $this->getEditUrl() . '\');';
 
55
  $this->_addButton('order_edit', array(
56
  'label' => Mage::helper('sales')->__('Edit'),
57
  'onclick' => $onclickJs,
@@ -66,34 +68,44 @@ class Mage_Adminhtml_Block_Sales_Order_View extends Mage_Adminhtml_Block_Widget_
66
  false
67
  ));
68
  if ($nonEditableTypes) {
 
 
 
 
 
69
  $this->_updateButton('order_edit', 'onclick',
70
- 'if (!confirm(\'' .
71
- Mage::helper('sales')->__('This order contains (%s) items and therefore cannot be edited through the admin interface at this time, if you wish to continue editing the (%s) items will be removed, the order will be canceled and a new order will be placed.', implode(', ', $nonEditableTypes), implode(', ', $nonEditableTypes)) . '\')) return false;' . $onclickJs
72
  );
73
  }
74
  }
75
 
76
  if ($this->_isAllowedAction('cancel') && $order->canCancel()) {
77
- $message = Mage::helper('sales')->__('Are you sure you want to cancel this order?');
 
 
78
  $this->_addButton('order_cancel', array(
79
  'label' => Mage::helper('sales')->__('Cancel'),
80
- 'onclick' => 'deleteConfirm(\''.$message.'\', \'' . $this->getCancelUrl() . '\')',
81
  ));
82
  }
83
 
84
  if ($this->_isAllowedAction('emails') && !$order->isCanceled()) {
85
- $message = Mage::helper('sales')->__('Are you sure you want to send order email to customer?');
 
 
86
  $this->addButton('send_notification', array(
87
  'label' => Mage::helper('sales')->__('Send Email'),
88
- 'onclick' => "confirmSetLocation('{$message}', '{$this->getEmailUrl()}')",
89
  ));
90
  }
91
 
92
  if ($this->_isAllowedAction('creditmemo') && $order->canCreditmemo()) {
93
- $message = Mage::helper('sales')->__('This will create an offline refund. To create an online refund, open an invoice and create credit memo for it. Do you wish to proceed?');
 
 
94
  $onClick = "setLocation('{$this->getCreditmemoUrl()}')";
95
  if ($order->getPayment()->getMethodInstance()->isGateway()) {
96
- $onClick = "confirmSetLocation('{$message}', '{$this->getCreditmemoUrl()}')";
97
  }
98
  $this->_addButton('order_creditmemo', array(
99
  'label' => Mage::helper('sales')->__('Credit Memo'),
@@ -104,10 +116,12 @@ class Mage_Adminhtml_Block_Sales_Order_View extends Mage_Adminhtml_Block_Widget_
104
 
105
  // invoice action intentionally
106
  if ($this->_isAllowedAction('invoice') && $order->canVoidPayment()) {
107
- $message = Mage::helper('sales')->__('Are you sure you want to void the payment?');
 
 
108
  $this->addButton('void_payment', array(
109
  'label' => Mage::helper('sales')->__('Void'),
110
- 'onclick' => "confirmSetLocation('{$message}', '{$this->getVoidPaymentUrl()}')",
111
  ));
112
  }
113
 
@@ -127,15 +141,21 @@ class Mage_Adminhtml_Block_Sales_Order_View extends Mage_Adminhtml_Block_Widget_
127
 
128
  if ($this->_isAllowedAction('review_payment')) {
129
  if ($order->canReviewPayment()) {
130
- $message = Mage::helper('sales')->__('Are you sure you want to accept this payment?');
 
 
 
131
  $this->_addButton('accept_payment', array(
132
  'label' => Mage::helper('sales')->__('Accept Payment'),
133
- 'onclick' => "confirmSetLocation('{$message}', '{$this->getReviewPaymentUrl('accept')}')",
134
  ));
135
- $message = Mage::helper('sales')->__('Are you sure you want to deny this payment?');
 
 
 
136
  $this->_addButton('deny_payment', array(
137
  'label' => Mage::helper('sales')->__('Deny Payment'),
138
- 'onclick' => "confirmSetLocation('{$message}', '{$this->getReviewPaymentUrl('deny')}')",
139
  ));
140
  }
141
  if ($order->canFetchPaymentReviewUpdate()) {
47
  $this->_removeButton('save');
48
  $this->setId('sales_order_view');
49
  $order = $this->getOrder();
50
+ $coreHelper = Mage::helper('core');
51
 
52
  if ($this->_isAllowedAction('edit') && $order->canEdit()) {
53
+ $confirmationMessage = $coreHelper->jsQuoteEscape(
54
+ Mage::helper('sales')->__('Are you sure? This order will be canceled and a new one will be created instead')
55
+ );
56
+ $onclickJs = 'deleteConfirm(\'' . $confirmationMessage . '\', \'' . $this->getEditUrl() . '\');';
57
  $this->_addButton('order_edit', array(
58
  'label' => Mage::helper('sales')->__('Edit'),
59
  'onclick' => $onclickJs,
68
  false
69
  ));
70
  if ($nonEditableTypes) {
71
+ $confirmationMessage = $coreHelper->jsQuoteEscape(
72
+ Mage::helper('sales')
73
+ ->__('This order contains (%s) items and therefore cannot be edited through the admin interface at this time, if you wish to continue editing the (%s) items will be removed, the order will be canceled and a new order will be placed.',
74
+ implode(', ', $nonEditableTypes), implode(', ', $nonEditableTypes))
75
+ );
76
  $this->_updateButton('order_edit', 'onclick',
77
+ 'if (!confirm(\'' . $confirmationMessage . '\')) return false;' . $onclickJs
 
78
  );
79
  }
80
  }
81
 
82
  if ($this->_isAllowedAction('cancel') && $order->canCancel()) {
83
+ $confirmationMessage = $coreHelper->jsQuoteEscape(
84
+ Mage::helper('sales')->__('Are you sure you want to cancel this order?')
85
+ );
86
  $this->_addButton('order_cancel', array(
87
  'label' => Mage::helper('sales')->__('Cancel'),
88
+ 'onclick' => 'deleteConfirm(\'' . $confirmationMessage . '\', \'' . $this->getCancelUrl() . '\')',
89
  ));
90
  }
91
 
92
  if ($this->_isAllowedAction('emails') && !$order->isCanceled()) {
93
+ $confirmationMessage = $coreHelper->jsQuoteEscape(
94
+ Mage::helper('sales')->__('Are you sure you want to send order email to customer?')
95
+ );
96
  $this->addButton('send_notification', array(
97
  'label' => Mage::helper('sales')->__('Send Email'),
98
+ 'onclick' => "confirmSetLocation('{$confirmationMessage}', '{$this->getEmailUrl()}')",
99
  ));
100
  }
101
 
102
  if ($this->_isAllowedAction('creditmemo') && $order->canCreditmemo()) {
103
+ $confirmationMessage = $coreHelper->jsQuoteEscape(
104
+ Mage::helper('sales')->__('This will create an offline refund. To create an online refund, open an invoice and create credit memo for it. Do you wish to proceed?')
105
+ );
106
  $onClick = "setLocation('{$this->getCreditmemoUrl()}')";
107
  if ($order->getPayment()->getMethodInstance()->isGateway()) {
108
+ $onClick = "confirmSetLocation('{$confirmationMessage}', '{$this->getCreditmemoUrl()}')";
109
  }
110
  $this->_addButton('order_creditmemo', array(
111
  'label' => Mage::helper('sales')->__('Credit Memo'),
116
 
117
  // invoice action intentionally
118
  if ($this->_isAllowedAction('invoice') && $order->canVoidPayment()) {
119
+ $confirmationMessage = $coreHelper->jsQuoteEscape(
120
+ Mage::helper('sales')->__('Are you sure you want to void the payment?')
121
+ );
122
  $this->addButton('void_payment', array(
123
  'label' => Mage::helper('sales')->__('Void'),
124
+ 'onclick' => "confirmSetLocation('{$confirmationMessage}', '{$this->getVoidPaymentUrl()}')",
125
  ));
126
  }
127
 
