Mage_Core_Modules - Version 1.9.2.2

Version Notes

1.9.2.2

Download this release

Release Info

Developer Magento Core Team
Extension Mage_Core_Modules
Version 1.9.2.2
Comparing to
See all releases


Code changes from version 1.9.2.1 to 1.9.2.2

Files changed (33) hide show
  1. .htaccess.sample +24 -0
  2. RELEASE_NOTES.txt +117 -107
  3. app/Mage.php +1 -1
  4. app/code/core/Mage/Admin/Model/Block.php +84 -0
  5. app/code/core/Mage/Admin/Model/Resource/Block.php +44 -0
  6. app/code/core/Mage/Admin/Model/Resource/Block/Collection.php +44 -0
  7. app/code/core/Mage/Admin/Model/Resource/Variable.php +43 -0
  8. app/code/core/Mage/Admin/Model/Resource/Variable/Collection.php +44 -0
  9. app/code/core/Mage/Admin/Model/Variable.php +80 -0
  10. app/code/core/Mage/Admin/etc/config.xml +7 -1
  11. app/code/core/Mage/Admin/sql/admin_setup/upgrade-1.6.1.1-1.6.1.2.php +103 -0
  12. app/code/core/Mage/Catalog/Model/Product/Option/Type/File.php +13 -17
  13. app/code/core/Mage/Connect/Helper/Data.php +23 -1
  14. app/code/core/Mage/Core/Controller/Front/Action.php +11 -1
  15. app/code/core/Mage/Core/Controller/Varien/Router/Admin.php +23 -0
  16. app/code/core/Mage/Core/Helper/UnserializeArray.php +46 -0
  17. app/code/core/Mage/Core/Model/Email/Queue.php +5 -0
  18. app/code/core/Mage/Core/Model/Email/Template/Filter.php +13 -3
  19. app/code/core/Mage/Core/Model/Resource/Setup.php +0 -1
  20. app/code/core/Mage/Core/etc/config.xml +1 -0
  21. app/code/core/Mage/Core/etc/system.xml +12 -2
  22. app/code/core/Mage/Customer/Block/Account/Changeforgotten.php +37 -0
  23. app/code/core/Mage/Customer/Block/Account/Resetpassword.php +3 -0
  24. app/code/core/Mage/Customer/controllers/AccountController.php +95 -32
  25. app/code/core/Mage/Downloadable/Model/Product/Type.php +8 -1
  26. app/code/core/Mage/Eav/Model/Resource/Attribute/Collection.php +5 -2
  27. app/code/core/Mage/Sales/Model/Resource/Order/Item/Collection.php +13 -0
  28. app/code/core/Mage/Sales/controllers/DownloadController.php +16 -1
  29. app/code/core/Mage/SalesRule/Model/Resource/Coupon/Collection.php +4 -4
  30. cron.php +5 -4
  31. errors/design.xml +21 -3
  32. errors/processor.php +1 -0
  33. package.xml +6 -6
.htaccess.sample CHANGED
@@ -176,3 +176,27 @@
176
177
#FileETag none
178
176
177
#FileETag none
178
179
+ ###########################################
180
+ ## Deny access to cron.php
181
+ <Files cron.php>
182
+
183
+ ############################################
184
+ ## uncomment next lines to enable cron access with base HTTP authorization
185
+ ## http://httpd.apache.org/docs/2.2/howto/auth.html
186
+ ##
187
+ ## Warning: .htpasswd file should be placed somewhere not accessible from the web.
188
+ ## This is so that folks cannot download the password file.
189
+ ## For example, if your documents are served out of /usr/local/apache/htdocs
190
+ ## you might want to put the password file(s) in /usr/local/apache/.
191
+
192
+ #AuthName "Cron auth"
193
+ #AuthUserFile ../.htpasswd
194
+ #AuthType basic
195
+ #Require valid-user
196
+
197
+ ############################################
198
+
199
+ Order allow,deny
200
+ Deny from all
201
+
202
+ </Files>
RELEASE_NOTES.txt CHANGED
@@ -1,3 +1,13 @@
1
==== 1.9.2.1 ====
2
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
3
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -31,7 +41,7 @@
31
==== 1.7.0.2 ====
32
33
=== Fixes ===
34
- Fixed: Security vulnerability in Zend_XmlRpc - http://framework.zend.com/security/advisory/ZF2012-01
35
Fixed: PayPal Standard does not display on frontend during checkout with some merchant countries
36
37
@@ -651,7 +661,7 @@ Added captcha functionality
651
Implemented different base prices for customer groups
652
Added auto generation of coupon codes
653
Backup and Rollback functionality
654
- VAT ID Validation added
655
Implemented DHL for Europe
656
Added REST API
657
@@ -662,7 +672,7 @@ Mobile theme was redesigned
662
Added ability to translate action array parameter nodes via layout.xml
663
Added support for using custom currency symbols
664
Added functionality to cleaning old cache files by cron task
665
- Refactored rules-based modules
666
Improved customer address handling using PayPal Express checkout
667
Refactored escaping functionality used with translations
668
Added ability to customize logo in emails from the admin
@@ -678,7 +688,7 @@ Library js/scriptaculous/dragdrop.js is upgraded to version 1.9.0
678
Image file of "jpg" type are allowed for favicon
679
Added ability to extend list of attributes to select for categories loaded via Mage_Catalog_Model_Resource_Category_Flat::_loadNodes()
680
Added changes to lib/Varien/Http/Adapter/Curl.php to provide interface for setting different cURL options
681
- Displaying State or Province can be optional for any country
682
Added ability to get Magento type from Mage.php
683
684
=== Fixes ===
@@ -911,13 +921,13 @@ Fixed Maintenance flag isn't deleted if rollback fails with not enough permissio
911
Fixed Customer's group isn't changed if his billing address modified within back-end
912
Added Add a message and the link in the mini shopping cart, when the cart is empty
913
Fixed On Edit Shipping Address page button "Validate VAT Number" should be hidden
914
- Fixed Fatal error when try to ship order with Flat Rate shipping method
915
- fixed potentially problematic chaining involved getShippingCarrier method
916
Fixed No ability to open PDF file with Label
917
Fixed Incorrect final price for configurable products if several custom options used
918
Fixed "Length", "Width" and "Height" fields on "Create Packages" pop up are active, when "Documents" type is selected in IE7 and IE9
919
Fixed HTTP 500 error on front-end for bundle fixed with percent options enabled for sub-products
920
- Fixed Shipment created on Magento side doesn't send to Google side for Merchant Calculated shipping
921
- added check for process only Google Checkout internal methods
922
Fixed PDF files for invoices and credit memos are not displaying Including Tax Price
923
Fixed Default value that was specified in system settings doesn't presented in Code Format drop-down on Manage Coupon Codes tab
@@ -950,7 +960,7 @@ Fixed "Same As Billing Address" check-box doesn't work
950
Fixed Impossible to enter zero in the base price field for customer groups
951
Fixed Group Price attribute position on the Prices tab is incorrect
952
Fixed Add new column to the grid with number of used coupons
953
- Fixed Custom options are not stored when downloadable product is duplicated
954
Fixed Broken logic for "Zero Subtotal Checkout" order statuses
955
Fixed Coupon codes generation fails when trying to generate large amount of codes
956
Fixed PayFlow Link: Using "Pay with PayPal" and selected shipping method that is greater than 0 doesn't process order
@@ -1215,7 +1225,7 @@ Fixed Unnecessary comments in "Share Wishlist" email
1215
Added ability to translate action array parameter nodes via layout.xml
1216
Added support for using custom currency symbols
1217
Added functionality to cleaning old cache files by cron task
1218
- Refactored rules-based modules
1219
Improved customer address handling using PayPal Express checkout
1220
Refactored escaping functionality used with translations
1221
Added ability to customize logo in emails from the admin
@@ -1230,7 +1240,7 @@ Library js/scriptaculous/dragdrop.js is upgraded to version 1.9.0
1230
Image file of "jpg" type are allowed for favicon
1231
Added ability to extend list of attributes to select for categories loaded via Mage_Catalog_Model_Resource_Category_Flat::_loadNodes()
1232
Added changes to lib/Varien/Http/Adapter/Curl.php to provide interface for setting different cURL options
1233
- Displaying State or Province can be optional for any country
1234
Added ability to get Magento type from Mage.php
1235
1236
@@ -1415,13 +1425,13 @@ Fixed Maintenance flag isn't deleted if rollback fails with not enough permissio
1415
Fixed Customer's group isn't changed if his billing address modified within back-end
1416
Added Add a message and the link in the mini shopping cart, when the cart is empty
1417
Fixed On Edit Shipping Address page button "Validate VAT Number" should be hidden
1418
- Fixed Fatal error when try to ship order with Flat Rate shipping method
1419
- fixed potentially problematic chaining involved getShippingCarrier method
1420
Fixed No ability to open PDF file with Label
1421
Fixed Incorrect final price for configurable products if several custom options used
1422
Fixed "Length", "Width" and "Height" fields on "Create Packages" pop up are active, when "Documents" type is selected in IE7 and IE9
1423
Fixed HTTP 500 error on front-end for bundle fixed with percent options enabled for sub-products
1424
- Fixed Shipment created on Magento side doesn't send to Google side for Merchant Calculated shipping
1425
- added check for process only Google Checkout internal methods
1426
Fixed PDF files for invoices and credit memos are not displaying Including Tax Price
1427
Fixed Default value that was specified in system settings doesn't presented in Code Format drop-down on Manage Coupon Codes tab
@@ -1455,7 +1465,7 @@ Fixed "Same As Billing Address" check-box doesn't work
1455
Fixed Impossible to enter zero in the base price field for customer groups
1456
Fixed Group Price attribute position on the Prices tab is incorrect
1457
Fixed Add new column to the grid with number of used coupons
1458
- Fixed Custom options are not stored when downloadable product is duplicated
1459
Fixed Broken logic for "Zero Subtotal Checkout" order statuses
1460
Fixed Coupon codes generation fails when trying to generate large amount of codes
1461
Fixed PayFlow Link: Using "Pay with PayPal" and selected shipping method that is greater than 0 doesn't process order
@@ -1473,7 +1483,7 @@ Fixed Export of Group Price data doesn't work
1473
1474
=== Improvements ===
1475
Refactored indexing process:
1476
- - Changed logic around reindexing to prevent conflicts between partial and full reindexing
1477
- Prevented situations where concurrent indexing processes run at the same time and overwrite each other's data
1478
1479
=== Changes ===
@@ -1509,7 +1519,7 @@ Added captcha functionality
1509
Implemented different base prices for customer groups
1510
Added auto generation of coupon codes
1511
Backup and Rollback functionality
1512
- VAT ID Validation added
1513
Implemented DHL for Europe
1514
1515
=== Improvements ===
@@ -2242,7 +2252,7 @@ Fixed Catalog price rules for composite products changes
2242
Fixed Moving modules to the correct place
2243
Fixed Wishlist shows items per store scope, not website
2244
Fixed Products in Wishlist disappears, when Store View is changed
2245
- Fixed Wrong Comments History in notification of order creation/cancellation
2246
Fixed In AJAX popup fields "From" and "To" have behavior as mandatory fields
2247
Fixed Filter by Allow Countries not working for Customer Address Form in the Backend
2248
Fixed Product price lower than 0 (after catalog price rule applying)
@@ -2418,7 +2428,7 @@ Fixed Catalog price rules for composite products changes
2418
Fixed Moving modules to the correct place
2419
Fixed Wishlist shows items per store scope, not website
2420
Fixed Products in Wishlist disappears, when Store View is changed
2421
- Fixed Wrong Comments History in notification of order creation/cancellation
2422
Fixed In AJAX popup fields "From" and "To" have behavior as mandatory fields
2423
Fixed Filter by Allow Countries not working for Customer Address Form in the Backend
2424
Fixed Product price lower than 0 (after catalog price rule applying)
@@ -2519,7 +2529,7 @@ Updated PayflowLink HSS user interface in checkout
2519
=== Changes ===
2520
TheFind integration was removed
2521
Google Optimizer was removed (it will be supported as a core extension)
2522
- Improved how discounts are applied to sub products
2523
2524
=== Fixes ===
2525
Fixed Saved CC form is not displayed, when there are no other available payment methods except Saved CC
@@ -2562,7 +2572,7 @@ Fixed Catalog price rules for composite products changes
2562
Fixed Moving modules to the correct place
2563
Fixed Wishlist shows items per store scope, not website
2564
Fixed Products in Wishlist disappears, when Store View is changed
2565
- Fixed Wrong Comments History in notification of order creation/cancellation
2566
Fixed In AJAX popup fields "From" and "To" have behavior as mandatory fields
2567
Fixed Filter by Allow Countries not working for Customer Address Form in the Backend
2568
Fixed Product price lower than 0 (after catalog price rule applying)
@@ -2664,7 +2674,7 @@ Updated PayflowLink HSS user interface in checkout
2664
=== Changes ===
2665
TheFind integration was removed
2666
Google Optimizer was removed (it will be supported as a core extension)
2667
- Improved how discounts are applied to sub products
2668
2669
=== Fixes ===
2670
Fixed When using direct Export, the _super_product_sku and _super_product_option on the configurable product does not match
@@ -2690,7 +2700,7 @@ Fixed Catalog price rules for composite products changes
2690
Fixed Moving modules to the correct place
2691
Fixed Wishlist shows items per store scope, not website
2692
Fixed Products in Wishlist disappears, when Store View is changed
2693
- Fixed Wrong Comments History in notification of order creation/cancellation
2694
Fixed In AJAX popup fields "From" and "To" have behavior as mandatory fields
2695
Fixed Filter by Allow Countries not working for Customer Address Form in the Backend
2696
Fixed Product price lower than 0 (after catalog price rule applying)
@@ -2781,7 +2791,7 @@ Fixed After upgrading dashboard "Top 5 Search Terms" grid doesn't show search t
2781
==== 1.6.x-devel-119961 ====
2782
2783
=== Fixes ===
2784
- Fixed Wrong Comments History in notification of order creation/cancellation
2785
Fixed In AJAX popup fields "From" and "To" have behavior as mandatory fields
2786
Fixed Filter by Allow Countries not working for Customer Address Form in the Backend
2787
Fixed Product price lower than 0 (after catalog price rule applying)
@@ -3349,7 +3359,7 @@ Fixed Error is presented by saving address, creating order with created attribut
3349
=== Major Highlights ===
3350
Minimum Advertised Price
3351
Persistent Shopping Cart
3352
- Known issues: if you see the Service Temporarily Unavailable page after refreshing the frontend, open the Magento installation
3353
directory on the server and remove the maintenance.flag file. Then go to Magento var directory and remove the cache directory.
3354
3355
=== Improvements ===
@@ -4276,8 +4286,8 @@ Fixed Tax/VAT number not displayed
4276
Fixed HTML typo in Transactional mail "account_new_confirmation.html"
4277
Fixed Varien_Db_Adapter_Mysqli::raw_query() should throw an Exception after 10 tries
4278
4279
- ==== 1.5.1.0 ====
4280
-
4281
=== Improvements ===
4282
Alternative image storage feature enabled with fixed get.php file.
4283
Magento Mobile updated to release v20
@@ -4301,7 +4311,7 @@ Replaced usage of Varien_File_Uploader with Mage_Core_Model_File_Uploader
4301
=== Fixes ===
4302
Fixed PayPal Standard: order has two invoice and two refund
4303
Fixed Adjustment Fee, Adjustment Refund and Refund Shipping fields must be disabled on credit memo for Payflow Pro and PayFlowLink payment methods
4304
- - Actualized API params mapping
4305
- Added parameter Amount into refund request
4306
Fixed Broken mysql4-data-upgrade-1.4.0.0.13-1.4.0.0.14.php file
4307
Fixed XMLConnect - edited parameter cannot be saved
@@ -4310,7 +4320,7 @@ Fixed Media storage - problem with image in the CMS pages
4310
Fixed Unable to place order using PayPal Billing agreement through Checkout with multiple addresses
4311
- Added additional multi shipping checkout exceptions logging.