141
 
142
  if ($this->_isAllowedAction('review_payment')) {
143
  if ($order->canReviewPayment()) {
144
+ $confirmationMessage = $coreHelper->jsQuoteEscape(
145
+ Mage::helper('sales')->__('Are you sure you want to accept this payment?')
146
+ );
147
+ $onClick = "confirmSetLocation('{$confirmationMessage}', '{$this->getReviewPaymentUrl('accept')}')";
148
  $this->_addButton('accept_payment', array(
149
  'label' => Mage::helper('sales')->__('Accept Payment'),
150
+ 'onclick' => $onClick,
151
  ));
152
+ $confirmationMessage = $coreHelper->jsQuoteEscape(
153
+ Mage::helper('sales')->__('Are you sure you want to deny this payment?')
154
+ );
155
+ $onClick = "confirmSetLocation('{$confirmationMessage}', '{$this->getReviewPaymentUrl('deny')}')";
156
  $this->_addButton('deny_payment', array(
157
  'label' => Mage::helper('sales')->__('Deny Payment'),
158
+ 'onclick' => $onClick,
159
  ));
160
  }
161
  if ($order->canFetchPaymentReviewUpdate()) {
app/code/core/Mage/Adminhtml/Block/Store/Switcher.php CHANGED
@@ -250,7 +250,7 @@ class Mage_Adminhtml_Block_Store_Switcher extends Mage_Adminhtml_Block_Template
250
  $html = '<a'
251
  . ' href="'. $this->escapeUrl($url) . '"'
252
  . ' onclick="this.target=\'_blank\'"'
253
- . ' title="' . $this->__('What is this?') . '"'
254
  . ' class="link-store-scope">'
255
  . $this->__('What is this?')
256
  . '</a>';
250
  $html = '<a'
251
  . ' href="'. $this->escapeUrl($url) . '"'
252
  . ' onclick="this.target=\'_blank\'"'
253
+ . ' title="' . Mage::helper('core')->quoteEscape($this->__('What is this?')) . '"'
254
  . ' class="link-store-scope">'
255
  . $this->__('What is this?')
256
  . '</a>';
app/code/core/Mage/Adminhtml/Block/System/Design/Edit.php CHANGED
@@ -53,11 +53,15 @@ class Mage_Adminhtml_Block_System_Design_Edit extends Mage_Adminhtml_Block_Widge
53
  ))
54
  );
55
 
 
 
 
56
  $this->setChild('delete_button',
57
  $this->getLayout()->createBlock('adminhtml/widget_button')
58
  ->setData(array(
59
  'label' => Mage::helper('core')->__('Delete'),
60
- 'onclick' => 'confirmSetLocation(\''.Mage::helper('core')->__('Are you sure?').'\', \''.$this->getDeleteUrl().'\')',
 
61
  'class' => 'delete'
62
  ))
63
  );
53
  ))
54
  );
55
 
56
+ $confirmationMessage = Mage::helper('core')->jsQuoteEscape(
57
+ Mage::helper('core')->__('Are you sure?')
58
+ );
59
  $this->setChild('delete_button',
60
  $this->getLayout()->createBlock('adminhtml/widget_button')
61
  ->setData(array(
62
  'label' => Mage::helper('core')->__('Delete'),
63
+ 'onclick' => 'confirmSetLocation(\'' . $confirmationMessage . '\', \'' . $this->getDeleteUrl()
64
+ . '\')',
65
  'class' => 'delete'
66
  ))
67
  );
app/code/core/Mage/Adminhtml/Block/Tag/Customer/Grid.php CHANGED
@@ -87,6 +87,11 @@ class Mage_Adminhtml_Block_Tag_Customer_Grid extends Mage_Adminhtml_Block_Widget
87
  'index' => 'firstname',
88
  ));
89
 
 
 
 
 
 
90
  $this->addColumn('lastname', array(
91
  'header' => Mage::helper('tag')->__('Last Name'),
92
  'index' => 'lastname',
87
  'index' => 'firstname',
88
  ));
89
 
90
+ $this->addColumn('middlename', array(
91
+ 'header' => Mage::helper('tag')->__('Middle Name'),
92
+ 'index' => 'middlename',
93
+ ));
94
+
95
  $this->addColumn('lastname', array(
96
  'header' => Mage::helper('tag')->__('Last Name'),
97
  'index' => 'lastname',
app/code/core/Mage/Adminhtml/Block/Tag/Grid/Customers.php CHANGED
@@ -38,6 +38,7 @@ class Mage_Adminhtml_Block_Tag_Grid_Customers extends Mage_Adminhtml_Block_Widge
38
  //TODO: add full name logic
39
  $collection = Mage::getResourceModel('tag_customer/collection')
40
  ->addAttributeToSelect('firstname')
 
41
  ->addAttributeToSelect('lastname')
42
  // ->addAttributeToSelect('email')
43
  // ->addAttributeToSelect('created_at')
@@ -45,7 +46,8 @@ class Mage_Adminhtml_Block_Tag_Grid_Customers extends Mage_Adminhtml_Block_Widge
45
  // ->joinAttribute('billing_city', 'customer_address/city', 'default_billing')
46
  // ->joinAttribute('billing_telephone', 'customer_address/telephone', 'default_billing')
47
  // ->joinAttribute('billing_country_id', 'customer_address/country_id', 'default_billing')
48
- // ->joinField('billing_country_name', 'directory/country_name', 'name', 'country_id=billing_country_id', array('language_code'=>'en'))
 
49
  ;
50
 
51
  if ($productId = $this->getRequest()->getParam('product_id')) {
@@ -63,19 +65,23 @@ class Mage_Adminhtml_Block_Tag_Grid_Customers extends Mage_Adminhtml_Block_Widge
63
  protected function _prepareColumns()
64
  {
65
  $this->addColumn('entity_id', array(
66
- 'header' =>Mage::helper('tag')->__('ID'),
67
- 'width' => '40px',
68
- 'align' =>'center',
69
- 'sortable' =>true,
70
- 'index' =>'entity_id'
71
  ));
72
  $this->addColumn('firstname', array(
73
- 'header' =>Mage::helper('tag')->__('First Name'),
74
- 'index' =>'firstname'
 
 
 
 
75
  ));
76
  $this->addColumn('lastname', array(
77
- 'header' =>Mage::helper('tag')->__('Last Name'),
78
- 'index' =>'lastname'
79
  ));
80
  // $this->addColumn('email', array(
81
  // 'header' =>Mage::helper('tag')->__('Email'),
@@ -104,25 +110,26 @@ class Mage_Adminhtml_Block_Tag_Grid_Customers extends Mage_Adminhtml_Block_Widge
104
  // 'index' =>'created_at',
105
  // ));
106
  $this->addColumn('tags', array(
107
- 'header' => Mage::helper('tag')->__('Tags'),
108
- 'index' => 'tags',
109
- 'sortable' => false,
110
- 'filter' => false,
111
- 'renderer' => 'adminhtml/tag_grid_column_renderer_tags'
112
  ));
113
  $this->addColumn('action', array(
114
- 'header' =>Mage::helper('tag')->__('Action'),
115
- 'align' =>'center',
116
  'width' => '120px',
117
- 'format' =>'<a href="'.$this->getUrl('*/*/products/customer_id/$entity_id').'">'.Mage::helper('tag')->__('View Products').'</a>',
118
- 'filter' =>false,
119
- 'sortable' =>false,
120
- 'is_system' =>true
121
  ));
122
 
123
  $this->setColumnFilter('entity_id')
124
  ->setColumnFilter('email')
125
  ->setColumnFilter('firstname')
 
126
  ->setColumnFilter('lastname');
127
 
128
  // $this->addExportType('*/*/exportCsv', Mage::helper('tag')->__('CSV'));
38
  //TODO: add full name logic
39
  $collection = Mage::getResourceModel('tag_customer/collection')
40
  ->addAttributeToSelect('firstname')
41
+ ->addAttributeToSelect('middlename')
42
  ->addAttributeToSelect('lastname')
43
  // ->addAttributeToSelect('email')
44
  // ->addAttributeToSelect('created_at')
46
  // ->joinAttribute('billing_city', 'customer_address/city', 'default_billing')
47
  // ->joinAttribute('billing_telephone', 'customer_address/telephone', 'default_billing')
48
  // ->joinAttribute('billing_country_id', 'customer_address/country_id', 'default_billing')
49
+ // ->joinField('billing_country_name', 'directory/country_name', 'name',
50
+ // 'country_id=billing_country_id', array('language_code'=>'en'))
51
  ;
52
 
53
  if ($productId = $this->getRequest()->getParam('product_id')) {
65
  protected function _prepareColumns()
66
  {
67
  $this->addColumn('entity_id', array(
68
+ 'header' => Mage::helper('tag')->__('ID'),
69
+ 'width' => '40px',
70
+ 'align' => 'center',
71
+ 'sortable' => true,
72
+ 'index' => 'entity_id',
73
  ));
74
  $this->addColumn('firstname', array(
75
+ 'header' => Mage::helper('tag')->__('First Name'),
76
+ 'index' => 'firstname',
77
+ ));
78
+ $this->addColumn('middlename', array(
79
+ 'header' => Mage::helper('tag')->__('Middle Name'),
80
+ 'index' => 'middlename',
81
  ));
82
  $this->addColumn('lastname', array(
83
+ 'header' => Mage::helper('tag')->__('Last Name'),
84
+ 'index' => 'lastname',
85
  ));
86
  // $this->addColumn('email', array(
87
  // 'header' =>Mage::helper('tag')->__('Email'),
110
  // 'index' =>'created_at',
111
  // ));
112
  $this->addColumn('tags', array(
113
+ 'header' => Mage::helper('tag')->__('Tags'),
114
+ 'index' => 'tags',
115
+ 'sortable' => false,
116
+ 'filter' => false,
117
+ 'renderer' => 'adminhtml/tag_grid_column_renderer_tags',
118
  ));
119
  $this->addColumn('action', array(
120
+ 'header' => Mage::helper('tag')->__('Action'),
121
+ 'align' => 'center',
122
  'width' => '120px',
123
+ 'format' => '<a href="' . $this->getUrl('*/*/products/customer_id/$entity_id') . '">' . Mage::helper('tag')->__('View Products') . '</a>',
124
+ 'filter' => false,
125
+ 'sortable' => false,
126
+ 'is_system' => true,
127
  ));
128
 