4312
Fixed No AmericanExpress support in Website Payments Pro Payflow Edition
4313
- - Added to Direct payment
4314
Fixed Incorrect Subtotal(Incl. Tax) in Shopping Cart, when catalog prices entered by admin include tax
4315
Fixed Function "Apply Tax On - Original price only" does not correct calculate product tax
4316
Fixed No ability to save Product Attribute with type Media Image
@@ -4338,7 +4348,7 @@ Fixed Custom URL Rewrite creation broken
4338
- skip filtering for store select if no product or category specified in case of custom rewrite
4339
Fixed Shopping Cart Price Rule->Conditions->Shipping Country is not correctly controlled on multiple checkout.
4340
- Added checking: if address object is a new object rules validation cache will not working because we can not save validation results for address without id
4341
- Fixed Resources names are not translated on Role Resources page at backend
4342
Fixed Multiselect and Dropdown Attribute values set to "0" are not exported correctly
4343
Fixed WYSIWYG Editor - Unable to Create a Folder when Inserting a File
4344
Fixed Wrong cache key for websites
@@ -4522,7 +4532,7 @@ Magento Mobile updated to release v20
4522
=== Fixes ===
4523
Fixed PayPal Standard: order has two invoice and two refund
4524
Fixed Adjustmen Fee, Adjustment Refund and Refund Shipping fields must be disabled on credit memo for Payflow Pro and PayFlowLink payment methods
4525
- - Actualized API params mapping
4526
- Added parameter Amount into refund request
4527
Fixed Broken mysql4-data-upgrade-1.4.0.0.13-1.4.0.0.14.php file
4528
Fixed XMLConnect - edited parameter cannot be saved
@@ -4531,7 +4541,7 @@ Fixed Media storage - problem with image in the CMS pages
4531
Fixed Unable to place order using PayPal Billing agreement through Checkout with multiple addresses
4532
- Added additional multi shipping checkout exceptions logging.
4533
Fixed No AmericanExpress support in Website Payments Pro Payflow Edition
4534
- - Added to Direct payment
4535
Fixed Incorrect Subtotal(Incl. Tax) in Shopping Cart, when catalog prices entered by admin include tax
4536
Fixed Function "Apply Tax On - Original price only" does not correct calculate product tax
4537
Fixed No ability to save Product Attribute with type Media Image
@@ -4570,7 +4580,7 @@ Fixed Custom URL Rewrite creation broken
4570
- skip filtering for store select if no product or category specified in case of custom rewrite
4571
Fixed Shopping Cart Price Rule->Conditions->Shipping Country is not correctly controlled on multiple checkout.
4572
- Added checking: if address object is a new object rules validation cache will not working because we can not save validation results for address without id
4573
- Fixed Resources names are not translated on Role Resources page at backend
4574
Fixed Multiselect and Dropdown Attribute values set to "0" are not exported correctly
4575
Fixed WYSIWYG Editor - Unable to Create a Folder when Inserting a File
4576
Fixed Wrong cache key for websites
@@ -4826,10 +4836,10 @@ Fixed Google Base Synchronize
4826
- Fixed fatal error on very first Publish and then Synchronizing if in GB products already were
4827
- Fixed potential fatal when on mass Publish action we will not retrieve any item id: expected array, but null or empty string given
4828
Fixed Rounding issues in shipping methods and in sales payment
4829
- Fixed Usage of non-mb-supported strlen() in custom option validation
4830
- fixed length calculation routine to work with multi-byte characters
4831
- changed order of evaluation, so that length is calculated only if length constraint is set for custom option
4832
- Fixed Unused class Mage_Reports_Model_Mysql4_Shopcart_Product_Collection did not marked like deprecated
4833
- mark class as deprecated after 1.5.0.1
4834
4835
@@ -4982,7 +4992,7 @@ Fixed Free shipping does not transfer to Google Checkout when it is enabled in a
4982
- Re factored and optimized code
4983
- Improved performance
4984
- Fixed typos
4985
- - Added dependency for GoogleCheckout module from Usa module
4986
- Added fedex and usps free methods supporting
4987
4988
@@ -4994,7 +5004,7 @@ Due to a design flaw we are removing alternative image storage feature from this
4994
==== 1.5.0.0 =====
4995
4996
=== Major Highlights ===
4997
- Added Payflow Link using HSS (Hosted Sole Solution)
4998
Balance Response, Partial Authorization Transactions, Authorization Reversals Support for MasterCard and Discover with Authorize.net
4999
3D Secure Authentication for Authorize.net payment method
5000
Authorize.Net SIM payment method
@@ -5324,12 +5334,12 @@ Fixed Incorrect items number in "MY WISHLIST" after updated quantity in the Wish
5324
- Added new configuration option "Display Wishlist Summary" in System -> Configuration -> Customers -> Wishlist section
5325
- Removed quantity information from wishlist frontend page
5326
Fixed Update compare list after delete one item
5327
- Fixed No hint for disabled "Configure" button
5328
Fixed In Bundle product's page "Availability" string is not placed well
5329
Fixed Non-correct headers uses for email return-path.
5330
Fixed Numerous issued with displaying tax on front-end for bundled items
5331
Fixed Impossible save empty values for store view scope
5332
- Fixed Non-correct headers uses for email return-path.
5333
- Added "-f" parameter to transport instance at Mage_Core_Model_Email_Template::send() like PHP mail() needs
5334
Fixed Do not hide ajax loader on 'Place order' step on onepage checkout when customer selected PayflowLink payment method until PayPal iframe will be loaded
5335
Fixed Order can be placed with non-configured composite product in Ordered Items
@@ -5466,7 +5476,7 @@ Fixed CSS Merger Cache Ignores Hostname and HTTPS
5466
- removed "beta" mark on CSS merger feature in system configuration, because known issue with different host names for different store views is solved
5467
- split merged CSS storage into 2 parts: "css" and "css_secure"
5468
- included "port" and "base host name" parameters into merger hash generation algorithm as parameters
5469
- Fixed: Default country setting not affect country select field default value on frontend
5470
Fixed Credit card data Iframe for PayflowLink is displayed on Order Review step for all payment methods
5471
Fixed The Wrong / not exist Url should be redirect to 404 page
5472
- Added section availability in preDispatch
@@ -6018,12 +6028,12 @@ Fixed Incorrect items number in "MY WISHLIST" after updated quantity in the Wish
6018
- Added new configuration option "Display Wishlist Summary" in System -> Configuration -> Customers -> Wishlist section
6019
- Removed quantity information from wishlist frontend page
6020
Fixed Update compare list after delete one item
6021
- Fixed No hint for disabled "Configure" button
6022
Fixed In Bundle product's page "Availability" string is not placed well
6023
Fixed Non-correct headers uses for email return-path.
6024
Fixed Numerous issued with displaying tax on front-end for bundled items
6025
Fixed Impossible save empty values for store view scope
6026
- Fixed Non-correct headers uses for email return-path.
6027
- Added "-f" parameter to transport instance at Mage_Core_Model_Email_Template::send() like PHP mail() needs
6028
Fixed Do not hide ajax loader on 'Place order' step on onepage checkout when customer selected PayflowLink payment method until PayPal iframe will be loaded
6029
Fixed Order can be placed with non-configured composite product in Ordered Items
@@ -6043,12 +6053,12 @@ Fixed Incorrect items number in "MY WISHLIST" after updated quantity in the Wish
6043
- Added new configuration option "Display Wishlist Summary" in System -> Configuration -> Customers -> Wishlist section
6044
- Removed quantity information from wishlist frontend page
6045
Fixed Update compare list after delete one item
6046
- Fixed No hint for disabled "Configure" button
6047
Fixed In Bundle product's page "Availability" string is not placed well
6048
Fixed Non-correct headers uses for email return-path.
6049
Fixed Numerous issued with displaying tax on front-end for bundled items
6050
Fixed Impossible save empty values for store view scope
6051
- Fixed Non-correct headers uses for email return-path.
6052
- Added "-f" parameter to transport instance at Mage_Core_Model_Email_Template::send() like PHP mail() needs
6053
Fixed Do not hide ajax loader on 'Place order' step on onepage checkout when customer selected PayflowLink payment method until PayPal iframe will be loaded
6054
Fixed Order can be placed with non-configured composite product in Ordered Items
@@ -6222,7 +6232,7 @@ Fixed CSS Merger Cache Ignores Hostname and HTTPS
6222
- removed "beta" mark on CSS merger feature in system configuration, because known issue with different host names for different store views is solved
6223
- split merged CSS storage into 2 parts: "css" and "css_secure"
6224
- included "port" and "base host name" parameters into merger hash generation algorithm as parameters
6225
- Fixed: Default country setting not affect country select field default value on frontend
6226
Fixed Credit card data Iframe for PayflowLink is displayed on Order Review step for all payment methods
6227
Fixed The Wrong / not exist Url should be redirect to 404 page
6228
- Added section availability in preDispatch
@@ -6489,7 +6499,7 @@ Fixed CSS Merger Cache Ignores Hostname and HTTPS
6489
- removed "beta" mark on CSS merger feature in system configuration, because known issue with different host names for different store views is solved
6490
- split merged CSS storage into 2 parts: "css" and "css_secure"
6491
- included "port" and "base host name" parameters into merger hash generation algorithm as parameters
6492
- Fixed: Default country setting not affect country select field default value on frontend
6493
Fixed Credit card data Iframe for PayflowLink is displayed on Order Review step for all payment methods
6494
Fixed The Wrong / not exist Url should be redirect to 404 page
6495
- Added section availability in preDispatch
@@ -6635,7 +6645,7 @@ Fixed UPS XML Shipping method doesn't work, if country of shipping origin is not
6635
** Implemented new download process and dependencies rules
6636
** Added correct behavior during extension reinstall, so dependencies will not reinstall automatically
6637
* Optimized rewrite selection from DB, added url rewrite and suffix validation at admin backend
6638
- * Added verification of access level for app/etc/local.xml.
6639
** Now if server configuration has issue and this file accessible from browser admin user gets notification in backend.
6640
* Upgraded Zend Framework to version 1.10.8
6641
* Added the Recurring Profiles tab in customer management
@@ -6763,7 +6773,7 @@ Fixed UPS XML Shipping method doesn't work, if country of shipping origin is not
6763
* Fixed wrong shipping price in case of sales rule with fixed cart discount and 1 item in cart
6764
* Fixed the label for the configurable product attribute does not reflect correctly on the frontend
6765
* Fixed sales rule with fixed discount for whole cart doesn't work
6766
- * Fixed "Slash for category or product urls causes error 404"
6767
* Fixed Shared shopping cart on the stores with different domains
6768
** check origin url in all store urls
6769
** prevent to getting SID param from current query
@@ -6788,7 +6798,7 @@ Fixed UPS XML Shipping method doesn't work, if country of shipping origin is not
6788
* Fixed Image browser in WYSIWYG editor doesn't fill mouse over/out fields
6789
* Fixed Added rounding to "Refund Shipping" field on credit memo creation page.
6790
* Fixed Added additional error messages to customer address validation on PHP side while creating.
6791
- * Fixed "No server side check for password length when customer edits his account information"
6792
** Also added proper processing for password == '0', earlier it was considered as non-set password
6793
* Fixed WYSIWYG editor breaks directives that are not in src attribute
6794
* fixed directives decoding for a case when the secret key is present in URLs
@@ -6855,7 +6865,7 @@ Fixed UPS XML Shipping method doesn't work, if country of shipping origin is not
6855
* Fixed Quick Search Autocomplete does not work via ajax http protocol for https page
6856
* Fixed Inventory->Qty Increments - unable to add
6857
* Fixed Loading search query performance issue
6858
- * Fixed Changed labels in checkout and payment information blocs for credit cards Solo Maestro Switch
6859
* Fixed Product q-ty doesnt decrease after google checkout
6860
** added same 'checkout_submit_all_after' event to AmazonPayments
6861
** removed 'TODO' notice from Multishipping Checkout, because current scheme is better and will not be influenced by any Multishipping refactoring
@@ -6880,7 +6890,7 @@ Fixed UPS XML Shipping method doesn't work, if country of shipping origin is not
6880
* Fixed Unable to refund Credit Memo because of Shipping Rounding
6881
* Fixed Added custom option info to recurring profile info page on frontend and backend.
6882
* Fixed Product Visibility and Status disappear when in search
6883
- * Fixed Removed validation of new customer shipping address on backend for orders with virtual products only
6884
* Fixed ability to buy Product which have status "Out of Stock" through a direct link on button "Checkout with PayPal"
6885
* Fixed All free shipping methods in absent in Transfer Shipping Options menu on PayPal side
6886
* Fixed Payment methods titles for the PDF prints through admin gets from default config instead of the storeview config
@@ -6934,13 +6944,13 @@ Fixed UPS XML Shipping method doesn't work, if country of shipping origin is not
6934
* Fixed Incorrect work of "Recently Compared Products" functional on category's page
6935
* Fixed behavior when having single store, javascript raises exception and all followed code is not executed
6936
* Fixed that Special price for dynamic bundle applies twice
6937
- * Fixed #21960: Labels in page/html_wrapper and core/text_list in layout
6938
* Fixed GUI bugs on Recurrent Profile frontend part
6939
* Fixed Magento Connect -> Message about invalid URL is duplicated
6940
* Fixed that suspend Recurring Profile from front side leads to error
6941
* Fixed Missing pager for tagged product list
6942
* Fixed Wrong profiler output for getUrl in Category
6943
- * Fixed Saving of billing agreement relation with order - added force billing agreement re-saving and fixed isValid method in agreement detection.
6944
* Fixed Incorrect sort order reliable on mysql internal order during eav attribute load
6945
** move prepare select to separate method
6946
* Fixed passing additional totals to PayPal when cart line items are disabled:
@@ -6966,7 +6976,7 @@ Fixed UPS XML Shipping method doesn't work, if country of shipping origin is not
6966
* Fixed bug with 'Use Flat Catalog Category'
6967
* Fixed #13770, #16300, #21040 : Product Media Api Broken, product_media.create API overwrites image itself each upload, product_media.update API does not upgrade the image itself
6968
* Fixed #16306: Webservice with htaccess (changes in code style)
6969
- * Fixed #22536: Light-weight email templates
6970
* Fixed #18935: Soap api v2 multiple complexFilters with the same key
6971
* Fixed incorrect Window titles on frontend
6972
* Fixed Eliminated display currency usage (instead of the base website currency) in shopping cart price rule conditions
@@ -7005,47 +7015,47 @@ Fixed UPS XML Shipping method doesn't work, if country of shipping origin is not
7005
* Fixed #20481: Access Control List not retrieved for API user for resources() and resourceFaults() operations
7006
* Fixed #18367: FCGI Error on WSDL Url with Apache and mod_fastcgi
7007
* Fixed #22053: use HTTP 301 code instead of 302 in case of web/url/redirect_to_base
7008
- * Fixed #20654: Admin order creation->Move mouse cursor isn't changed into hand while move it on some product for adding
7009
* Fixed #21590: Attribute 'Date': testing for uniqueness fields not working
7010
* Fixed #21566: Type of attribute 'Price': Possible to add text value for field 'default value'
7011
* Fixed #22053: added optional behavior (301 or 302)
7012
* Fixed #21570: Review from not logged in user is saved in list of All Reviews when "Allow guests to write reviews = No"
7013
* Fixed #22090: Different values of Qty Increments during create and after duplicate products
7014
- * Fixed #22489: Eliminate difference between bundle.js in different skins
7015
* Fixed #22419: Set default stock_data if not exist in create/update product
7016
* Fixed #20227: "Review(x)" link should be added to the compare page.