129
  $this->setColumnFilter('entity_id')
130
  ->setColumnFilter('email')
131
  ->setColumnFilter('firstname')
132
+ ->setColumnFilter('middlename')
133
  ->setColumnFilter('lastname');
134
 
135
  // $this->addExportType('*/*/exportCsv', Mage::helper('tag')->__('CSV'));
app/code/core/Mage/Adminhtml/Block/Tag/Tag/Edit.php CHANGED
@@ -53,10 +53,17 @@ class Mage_Adminhtml_Block_Tag_Tag_Edit extends Mage_Adminhtml_Block_Widget_Form
53
 
54
  if( $this->getRequest()->getParam('ret', false) == 'pending' ) {
55
  $this->_updateButton('back', 'onclick', 'setLocation(\'' . $this->getUrl('*/*/pending') .'\')' );
56
- $this->_updateButton('delete', 'onclick', 'deleteConfirm(\'' . Mage::helper('tag')->__('Are you sure you want to do this?') . '\', \'' . $this->getUrl('*/*/delete', array(
57
- $this->_objectId => $this->getRequest()->getParam($this->_objectId),
58
- 'ret' => 'pending',
59
- )) .'\')' );
 
 
 
 
 
 
 
60
  Mage::register('ret', 'pending');
61
  }
62
 
53
 
54
  if( $this->getRequest()->getParam('ret', false) == 'pending' ) {
55
  $this->_updateButton('back', 'onclick', 'setLocation(\'' . $this->getUrl('*/*/pending') .'\')' );
56
+ $this->_updateButton('delete', 'onclick', 'deleteConfirm(\''
57
+ . Mage::helper('core')->jsQuoteEscape(
58
+ Mage::helper('tag')->__('Are you sure you want to do this?')
59
+ )
60
+ . '\', \''
61
+ . $this->getUrl('*/*/delete',
62
+ array($this->_objectId => $this->getRequest()->getParam($this->_objectId), 'ret' => 'pending',
63
+ )
64
+ )
65
+ .'\')'
66
+ );
67
  Mage::register('ret', 'pending');
68
  }
69
 
app/code/core/Mage/Adminhtml/Block/Tax/Rate/Toolbar/Save.php CHANGED
@@ -73,7 +73,13 @@ class Mage_Adminhtml_Block_Tax_Rate_Toolbar_Save extends Mage_Adminhtml_Block_Te
73
  $this->getLayout()->createBlock('adminhtml/widget_button')
74
  ->setData(array(
75
  'label' => Mage::helper('tax')->__('Delete Rate'),
76
- 'onclick' => 'deleteConfirm(\'' . Mage::helper('tax')->__('Are you sure you want to do this?') . '\', \'' . $this->getUrl('*/*/delete', array('rate' => $this->getRequest()->getParam('rate'))) . '\')',
 
 
 
 
 
 
77
  'class' => 'delete'
78
  ))
79
  );
73
  $this->getLayout()->createBlock('adminhtml/widget_button')
74
  ->setData(array(
75
  'label' => Mage::helper('tax')->__('Delete Rate'),
76
+ 'onclick' => 'deleteConfirm(\''
77
+ . Mage::helper('core')->jsQuoteEscape(
78
+ Mage::helper('tax')->__('Are you sure you want to do this?')
79
+ )
80
+ . '\', \''
81
+ . $this->getUrl('*/*/delete', array('rate' => $this->getRequest()->getParam('rate')))
82
+ . '\')',
83
  'class' => 'delete'
84
  ))
85
  );
app/code/core/Mage/Adminhtml/Block/Urlrewrite/Edit.php CHANGED
@@ -103,7 +103,9 @@ class Mage_Adminhtml_Block_Urlrewrite_Edit extends Mage_Adminhtml_Block_Widget_C
103
  }
104
  // categories selector & skip categories button
105
  else {
106
- $this->setChild('categories_tree', $this->getLayout()->createBlock('adminhtml/urlrewrite_category_tree'));
 
 
107
  $this->setChild('skip_categories',
108
  $this->getLayout()->createBlock('adminhtml/widget_button')->setData(array(
109
  'label' => Mage::helper('adminhtml')->__('Skip Category Selection'),
@@ -160,8 +162,13 @@ class Mage_Adminhtml_Block_Urlrewrite_Edit extends Mage_Adminhtml_Block_Widget_C
160
  ));
161
  $this->_addButton('delete', array(
162
  'label' => Mage::helper('adminhtml')->__('Delete'),
163
- 'onclick' => 'deleteConfirm(\'' . Mage::helper('adminhtml')->__('Are you sure you want to do this?')
164
- . '\', \'' . Mage::helper('adminhtml')->getUrl('*/*/delete', array('id' => $this->getUrlrewriteId())) . '\')',
 
 
 
 
 
165
  'class' => 'scalable delete',
166
  'level' => -1
167
  ));
103
  }
104
  // categories selector & skip categories button
105
  else {
106
+ $this->setChild('categories_tree',
107
+ $this->getLayout()->createBlock('adminhtml/urlrewrite_category_tree')
108
+ );
109
  $this->setChild('skip_categories',
110
  $this->getLayout()->createBlock('adminhtml/widget_button')->setData(array(
111
  'label' => Mage::helper('adminhtml')->__('Skip Category Selection'),
162
  ));
163
  $this->_addButton('delete', array(
164
  'label' => Mage::helper('adminhtml')->__('Delete'),
165
+ 'onclick' => 'deleteConfirm(\''
166
+ . Mage::helper('core')->jsQuoteEscape(
167
+ Mage::helper('adminhtml')->__('Are you sure you want to do this?')
168
+ )
169
+ . '\', \''
170
+ . Mage::helper('adminhtml')->getUrl('*/*/delete', array('id' => $this->getUrlrewriteId()))
171
+ . '\')',
172
  'class' => 'scalable delete',
173
  'level' => -1
174
  ));
app/code/core/Mage/Adminhtml/Block/Widget/Form/Container.php CHANGED
@@ -64,8 +64,13 @@ class Mage_Adminhtml_Block_Widget_Form_Container extends Mage_Adminhtml_Block_Wi
64
  $this->_addButton('delete', array(
65
  'label' => Mage::helper('adminhtml')->__('Delete'),
66
  'class' => 'delete',
67
- 'onclick' => 'deleteConfirm(\''. Mage::helper('adminhtml')->__('Are you sure you want to do this?')
68
- .'\', \'' . $this->getDeleteUrl() . '\')',
 
 
 
 
 
69
  ));
70
  }
71
 
@@ -79,7 +84,14 @@ class Mage_Adminhtml_Block_Widget_Form_Container extends Mage_Adminhtml_Block_Wi
79
  protected function _prepareLayout()
80
  {
81
  if ($this->_blockGroup && $this->_controller && $this->_mode) {
82
- $this->setChild('form', $this->getLayout()->createBlock($this->_blockGroup . '/' . $this->_controller . '_' . $this->_mode . '_form'));
 
 
 
 
 
 
 
83
  }
84
  return parent::_prepareLayout();
85
  }
64
  $this->_addButton('delete', array(
65
  'label' => Mage::helper('adminhtml')->__('Delete'),
66
  'class' => 'delete',
67
+ 'onclick' => 'deleteConfirm(\''
68
+ . Mage::helper('core')->jsQuoteEscape(
69
+ Mage::helper('adminhtml')->__('Are you sure you want to do this?')
70
+ )
71
+ .'\', \''
72
+ . $this->getDeleteUrl()
73
+ . '\')',
74
  ));
75
  }
76
 
84
  protected function _prepareLayout()
85
  {
86
  if ($this->_blockGroup && $this->_controller && $this->_mode) {
87
+ $this->setChild('form', $this->getLayout()->createBlock($this->_blockGroup
88
+ . '/'
89
+ . $this->_controller
90
+ . '_'
91
+ . $this->_mode
92
+ . '_form'
93
+ )
94
+ );
95
  }
96
  return parent::_prepareLayout();
97
  }
app/code/core/Mage/Adminhtml/Block/Widget/Grid/Column/Filter/Price.php CHANGED
@@ -31,7 +31,8 @@
31
  * @package Mage_Adminhtml
32
  * @author Magento Core Team <core@magentocommerce.com>
33
  */
34
- class Mage_Adminhtml_Block_Widget_Grid_Column_Filter_Price extends Mage_Adminhtml_Block_Widget_Grid_Column_Filter_Abstract
 
35
  {
36
  protected $_currencyList = null;
37
  protected $_currencyModel = null;
@@ -84,7 +85,8 @@ class Mage_Adminhtml_Block_Widget_Grid_Column_Filter_Price extends Mage_Adminhtm
84
  $html = '';
85
  $html .= '<select name="'.$this->_getHtmlName().'[currency]" id="'.$this->_getHtmlId().'_currency">';
86
  foreach ($this->_getCurrencyList() as $currency) {
87
- $html .= '<option value="' . $currency . '" '.($currency == $value ? 'selected="selected"' : '').'>' . $currency . '</option>';
 