7017
* Fixed #21570: Review from not logged in user is saved in list of All Reviews when "Allow guests to write reviews = No"
7018
- * Fixed #20959: Locale problem in shipping tracking popup raises exception
7019
* Fixed #21955: Layout cache ignores product column count update
7020
* Fixed #20011: After using filter "Color" or "Manufacture" in Configurable Product meaning from column is disappear
7021
* Fixed #21908: Incorrect attribute ordering in "Compare products" page.
7022
- * Fixed #22222: Edit review-> if browse stores in the "Visible In " drop-down, rating values reseted
7023
* Fixed #22075: Product Attribute title specified for StoreView isn't showing on the configurable product's page
7024
* Fixed #22605: catalog_category.level return root categories when website or store are null
7025
- * Fixed #21806: Different values display on the shopping cart in front-end and back-end
7026
- * Fixed #20113: Shipping address display as default on the front-end and as not default on admin for one customer
7027
* Fixed #22575: Trace error during using filter "Products" on Tags page
7028
** added 'filter_index' to array parameter in addColumn() method call
7029
- * Fixed #14591: Incorrect SKU for Configurable Product with Custom Options
7030
* Fixed #22476: Blank Column in Related Products Grid
7031
** deleted duplicate <col> output for editable columns
7032
* Fixed #22575: Trace error during using filter "Products" on Tags page
7033
** apply filter_index field values to index
7034
- * Fixed #22644: A discrepancy between GT(Base) and GT(Purchased)
7035
- * Fixed #22645: Incorrect original price when using custom price in order.
7036
* Fixed #22653: Missed checking for file existence in JS/CSS merger
7037
** checking in source file exists. If not - do not check last modification and force to merge target file again
7038
- * Fixed #22594: Unable to place orders through checkout with multiple addresses with PayPal direct + zero subtotal for one order
7039
- * Fixed #21185: Newsletter confirmed automatically BEFORE account email is confirmed.
7040
- * Fixed #22167: "Add new row" button in downloadable product
7041
- * Fixed #21952: BUG - Category / Url Model (UYN-886991)
7042
* Fixed #15334, #17794
7043
** API category did not pass validation process due to available_sort_by must be ArrayOfString
7044
** Added category validation for backend (missed)
7045
** Creating separate validation for available_sort_by and default_sort_by attributes
7046
* Fixed #22599 Upgrade from 1.1.8 to 1.8.0.0 database compatibility issues (PARTIAL)
7047
- * Fixed #22661: 1 cent bug
7048
- * Fixed #22434: 100% discount of products -> the amounts of Tax and Grand Totals are or negative or not corectly
7049
* Fixed #10073: Unnecessary option for downloadable products
7050
* Fixed #20014: Qty use decimals for downloadable
7051
* Fixed #22164: Incorrect message for maximum shipping amount
@@ -7062,20 +7072,20 @@ Fixed UPS XML Shipping method doesn't work, if country of shipping origin is not
7062
* Fixed #22266: HEADERS ALREADY SENT Error during dataflow import
7063
** Additionally: moveing layout update in separate layout file of dataflow module.
7064
* Fixed #21412: The "Save Attribute" and "Save and Continue Edit" buttons become disabled after saving attribute with attribute code that exists
7065
- * Fixed #22844: After login to admin got 404 instead Startup Page
7066
- * Fixed #22852: shopping cart price rule - search by ID - error page
7067
* Fixed #15897: Unsubscription Email Sender in the Newsletters Subscription Options is not working correctly
7068
* Fixed #15899: Newsletters subscription confirmation in not working
7069
* Fixed #22908: Grid Serializer doesn't handle dropdowns as edit columns
7070
* Fixed #22946: 'Products Tagged by Administrators' grid contains information about product that is assigned by the customer
7071
- * Fixed #22935: Issue with Google AdWords and DSMM Code
7072
- * Fixed #22910: view of system/design table with no records under IE 8
7073
* Fixed #22914: view of URL rewrite table with no records under IE 8
7074
- * Fixed #22935: Issue with Google AdWords and DSMM Code
7075
- * Fixed #22536: Light-weight email templates
7076
* Fixed #23017: Memcache session fallback does not work
7077
- * Fixed #22992: Trace appears during create reorder from front-end
7078
- * Fixed #22991: Cannot add items to shopping cart after active 'Use Flat Catalog Product'
7079
* Fixed #22813: Google base Undefined Offset when Managing attribute mapping
7080
* Fixed #23138: URL rewrite error on product creation
7081
* Added Regions for baltic states and Finland
@@ -7194,14 +7204,14 @@ Fixed UPS XML Shipping method doesn't work, if country of shipping origin is not
7194
7195
== Improvements ==
7196
* Optimized rewrite selection from DB, added url rewrite and suffix validation at admin backend
7197
- * Added verification of access level for app/etc/local.xml.
7198
** Now if server configuration has issue and this file accessible from browser admin user gets notification in backend.
7199
7200
== Changes ==
7201
* Compilation scope for some EAV models which was causing blank page after enabling compilation
7202
7203
== Fixes ==
7204
- * Fixed "Slash for category or product urls causes error 404"
7205
* Fixed Shared shopping cart on the stores with different domains
7206
** check origin url in all store urls
7207
** prevent to getting SID param from current query
@@ -7238,7 +7248,7 @@ Fixed UPS XML Shipping method doesn't work, if country of shipping origin is not
7238
* Fixed Image browser in WYSIWYG editor doesn't fill mouse over/out fields
7239
* Fixed Added rounding to "Refund Shipping" field on credit memo creation page.
7240
* Fixed Added additional error messages to customer address validation on PHP side while creating.
7241
- * Fixed "No server side check for password length when customer edits his account information"
7242
** Also added proper processing for password == '0', earlier it was considered as non-set password
7243
* Fixed WYSIWYG editor breaks directives that are not in src attribute
7244
* fixed directives decoding for a case when the secret key is present in URLs
@@ -7316,7 +7326,7 @@ Fixed UPS XML Shipping method doesn't work, if country of shipping origin is not
7316
* Fixed Quick Search Autocomplete does not work via ajax http protocol for https page
7317
* Fixed Inventory->Qty Increments - unable to add
7318
* Fixed Loading search query performance issue
7319
- * Fixed Changed labels in checkout and payment information blocs for credit cards Solo Maestro Switch
7320
* Fixed Product q-ty doesnt decrease after google checkout
7321
** added same 'checkout_submit_all_after' event to AmazonPayments
7322
** removed 'TODO' notice from Multishipping Checkout, because current scheme is better and will not be influenced by any Multishipping refactoring
@@ -7341,7 +7351,7 @@ Fixed UPS XML Shipping method doesn't work, if country of shipping origin is not
7341
* Fixed Unable to refund Credit Memo because of Shipping Rounding
7342
* Fixed Added custom option info to recurring profile info page on frontend and backend.
7343
* Fixed Product Visibility and Status disappear when in search
7344
- * Fixed Removed validation of new customer shipping address on backend for orders with virtual products only
7345
7346
7347
==== 1.4.x-devel-78617 ====
@@ -7434,13 +7444,13 @@ Fixed UPS XML Shipping method doesn't work, if country of shipping origin is not
7434
* Fixed Incorrect work of "Recently Compared Products" functional on category's page
7435
* Fixed behavior when having single store, javascript raises exception and all followed code is not executed
7436
* Fixed that Special price for dynamic bundle applies twice
7437
- * Fixed #21960: Labels in page/html_wrapper and core/text_list in layout
7438
* Fixed GUI bugs on Recurrent Profile frontend part
7439
* Fixed Magento Connect -> Message about invalid URL is duplicated
7440
* Fixed that suspend Recurring Profile from front side leads to error
7441
* Fixed Missing pager for tagged product list
7442
* Fixed Wrong profiler output for getUrl in Category
7443
- * Fixed Saving of billing agreement relation with order - added force billing agreement re-saving and fixed isValid method in agreement detection.
7444
* Fixed Incorrect sort order reliable on mysql internal order during eav attribute load
7445
** move prepare select to separate method
7446
* Fixed passing additional totals to PayPal when cart line items are disabled:
@@ -7486,7 +7496,7 @@ Fixed UPS XML Shipping method doesn't work, if country of shipping origin is not
7486
* Fixed bug with 'Use Flat Catalog Category'
7487
* Fixed #13770, #16300, #21040 : Product Media Api Broken, product_media.create API overwrites image itself each upload, product_media.update API does not upgrade the image itself
7488
* Fixed #16306: Webservice with htaccess (changes in code style)
7489
- * Fixed #22536: Light-weight email templates
7490
* Fixed #18935: Soap api v2 multiple complexFilters with the same key
7491
* Fixed incorrect Window titles on frontend
7492
* Fixed Eliminated display currency usage (instead of the base website currency) in shopping cart price rule conditions
@@ -7533,47 +7543,47 @@ Fixed UPS XML Shipping method doesn't work, if country of shipping origin is not
7533
* Fixed #20481: Access Control List not retrieved for API user for resources() and resourceFaults() operations
7534
* Fixed #18367: FCGI Error on WSDL Url with Apache and mod_fastcgi
7535
* Fixed #22053: use HTTP 301 code instead of 302 in case of web/url/redirect_to_base
7536
- * Fixed #20654: Admin order creation->Move mouse cursor isn't changed into hand while move it on some product for adding
7537
* Fixed #21590: Attribute 'Date': testing for uniqueness fields not working
7538
* Fixed #21566: Type of attribute 'Price': Possible to add text value for field 'default value'
7539
* Fixed #22053: added optional behavior (301 or 302)
7540
* Fixed #21570: Review from not logged in user is saved in list of All Reviews when "Allow guests to write reviews = No"
7541
* Fixed #22090: Different values of Qty Increments during create and after duplicate products
7542
- * Fixed #22489: Eliminate difference between bundle.js in different skins
7543
* Fixed #22419: Set default stock_data if not exist in create/update product
7544
* Fixed #20227: "Review(x)" link should be added to the compare page.
7545
* Fixed #21570: Review from not logged in user is saved in list of All Reviews when "Allow guests to write reviews = No"
7546
- * Fixed #20959: Locale problem in shipping tracking popup raises exception
7547
* Fixed #21955: Layout cache ignores product column count update
7548
* Fixed #20011: After using filter "Color" or "Manufacture" in Configurable Product meaning from column is disappear
7549
* Fixed #21908: Incorrect attribute ordering in "Compare products" page.
7550
- * Fixed #22222: Edit review-> if browse stores in the "Visible In " drop-down, rating values reseted
7551
* Fixed #22075: Product Attribute title specified for StoreView isn't showing on the configurable product's page
7552
* Fixed #22605: catalog_category.level return root categories when website or store are null
7553
- * Fixed #21806: Different values display on the shopping cart in front-end and back-end
7554
- * Fixed #20113: Shipping address display as default on the front-end and as not default on admin for one customer
7555
* Fixed #22575: Trace error during using filter "Products" on Tags page
7556
** added 'filter_index' to array parameter in addColumn() method call
7557
- * Fixed #14591: Incorrect SKU for Configurable Product with Custom Options
7558
* Fixed #22476: Blank Column in Related Products Grid
7559
** deleted duplicate <col> output for editable columns
7560
* Fixed #22575: Trace error during using filter "Products" on Tags page
7561
** apply filter_index field values to index
7562
- * Fixed #22644: A discrepancy between GT(Base) and GT(Purchased)
7563
- * Fixed #22645: Incorrect original price when using custom price in order.
7564
* Fixed #22653: Missed checking for file existents in JS/CSS merger
7565
** cheking in source file exists. If not - do not check last modification and force to merge target file again
7566
- * Fixed #22594: Unable to place orders through checkout with multiple addresses with PayPal direct + zero subtotal for one order
7567
- * Fixed #21185: Newsletter confirmed automatically BEFORE account email is confirmed.
7568
- * Fixed #22167: "Add new row" button in downloadable product
7569
- * Fixed #21952: BUG - Category / Url Model (UYN-886991)
7570
* Fixed #15334, #17794
7571
** API category did not pass validation process due to available_sort_by must be ArrayOfString
7572
** Added category validation for backend (missed)
7573
** Creating separate validation for available_sort_by and default_sort_by attributes
7574
* Fixed #22599 Upgrade from 1.1.8 to 1.8.0.0 database compatibility issues (PARTIAL)
7575
- * Fixed #22661: 1 cent bug
7576
- * Fixed #22434: 100% discount of products -> the amounts of Tax and Grand Totals are or negative or not corectly
7577
* Fixed #10073: Unnecessary option for downloadable products
7578
* Fixed #20014: Qty use decimals for downloadable
7579
* Fixed #22164: Incorrect message for maximum shipping amount
@@ -7590,20 +7600,20 @@ Fixed UPS XML Shipping method doesn't work, if country of shipping origin is not
7590
* Fixed #22266: HEADERS ALREADY SENT Error during dataflow import
7591
** Additionally: moveing layout update in separate layout file of dataflow module.
7592
* Fixed #21412: The "Save Attribute" and "Save and Continue Edit" buttons become disabled after saving attribute with attribute code that exists
7593
- * Fixed #22844: After login to admin got 404 instead Startup Page
7594
- * Fixed #22852: shopping cart price rule - search by ID - error page
7595
* Fixed #15897: Unsubscription Email Sender in the Newsletters Subscription Options is not working correctly
7596
* Fixed #15899: Newsletters subscription confirmation in not working
7597
* Fixed #22908: Grid Serializer doesn't handle dropdowns as edit columns
7598
* Fixed #22946: 'Products Tagged by Administrators' grid contains information about product that is assigned by the customer
7599
- * Fixed #22935: Issue with Google AdWords and DSMM Code
7600
- * Fixed #22910: view of system/design table with no records under IE 8
7601
* Fixed #22914: view of URL rewrite table with no records under IE 8
7602
- * Fixed #22935: Issue with Google AdWords and DSMM Code
7603
- * Fixed #22536: Light-weight email templates
7604
* Fixed #23017: Memcache session fallback does not work
7605
- * Fixed #22992: Trace appears during create reorder from front-end
7606
- * Fixed #22991: Cannot add items to shopping cart after active 'Use Flat Catalog Product'
7607
* Fixed #22813: Google base Undefined Offset when Managing attribute mapping
7608
* Fixed #23138: URL rewrite error on product creation
7609
* Added Regions for baltic states and Finland
@@ -7613,7 +7623,7 @@ Fixed UPS XML Shipping method doesn't work, if country of shipping origin is not
7613
* Fixed #16294: WSDL missing attributes for customerCustomerEntity
7614
* Fixed #22851: Used wrong resource model for api/user
7615
* Fixed #18207: SOAP-ERROR: Parsing Schema: can't import schema from 'http://schemas.xmlsoap.org/soap/encoding/'
7616
- * Fixed Fatal error: Call to undefined function eaccelerator_fetch()
7617
7618
7619
@@ -7626,7 +7636,7 @@ Fixed UPS XML Shipping method doesn't work, if country of shipping origin is not
7626
7627
=== Changes ===
7628
* Checkout: added dispatching event 'checkout_submit_all_after' into all checkout models
7629
- * Centinel: changed event for resetting validation state
7630
* Added check for Order ID before try to lookup transactions by Transaction Id
7631
* Added cvv field for Mastero/Switch/Solo cards. Also fixed html formatting.
7632
* Re-factored saving relation of billing agreement with order.
1
+ ==== 1.9.2.2 ====
2
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
3
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
4
+ ] NOTE: Current Release Notes are maintained at: [
5
+ ] [
6
+ ] http://merch.docs.magento.com/ce/user_guide/Magento_Community_Edition_User_Guide.html#magento/release-notes-ce-1.9.2.2.html [
7
+ ] [
8
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
9
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
10
+
11
==== 1.9.2.1 ====
12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
41
==== 1.7.0.2 ====
42
43
=== Fixes ===
44
+ Fixed: Security vulnerability in Zend_XmlRpc - http://framework.zend.com/security/advisory/ZF2012-01
45
Fixed: PayPal Standard does not display on frontend during checkout with some merchant countries
46
47
661
Implemented different base prices for customer groups
662
Added auto generation of coupon codes
663
Backup and Rollback functionality
664
+ VAT ID Validation added
665
Implemented DHL for Europe
666
Added REST API
667
672
Added ability to translate action array parameter nodes via layout.xml
673
Added support for using custom currency symbols
674
Added functionality to cleaning old cache files by cron task
675
+ Refactored rules-based modules
676
Improved customer address handling using PayPal Express checkout
677
Refactored escaping functionality used with translations
678
Added ability to customize logo in emails from the admin
688
Image file of "jpg" type are allowed for favicon
689
Added ability to extend list of attributes to select for categories loaded via Mage_Catalog_Model_Resource_Category_Flat::_loadNodes()
690
Added changes to lib/Varien/Http/Adapter/Curl.php to provide interface for setting different cURL options
691
+ Displaying State or Province can be optional for any country
692
Added ability to get Magento type from Mage.php
693
694
=== Fixes ===
921
Fixed Customer's group isn't changed if his billing address modified within back-end
922
Added Add a message and the link in the mini shopping cart, when the cart is empty
923
Fixed On Edit Shipping Address page button "Validate VAT Number" should be hidden
924
+ Fixed Fatal error when try to ship order with Flat Rate shipping method
925
- fixed potentially problematic chaining involved getShippingCarrier method
926
Fixed No ability to open PDF file with Label
927
Fixed Incorrect final price for configurable products if several custom options used
928
Fixed "Length", "Width" and "Height" fields on "Create Packages" pop up are active, when "Documents" type is selected in IE7 and IE9
929
Fixed HTTP 500 error on front-end for bundle fixed with percent options enabled for sub-products
930
+ Fixed Shipment created on Magento side doesn't send to Google side for Merchant Calculated shipping
931
- added check for process only Google Checkout internal methods
932
Fixed PDF files for invoices and credit memos are not displaying Including Tax Price
933
Fixed Default value that was specified in system settings doesn't presented in Code Format drop-down on Manage Coupon Codes tab
960
Fixed Impossible to enter zero in the base price field for customer groups
961
Fixed Group Price attribute position on the Prices tab is incorrect
962
Fixed Add new column to the grid with number of used coupons
963
+ Fixed Custom options are not stored when downloadable product is duplicated
964
Fixed Broken logic for "Zero Subtotal Checkout" order statuses
965
Fixed Coupon codes generation fails when trying to generate large amount of codes
966
Fixed PayFlow Link: Using "Pay with PayPal" and selected shipping method that is greater than 0 doesn't process order
1225
Added ability to translate action array parameter nodes via layout.xml
1226
Added support for using custom currency symbols
1227
Added functionality to cleaning old cache files by cron task
1228
+ Refactored rules-based modules
1229
Improved customer address handling using PayPal Express checkout
1230
Refactored escaping functionality used with translations
1231
Added ability to customize logo in emails from the admin
1240
Image file of "jpg" type are allowed for favicon
1241
Added ability to extend list of attributes to select for categories loaded via Mage_Catalog_Model_Resource_Category_Flat::_loadNodes()
1242
Added changes to lib/Varien/Http/Adapter/Curl.php to provide interface for setting different cURL options
1243
+ Displaying State or Province can be optional for any country
1244
Added ability to get Magento type from Mage.php
1245
1246
1425
Fixed Customer's group isn't changed if his billing address modified within back-end
1426
Added Add a message and the link in the mini shopping cart, when the cart is empty
1427
Fixed On Edit Shipping Address page button "Validate VAT Number" should be hidden
1428
+ Fixed Fatal error when try to ship order with Flat Rate shipping method
1429
- fixed potentially problematic chaining involved getShippingCarrier method
1430
Fixed No ability to open PDF file with Label
1431
Fixed Incorrect final price for configurable products if several custom options used
1432
Fixed "Length", "Width" and "Height" fields on "Create Packages" pop up are active, when "Documents" type is selected in IE7 and IE9
1433
Fixed HTTP 500 error on front-end for bundle fixed with percent options enabled for sub-products
1434
+ Fixed Shipment created on Magento side doesn't send to Google side for Merchant Calculated shipping
1435
- added check for process only Google Checkout internal methods
1436
Fixed PDF files for invoices and credit memos are not displaying Including Tax Price
1437
Fixed Default value that was specified in system settings doesn't presented in Code Format drop-down on Manage Coupon Codes tab
1465
Fixed Impossible to enter zero in the base price field for customer groups
1466
Fixed Group Price attribute position on the Prices tab is incorrect
1467
Fixed Add new column to the grid with number of used coupons
1468
+ Fixed Custom options are not stored when downloadable product is duplicated
1469
Fixed Broken logic for "Zero Subtotal Checkout" order statuses
1470
Fixed Coupon codes generation fails when trying to generate large amount of codes
1471
Fixed PayFlow Link: Using "Pay with PayPal" and selected shipping method that is greater than 0 doesn't process order
1483
1484
=== Improvements ===
1485
Refactored indexing process:
1486
+ - Changed logic around reindexing to prevent conflicts between partial and full reindexing
1487
- Prevented situations where concurrent indexing processes run at the same time and overwrite each other's data
1488
1489
=== Changes ===
1519
Implemented different base prices for customer groups
1520
Added auto generation of coupon codes
1521
Backup and Rollback functionality
1522
+ VAT ID Validation added
1523
Implemented DHL for Europe
1524
1525
=== Improvements ===
2252
Fixed Moving modules to the correct place
2253
Fixed Wishlist shows items per store scope, not website
2254
Fixed Products in Wishlist disappears, when Store View is changed
2255
+ Fixed Wrong Comments History in notification of order creation/cancellation
2256
Fixed In AJAX popup fields "From" and "To" have behavior as mandatory fields
2257
Fixed Filter by Allow Countries not working for Customer Address Form in the Backend
2258
Fixed Product price lower than 0 (after catalog price rule applying)
2428
Fixed Moving modules to the correct place
2429
Fixed Wishlist shows items per store scope, not website
2430
Fixed Products in Wishlist disappears, when Store View is changed
2431
+ Fixed Wrong Comments History in notification of order creation/cancellation
2432
Fixed In AJAX popup fields "From" and "To" have behavior as mandatory fields
2433
Fixed Filter by Allow Countries not working for Customer Address Form in the Backend
2434
Fixed Product price lower than 0 (after catalog price rule applying)
2529
=== Changes ===
2530
TheFind integration was removed
2531
Google Optimizer was removed (it will be supported as a core extension)
2532
+ Improved how discounts are applied to sub products
2533
2534
=== Fixes ===
2535
Fixed Saved CC form is not displayed, when there are no other available payment methods except Saved CC
2572
Fixed Moving modules to the correct place
2573
Fixed Wishlist shows items per store scope, not website
2574
Fixed Products in Wishlist disappears, when Store View is changed
2575
+ Fixed Wrong Comments History in notification of order creation/cancellation
2576
Fixed In AJAX popup fields "From" and "To" have behavior as mandatory fields
2577
Fixed Filter by Allow Countries not working for Customer Address Form in the Backend
2578
Fixed Product price lower than 0 (after catalog price rule applying)
2674
=== Changes ===
2675
TheFind integration was removed
2676
Google Optimizer was removed (it will be supported as a core extension)
2677
+ Improved how discounts are applied to sub products
2678
2679
=== Fixes ===
2680
Fixed When using direct Export, the _super_product_sku and _super_product_option on the configurable product does not match
2700
Fixed Moving modules to the correct place
2701
Fixed Wishlist shows items per store scope, not website
2702
Fixed Products in Wishlist disappears, when Store View is changed
2703
+ Fixed Wrong Comments History in notification of order creation/cancellation
2704
Fixed In AJAX popup fields "From" and "To" have behavior as mandatory fields
2705
Fixed Filter by Allow Countries not working for Customer Address Form in the Backend
2706
Fixed Product price lower than 0 (after catalog price rule applying)
2791
==== 1.6.x-devel-119961 ====
2792
2793
=== Fixes ===
2794
+ Fixed Wrong Comments History in notification of order creation/cancellation
2795
Fixed In AJAX popup fields "From" and "To" have behavior as mandatory fields
2796
Fixed Filter by Allow Countries not working for Customer Address Form in the Backend
2797
Fixed Product price lower than 0 (after catalog price rule applying)
3359
=== Major Highlights ===
3360
Minimum Advertised Price
3361
Persistent Shopping Cart
3362
+ Known issues: if you see the Service Temporarily Unavailable page after refreshing the frontend, open the Magento installation
3363
directory on the server and remove the maintenance.flag file. Then go to Magento var directory and remove the cache directory.
3364
3365
=== Improvements ===
4286
Fixed HTML typo in Transactional mail "account_new_confirmation.html"
4287
Fixed Varien_Db_Adapter_Mysqli::raw_query() should throw an Exception after 10 tries
4288
4289
+ ==== 1.5.1.0 ====
4290
+
4291
=== Improvements ===
4292
Alternative image storage feature enabled with fixed get.php file.
4293
Magento Mobile updated to release v20
4311
=== Fixes ===
4312
Fixed PayPal Standard: order has two invoice and two refund
4313
Fixed Adjustment Fee, Adjustment Refund and Refund Shipping fields must be disabled on credit memo for Payflow Pro and PayFlowLink payment methods
4314
+ - Actualized API params mapping
4315
- Added parameter Amount into refund request
4316
Fixed Broken mysql4-data-upgrade-1.4.0.0.13-1.4.0.0.14.php file
4317
Fixed XMLConnect - edited parameter cannot be saved
4320
Fixed Unable to place order using PayPal Billing agreement through Checkout with multiple addresses
4321
- Added additional multi shipping checkout exceptions logging.
4322
Fixed No AmericanExpress support in Website Payments Pro Payflow Edition
4323
+ - Added to Direct payment
4324
Fixed Incorrect Subtotal(Incl. Tax) in Shopping Cart, when catalog prices entered by admin include tax
4325
Fixed Function "Apply Tax On - Original price only" does not correct calculate product tax
4326
Fixed No ability to save Product Attribute with type Media Image
4348
- skip filtering for store select if no product or category specified in case of custom rewrite
4349
Fixed Shopping Cart Price Rule->Conditions->Shipping Country is not correctly controlled on multiple checkout.
4350
- Added checking: if address object is a new object rules validation cache will not working because we can not save validation results for address without id
4351
+ Fixed Resources names are not translated on Role Resources page at backend
4352
Fixed Multiselect and Dropdown Attribute values set to "0" are not exported correctly
4353
Fixed WYSIWYG Editor - Unable to Create a Folder when Inserting a File
4354
Fixed Wrong cache key for websites
4532
=== Fixes ===
4533
Fixed PayPal Standard: order has two invoice and two refund
4534
Fixed Adjustmen Fee, Adjustment Refund and Refund Shipping fields must be disabled on credit memo for Payflow Pro and PayFlowLink payment methods
4535
+ - Actualized API params mapping
4536
- Added parameter Amount into refund request
4537
Fixed Broken mysql4-data-upgrade-1.4.0.0.13-1.4.0.0.14.php file
4538
Fixed XMLConnect - edited parameter cannot be saved
4541
Fixed Unable to place order using PayPal Billing agreement through Checkout with multiple addresses
4542
- Added additional multi shipping checkout exceptions logging.
4543
Fixed No AmericanExpress support in Website Payments Pro Payflow Edition
4544
+ - Added to Direct payment
4545
Fixed Incorrect Subtotal(Incl. Tax) in Shopping Cart, when catalog prices entered by admin include tax
4546
Fixed Function "Apply Tax On - Original price only" does not correct calculate product tax
4547
Fixed No ability to save Product Attribute with type Media Image
4580
- skip filtering for store select if no product or category specified in case of custom rewrite
4581
Fixed Shopping Cart Price Rule->Conditions->Shipping Country is not correctly controlled on multiple checkout.
4582
- Added checking: if address object is a new object rules validation cache will not working because we can not save validation results for address without id
4583
+ Fixed Resources names are not translated on Role Resources page at backend
4584
Fixed Multiselect and Dropdown Attribute values set to "0" are not exported correctly
4585
Fixed WYSIWYG Editor - Unable to Create a Folder when Inserting a File
4586
Fixed Wrong cache key for websites
4836
- Fixed fatal error on very first Publish and then Synchronizing if in GB products already were
4837
- Fixed potential fatal when on mass Publish action we will not retrieve any item id: expected array, but null or empty string given
4838
Fixed Rounding issues in shipping methods and in sales payment
4839
+ Fixed Usage of non-mb-supported strlen() in custom option validation
4840
- fixed length calculation routine to work with multi-byte characters
4841
- changed order of evaluation, so that length is calculated only if length constraint is set for custom option
4842
+ Fixed Unused class Mage_Reports_Model_Mysql4_Shopcart_Product_Collection did not marked like deprecated
4843
- mark class as deprecated after 1.5.0.1
4844
4845
4992
- Re factored and optimized code
4993
- Improved performance
4994
- Fixed typos
4995
+ - Added dependency for GoogleCheckout module from Usa module
4996
- Added fedex and usps free methods supporting
4997
4998
5004
==== 1.5.0.0 =====
5005
5006
=== Major Highlights ===
5007
+ Added Payflow Link using HSS (Hosted Sole Solution)
5008
Balance Response, Partial Authorization Transactions, Authorization Reversals Support for MasterCard and Discover with Authorize.net
5009
3D Secure Authentication for Authorize.net payment method
5010
Authorize.Net SIM payment method
5334
- Added new configuration option "Display Wishlist Summary" in System -> Configuration -> Customers -> Wishlist section
5335
- Removed quantity information from wishlist frontend page
5336
Fixed Update compare list after delete one item
5337
+ Fixed No hint for disabled "Configure" button
5338
Fixed In Bundle product's page "Availability" string is not placed well
5339
Fixed Non-correct headers uses for email return-path.
5340
Fixed Numerous issued with displaying tax on front-end for bundled items
5341
Fixed Impossible save empty values for store view scope
5342
+ Fixed Non-correct headers uses for email return-path.
5343
- Added "-f" parameter to transport instance at Mage_Core_Model_Email_Template::send() like PHP mail() needs
5344
Fixed Do not hide ajax loader on 'Place order' step on onepage checkout when customer selected PayflowLink payment method until PayPal iframe will be loaded
5345
Fixed Order can be placed with non-configured composite product in Ordered Items
5476
- removed "beta" mark on CSS merger feature in system configuration, because known issue with different host names for different store views is solved
5477
- split merged CSS storage into 2 parts: "css" and "css_secure"
5478
- included "port" and "base host name" parameters into merger hash generation algorithm as parameters
5479
+ Fixed: Default country setting not affect country select field default value on frontend
5480
Fixed Credit card data Iframe for PayflowLink is displayed on Order Review step for all payment methods
5481
Fixed The Wrong / not exist Url should be redirect to 404 page
5482
- Added section availability in preDispatch
6028
- Added new configuration option "Display Wishlist Summary" in System -> Configuration -> Customers -> Wishlist section
6029
- Removed quantity information from wishlist frontend page
6030
Fixed Update compare list after delete one item
6031
+ Fixed No hint for disabled "Configure" button
6032
Fixed In Bundle product's page "Availability" string is not placed well
6033
Fixed Non-correct headers uses for email return-path.