88
  }
89
  $html .= '</select>';
90
  return $html;
@@ -104,7 +106,9 @@ class Mage_Adminhtml_Block_Widget_Grid_Column_Filter_Price extends Mage_Adminhtm
104
  return $this->getData('value', $index);
105
  }
106
  $value = $this->getData('value');
107
- if ((isset($value['from']) && strlen($value['from']) > 0) || (isset($value['to']) && strlen($value['to']) > 0)) {
 
 
108
  return $value;
109
  }
110
  return null;
@@ -122,11 +126,15 @@ class Mage_Adminhtml_Block_Widget_Grid_Column_Filter_Price extends Mage_Adminhtm
122
  }
123
  $rate = $this->_getRate($displayCurrency, $this->getColumn()->getCurrencyCode());
124
 
125
- if (isset($value['from']))
126
- $value['from'] *= $rate;
 
 
127
 
128
- if (isset($value['to']))
129
- $value['to'] *= $rate;
 
 
130
 
131
  $this->prepareRates($displayCurrency);
132
  return $value;
31
  * @package Mage_Adminhtml
32
  * @author Magento Core Team <core@magentocommerce.com>
33
  */
34
+ class Mage_Adminhtml_Block_Widget_Grid_Column_Filter_Price
35
+ extends Mage_Adminhtml_Block_Widget_Grid_Column_Filter_Abstract
36
  {
37
  protected $_currencyList = null;
38
  protected $_currencyModel = null;
85
  $html = '';
86
  $html .= '<select name="'.$this->_getHtmlName().'[currency]" id="'.$this->_getHtmlId().'_currency">';
87
  foreach ($this->_getCurrencyList() as $currency) {
88
+ $html .= '<option value="' . $currency . '" '.($currency == $value ? 'selected="selected"' : '').'>'
89
+ . $currency . '</option>';
90
  }
91
  $html .= '</select>';
92
  return $html;
106
  return $this->getData('value', $index);
107
  }
108
  $value = $this->getData('value');
109
+ if ((isset($value['from']) && strlen($value['from']) > 0)
110
+ || (isset($value['to']) && strlen($value['to']) > 0)
111
+ ) {
112
  return $value;
113
  }
114
  return null;
126
  }
127
  $rate = $this->_getRate($displayCurrency, $this->getColumn()->getCurrencyCode());
128
 
129
+ if (isset($value['from'])) {
130
+ $from = $value['from'] * $rate;
131
+ $value['from'] = sprintf('%F', $from);
132
+ }
133
 
134
+ if (isset($value['to'])) {
135
+ $to = $value['to'] * $rate;
136
+ $value['to'] = sprintf('%F', $to);
137
+ }
138
 
139
  $this->prepareRates($displayCurrency);
140
  return $value;
app/code/core/Mage/Adminhtml/Block/Widget/Grid/Column/Renderer/Currency.php CHANGED
@@ -59,7 +59,7 @@ class Mage_Adminhtml_Block_Widget_Grid_Column_Renderer_Currency
59
 
60
  $data = floatval($data) * $this->_getRate($row);
61
  $sign = (bool)(int)$this->getColumn()->getShowNumberSign() && ($data > 0) ? '+' : '';
62
- $data = sprintf("%f", $data);
63
  $data = Mage::app()->getLocale()->currency($currency_code)->toCurrency($data);
64
  return $sign . $data;
65
  }
59
 
60
  $data = floatval($data) * $this->_getRate($row);
61
  $sign = (bool)(int)$this->getColumn()->getShowNumberSign() && ($data > 0) ? '+' : '';
62
+ $data = sprintf("%F", $data);
63
  $data = Mage::app()->getLocale()->currency($currency_code)->toCurrency($data);
64
  return $sign . $data;
65
  }
app/code/core/Mage/Adminhtml/Block/Widget/Grid/Column/Renderer/Ip.php CHANGED
@@ -42,6 +42,10 @@ class Mage_Adminhtml_Block_Widget_Grid_Column_Renderer_Ip
42
  */
43
  public function render(Varien_Object $row)
44
  {
45
- return long2ip($row->getData($this->getColumn()->getIndex()));
 
 
 
 
46
  }
47
  }
42
  */
43
  public function render(Varien_Object $row)
44
  {
45
+ /**
46
+ * The output of the "inet_ntop" function was disabled to prevent an error throwing
47
+ * in case when the database value is not an ipv6 or an ipv4 binary representation (ex. NULL).
48
+ */
49
+ return @inet_ntop($row->getData($this->getColumn()->getIndex()));
50
  }
51
  }
app/code/core/Mage/Adminhtml/Block/Widget/Grid/Column/Renderer/Price.php CHANGED
@@ -56,7 +56,7 @@ class Mage_Adminhtml_Block_Widget_Grid_Column_Renderer_Price
56
  }
57
 
58
  $data = floatval($data) * $this->_getRate($row);
59
- $data = sprintf("%f", $data);
60
  $data = Mage::app()->getLocale()->currency($currency_code)->toCurrency($data);
61
  return $data;
62
  }
56
  }
57
 
58
  $data = floatval($data) * $this->_getRate($row);
59
+ $data = sprintf("%F", $data);
60
  $data = Mage::app()->getLocale()->currency($currency_code)->toCurrency($data);
61
  return $data;
62
  }
app/code/core/Mage/Adminhtml/Controller/Action.php CHANGED
@@ -71,7 +71,7 @@ class Mage_Adminhtml_Controller_Action extends Mage_Core_Controller_Varien_Actio
71
 
72
  protected function _isAllowed()
73
  {
74
- return true;
75
  }
76
 
77
  /**
71
 
72
  protected function _isAllowed()
73
  {
74
+ return Mage::getSingleton('admin/session')->isAllowed('admin');
75
  }
76
 
77
  /**
app/code/core/Mage/Adminhtml/Helper/Sales.php CHANGED
@@ -123,6 +123,7 @@ class Mage_Adminhtml_Helper_Sales extends Mage_Core_Helper_Abstract
123
  if (is_string($data) && is_array($allowedTags) && in_array('a', $allowedTags)) {
124
  $links = array();
125
  $i = 1;
 
126
  $regexp = '@(<a[^>]*>(?:[^<]|<[^/]|</[^a]|</a[^>])*</a>)@';
127
  while (preg_match($regexp, $data, $matches)) {
128
  $links[] = $matches[1];
123
  if (is_string($data) && is_array($allowedTags) && in_array('a', $allowedTags)) {
124
  $links = array();
125
  $i = 1;
126
+ $data = str_replace('%', '%%', $data);
127
  $regexp = '@(<a[^>]*>(?:[^<]|<[^/]|</[^a]|</a[^>])*</a>)@';
128
  while (preg_match($regexp, $data, $matches)) {
129
  $links[] = $matches[1];
app/code/core/Mage/Adminhtml/Model/Sales/Order/Create.php CHANGED
@@ -266,27 +266,28 @@ class Mage_Adminhtml_Model_Sales_Order_Create extends Varien_Object implements M
266
  */
267
  public function initFromOrder(Mage_Sales_Model_Order $order)
268
  {
 
269
  if (!$order->getReordered()) {
270
- $this->getSession()->setOrderId($order->getId());
271
  } else {
272
- $this->getSession()->setReordered($order->getId());
273
  }
274
 
275
  /**
276
  * Check if we edit quest order
277
  */
278
- $this->getSession()->setCurrencyId($order->getOrderCurrencyCode());
279
  if ($order->getCustomerId()) {
280
- $this->getSession()->setCustomerId($order->getCustomerId());
281
  } else {
282
- $this->getSession()->setCustomerId(false);
283
  }
284
 
285
- $this->getSession()->setStoreId($order->getStoreId());
286
 
287
  //Notify other modules about the session quote
288
  Mage::dispatchEvent('init_from_order_session_quote_initialized',
289
- array('session_quote' => $this->getSession()));
290
 
291
  /**
292
  * Initialize catalog rule data with new session values
@@ -313,52 +314,53 @@ class Mage_Adminhtml_Model_Sales_Order_Create extends Varien_Object implements M
313
  }
314
  }
315
 
316
- $shippingAddress = $order->getShippingAddress();
317
- if ($shippingAddress) {
318
- $addressDiff = array_diff_assoc($shippingAddress->getData(), $order->getBillingAddress()->getData());
319
  unset($addressDiff['address_type'], $addressDiff['entity_id']);
320
- $shippingAddress->setSameAsBilling(empty($addressDiff));
321
  }
322
 
323
  $this->_initBillingAddressFromOrder($order);
324
  $this->_initShippingAddressFromOrder($order);
325
 
326
- if (!$this->getQuote()->isVirtual() && $this->getShippingAddress()->getSameAsBilling()) {
 