6034
Fixed Numerous issued with displaying tax on front-end for bundled items
6035
Fixed Impossible save empty values for store view scope
6036
+ Fixed Non-correct headers uses for email return-path.
6037
- Added "-f" parameter to transport instance at Mage_Core_Model_Email_Template::send() like PHP mail() needs
6038
Fixed Do not hide ajax loader on 'Place order' step on onepage checkout when customer selected PayflowLink payment method until PayPal iframe will be loaded
6039
Fixed Order can be placed with non-configured composite product in Ordered Items
6053
- Added new configuration option "Display Wishlist Summary" in System -> Configuration -> Customers -> Wishlist section
6054
- Removed quantity information from wishlist frontend page
6055
Fixed Update compare list after delete one item
6056
+ Fixed No hint for disabled "Configure" button
6057
Fixed In Bundle product's page "Availability" string is not placed well
6058
Fixed Non-correct headers uses for email return-path.
6059
Fixed Numerous issued with displaying tax on front-end for bundled items
6060
Fixed Impossible save empty values for store view scope
6061
+ Fixed Non-correct headers uses for email return-path.
6062
- Added "-f" parameter to transport instance at Mage_Core_Model_Email_Template::send() like PHP mail() needs
6063
Fixed Do not hide ajax loader on 'Place order' step on onepage checkout when customer selected PayflowLink payment method until PayPal iframe will be loaded
6064
Fixed Order can be placed with non-configured composite product in Ordered Items
6232
- removed "beta" mark on CSS merger feature in system configuration, because known issue with different host names for different store views is solved
6233
- split merged CSS storage into 2 parts: "css" and "css_secure"
6234
- included "port" and "base host name" parameters into merger hash generation algorithm as parameters
6235
+ Fixed: Default country setting not affect country select field default value on frontend
6236
Fixed Credit card data Iframe for PayflowLink is displayed on Order Review step for all payment methods
6237
Fixed The Wrong / not exist Url should be redirect to 404 page
6238
- Added section availability in preDispatch
6499
- removed "beta" mark on CSS merger feature in system configuration, because known issue with different host names for different store views is solved
6500
- split merged CSS storage into 2 parts: "css" and "css_secure"
6501
- included "port" and "base host name" parameters into merger hash generation algorithm as parameters
6502
+ Fixed: Default country setting not affect country select field default value on frontend
6503
Fixed Credit card data Iframe for PayflowLink is displayed on Order Review step for all payment methods
6504
Fixed The Wrong / not exist Url should be redirect to 404 page
6505
- Added section availability in preDispatch
6645
** Implemented new download process and dependencies rules
6646
** Added correct behavior during extension reinstall, so dependencies will not reinstall automatically
6647
* Optimized rewrite selection from DB, added url rewrite and suffix validation at admin backend
6648
+ * Added verification of access level for app/etc/local.xml.
6649
** Now if server configuration has issue and this file accessible from browser admin user gets notification in backend.
6650
* Upgraded Zend Framework to version 1.10.8
6651
* Added the Recurring Profiles tab in customer management
6773
* Fixed wrong shipping price in case of sales rule with fixed cart discount and 1 item in cart
6774
* Fixed the label for the configurable product attribute does not reflect correctly on the frontend
6775
* Fixed sales rule with fixed discount for whole cart doesn't work
6776
+ * Fixed "Slash for category or product urls causes error 404"
6777
* Fixed Shared shopping cart on the stores with different domains
6778
** check origin url in all store urls
6779
** prevent to getting SID param from current query
6798
* Fixed Image browser in WYSIWYG editor doesn't fill mouse over/out fields
6799
* Fixed Added rounding to "Refund Shipping" field on credit memo creation page.
6800
* Fixed Added additional error messages to customer address validation on PHP side while creating.
6801
+ * Fixed "No server side check for password length when customer edits his account information"
6802
** Also added proper processing for password == '0', earlier it was considered as non-set password
6803
* Fixed WYSIWYG editor breaks directives that are not in src attribute
6804
* fixed directives decoding for a case when the secret key is present in URLs
6865
* Fixed Quick Search Autocomplete does not work via ajax http protocol for https page
6866
* Fixed Inventory->Qty Increments - unable to add
6867
* Fixed Loading search query performance issue
6868
+ * Fixed Changed labels in checkout and payment information blocs for credit cards Solo Maestro Switch
6869
* Fixed Product q-ty doesnt decrease after google checkout
6870
** added same 'checkout_submit_all_after' event to AmazonPayments
6871
** removed 'TODO' notice from Multishipping Checkout, because current scheme is better and will not be influenced by any Multishipping refactoring
6890
* Fixed Unable to refund Credit Memo because of Shipping Rounding
6891
* Fixed Added custom option info to recurring profile info page on frontend and backend.
6892
* Fixed Product Visibility and Status disappear when in search
6893
+ * Fixed Removed validation of new customer shipping address on backend for orders with virtual products only
6894
* Fixed ability to buy Product which have status "Out of Stock" through a direct link on button "Checkout with PayPal"
6895
* Fixed All free shipping methods in absent in Transfer Shipping Options menu on PayPal side
6896
* Fixed Payment methods titles for the PDF prints through admin gets from default config instead of the storeview config
6944
* Fixed Incorrect work of "Recently Compared Products" functional on category's page
6945
* Fixed behavior when having single store, javascript raises exception and all followed code is not executed
6946
* Fixed that Special price for dynamic bundle applies twice
6947
+ * Fixed #21960: Labels in page/html_wrapper and core/text_list in layout
6948
* Fixed GUI bugs on Recurrent Profile frontend part
6949
* Fixed Magento Connect -> Message about invalid URL is duplicated
6950
* Fixed that suspend Recurring Profile from front side leads to error
6951
* Fixed Missing pager for tagged product list
6952
* Fixed Wrong profiler output for getUrl in Category
6953
+ * Fixed Saving of billing agreement relation with order - added force billing agreement re-saving and fixed isValid method in agreement detection.
6954
* Fixed Incorrect sort order reliable on mysql internal order during eav attribute load
6955
** move prepare select to separate method
6956
* Fixed passing additional totals to PayPal when cart line items are disabled:
6976
* Fixed bug with 'Use Flat Catalog Category'
6977
* Fixed #13770, #16300, #21040 : Product Media Api Broken, product_media.create API overwrites image itself each upload, product_media.update API does not upgrade the image itself
6978
* Fixed #16306: Webservice with htaccess (changes in code style)
6979
+ * Fixed #22536: Light-weight email templates
6980
* Fixed #18935: Soap api v2 multiple complexFilters with the same key
6981
* Fixed incorrect Window titles on frontend
6982
* Fixed Eliminated display currency usage (instead of the base website currency) in shopping cart price rule conditions
7015
* Fixed #20481: Access Control List not retrieved for API user for resources() and resourceFaults() operations
7016
* Fixed #18367: FCGI Error on WSDL Url with Apache and mod_fastcgi
7017
* Fixed #22053: use HTTP 301 code instead of 302 in case of web/url/redirect_to_base
7018
+ * Fixed #20654: Admin order creation->Move mouse cursor isn't changed into hand while move it on some product for adding
7019
* Fixed #21590: Attribute 'Date': testing for uniqueness fields not working
7020
* Fixed #21566: Type of attribute 'Price': Possible to add text value for field 'default value'
7021
* Fixed #22053: added optional behavior (301 or 302)
7022
* Fixed #21570: Review from not logged in user is saved in list of All Reviews when "Allow guests to write reviews = No"
7023
* Fixed #22090: Different values of Qty Increments during create and after duplicate products
7024
+ * Fixed #22489: Eliminate difference between bundle.js in different skins
7025
* Fixed #22419: Set default stock_data if not exist in create/update product
7026
* Fixed #20227: "Review(x)" link should be added to the compare page.
7027
* Fixed #21570: Review from not logged in user is saved in list of All Reviews when "Allow guests to write reviews = No"
7028
+ * Fixed #20959: Locale problem in shipping tracking popup raises exception
7029
* Fixed #21955: Layout cache ignores product column count update
7030
* Fixed #20011: After using filter "Color" or "Manufacture" in Configurable Product meaning from column is disappear
7031
* Fixed #21908: Incorrect attribute ordering in "Compare products" page.
7032
+ * Fixed #22222: Edit review-> if browse stores in the "Visible In " drop-down, rating values reseted
7033
* Fixed #22075: Product Attribute title specified for StoreView isn't showing on the configurable product's page
7034
* Fixed #22605: catalog_category.level return root categories when website or store are null
7035
+ * Fixed #21806: Different values display on the shopping cart in front-end and back-end
7036
+ * Fixed #20113: Shipping address display as default on the front-end and as not default on admin for one customer
7037
* Fixed #22575: Trace error during using filter "Products" on Tags page
7038
** added 'filter_index' to array parameter in addColumn() method call
7039
+ * Fixed #14591: Incorrect SKU for Configurable Product with Custom Options
7040
* Fixed #22476: Blank Column in Related Products Grid
7041
** deleted duplicate <col> output for editable columns
7042
* Fixed #22575: Trace error during using filter "Products" on Tags page
7043
** apply filter_index field values to index
7044
+ * Fixed #22644: A discrepancy between GT(Base) and GT(Purchased)
7045
+ * Fixed #22645: Incorrect original price when using custom price in order.
7046
* Fixed #22653: Missed checking for file existence in JS/CSS merger
7047
** checking in source file exists. If not - do not check last modification and force to merge target file again
7048
+ * Fixed #22594: Unable to place orders through checkout with multiple addresses with PayPal direct + zero subtotal for one order
7049
+ * Fixed #21185: Newsletter confirmed automatically BEFORE account email is confirmed.
7050
+ * Fixed #22167: "Add new row" button in downloadable product
7051
+ * Fixed #21952: BUG - Category / Url Model (UYN-886991)
7052
* Fixed #15334, #17794
7053
** API category did not pass validation process due to available_sort_by must be ArrayOfString
7054
** Added category validation for backend (missed)
7055
** Creating separate validation for available_sort_by and default_sort_by attributes
7056
* Fixed #22599 Upgrade from 1.1.8 to 1.8.0.0 database compatibility issues (PARTIAL)
7057
+ * Fixed #22661: 1 cent bug
7058
+ * Fixed #22434: 100% discount of products -> the amounts of Tax and Grand Totals are or negative or not corectly
7059
* Fixed #10073: Unnecessary option for downloadable products
7060
* Fixed #20014: Qty use decimals for downloadable
7061
* Fixed #22164: Incorrect message for maximum shipping amount
7072
* Fixed #22266: HEADERS ALREADY SENT Error during dataflow import
7073
** Additionally: moveing layout update in separate layout file of dataflow module.
7074
* Fixed #21412: The "Save Attribute" and "Save and Continue Edit" buttons become disabled after saving attribute with attribute code that exists
7075
+ * Fixed #22844: After login to admin got 404 instead Startup Page
7076
+ * Fixed #22852: shopping cart price rule - search by ID - error page
7077
* Fixed #15897: Unsubscription Email Sender in the Newsletters Subscription Options is not working correctly
7078
* Fixed #15899: Newsletters subscription confirmation in not working
7079
* Fixed #22908: Grid Serializer doesn't handle dropdowns as edit columns
7080
* Fixed #22946: 'Products Tagged by Administrators' grid contains information about product that is assigned by the customer
7081
+ * Fixed #22935: Issue with Google AdWords and DSMM Code
7082
+ * Fixed #22910: view of system/design table with no records under IE 8
7083
* Fixed #22914: view of URL rewrite table with no records under IE 8
7084
+ * Fixed #22935: Issue with Google AdWords and DSMM Code
7085
+ * Fixed #22536: Light-weight email templates
7086
* Fixed #23017: Memcache session fallback does not work
7087
+ * Fixed #22992: Trace appears during create reorder from front-end
7088
+ * Fixed #22991: Cannot add items to shopping cart after active 'Use Flat Catalog Product'
7089
* Fixed #22813: Google base Undefined Offset when Managing attribute mapping
7090
* Fixed #23138: URL rewrite error on product creation
7091
* Added Regions for baltic states and Finland
7204
7205
== Improvements ==
7206
* Optimized rewrite selection from DB, added url rewrite and suffix validation at admin backend
7207
+ * Added verification of access level for app/etc/local.xml.
7208
** Now if server configuration has issue and this file accessible from browser admin user gets notification in backend.
7209
7210
== Changes ==
7211
* Compilation scope for some EAV models which was causing blank page after enabling compilation
7212
7213
== Fixes ==
7214
+ * Fixed "Slash for category or product urls causes error 404"
7215
* Fixed Shared shopping cart on the stores with different domains
7216
** check origin url in all store urls
7217
** prevent to getting SID param from current query
7248
* Fixed Image browser in WYSIWYG editor doesn't fill mouse over/out fields
7249
* Fixed Added rounding to "Refund Shipping" field on credit memo creation page.
7250
* Fixed Added additional error messages to customer address validation on PHP side while creating.
7251
+ * Fixed "No server side check for password length when customer edits his account information"
7252
** Also added proper processing for password == '0', earlier it was considered as non-set password
7253
* Fixed WYSIWYG editor breaks directives that are not in src attribute
7254
* fixed directives decoding for a case when the secret key is present in URLs
7326
* Fixed Quick Search Autocomplete does not work via ajax http protocol for https page
7327
* Fixed Inventory->Qty Increments - unable to add
7328
* Fixed Loading search query performance issue
7329
+ * Fixed Changed labels in checkout and payment information blocs for credit cards Solo Maestro Switch
7330
* Fixed Product q-ty doesnt decrease after google checkout
7331
** added same 'checkout_submit_all_after' event to AmazonPayments
7332
** removed 'TODO' notice from Multishipping Checkout, because current scheme is better and will not be influenced by any Multishipping refactoring
7351
* Fixed Unable to refund Credit Memo because of Shipping Rounding
7352
* Fixed Added custom option info to recurring profile info page on frontend and backend.
7353
* Fixed Product Visibility and Status disappear when in search
7354
+ * Fixed Removed validation of new customer shipping address on backend for orders with virtual products only
7355
7356
7357
==== 1.4.x-devel-78617 ====
7444
* Fixed Incorrect work of "Recently Compared Products" functional on category's page
7445
* Fixed behavior when having single store, javascript raises exception and all followed code is not executed
7446
* Fixed that Special price for dynamic bundle applies twice
7447
+ * Fixed #21960: Labels in page/html_wrapper and core/text_list in layout
7448
* Fixed GUI bugs on Recurrent Profile frontend part
7449
* Fixed Magento Connect -> Message about invalid URL is duplicated
7450
* Fixed that suspend Recurring Profile from front side leads to error
7451
* Fixed Missing pager for tagged product list
7452
* Fixed Wrong profiler output for getUrl in Category
7453
+ * Fixed Saving of billing agreement relation with order - added force billing agreement re-saving and fixed isValid method in agreement detection.
7454
* Fixed Incorrect sort order reliable on mysql internal order during eav attribute load
7455
** move prepare select to separate method
7456
* Fixed passing additional totals to PayPal when cart line items are disabled:
7496
* Fixed bug with 'Use Flat Catalog Category'
7497
* Fixed #13770, #16300, #21040 : Product Media Api Broken, product_media.create API overwrites image itself each upload, product_media.update API does not upgrade the image itself
7498
* Fixed #16306: Webservice with htaccess (changes in code style)
7499
+ * Fixed #22536: Light-weight email templates
7500
* Fixed #18935: Soap api v2 multiple complexFilters with the same key
7501
* Fixed incorrect Window titles on frontend
7502
* Fixed Eliminated display currency usage (instead of the base website currency) in shopping cart price rule conditions
7543
* Fixed #20481: Access Control List not retrieved for API user for resources() and resourceFaults() operations
7544
* Fixed #18367: FCGI Error on WSDL Url with Apache and mod_fastcgi
7545
* Fixed #22053: use HTTP 301 code instead of 302 in case of web/url/redirect_to_base
7546
+ * Fixed #20654: Admin order creation->Move mouse cursor isn't changed into hand while move it on some product for adding
7547
* Fixed #21590: Attribute 'Date': testing for uniqueness fields not working
7548
* Fixed #21566: Type of attribute 'Price': Possible to add text value for field 'default value'
7549
* Fixed #22053: added optional behavior (301 or 302)
7550
* Fixed #21570: Review from not logged in user is saved in list of All Reviews when "Allow guests to write reviews = No"
7551
* Fixed #22090: Different values of Qty Increments during create and after duplicate products
7552
+ * Fixed #22489: Eliminate difference between bundle.js in different skins
7553
* Fixed #22419: Set default stock_data if not exist in create/update product
7554
* Fixed #20227: "Review(x)" link should be added to the compare page.
7555
* Fixed #21570: Review from not logged in user is saved in list of All Reviews when "Allow guests to write reviews = No"
7556
+ * Fixed #20959: Locale problem in shipping tracking popup raises exception
7557
* Fixed #21955: Layout cache ignores product column count update
7558
* Fixed #20011: After using filter "Color" or "Manufacture" in Configurable Product meaning from column is disappear
7559
* Fixed #21908: Incorrect attribute ordering in "Compare products" page.
7560
+ * Fixed #22222: Edit review-> if browse stores in the "Visible In " drop-down, rating values reseted
7561
* Fixed #22075: Product Attribute title specified for StoreView isn't showing on the configurable product's page
7562
* Fixed #22605: catalog_category.level return root categories when website or store are null
7563
+ * Fixed #21806: Different values display on the shopping cart in front-end and back-end
7564
+ * Fixed #20113: Shipping address display as default on the front-end and as not default on admin for one customer
7565
* Fixed #22575: Trace error during using filter "Products" on Tags page
7566
** added 'filter_index' to array parameter in addColumn() method call
7567
+ * Fixed #14591: Incorrect SKU for Configurable Product with Custom Options
7568
* Fixed #22476: Blank Column in Related Products Grid
7569
** deleted duplicate <col> output for editable columns
7570
* Fixed #22575: Trace error during using filter "Products" on Tags page
7571
** apply filter_index field values to index
7572
+ * Fixed #22644: A discrepancy between GT(Base) and GT(Purchased)
7573
+ * Fixed #22645: Incorrect original price when using custom price in order.
7574
* Fixed #22653: Missed checking for file existents in JS/CSS merger
7575
** cheking in source file exists. If not - do not check last modification and force to merge target file again
7576
+ * Fixed #22594: Unable to place orders through checkout with multiple addresses with PayPal direct + zero subtotal for one order
7577
+ * Fixed #21185: Newsletter confirmed automatically BEFORE account email is confirmed.
7578
+ * Fixed #22167: "Add new row" button in downloadable product
7579
+ * Fixed #21952: BUG - Category / Url Model (UYN-886991)
7580
* Fixed #15334, #17794
7581
** API category did not pass validation process due to available_sort_by must be ArrayOfString
7582
** Added category validation for backend (missed)
7583
** Creating separate validation for available_sort_by and default_sort_by attributes
7584
* Fixed #22599 Upgrade from 1.1.8 to 1.8.0.0 database compatibility issues (PARTIAL)
7585
+ * Fixed #22661: 1 cent bug
7586
+ * Fixed #22434: 100% discount of products -> the amounts of Tax and Grand Totals are or negative or not corectly
7587
* Fixed #10073: Unnecessary option for downloadable products
7588
* Fixed #20014: Qty use decimals for downloadable
7589
* Fixed #22164: Incorrect message for maximum shipping amount
7600
* Fixed #22266: HEADERS ALREADY SENT Error during dataflow import
7601
** Additionally: moveing layout update in separate layout file of dataflow module.
7602
* Fixed #21412: The "Save Attribute" and "Save and Continue Edit" buttons become disabled after saving attribute with attribute code that exists
7603
+ * Fixed #22844: After login to admin got 404 instead Startup Page
7604
+ * Fixed #22852: shopping cart price rule - search by ID - error page
7605
* Fixed #15897: Unsubscription Email Sender in the Newsletters Subscription Options is not working correctly
7606
* Fixed #15899: Newsletters subscription confirmation in not working
7607
* Fixed #22908: Grid Serializer doesn't handle dropdowns as edit columns
7608
* Fixed #22946: 'Products Tagged by Administrators' grid contains information about product that is assigned by the customer
7609
+ * Fixed #22935: Issue with Google AdWords and DSMM Code
7610
+ * Fixed #22910: view of system/design table with no records under IE 8
7611
* Fixed #22914: view of URL rewrite table with no records under IE 8
7612
+ * Fixed #22935: Issue with Google AdWords and DSMM Code
7613
+ * Fixed #22536: Light-weight email templates
7614
* Fixed #23017: Memcache session fallback does not work
7615
+ * Fixed #22992: Trace appears during create reorder from front-end
7616
+ * Fixed #22991: Cannot add items to shopping cart after active 'Use Flat Catalog Product'
7617
* Fixed #22813: Google base Undefined Offset when Managing attribute mapping
7618
* Fixed #23138: URL rewrite error on product creation
7619
* Added Regions for baltic states and Finland
7623
* Fixed #16294: WSDL missing attributes for customerCustomerEntity
7624
* Fixed #22851: Used wrong resource model for api/user
7625
* Fixed #18207: SOAP-ERROR: Parsing Schema: can't import schema from 'http://schemas.xmlsoap.org/soap/encoding/'
7626
+ * Fixed Fatal error: Call to undefined function eaccelerator_fetch()
7627
7628
7629
7636
7637
=== Changes ===
7638
* Checkout: added dispatching event 'checkout_submit_all_after' into all checkout models
7639
+ * Centinel: changed event for resetting validation state
7640
* Added check for Order ID before try to lookup transactions by Transaction Id
7641
* Added cvv field for Mastero/Switch/Solo cards. Also fixed html formatting.
7642
* Re-factored saving relation of billing agreement with order.
app/Mage.php CHANGED
@@ -171,7 +171,7 @@ final class Mage
171
'major' => '1',
172
'minor' => '9',
173
'revision' => '2',
174
- 'patch' => '1',
175
'stability' => '',
176
'number' => '',
177
);
171
'major' => '1',
172
'minor' => '9',
173
'revision' => '2',
174
+ 'patch' => '2',
175
'stability' => '',
176
'number' => '',
177
);
app/code/core/Mage/Admin/Model/Block.php ADDED
@@ -0,0 +1,84 @@
1
+ <?php
2
+ /**
3
+ * Magento
4
+ *
5
+ * NOTICE OF LICENSE
6
+ *
7
+ * This source file is subject to the Open Software License (OSL 3.0)
8
+ * that is bundled with this package in the file LICENSE.txt.
9
+ * It is also available through the world-wide-web at this URL:
10
+ * http://opensource.org/licenses/osl-3.0.php
11
+ * If you did not receive a copy of the license and are unable to
12
+ * obtain it through the world-wide-web, please send an email
13
+ * to license@magento.com so we can send you a copy immediately.
14
+ *
15
+ * DISCLAIMER
16
+ *
17
+ * Do not edit or add to this file if you wish to upgrade Magento to newer
18
+ * versions in the future. If you wish to customize Magento for your
19
+ * needs please refer to http://www.magento.com for more information.
20
+ *
21
+ * @category Mage
22
+ * @package Mage_Admin
23
+ * @copyright Copyright (c) 2006-2015 X.commerce, Inc. (http://www.magento.com)
24
+ * @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
25
+ */
26
+
27
+ /**
28
+ * Class Mage_Admin_Model_Block
29
+ *
30
+ * @category Mage
31
+ * @package Mage_Adminhtml
32
+ * @author Magento Core Team <core@magentocommerce.com>
33
+ */
34
+ class Mage_Admin_Model_Block extends Mage_Core_Model_Abstract
35
+ {
36
+ /**
37
+ * Initialize variable model
38
+ */
39
+ protected function _construct()
40
+ {
41
+ $this->_init('admin/block');
42
+ }
43
+
44
+ /**
45
+ * @return array|bool
46
+ * @throws Exception
47
+ * @throws Zend_Validate_Exception
48
+ */
49
+ public function validate()
50
+ {
51
+ $errors = array();
52
+
53
+ if (!Zend_Validate::is($this->getBlockName(), 'NotEmpty')) {
54
+ $errors[] = Mage::helper('adminhtml')->__('Block Name is required field.');
55
+ }
56
+ if (!Zend_Validate::is($this->getBlockName(), 'Regex', array('/^[-_a-zA-Z0-9\/]*#x2F;'))) {
57
+ $errors[] = Mage::helper('adminhtml')->__('Block Name is incorrect.');
58
+ }
59
+
60
+ if (!in_array($this->getIsAllowed(), array('0', '1'))) {
61
+ $errors[] = Mage::helper('adminhtml')->__('Is Allowed is required field.');
62
+ }
63
+
64
+ if (empty($errors)) {
65
+ return true;
66
+ }
67
+ return $errors;
68
+ }
69
+
70
+ /**
71
+ * Check is block with such type allowed for parsinf via blockDirective method
72
+ *
73
+ * @param $type
74
+ * @return int
75
+ */
76
+ public function isTypeAllowed($type)
77
+ {
78
+ /** @var Mage_Admin_Model_Resource_Block_Collection $collection */
79
+ $collection = Mage::getResourceModel('admin/block_collection');
80
+ $collection->addFieldToFilter('block_name', array('eq' => $type))
81
+ ->addFieldToFilter('is_allowed', array('eq' => 1));
82
+ return $collection->load()->count();
83
+ }
84
+ }
app/code/core/Mage/Admin/Model/Resource/Block.php ADDED
@@ -0,0 +1,44 @@
1
+ <?php
2
+ /**
3
+ * Magento
4
+ *
5
+ * NOTICE OF LICENSE
6
+ *
7
+ * This source file is subject to the Open Software License (OSL 3.0)
8
+ * that is bundled with this package in the file LICENSE.txt.
9
+ * It is also available through the world-wide-web at this URL:
10
+ * http://opensource.org/licenses/osl-3.0.php
11
+ * If you did not receive a copy of the license and are unable to
12
+ * obtain it through the world-wide-web, please send an email
13
+ * to license@magento.com so we can send you a copy immediately.
14
+ *
15
+ * DISCLAIMER
16
+ *
17
+ * Do not edit or add to this file if you wish to upgrade Magento to newer
18
+ * versions in the future. If you wish to customize Magento for your
19
+ * needs please refer to http://www.magento.com for more information.
20
+ *
21
+ * @category Mage
22
+ * @package Mage_Admin
23
+ * @copyright Copyright (c) 2006-2015 X.commerce, Inc. (http://www.magento.com)
24
+ * @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
25
+ */
26
+
27
+ /**
28
+ * Class Mage_Admin_Model_Resource_Block
29
+ *
30
+ * @category Mage
31
+ * @package Mage_Adminhtml
32
+ * @author Magento Core Team <core@magentocommerce.com>
33
+ */
34
+ class Mage_Admin_Model_Resource_Block extends Mage_Core_Model_Resource_Db_Abstract
35
+ {
36
+ /**
37
+ * Define main table
38
+ *
39
+ */
40
+ protected function _construct()
41
+ {
42
+ $this->_init('admin/permission_block', 'block_id');
43
+ }
44
+ }
app/code/core/Mage/Admin/Model/Resource/Block/Collection.php ADDED
@@ -0,0 +1,44 @@
1
+ <?php
2
+ /**
3
+ * Magento
4
+ *
5
+ * NOTICE OF LICENSE
6
+ *
7
+ * This source file is subject to the Open Software License (OSL 3.0)
8
+ * that is bundled with this package in the file LICENSE.txt.
9
+ * It is also available through the world-wide-web at this URL:
10
+ * http://opensource.org/licenses/osl-3.0.php
11
+ * If you did not receive a copy of the license and are unable to
12
+ * obtain it through the world-wide-web, please send an email
13
+ * to license@magento.com so we can send you a copy immediately.
14
+ *
15
+ * DISCLAIMER
16
+ *
17
+ * Do not edit or add to this file if you wish to upgrade Magento to newer
18
+ * versions in the future. If you wish to customize Magento for your
19
+ * needs please refer to http://www.magento.com for more information.
20
+ *
21
+ * @category Mage
22
+ * @package Mage_Admin
23
+ * @copyright Copyright (c) 2006-2015 X.commerce, Inc. (http://www.magento.com)
24
+ * @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
25
+ */
26
+
27
+ /**
28
+ * Admin permissions block collection
29
+ *
30
+ * @category Mage
31
+ * @package Mage_Adminhtml
32
+ * @author Magento Core Team <core@magentocommerce.com>
33
+ */
34
+ class Mage_Admin_Model_Resource_Block_Collection extends Mage_Core_Model_Resource_Db_Collection_Abstract
35
+ {
36
+ /**
37
+ * Define resource model
38
+ *
39
+ */
40
+ protected function _construct()
41
+ {
42
+ $this->_init('admin/block');
43
+ }
44
+ }
app/code/core/Mage/Admin/Model/Resource/Variable.php ADDED
@@ -0,0 +1,43 @@
1
+ <?php
2
+ /**
3
+ * Magento
4
+ *
5
+ * NOTICE OF LICENSE
6
+ *
7
+ * This source file is subject to the Open Software License (OSL 3.0)
8
+ * that is bundled with this package in the file LICENSE.txt.
9
+ * It is also available through the world-wide-web at this URL:
10
+ * http://opensource.org/licenses/osl-3.0.php
11
+ * If you did not receive a copy of the license and are unable to
12
+ * obtain it through the world-wide-web, please send an email
13
+ * to license@magento.com so we can send you a copy immediately.
14
+ *
15
+ * DISCLAIMER
16
+ *
17
+ * Do not edit or add to this file if you wish to upgrade Magento to newer
18
+ * versions in the future. If you wish to customize Magento for your
19
+ * needs please refer to http://www.magento.com for more information.
20
+ *
21
+ * @category Mage
22
+ * @package Mage_Admin
23
+ * @copyright Copyright (c) 2006-2015 X.commerce, Inc. (http://www.magento.com)
24
+ * @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
25
+ */
26
+
27
+ /**
28
+ * Resource model for manipulate system variables
29
+ *
30
+ * @category Mage
31
+ * @package Mage_Admin
32
+ * @author Magento Core Team <core@magentocommerce.com>
33
+ */
34
+ class Mage_Admin_Model_Resource_Variable extends Mage_Core_Model_Resource_Db_Abstract
35
+ {
36
+ /**
37
+ * Define main table
38
+ */
39
+ protected function _construct()
40
+ {
41
+ $this->_init('admin/permission_variable', 'variable_id');
42
+ }
43
+ }
app/code/core/Mage/Admin/Model/Resource/Variable/Collection.php ADDED
@@ -0,0 +1,44 @@
1
+ <?php
2
+ /**
3
+ * Magento
4
+ *
5
+ * NOTICE OF LICENSE
6
+ *
7
+ * This source file is subject to the Open Software License (OSL 3.0)
8
+ * that is bundled with this package in the file LICENSE.txt.
9
+ * It is also available through the world-wide-web at this URL:
10
+ * http://opensource.org/licenses/osl-3.0.php
11
+ * If you did not receive a copy of the license and are unable to
12
+ * obtain it through the world-wide-web, please send an email
13
+ * to license@magento.com so we can send you a copy immediately.