327
  $this->setShippingAsBilling(1);
328
  }
329
 
330
  $this->setShippingMethod($order->getShippingMethod());
331
- $this->getQuote()->getShippingAddress()->setShippingDescription($order->getShippingDescription());
332
 
333
- $this->getQuote()->getPayment()->addData($order->getPayment()->getData());
334
 
335
 
336
  $orderCouponCode = $order->getCouponCode();
337
  if ($orderCouponCode) {
338
- $this->getQuote()->setCouponCode($orderCouponCode);
339
  }
340
 
341
- if ($this->getQuote()->getCouponCode()) {
342
- $this->getQuote()->collectTotals();
343
  }
344
 
345
  Mage::helper('core')->copyFieldset(
346
  'sales_copy_order',
347
  'to_edit',
348
  $order,
349
- $this->getQuote()
350
  );
351
 
352
  Mage::dispatchEvent('sales_convert_order_to_quote', array(
353
  'order' => $order,
354
- 'quote' => $this->getQuote()
355
  ));
356
 
357
  if (!$order->getCustomerId()) {
358
- $this->getQuote()->setCustomerIsGuest(true);
359
  }
360
 
361
- if ($this->getSession()->getUseOldShippingMethod(true)) {
362
  /*
363
  * if we are making reorder or editing old order
364
  * we need to show old shipping as preselected
@@ -377,7 +379,7 @@ class Mage_Adminhtml_Model_Sales_Order_Create extends Varien_Object implements M
377
  // $this->getQuote()->getShippingAddress()->setCollectShippingRates(true);
378
  // $this->getQuote()->getShippingAddress()->collectShippingRates();
379
 
380
- $this->getQuote()->save();
381
 
382
  return $this;
383
  }
@@ -1151,6 +1153,7 @@ class Mage_Adminhtml_Model_Sales_Order_Create extends Varien_Object implements M
1151
  ->unsAddressType();
1152
  $data = $tmpAddress->getData();
1153
  $data['save_in_address_book'] = 0; // Do not duplicate address (billing address will do saving too)
 
1154
  $this->getShippingAddress()->addData($data);
1155
  }
1156
  $this->getShippingAddress()->setSameAsBilling($flag);
@@ -1492,7 +1495,7 @@ class Mage_Adminhtml_Model_Sales_Order_Create extends Varien_Object implements M
1492
  }
1493
 
1494
  /**
1495
- * Prepare item otions
1496
  */
1497
  protected function _prepareQuoteItems()
1498
  {
@@ -1525,8 +1528,9 @@ class Mage_Adminhtml_Model_Sales_Order_Create extends Varien_Object implements M
1525
  $this->_prepareQuoteItems();
1526
 
1527
  $service = Mage::getModel('sales/service_quote', $quote);
1528
- if ($this->getSession()->getOrder()->getId()) {
1529
- $oldOrder = $this->getSession()->getOrder();
 
1530
  $originalId = $oldOrder->getOriginalIncrementId();
1531
  if (!$originalId) {
1532
  $originalId = $oldOrder->getIncrementId();
@@ -1540,24 +1544,25 @@ class Mage_Adminhtml_Model_Sales_Order_Create extends Varien_Object implements M
1540
  );
1541
  $quote->setReservedOrderId($orderData['increment_id']);
1542
  $service->setOrderData($orderData);
 
 
1543
  }
1544
 
 
1545
  $order = $service->submit();
1546
- if ((!$quote->getCustomer()->getId() || !$quote->getCustomer()->isInStore($this->getSession()->getStore()))
 
1547
  && !$quote->getCustomerIsGuest()
1548
  ) {
1549
- $quote->getCustomer()->setCreatedAt($order->getCreatedAt());
1550
- $quote->getCustomer()
1551
  ->save()
1552
  ->sendNewAccountEmail('registered', '', $quote->getStoreId());;
1553
  }
1554
- if ($this->getSession()->getOrder()->getId()) {
1555
- $oldOrder = $this->getSession()->getOrder();
1556
-
1557
- $oldOrder->setRelationChildId($order->getId())
1558
- ->setRelationChildRealId($order->getIncrementId())
1559
- ->cancel()
1560
- ->save();
1561
  $order->save();
1562
  }
1563
  if ($this->getSendConfirmation()) {
266
  */
267
  public function initFromOrder(Mage_Sales_Model_Order $order)
268
  {
269
+ $session = $this->getSession();
270
  if (!$order->getReordered()) {
271
+ $session->setOrderId($order->getId());
272
  } else {
273
+ $session->setReordered($order->getId());
274
  }
275
 
276
  /**
277
  * Check if we edit quest order
278
  */
279
+ $session->setCurrencyId($order->getOrderCurrencyCode());
280
  if ($order->getCustomerId()) {
281
+ $session->setCustomerId($order->getCustomerId());
282
  } else {
283
+ $session->setCustomerId(false);
284
  }
285
 
286
+ $session->setStoreId($order->getStoreId());
287
 
288
  //Notify other modules about the session quote
289
  Mage::dispatchEvent('init_from_order_session_quote_initialized',
290
+ array('session_quote' => $session));
291
 
292
  /**
293
  * Initialize catalog rule data with new session values
314
  }
315
  }
316
 
317
+ $orderShippingAddress = $order->getShippingAddress();
318
+ if ($orderShippingAddress) {
319
+ $addressDiff = array_diff_assoc($orderShippingAddress->getData(), $order->getBillingAddress()->getData());
320
  unset($addressDiff['address_type'], $addressDiff['entity_id']);
321
+ $orderShippingAddress->setSameAsBilling(empty($addressDiff));
322
  }
323
 
324
  $this->_initBillingAddressFromOrder($order);
325
  $this->_initShippingAddressFromOrder($order);
326
 
327
+ $quote = $this->getQuote();
328
+ if (!$quote->isVirtual() && $this->getShippingAddress()->getSameAsBilling()) {
329
  $this->setShippingAsBilling(1);
330
  }
331
 
332
  $this->setShippingMethod($order->getShippingMethod());
333
+ $quote->getShippingAddress()->setShippingDescription($order->getShippingDescription());
334
 
335
+ $quote->getPayment()->addData($order->getPayment()->getData());
336
 
337
 
338
  $orderCouponCode = $order->getCouponCode();
339
  if ($orderCouponCode) {
340
+ $quote->setCouponCode($orderCouponCode);
341
  }
342
 
343
+ if ($quote->getCouponCode()) {
344
+ $quote->collectTotals();
345
  }
346
 
347
  Mage::helper('core')->copyFieldset(
348
  'sales_copy_order',
349
  'to_edit',
350
  $order,
351
+ $quote
352
  );
353
 
354
  Mage::dispatchEvent('sales_convert_order_to_quote', array(
355
  'order' => $order,
356
+ 'quote' => $quote
357
  ));
358
 
359
  if (!$order->getCustomerId()) {
360
+ $quote->setCustomerIsGuest(true);
361
  }
362
 
363
+ if ($session->getUseOldShippingMethod(true)) {
364
  /*
365
  * if we are making reorder or editing old order
366
  * we need to show old shipping as preselected
379
  // $this->getQuote()->getShippingAddress()->setCollectShippingRates(true);
380
  // $this->getQuote()->getShippingAddress()->collectShippingRates();
381
 
382
+ $quote->save();
383
 
384
  return $this;
385
  }
1153
  ->unsAddressType();
1154
  $data = $tmpAddress->getData();
1155
  $data['save_in_address_book'] = 0; // Do not duplicate address (billing address will do saving too)
1156
+ unset($data['shipping_method']); // Do not reset shipping method to be able to recollect totals
1157
  $this->getShippingAddress()->addData($data);
1158
  }
1159
  $this->getShippingAddress()->setSameAsBilling($flag);
1495
  }
1496
 
1497
  /**
1498
+ * Prepare item options
1499
  */
1500
  protected function _prepareQuoteItems()
1501
  {
1528
  $this->_prepareQuoteItems();
1529
 
1530
  $service = Mage::getModel('sales/service_quote', $quote);
1531
+ /** @var Mage_Sales_Model_Order $oldOrder */
1532
+ $oldOrder = $this->getSession()->getOrder();
1533
+ if ($oldOrder->getId()) {
1534
  $originalId = $oldOrder->getOriginalIncrementId();
1535
  if (!$originalId) {
1536
  $originalId = $oldOrder->getIncrementId();
1544
  );
1545
  $quote->setReservedOrderId($orderData['increment_id']);
1546
  $service->setOrderData($orderData);
1547
+
1548
+ $oldOrder->cancel();
1549
  }
1550
 
1551
+ /** @var Mage_Sales_Model_Order $order */
1552
  $order = $service->submit();
1553
+ $customer = $quote->getCustomer();
1554
+ if ((!$customer->getId() || !$customer->isInStore($this->getSession()->getStore()))
1555
  && !$quote->getCustomerIsGuest()
1556
  ) {
1557
+ $customer->setCreatedAt($order->getCreatedAt());
1558
+ $customer
1559
  ->save()
1560
  ->sendNewAccountEmail('registered', '', $quote->getStoreId());;
1561
  }
1562
+ if ($oldOrder->getId()) {
1563
+ $oldOrder->setRelationChildId($order->getId());
1564
+ $oldOrder->setRelationChildRealId($order->getIncrementId());
1565
+ $oldOrder->save();
 