14
+ *
15
+ * DISCLAIMER
16
+ *
17
+ * Do not edit or add to this file if you wish to upgrade Magento to newer
18
+ * versions in the future. If you wish to customize Magento for your
19
+ * needs please refer to http://www.magento.com for more information.
20
+ *
21
+ * @category Mage
22
+ * @package Mage_Admin
23
+ * @copyright Copyright (c) 2006-2015 X.commerce, Inc. (http://www.magento.com)
24
+ * @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
25
+ */
26
+
27
+ /**
28
+ * Admin permissions variable collection
29
+ *
30
+ * @category Mage
31
+ * @package Mage_Admin
32
+ * @author Magento Core Team <core@magentocommerce.com>
33
+ */
34
+ class Mage_Admin_Model_Resource_Variable_Collection extends Mage_Core_Model_Resource_Db_Collection_Abstract
35
+ {
36
+ /**
37
+ * Define resource model
38
+ *
39
+ */
40
+ protected function _construct()
41
+ {
42
+ $this->_init('admin/variable');
43
+ }
44
+ }
app/code/core/Mage/Admin/Model/Variable.php ADDED
@@ -0,0 +1,80 @@
1
+ <?php
2
+ /**
3
+ * Magento
4
+ *
5
+ * NOTICE OF LICENSE
6
+ *
7
+ * This source file is subject to the Open Software License (OSL 3.0)
8
+ * that is bundled with this package in the file LICENSE.txt.
9
+ * It is also available through the world-wide-web at this URL:
10
+ * http://opensource.org/licenses/osl-3.0.php
11
+ * If you did not receive a copy of the license and are unable to
12
+ * obtain it through the world-wide-web, please send an email
13
+ * to license@magento.com so we can send you a copy immediately.
14
+ *
15
+ * DISCLAIMER
16
+ *
17
+ * Do not edit or add to this file if you wish to upgrade Magento to newer
18
+ * versions in the future. If you wish to customize Magento for your
19
+ * needs please refer to http://www.magento.com for more information.
20
+ *
21
+ * @category Mage
22
+ * @package Mage_Admin
23
+ * @copyright Copyright (c) 2006-2015 X.commerce, Inc. (http://www.magento.com)
24
+ * @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
25
+ */
26
+
27
+ /**
28
+ * Class Mage_Admin_Model_Variable
29
+ */
30
+ class Mage_Admin_Model_Variable extends Mage_Core_Model_Abstract
31
+ {
32
+ /**
33
+ * Initialize variable model
34
+ */
35
+ protected function _construct()
36
+ {
37
+ $this->_init('admin/variable');
38
+ }
39
+
40
+ /**
41
+ * @return array|bool
42
+ * @throws Exception
43
+ * @throws Zend_Validate_Exception
44
+ */
45
+ public function validate()
46
+ {
47
+ $errors = array();
48
+
49
+ if (!Zend_Validate::is($this->getVariableName(), 'NotEmpty')) {
50
+ $errors[] = Mage::helper('adminhtml')->__('Variable Name is required field.');
51
+ }
52
+ if (!Zend_Validate::is($this->getVariableName(), 'Regex', array('/^[-_a-zA-Z0-9\/]*#x2F;'))) {
53
+ $errors[] = Mage::helper('adminhtml')->__('Variable Name is incorrect.');
54
+ }
55
+
56
+ if (!in_array($this->getIsAllowed(), array('0', '1'))) {
57
+ $errors[] = Mage::helper('adminhtml')->__('Is Allowed is required field.');
58
+ }
59
+
60
+ if (empty($errors)) {
61
+ return true;
62
+ }
63
+ return $errors;
64
+ }
65
+
66
+ /**
67
+ * Check is config directive with given path can be parsed via configDirective method
68
+ *
69
+ * @param $path string
70
+ * @return int
71
+ */
72
+ public function isPathAllowed($path)
73
+ {
74
+ /** @var Mage_Admin_Model_Resource_Variable_Collection $collection */
75
+ $collection = Mage::getResourceModel('admin/variable_collection');
76
+ $collection->addFieldToFilter('variable_name', array('eq' => $path))
77
+ ->addFieldToFilter('is_allowed', array('eq' => 1));
78
+ return $collection->load()->count();
79
+ }
80
+ }
app/code/core/Mage/Admin/etc/config.xml CHANGED
@@ -28,7 +28,7 @@
28
<config>
29
<modules>
30
<Mage_Admin>
31
- <version>1.6.1.1</version>
32
</Mage_Admin>
33
</modules>
34
<global>
@@ -50,6 +50,12 @@
50
<rule>
51
<table>admin_rule</table>
52
</rule>
53
<assert>
54
<table>admin_assert</table>
55
</assert>
28
<config>
29
<modules>
30
<Mage_Admin>
31
+ <version>1.6.1.2</version>
32
</Mage_Admin>
33
</modules>
34
<global>
50
<rule>
51
<table>admin_rule</table>
52
</rule>
53
+ <permission_variable>
54
+ <table>permission_variable</table>
55
+ </permission_variable>
56
+ <permission_block>
57
+ <table>permission_block</table>
58
+ </permission_block>
59
<assert>
60
<table>admin_assert</table>
61
</assert>
app/code/core/Mage/Admin/sql/admin_setup/upgrade-1.6.1.1-1.6.1.2.php ADDED
@@ -0,0 +1,103 @@
1
+ <?php
2
+ /**
3
+ * Magento
4
+ *
5
+ * NOTICE OF LICENSE
6
+ *
7
+ * This source file is subject to the Open Software License (OSL 3.0)
8
+ * that is bundled with this package in the file LICENSE.txt.
9
+ * It is also available through the world-wide-web at this URL:
10
+ * http://opensource.org/licenses/osl-3.0.php
11
+ * If you did not receive a copy of the license and are unable to
12
+ * obtain it through the world-wide-web, please send an email
13
+ * to license@magento.com so we can send you a copy immediately.
14
+ *
15
+ * DISCLAIMER
16
+ *
17
+ * Do not edit or add to this file if you wish to upgrade Magento to newer
18
+ * versions in the future. If you wish to customize Magento for your
19
+ * needs please refer to http://www.magento.com for more information.
20
+ *
21
+ * @category Mage
22
+ * @package Mage_Admin
23
+ * @copyright Copyright (c) 2006-2015 X.commerce, Inc. (http://www.magento.com)
24
+ * @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
25
+ */
26
+
27
+ /** @var $installer Mage_Core_Model_Resource_Setup */
28
+ $installer = $this;
29
+ $installer->startSetup();
30
+
31
+ $table = $installer->getConnection()
32
+ ->newTable($installer->getTable('admin/permission_variable'))
33
+ ->addColumn('variable_id', Varien_Db_Ddl_Table::TYPE_INTEGER, null, array(
34
+ 'identity' => true,
35
+ 'unsigned' => true,
36
+ 'nullable' => false,
37
+ 'primary' => true,
38
+ ), 'Variable ID')
39
+ ->addColumn('variable_name', Varien_Db_Ddl_Table::TYPE_VARCHAR, 255, array(
40
+ 'primary' => true,
41
+ 'nullable' => false,
42
+ 'default' => "",
43
+ ), 'Config Path')
44
+ ->addColumn('is_allowed', Varien_Db_Ddl_Table::TYPE_BOOLEAN, null, array(
45
+ 'nullable' => false,
46
+ 'default' => 0,
47
+ ), 'Mark that config can be processed by filters')
48
+ ->addIndex($installer->getIdxName('admin/permission_variable', array('variable_name'), Varien_Db_Adapter_Interface::INDEX_TYPE_UNIQUE),
49
+ array('variable_name'), array('type' => Varien_Db_Adapter_Interface::INDEX_TYPE_UNIQUE))
50
+ ->setComment('System variables that can be processed via content filter');
51
+ $installer->getConnection()->createTable($table);
52
+
53
+ $installer->getConnection()->insertMultiple(
54
+ $installer->getTable('admin/permission_variable'),
55
+ array(
56
+ array('variable_name' => 'trans_email/ident_support/name', 'is_allowed' => 1),
57
+ array('variable_name' => 'trans_email/ident_support/email','is_allowed' => 1),
58
+ array('variable_name' => 'web/unsecure/base_url','is_allowed' => 1),
59
+ array('variable_name' => 'web/secure/base_url','is_allowed' => 1),
60
+ array('variable_name' => 'trans_email/ident_general/name','is_allowed' => 1),
61
+ array('variable_name' => 'trans_email/ident_general/email', 'is_allowed' => 1),
62
+ array('variable_name' => 'trans_email/ident_sales/name','is_allowed' => 1),
63
+ array('variable_name' => 'trans_email/ident_sales/email','is_allowed' => 1),
64
+ array('variable_name' => 'trans_email/ident_custom1/name','is_allowed' => 1),
65
+ array('variable_name' => 'trans_email/ident_custom1/email','is_allowed' => 1),
66
+ array('variable_name' => 'trans_email/ident_custom2/name','is_allowed' => 1),
67
+ array('variable_name' => 'trans_email/ident_custom2/email','is_allowed' => 1),
68
+ array('variable_name' => 'general/store_information/name', 'is_allowed' => 1),
69
+ array('variable_name' => 'general/store_information/phone','is_allowed' => 1),
70
+ array('variable_name' => 'general/store_information/address', 'is_allowed' => 1),
71
+ )
72
+ );
73
+
74
+ $table = $installer->getConnection()
75
+ ->newTable($installer->getTable('admin/permission_block'))
76
+ ->addColumn('block_id', Varien_Db_Ddl_Table::TYPE_INTEGER, null, array(
77
+ 'identity' => true,
78
+ 'unsigned' => true,
79
+ 'nullable' => false,
80
+ 'primary' => true,
81
+ ), 'Block ID')
82
+ ->addColumn('block_name', Varien_Db_Ddl_Table::TYPE_VARCHAR, 255, array(
83
+ 'nullable' => false,
84
+ 'default' => "",
85
+ ), 'Block Name')
86
+ ->addColumn('is_allowed', Varien_Db_Ddl_Table::TYPE_BOOLEAN, null, array(
87
+ 'nullable' => false,
88
+ 'default' => 0,
89
+ ), 'Mark that block can be processed by filters')
90
+ ->addIndex($installer->getIdxName('admin/permission_block', array('block_name'), Varien_Db_Adapter_Interface::INDEX_TYPE_UNIQUE),
91
+ array('block_name'), array('type' => Varien_Db_Adapter_Interface::INDEX_TYPE_UNIQUE))
92
+ ->setComment('System blocks that can be processed via content filter');
93
+ $installer->getConnection()->createTable($table);
94
+
95
+ $installer->getConnection()->insertMultiple(
96
+ $installer->getTable('admin/permission_block'),
97
+ array(
98
+ array('block_name' => 'core/template', 'is_allowed' => 1),
99
+ array('block_name' => 'catalog/product_new', 'is_allowed' => 1),
100
+ )
101
+ );
102
+
103
+ $installer->endSetup();
app/code/core/Mage/Catalog/Model/Product/Option/Type/File.php CHANGED
@@ -126,17 +126,9 @@ class Mage_Catalog_Model_Product_Option_Type_File extends Mage_Catalog_Model_Pro
126
* Check whether we receive uploaded file or restore file by: reorder/edit configuration or
127
* previous configuration with no newly uploaded file
128
*/
129
- $fileInfo = null;
130
- if (isset($values[$option->getId()]) && is_array($values[$option->getId()])) {
131
- // Legacy style, file info comes in array with option id index
132
- $fileInfo = $values[$option->getId()];
133
- } else {
134
- /*
135
- * New recommended style - file info comes in request processing parameters and we
136
- * sure that this file info originates from Magento, not from manually formed POST request
137
- */
138
- $fileInfo = $this->_getCurrentConfigFileInfo();
139
- }
140
if ($fileInfo !== null) {
141
if (is_array($fileInfo) && $this->_validateFile($fileInfo)) {
142
$value = $fileInfo;
@@ -448,6 +440,11 @@ class Mage_Catalog_Model_Product_Option_Type_File extends Mage_Catalog_Model_Pro
448
// Save option in request, because we have no $_FILES['options']
449
$requestOptions[$this->getOption()->getId()] = $value;
450
$result = serialize($value);
451
} else {
452
/*
453
* Clear option info from request, so it won't be stored in our db upon
@@ -478,7 +475,7 @@ class Mage_Catalog_Model_Product_Option_Type_File extends Mage_Catalog_Model_Pro
478
{
479
if ($this->_formattedOptionValue === null) {
480
try {
481
- $value = unserialize($optionValue);
482
483
$customOptionUrlParams = $this->getCustomOptionUrlParams()
484
? $this->getCustomOptionUrlParams()
@@ -542,7 +539,7 @@ class Mage_Catalog_Model_Product_Option_Type_File extends Mage_Catalog_Model_Pro
542
if (is_array($value)) {
543
return $value;
544
} elseif (is_string($value) && !empty($value)) {
545
- return unserialize($value);
546
} else {
547
return array();
548
}
@@ -568,7 +565,7 @@ class Mage_Catalog_Model_Product_Option_Type_File extends Mage_Catalog_Model_Pro
568
public function getEditableOptionValue($optionValue)
569
{
570
try {
571
- $value = unserialize($optionValue);
572
return sprintf('%s [%d]',
573
Mage::helper('core')->escapeHtml($value['title']),
574
$this->getConfigurationItemOption()->getId()
@@ -593,7 +590,6 @@ class Mage_Catalog_Model_Product_Option_Type_File extends Mage_Catalog_Model_Pro
593
$confItemOptionId = $matches[1];
594
$option = Mage::getModel('sales/quote_item_option')->load($confItemOptionId);
595
try {
596
- unserialize($option->getValue());
597
return $option->getValue();
598
} catch (Exception $e) {
599
return null;
@@ -612,7 +608,7 @@ class Mage_Catalog_Model_Product_Option_Type_File extends Mage_Catalog_Model_Pro
612
public function prepareOptionValueForRequest($optionValue)
613
{
614
try {
615
- $result = unserialize($optionValue);
616
return $result;
617
} catch (Exception $e) {
618
return null;
@@ -628,7 +624,7 @@ class Mage_Catalog_Model_Product_Option_Type_File extends Mage_Catalog_Model_Pro
628
{
629
$quoteOption = $this->getQuoteItemOption();
630
try {
631
- $value = unserialize($quoteOption->getValue());
632
if (!isset($value['quote_path'])) {
633
throw new Exception();
634
}
126
* Check whether we receive uploaded file or restore file by: reorder/edit configuration or
127
* previous configuration with no newly uploaded file
128
*/
129
+
130
+ $fileInfo = $this->_getCurrentConfigFileInfo();
131
+
132
if ($fileInfo !== null) {
133
if (is_array($fileInfo) && $this->_validateFile($fileInfo)) {
134
$value = $fileInfo;
440
// Save option in request, because we have no $_FILES['options']
441
$requestOptions[$this->getOption()->getId()] = $value;
442
$result = serialize($value);
443
+ try {
444
+ Mage::helper('core/unserializeArray')->unserialize($result);
445
+ } catch (Exception $e) {
446
+ Mage::throwException(Mage::helper('catalog')->__("File options format is not valid."));
447
+ }
448
} else {
449
/*
450
* Clear option info from request, so it won't be stored in our db upon
475
{
476
if ($this->_formattedOptionValue === null) {
477
try {
478
+ $value = Mage::helper('core/unserializeArray')->unserialize($optionValue);
479
480
$customOptionUrlParams = $this->getCustomOptionUrlParams()
481
? $this->getCustomOptionUrlParams()
539
if (is_array($value)) {
540
return $value;
541
} elseif (is_string($value) && !empty($value)) {
542
+ return Mage::helper('core/unserializeArray')->unserialize($value);
543
} else {
544
return array();
545
}
565
public function getEditableOptionValue($optionValue)
566
{
567
try {
568
+ $value = Mage::helper('core/unserializeArray')->unserialize($optionValue);
569
return sprintf('%s [%d]',
570
Mage::helper('core')->escapeHtml($value['title']),
571
$this->getConfigurationItemOption()->getId()
590
$confItemOptionId = $matches[1];
591
$option = Mage::getModel('sales/quote_item_option')->load($confItemOptionId);
592
try {
593
return $option->getValue();
594
} catch (Exception $e) {
595
return null;
608
public function prepareOptionValueForRequest($optionValue)
609
{
610
try {
611
+ $result = Mage::helper('core/unserializeArray')->unserialize($optionValue);
612
return $result;
613
} catch (Exception $e) {
614
return null;
624
{
625
$quoteOption = $this->getQuoteItemOption();
626
try {
627
+ $value = Mage::helper('core/unserializeArray')->unserialize($quoteOption->getValue());
628
if (!isset($value['quote_path'])) {
629
throw new Exception();
630
}
app/code/core/Mage/Connect/Helper/Data.php CHANGED
@@ -33,6 +33,18 @@
33
*/
34
class Mage_Connect_Helper_Data extends Mage_Core_Helper_Data
35
{
36
/**
37
* Retrieve file system path for local extension packages
38
* Return path with last directory separator
@@ -41,7 +53,17 @@ class Mage_Connect_Helper_Data extends Mage_Core_Helper_Data
41
*/
42
public function getLocalPackagesPath()
43
{
44
- return Mage::getBaseDir('var') . DS . 'connect' . DS;
45
}
46
47
/**
33
*/
34
class Mage_Connect_Helper_Data extends Mage_Core_Helper_Data
35
{
36
+ /**
37
+ * Path to directory that contains XML packages definition
38
+ *
39
+ * @var string
40
+ */
41
+ protected $_localPackagesPath;
42
+
43
+ public function __construct()
44
+ {
45
+ $this->_localPackagesPath = Mage::getBaseDir('var') . DS . 'connect' . DS;
46
+ }
47
+
48
/**
49
* Retrieve file system path for local extension packages
50
* Return path with last directory separator
53
*/
54
public function getLocalPackagesPath()
55
{
56
+ return $this->_localPackagesPath;
57
+ }
58
+
59
+ /**
60
+ * Set file system path for local extension packages
61
+ *
62
+ */
63
+ public function setLocalPackagesPath($path)
64
+ {
65
+ $this->_localPackagesPath = $path;
66
+ return $this;
67
}
68
69
/**
app/code/core/Mage/Core/Controller/Front/Action.php CHANGED
@@ -173,9 +173,19 @@ class Mage_Core_Controller_Front_Action extends Mage_Core_Controller_Varien_Acti
173
protected function _validateFormKey()
174
{
175
$validated = true;
176
- if (Mage::getStoreConfigFlag(self::XML_CSRF_USE_FLAG_CONFIG_PATH)) {
177
$validated = parent::_validateFormKey();
178
}
179
return $validated;
180
}
181
}
173
protected function _validateFormKey()
174
{
175
$validated = true;
176
+ if ($this->_isFormKeyEnabled()) {
177
$validated = parent::_validateFormKey();
178
}
179
return $validated;
180
}
181
+
182
+ /**
183
+ * Check if form key validation is enabled.