 
 
1566
  $order->save();
1567
  }
1568
  if ($this->getSendConfirmation()) {
app/code/core/Mage/Adminhtml/Model/System/Config/Backend/Baseurl.php CHANGED
@@ -32,6 +32,7 @@ class Mage_Adminhtml_Model_System_Config_Backend_Baseurl extends Mage_Core_Model
32
  $value = $this->getValue();
33
 
34
  if (!preg_match('#^{{((un)?secure_)?base_url}}#', $value)) {
 
35
  $parsedUrl = parse_url($value);
36
  if (!isset($parsedUrl['scheme']) || !isset($parsedUrl['host'])) {
37
  Mage::throwException(Mage::helper('core')->__('The %s you entered is invalid. Please make sure that it follows "http://domain.com/" format.', $this->getFieldConfig()->label));
@@ -60,4 +61,19 @@ class Mage_Adminhtml_Model_System_Config_Backend_Baseurl extends Mage_Core_Model
60
  Mage::getModel('core/design_package')->cleanMergedJsCss();
61
  }
62
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
63
  }
32
  $value = $this->getValue();
33
 
34
  if (!preg_match('#^{{((un)?secure_)?base_url}}#', $value)) {
35
+ $value = Mage::helper('core/url')->encodePunycode($value);
36
  $parsedUrl = parse_url($value);
37
  if (!isset($parsedUrl['scheme']) || !isset($parsedUrl['host'])) {
38
  Mage::throwException(Mage::helper('core')->__('The %s you entered is invalid. Please make sure that it follows "http://domain.com/" format.', $this->getFieldConfig()->label));
61
  Mage::getModel('core/design_package')->cleanMergedJsCss();
62
  }
63
  }
64
+
65
+ /**
66
+ * Processing object after load data
67
+ *
68
+ * @return Mage_Core_Model_Abstract
69
+ */
70
+ protected function _afterLoad()
71
+ {
72
+ $value = $this->getValue();
73
+ if (!preg_match('#^{{((un)?secure_)?base_url}}#', $value)) {
74
+ $value = Mage::helper('core/url')->decodePunycode($value);
75
+ }
76
+ $this->setValue($value);
77
+ return parent::_afterLoad();
78
+ }
79
  }
app/code/core/Mage/Adminhtml/controllers/AjaxController.php CHANGED
@@ -52,4 +52,14 @@ class Mage_Adminhtml_AjaxController extends Mage_Adminhtml_Controller_Action
52
  echo Mage::helper('core/translate')->apply($translation, $area);
53
  exit();
54
  }
 
 
 
 
 
 
 
 
 
 
55
  }
52
  echo Mage::helper('core/translate')->apply($translation, $area);
53
  exit();
54
  }
55
+
56
+ /**
57
+ * Check is allowed access to action
58
+ *
59
+ * @return bool
60
+ */
61
+ protected function _isAllowed()
62
+ {
63
+ return true;
64
+ }
65
  }
app/code/core/Mage/Adminhtml/controllers/Catalog/Category/WidgetController.php CHANGED
@@ -69,4 +69,14 @@ class Mage_Adminhtml_Catalog_Category_WidgetController extends Mage_Adminhtml_Co
69
  'use_massaction' => $this->getRequest()->getParam('use_massaction', false)
70
  ));
71
  }
 
 
 
 
 
 
 
 
 
 
72
  }
69
  'use_massaction' => $this->getRequest()->getParam('use_massaction', false)
70
  ));
71
  }
72
+
73
+ /**
74
+ * Check is allowed access to action
75
+ *
76
+ * @return bool
77
+ */
78
+ protected function _isAllowed()
79
+ {
80
+ return Mage::getSingleton('admin/session')->isAllowed('cms/widget_instance');
81
+ }
82
  }
app/code/core/Mage/Adminhtml/controllers/Catalog/Product/DatafeedsController.php CHANGED
@@ -32,4 +32,14 @@ class Mage_Adminhtml_Catalog_DatafeedsController extends Mage_Adminhtml_Controll
32
  {
33
 
34
  }
 
 
 
 
 
 
 
 
 
 
35
  }
32
  {
33
 
34
  }
35
+
36
+ /**
37
+ * Check is allowed access to action
38
+ *
39
+ * @return bool
40
+ */
41
+ protected function _isAllowed()
42
+ {
43
+ return true;
44
+ }
45
  }
app/code/core/Mage/Adminhtml/controllers/Catalog/Product/ReviewController.php CHANGED
@@ -367,7 +367,8 @@ class Mage_Adminhtml_Catalog_Product_ReviewController extends Mage_Adminhtml_Con
367
 
368
  protected function _isAllowed()
369
  {
370
- switch ($this->getRequest()->getActionName()) {
 
371
  case 'pending':
372
  return Mage::getSingleton('admin/session')->isAllowed('catalog/reviews_ratings/reviews/pending');
373
  break;
367
 
368
  protected function _isAllowed()
369
  {
370
+ $action = strtolower($this->getRequest()->getActionName());
371
+ switch ($action) {
372
  case 'pending':
373
  return Mage::getSingleton('admin/session')->isAllowed('catalog/reviews_ratings/reviews/pending');
374
  break;
app/code/core/Mage/Adminhtml/controllers/Catalog/Product/WidgetController.php CHANGED
@@ -67,4 +67,14 @@ class Mage_Adminhtml_Catalog_Product_WidgetController extends Mage_Adminhtml_Con
67
 
68
  $this->getResponse()->setBody($html);
69
  }
 
 
 
 
 
 
 
 
 
 
70
  }
67
 
68
  $this->getResponse()->setBody($html);
69
  }
70
+
71
+ /**
72
+ * Check is allowed access to action
73
+ *
74
+ * @return bool
75
+ */
76
+ protected function _isAllowed()
77
+ {
78
+ return Mage::getSingleton('admin/session')->isAllowed('cms/widget_instance');
79
+ }
80
  }
app/code/core/Mage/Adminhtml/controllers/Catalog/ProductController.php CHANGED
@@ -932,6 +932,7 @@ class Mage_Adminhtml_Catalog_ProductController extends Mage_Adminhtml_Controller
932
  $this->_validateMassStatus($productIds, $status);
933
  Mage::getSingleton('catalog/product_action')
934
  ->updateAttributes($productIds, array('status' => $status), $storeId);
 
935
 
936
  $this->_getSession()->addSuccess(
937
  $this->__('Total of %d record(s) have been updated.', count($productIds))
932
  $this->_validateMassStatus($productIds, $status);
933
  Mage::getSingleton('catalog/product_action')
934
  ->updateAttributes($productIds, array('status' => $status), $storeId);
935
+ Mage::dispatchEvent('catalog_controller_product_mass_status', array('product_ids' => $productIds));
936
 
937
  $this->_getSession()->addSuccess(
938
  $this->__('Total of %d record(s) have been updated.', count($productIds))
app/code/core/Mage/Adminhtml/controllers/Cms/Block/WidgetController.php CHANGED
@@ -45,4 +45,14 @@ class Mage_Adminhtml_Cms_Block_WidgetController extends Mage_Adminhtml_Controlle
45
  ));
46
  $this->getResponse()->setBody($pagesGrid->toHtml());
47
  }
 
 
 
 
 
 
 
 
 
 
48
  }
45
  ));
46
  $this->getResponse()->setBody($pagesGrid->toHtml());
47
  }
48
+
49
+ /**
50
+ * Check is allowed access to action
51
+ *
52
+ * @return bool
53
+ */
54
+ protected function _isAllowed()
55
+ {
56
+ return Mage::getSingleton('admin/session')->isAllowed('cms/widget_instance');
57
+ }
58
  }
app/code/core/Mage/Adminhtml/controllers/Cms/Page/WidgetController.php CHANGED
@@ -45,4 +45,15 @@ class Mage_Adminhtml_Cms_Page_WidgetController extends Mage_Adminhtml_Controller
45
  ));
46
  $this->getResponse()->setBody($pagesGrid->toHtml());
47
  }
 
 
 
 
 
 
 
 
 
 
 
48
  }
45
  ));
46
  $this->getResponse()->setBody($pagesGrid->toHtml());
47
  }
48
+
49
+ /**
50
+ * Check is allowed access to action
51
+ *
52
+ * @return bool
53
+ */
54
+ protected function _isAllowed()
55
+ {
56
+ return Mage::getSingleton('admin/session')->isAllowed('cms/widget_instance');
57
+ }
58
+
59
  }
app/code/core/Mage/Adminhtml/controllers/Cms/PageController.php CHANGED
@@ -222,7 +222,8 @@ class Mage_Adminhtml_Cms_PageController extends Mage_Adminhtml_Controller_Action
222
  */
223
  protected function _isAllowed()
224
  {
225
- switch ($this->getRequest()->getActionName()) {
 
226
  case 'new':
227
  case 'save':
228
  return Mage::getSingleton('admin/session')->isAllowed('cms/page/save');
222
  */
223
  protected function _isAllowed()
224
  {
225
+ $action = strtolower($this->getRequest()->getActionName());
226
+ switch ($action) {
227
  case 'new':
228
  case 'save':
229
  return Mage::getSingleton('admin/session')->isAllowed('cms/page/save');
app/code/core/Mage/Adminhtml/controllers/Cms/WysiwygController.php CHANGED
@@ -63,4 +63,14 @@ class Mage_Adminhtml_Cms_WysiwygController extends Mage_Adminhtml_Controller_Act
63
  */
64
  }
65
  }
 
 
 
 
 
 
 
 
 
 
66
  }
63
  */
64
  }
65
  }
66
+
67
+ /**
68
+ * Check the permission to run it
69
+ *
70
+ * @return boolean
71
+ */
72
+ protected function _isAllowed()
73
+ {
74
+ return Mage::getSingleton('admin/session')->isAllowed('cms');
75
+ }
76
  }
app/code/core/Mage/Adminhtml/controllers/Customer/System/Config/ValidatevatController.php CHANGED
@@ -88,4 +88,14 @@ class Mage_Adminhtml_Customer_System_Config_ValidatevatController extends Mage_A
88
  ));
89
  $this->getResponse()->setBody($body);
90
  }
 
 
 
 
 
 
 
 
 
 
91
  }
88
  ));
89
  $this->getResponse()->setBody($body);
90
  }
91
+
92
+ /**
93
+ * Check is allowed access to action
94
+ *
95
+ * @return bool
96
+ */
97
+ protected function _isAllowed()
98
+ {
99
+ return Mage::getSingleton('admin/session')->isAllowed('system/config');
100
+ }
101
  }
app/code/core/Mage/Adminhtml/controllers/CustomerController.php CHANGED
@@ -376,6 +376,7 @@ class Mage_Adminhtml_CustomerController extends Mage_Adminhtml_Controller_Action
376
  $this->_getSession()->addError($e->getMessage());
377
  $this->_getSession()->setCustomerData($data);
378
  $this->getResponse()->setRedirect($this->getUrl('*/customer/edit', array('id' => $customer->getId())));
 
379
  } catch (Exception $e) {
380
  $this->_getSession()->addException($e,
381
  Mage::helper('adminhtml')->__('An error occurred while saving the customer.'));
376
  $this->_getSession()->addError($e->getMessage());
377
  $this->_getSession()->setCustomerData($data);
378
  $this->getResponse()->setRedirect($this->getUrl('*/customer/edit', array('id' => $customer->getId())));
379
+ return;
380
  } catch (Exception $e) {
381
  $this->_getSession()->addException($e,
382
  Mage::helper('adminhtml')->__('An error occurred while saving the customer.'));
app/code/core/Mage/Adminhtml/controllers/JsonController.php CHANGED
@@ -56,4 +56,14 @@ class Mage_Adminhtml_JsonController extends Mage_Adminhtml_Controller_Action
56
 
57
  $this->getResponse()->setBody(Mage::helper('core')->jsonEncode($arrRes));
58
  }
 
 
 
 
 
 
 
 
 
 
59
  }
56
 
57
  $this->getResponse()->setBody(Mage::helper('core')->jsonEncode($arrRes));
58
  }
59
+
60
+ /**
61
+ * Check is allowed access to action
62
+ *
63
+ * @return bool
64
+ */
65
+ protected function _isAllowed()
66
+ {
67
+ return true;
68
+ }
69
  }
app/code/core/Mage/Adminhtml/controllers/NotificationController.php CHANGED
@@ -160,12 +160,13 @@ class Mage_Adminhtml_NotificationController extends Mage_Adminhtml_Controller_Ac
160
 
161
  protected function _isAllowed()
162
  {
163
- switch ($this->getRequest()->getActionName()) {
164
- case 'markAsRead':
 
165
  $acl = 'system/adminnotification/mark_as_read';
166
  break;
167
 
168
- case 'massMarkAsRead':
169
  $acl = 'system/adminnotification/mark_as_read';
170
  break;
171
 
@@ -173,7 +174,7 @@ class Mage_Adminhtml_NotificationController extends Mage_Adminhtml_Controller_Ac
173
  $acl = 'system/adminnotification/remove';
174
  break;
175
 
176
- case 'massRemove':
177
  $acl = 'system/adminnotification/remove';
178
  break;
179
 
160
 
161
  protected function _isAllowed()
162
  {
163
+ $action = strtolower($this->getRequest()->getActionName());
164
+ switch ($action) {
165
+ case 'markasread':
166
  $acl = 'system/adminnotification/mark_as_read';
167
  break;
168
 
169
+ case 'massmarkasread':
170
  $acl = 'system/adminnotification/mark_as_read';
171
  break;
172
 
174
  $acl = 'system/adminnotification/remove';
175
  break;
176
 
177
+ case 'massremove':
178
  $acl = 'system/adminnotification/remove';
179
  break;
180
 
app/code/core/Mage/Adminhtml/controllers/Permissions/RoleController.php CHANGED
@@ -154,7 +154,7 @@ class Mage_Adminhtml_Permissions_RoleController extends Mage_Adminhtml_Controlle
154
  Mage::getSingleton('adminhtml/session')->addError($this->__('An error occurred while deleting this role.'));
155
  }
156
 
157
- $this->_redirect("*/*/");
158
  }
159
 
160
  /**
@@ -175,7 +175,7 @@ class Mage_Adminhtml_Permissions_RoleController extends Mage_Adminhtml_Controlle
175
 
176
  $isAll = $this->getRequest()->getParam('all');
177
  if ($isAll)
178
- $resource = array("all");
179
 
180
  $role = $this->_initRole('role_id');
181
  if (!$role->getId() && $rid) {
@@ -209,7 +209,7 @@ class Mage_Adminhtml_Permissions_RoleController extends Mage_Adminhtml_Controlle
209
  );
210
  $role->save();
211
 
212
- Mage::getModel("admin/rules")
213
  ->setRoleId($role->getId())
214
  ->setResources($resource)
215
  ->saveRel();
@@ -256,7 +256,7 @@ class Mage_Adminhtml_Permissions_RoleController extends Mage_Adminhtml_Controlle
256
  protected function _deleteUserFromRole($userId, $roleId)
257
  {
258
  try {
259
- Mage::getModel("admin/user")
260
  ->setRoleId($roleId)
261
  ->setUserId($userId)
262
  ->deleteFromRole();
@@ -276,7 +276,7 @@ class Mage_Adminhtml_Permissions_RoleController extends Mage_Adminhtml_Controlle
276
  */
277
  protected function _addUserToRole($userId, $roleId)
278
  {
279
- $user = Mage::getModel("admin/user")->load($userId);
280
  $user->setRoleId($roleId)->setUserId($userId);
281
 
282
  if( $user->roleUserExists() === true ) {
@@ -296,4 +296,45 @@ class Mage_Adminhtml_Permissions_RoleController extends Mage_Adminhtml_Controlle
296
  {
297
  return Mage::getSingleton('admin/session')->isAllowed('system/acl/roles');
298
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
299
  }
154
  Mage::getSingleton('adminhtml/session')->addError($this->__('An error occurred while deleting this role.'));
155
  }
156
 
157
+ $this->_redirect('*/*/');
158
  }
159
 
160
  /**
175
 
176
  $isAll = $this->getRequest()->getParam('all');
177
  if ($isAll)
178
+ $resource = array('all');
179
 
180
  $role = $this->_initRole('role_id');
181
  if (!$role->getId() && $rid) {
209
  );
210
  $role->save();
211
 
212
+ Mage::getModel('admin/rules')
213
  ->setRoleId($role->getId())
214
  ->setResources($resource)
215
  ->saveRel();
256
  protected function _deleteUserFromRole($userId, $roleId)
257
  {
258
  try {
259
+ Mage::getModel('admin/user')
260
  ->setRoleId($roleId)
261
  ->setUserId($userId)
262
  ->deleteFromRole();
276
  */
277
  protected function _addUserToRole($userId, $roleId)
278
  {
279
+ $user = Mage::getModel('admin/user')->load($userId);
280
  $user->setRoleId($roleId)->setUserId($userId);
281
 
282
  if( $user->roleUserExists() === true ) {
296
  {
297
  return Mage::getSingleton('admin/session')->isAllowed('system/acl/roles');
298
  }
299
+
300
+ /**
301
+ * Action to refresh role-rule relations.
302
+ * This method will make sure the rendered ACL resource tree checkboxes match the actual ACL permissions.
303
+ * To be used after adding a new ACL resource via config
304
+ */
305
+ public function refreshRolesAction()
306
+ {
307
+ $resourceAcl = Mage::getResourceModel('admin/acl')->loadAcl();
308
+ $roles = Mage::getResourceModel('admin/role_collection')->setRolesFilter()->getItems();
309
+ try {
310
+ foreach ($roles as $role) {
311
+ $roleTypeId = $role->getRoleType() . $role->getRoleId();
312
+ $selectedResourceIds = array();
313
+ if ($resourceAcl->isAllowed($roleTypeId, 'all')) {
314
+ $selectedResourceIds = array('all');
315
+ } else {
316
+ foreach ($resourceAcl->getResources() as $resource) {
317
+ if ($resourceAcl->isAllowed($roleTypeId, $resource)) {
318
+ array_push($selectedResourceIds, $resource);
319
+ }
320
+ }
321
+ }
322
+
323
+ Mage::getModel('admin/rules')
324
+ ->setRoleId($role->getId())
325
+ ->setResources($selectedResourceIds)
326
+ ->saveRel();
327
+ }
328
+
329
+ Mage::getSingleton('adminhtml/session')->addSuccess($this->__('The roles have been refreshed.'));
330
+ } catch (Mage_Core_Exception $e) {
331
+ Mage::getSingleton('adminhtml/session')->addError($e->getMessage());
332
+ } catch (Exception $e) {
333
+ Mage::logException($e);
334
+ Mage::getSingleton('adminhtml/session')->addError($this->__('An error occurred while refreshing roles.'));
335
+ }
336
+
337
+ $this->_redirect('*/*/');
338
+ return;
339
+ }
340
  }
app/code/core/Mage/Adminhtml/controllers/Report/CustomerController.php CHANGED
@@ -161,7 +161,8 @@ class Mage_Adminhtml_Report_CustomerController extends Mage_Adminhtml_Controller
161
 
162
  protected function _isAllowed()
163
  {
164
- switch ($this->getRequest()->getActionName()) {
 
165
  case 'accounts':
166
  return Mage::getSingleton('admin/session')->isAllowed('report/customers/accounts');
167
  break;
161
 
162
  protected function _isAllowed()
163
  {
164
+ $action = strtolower($this->getRequest()->getActionName());
165
+ switch ($action) {
166
  case 'accounts':
167
  return Mage::getSingleton('admin/session')->isAllowed('report/customers/accounts');
168
  break;
app/code/core/Mage/Adminhtml/controllers/Report/ProductController.php CHANGED
@@ -267,7 +267,8 @@ class Mage_Adminhtml_Report_ProductController extends Mage_Adminhtml_Controller_
267
  */
268
  protected function _isAllowed()
269
  {
270
- switch ($this->getRequest()->getActionName()) {
 
271
  case 'viewed':
272
  return Mage::getSingleton('admin/session')->isAllowed('report/products/viewed');
273
  break;
267
  */
268
  protected function _isAllowed()
269
  {
270
+ $action = strtolower($this->getRequest()->getActionName());
271
+ switch ($action) {
272
  case 'viewed':
273
  return Mage::getSingleton('admin/session')->isAllowed('report/products/viewed');
274
  break;
app/code/core/Mage/Adminhtml/controllers/Report/ReviewController.php CHANGED
@@ -160,7 +160,8 @@ class Mage_Adminhtml_Report_ReviewController extends Mage_Adminhtml_Controller_A
160
 
161
  protected function _isAllowed()
162
  {
163
- switch ($this->getRequest()->getActionName()) {
 
164
  case 'customer':
165
  return Mage::getSingleton('admin/session')->isAllowed('report/review/customer');
166
  break;
160
 
161
  protected function _isAllowed()
162
  {
163
+ $action = strtolower($this->getRequest()->getActionName());
164
+ switch ($action) {
165
  case 'customer':
166
  return Mage::getSingleton('admin/session')->isAllowed('report/review/customer');
167
  break;
app/code/core/Mage/Adminhtml/controllers/Report/SalesController.php CHANGED
@@ -389,7 +389,8 @@ class Mage_Adminhtml_Report_SalesController extends Mage_Adminhtml_Controller_Re
389
 
390
  protected function _isAllowed()
391
  {
392
- switch ($this->getRequest()->getActionName()) {
 
393
  case 'sales':
394
  return $this->_getSession()->isAllowed('report/salesroot/sales');
395
  break;
389
 
390
  protected function _isAllowed()
391
  {
392
+ $action = strtolower($this->getRequest()->getActionName());
393
+ switch ($action) {
394
  case 'sales':
395
  return $this->_getSession()->isAllowed('report/salesroot/sales');
396
  break;
app/code/core/Mage/Adminhtml/controllers/Report/ShopcartController.php CHANGED
@@ -155,7 +155,8 @@ class Mage_Adminhtml_Report_ShopcartController extends Mage_Adminhtml_Controller
155
 
156
  protected function _isAllowed()
157
  {
158
- switch ($this->getRequest()->getActionName()) {
 
159
  case 'customer':
160
  return Mage::getSingleton('admin/session')->isAllowed('report/shopcart/customer');
161
  break;
155
 
156
  protected function _isAllowed()
157
  {
158
+ $action = strtolower($this->getRequest()->getActionName());
159
+ switch ($action) {
160
  case 'customer':
161
  return Mage::getSingleton('admin/session')->isAllowed('report/shopcart/customer');
162
  break;
app/code/core/Mage/Adminhtml/controllers/Report/TagController.php CHANGED
@@ -282,14 +282,15 @@ class Mage_Adminhtml_Report_TagController extends Mage_Adminhtml_Controller_Acti
282
 
283
  protected function _isAllowed()
284
  {
285
- switch ($this->getRequest()->getActionName()) {
 
286
  case 'customer':
287
  return Mage::getSingleton('admin/session')->isAllowed('report/tags/customer');
288
  break;
289
  case 'product':
290
  return Mage::getSingleton('admin/session')->isAllowed('report/tags/product');
291
  break;
292
- case 'productAll':
293
  return Mage::getSingleton('admin/session')->isAllowed('report/tags/product');
294
  break;
295
  case 'popular':
282
 
283
  protected function _isAllowed()
284
  {
285
+ $action = strtolower($this->getRequest()->getActionName());
286
+ switch ($action) {
287
  case 'customer':
288
  return Mage::getSingleton('admin/session')->isAllowed('report/tags/customer');
289
  break;
290
  case 'product':
291
  return Mage::getSingleton('admin/session')->isAllowed('report/tags/product');
292
  break;
293
+ case 'productall':
294
  return Mage::getSingleton('admin/session')->isAllowed('report/tags/product');
295
  break;
296
  case 'popular':
app/code/core/Mage/Adminhtml/controllers/ReportController.php CHANGED
@@ -131,7 +131,8 @@ class Mage_Adminhtml_ReportController extends Mage_Adminhtml_Controller_Action
131
 
132
  protected function _isAllowed()
133
  {
134
- switch ($this->getRequest()->getActionName()) {
 
135
  case 'search':
136
  return Mage::getSingleton('admin/session')->isAllowed('report/search');
137
  break;
131
 
132
  protected function _isAllowed()
133
  {
134
+ $action = strtolower($this->getRequest()->getActionName());
135
+ switch ($action) {
136
  case 'search':
137
  return Mage::getSingleton('admin/session')->isAllowed('report/search');
138
  break;
app/code/core/Mage/Adminhtml/controllers/Rss/CatalogController.php CHANGED
@@ -34,17 +34,21 @@
34
 
35
  class Mage_Adminhtml_Rss_CatalogController extends Mage_Adminhtml_Controller_Action
36
  {
37
- public function preDispatch()
 
 
 
 
 
38
  {
39
  $path = '';
40
- if ($this->getRequest()->getActionName() == 'review') {
 
41
  $path = 'catalog/reviews_ratings';
42
- } elseif ($this->getRequest()->getActionName() == 'notifystock') {
43
  $path = 'catalog/products';
44
  }
45
- Mage::helper('adminhtml/rss')->authAdmin($path);
46
- parent::preDispatch();
47
- return $this;
48
  }
49
 
50
  public function notifystockAction()
34
 
35
  class Mage_Adminhtml_Rss_CatalogController extends Mage_Adminhtml_Controller_Action
36
  {
37
+ /**
38
+ * Check is allowed access to action
39
+ *
40
+ * @return bool
41
+ */
42
+ protected function _isAllowed()
43
  {
44
  $path = '';
45
+ $action = strtolower($this->getRequest()->getActionName());
46
+ if ($action == 'review') {
47
  $path = 'catalog/reviews_ratings';
48
+ } elseif ($action == 'notifystock') {
49
  $path = 'catalog/products';
50
  }
51
+ return Mage::getSingleton('admin/session')->isAllowed($path);
 
 
52
  }
53
 
54
  public function notifystockAction()
app/code/core/Mage/Adminhtml/controllers/Rss/OrderController.php CHANGED
@@ -34,12 +34,6 @@
34
 
35
  class Mage_Adminhtml_Rss_OrderController extends Mage_Adminhtml_Controller_Action
36
  {
37
- public function preDispatch()
38
- {
39
- Mage::helper('adminhtml/rss')->authAdmin('catalog/reviews_ratings');
40
- parent::preDispatch();
41
- return $this;
42
- }
43
 
44
  public function newAction()
45
  {
@@ -48,4 +42,14 @@ class Mage_Adminhtml_Rss_OrderController extends Mage_Adminhtml_Controller_Actio
48
  $this->loadLayout(false);
49
  $this->renderLayout();
50
  }