184
+ *
185
+ * @return bool
186
+ */
187
+ protected function _isFormKeyEnabled()
188
+ {
189
+ return Mage::getStoreConfigFlag(self::XML_CSRF_USE_FLAG_CONFIG_PATH);
190
+ }
191
}
app/code/core/Mage/Core/Controller/Varien/Router/Admin.php CHANGED
@@ -130,6 +130,29 @@ class Mage_Core_Controller_Varien_Router_Admin extends Mage_Core_Controller_Vari
130
parent::collectRoutes($configArea, $useRouterName);
131
}
132
133
/**
134
* Check if current controller instance is allowed in current router.
135
*
130
parent::collectRoutes($configArea, $useRouterName);
131
}
132
133
+ /**
134
+ * Add module definition to routes.
135
+ *
136
+ * @param string $frontName
137
+ * @param mixed $moduleName
138
+ * @param string $routeName
139
+ * @return $this
140
+ */
141
+ public function addModule($frontName, $moduleName, $routeName)
142
+ {
143
+ $isExtensionsCompatibilityMode = (bool)(string)Mage::getConfig()->getNode(
144
+ 'default/admin/security/extensions_compatibility_mode'
145
+ );
146
+ $configRouterFrontName = (string)Mage::getConfig()->getNode(
147
+ Mage_Adminhtml_Helper_Data::XML_PATH_ADMINHTML_ROUTER_FRONTNAME
148
+ );
149
+ if ($isExtensionsCompatibilityMode || ($frontName == $configRouterFrontName)) {
150
+ return parent::addModule($frontName, $moduleName, $routeName);
151
+ } else {
152
+ return $this;
153
+ }
154
+ }
155
+
156
/**
157
* Check if current controller instance is allowed in current router.
158
*
app/code/core/Mage/Core/Helper/UnserializeArray.php ADDED
@@ -0,0 +1,46 @@
1
+ <?php
2
+ /**
3
+ * Magento
4
+ *
5
+ * NOTICE OF LICENSE
6
+ *
7
+ * This source file is subject to the Open Software License (OSL 3.0)
8
+ * that is bundled with this package in the file LICENSE.txt.
9
+ * It is also available through the world-wide-web at this URL:
10
+ * http://opensource.org/licenses/osl-3.0.php
11
+ * If you did not receive a copy of the license and are unable to
12
+ * obtain it through the world-wide-web, please send an email
13
+ * to license@magento.com so we can send you a copy immediately.
14
+ *
15
+ * DISCLAIMER
16
+ *
17
+ * Do not edit or add to this file if you wish to upgrade Magento to newer
18
+ * versions in the future. If you wish to customize Magento for your
19
+ * needs please refer to http://www.magento.com for more information.
20
+ *
21
+ * @category Mage
22
+ * @package Mage_Core
23
+ * @copyright Copyright (c) 2006-2015 X.commerce, Inc. (http://www.magento.com)
24
+ * @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
25
+ */
26
+
27
+ /**
28
+ * Core unserialize helper
29
+ *
30
+ * @category Mage
31
+ * @package Mage_Core
32
+ * @author Magento Core Team <core@magentocommerce.com>
33
+ */
34
+ class Mage_Core_Helper_UnserializeArray
35
+ {
36
+ /**
37
+ * @param string $str
38
+ * @return array
39
+ * @throws Exception
40
+ */
41
+ public function unserialize($str)
42
+ {
43
+ $parser = new Unserialize_Parser();
44
+ return $parser->unserialize($str);
45
+ }
46
+ }
app/code/core/Mage/Core/Model/Email/Queue.php CHANGED
@@ -41,6 +41,11 @@
41
* @method Mage_Core_Model_Email_Queue setMessageParameters(array $value)
42
* @method Mage_Core_Model_Email_Queue setProcessedAt(string $value)
43
* @method array getMessageParameters()
44
*/
45
class Mage_Core_Model_Email_Queue extends Mage_Core_Model_Abstract
46
{
41
* @method Mage_Core_Model_Email_Queue setMessageParameters(array $value)
42
* @method Mage_Core_Model_Email_Queue setProcessedAt(string $value)
43
* @method array getMessageParameters()
44
+ *
45
+ * @category Mage
46
+ * @package Mage_Core
47
+ * @copyright Copyright (c) 2011 Magento Inc. (http://www.magentocommerce.com)
48
+ * @license http://www.magentocommerce.com/license/enterprise-edition
49
*/
50
class Mage_Core_Model_Email_Queue extends Mage_Core_Model_Abstract
51
{
app/code/core/Mage/Core/Model/Email/Template/Filter.php CHANGED
@@ -70,6 +70,12 @@ class Mage_Core_Model_Email_Template_Filter extends Varien_Filter_Template
70
*/
71
protected $_inlineCssFile = false;
72
73
/**
74
* Setup callbacks for filters
75
*
@@ -77,6 +83,8 @@ class Mage_Core_Model_Email_Template_Filter extends Varien_Filter_Template
77
public function __construct()
78
{
79
$this->_modifiers['escape'] = array($this, 'modifierEscape');
80
}
81
82
/**
@@ -165,8 +173,10 @@ class Mage_Core_Model_Email_Template_Filter extends Varien_Filter_Template
165
$layout = Mage::app()->getLayout();
166
167
if (isset($blockParameters['type'])) {
168
- $type = $blockParameters['type'];
169
- $block = $layout->createBlock($type, null, $blockParameters);
170
} elseif (isset($blockParameters['id'])) {
171
$block = $layout->createBlock('cms/block');
172
if ($block) {
@@ -466,7 +476,7 @@ class Mage_Core_Model_Email_Template_Filter extends Varien_Filter_Template
466
$configValue = '';
467
$params = $this->_getIncludeParameters($construction[2]);
468
$storeId = $this->getStoreId();
469
- if (isset($params['path'])) {
470
$configValue = Mage::getStoreConfig($params['path'], $storeId);
471
}
472
return $configValue;
70
*/
71
protected $_inlineCssFile = false;
72
73
+ /** @var Mage_Admin_Model_Variable */
74
+ protected $_permissionVariable;
75
+
76
+ /** @var Mage_Admin_Model_Block */
77
+ protected $_permissionBlock;
78
+
79
/**
80
* Setup callbacks for filters
81
*
83
public function __construct()
84
{
85
$this->_modifiers['escape'] = array($this, 'modifierEscape');
86
+ $this->_permissionVariable = Mage::getModel('admin/variable');
87
+ $this->_permissionBlock = Mage::getModel('admin/block');
88
}
89
90
/**
173
$layout = Mage::app()->getLayout();
174
175
if (isset($blockParameters['type'])) {
176
+ if ($this->_permissionBlock->isTypeAllowed($blockParameters['type'])) {
177
+ $type = $blockParameters['type'];
178
+ $block = $layout->createBlock($type, null, $blockParameters);
179
+ }
180
} elseif (isset($blockParameters['id'])) {
181
$block = $layout->createBlock('cms/block');
182
if ($block) {
476
$configValue = '';
477
$params = $this->_getIncludeParameters($construction[2]);
478
$storeId = $this->getStoreId();
479
+ if (isset($params['path']) && $this->_permissionVariable->isPathAllowed($params['path'])) {
480
$configValue = Mage::getStoreConfig($params['path'], $storeId);
481
}
482
return $configValue;
app/code/core/Mage/Core/Model/Resource/Setup.php CHANGED
@@ -641,7 +641,6 @@ class Mage_Core_Model_Resource_Setup
641
$this->_setResourceVersion($actionType, $file['toVersion']);
642
}
643
} catch (Exception $e) {
644
- printf('<pre>%s</pre>', print_r($e, true));
645
throw Mage::exception('Mage_Core', Mage::helper('core')->__('Error in file: "%s" - %s', $fileName, $e->getMessage()));
646
}
647
$version = $file['toVersion'];
641
$this->_setResourceVersion($actionType, $file['toVersion']);
642
}
643
} catch (Exception $e) {
644
throw Mage::exception('Mage_Core', Mage::helper('core')->__('Error in file: "%s" - %s', $fileName, $e->getMessage()));
645
}
646
$version = $file['toVersion'];
app/code/core/Mage/Core/etc/config.xml CHANGED
@@ -415,6 +415,7 @@
415
<use_form_key>1</use_form_key>
416
<domain_policy_backend>2</domain_policy_backend>
417
<domain_policy_frontend>2</domain_policy_frontend>
418
</security>
419
</admin>
420
<general>
415
<use_form_key>1</use_form_key>
416
<domain_policy_backend>2</domain_policy_backend>
417
<domain_policy_frontend>2</domain_policy_frontend>
418
+ <extensions_compatibility_mode>1</extensions_compatibility_mode>
419
</security>
420
</admin>
421
<general>
app/code/core/Mage/Core/etc/system.xml CHANGED
@@ -1188,7 +1188,7 @@
1188
<show_in_website>0</show_in_website>
1189
<show_in_store>0</show_in_store>
1190
</session_cookie_lifetime>
1191
- <domain_policy_backend translate="label">
1192
<label>Allow Magento Backend to run in frame</label>
1193
<frontend_type>select</frontend_type>
1194
<comment>Enabling ability to run Magento in a frame is not recommended for security reasons.</comment>
@@ -1198,7 +1198,7 @@
1198
<show_in_website>0</show_in_website>
1199
<show_in_store>0</show_in_store>
1200
</domain_policy_backend>
1201
- <domain_policy_frontend translate="label">
1202
<label>Allow Magento Frontend to run in frame</label>
1203
<comment>Enabling ability to run Magento in a frame is not recommended for security reasons.</comment>
1204
<frontend_type>select</frontend_type>
@@ -1208,6 +1208,16 @@
1208
<show_in_website>0</show_in_website>
1209
<show_in_store>0</show_in_store>
1210
</domain_policy_frontend>
1211
</fields>
1212
</security>
1213
<dashboard translate="label">
1188
<show_in_website>0</show_in_website>
1189
<show_in_store>0</show_in_store>
1190
</session_cookie_lifetime>
1191
+ <domain_policy_backend translate="label comment">
1192
<label>Allow Magento Backend to run in frame</label>
1193
<frontend_type>select</frontend_type>
1194
<comment>Enabling ability to run Magento in a frame is not recommended for security reasons.</comment>
1198
<show_in_website>0</show_in_website>
1199
<show_in_store>0</show_in_store>
1200
</domain_policy_backend>
1201
+ <domain_policy_frontend translate="label comment">
1202
<label>Allow Magento Frontend to run in frame</label>
1203
<comment>Enabling ability to run Magento in a frame is not recommended for security reasons.</comment>
1204
<frontend_type>select</frontend_type>
1208
<show_in_website>0</show_in_website>
1209
<show_in_store>0</show_in_store>
1210
</domain_policy_frontend>
1211
+ <extensions_compatibility_mode translate="label comment">
1212
+ <label>Admin routing compatibility mode for extensions</label>
1213
+ <comment>Enabling this setting increases risk of automated attacks against admin functionality.</comment>
1214
+ <frontend_type>select</frontend_type>
1215
+ <sort_order>6</sort_order>
1216
+ <source_model>adminhtml/system_config_source_enabledisable</source_model>
1217
+ <show_in_default>1</show_in_default>
1218
+ <show_in_website>0</show_in_website>
1219
+ <show_in_store>0</show_in_store>
1220
+ </extensions_compatibility_mode>
1221
</fields>
1222
</security>
1223
<dashboard translate="label">
app/code/core/Mage/Customer/Block/Account/Changeforgotten.php ADDED
@@ -0,0 +1,37 @@
1
+ <?php
2
+ /**
3
+ * Magento
4
+ *
5
+ * NOTICE OF LICENSE
6
+ *
7
+ * This source file is subject to the Open Software License (OSL 3.0)
8
+ * that is bundled with this package in the file LICENSE.txt.
9
+ * It is also available through the world-wide-web at this URL:
10
+ * http://opensource.org/licenses/osl-3.0.php
11
+ * If you did not receive a copy of the license and are unable to
12
+ * obtain it through the world-wide-web, please send an email
13
+ * to license@magento.com so we can send you a copy immediately.
14
+ *
15
+ * DISCLAIMER
16
+ *
17
+ * Do not edit or add to this file if you wish to upgrade Magento to newer
18
+ * versions in the future. If you wish to customize Magento for your
19
+ * needs please refer to http://www.magento.com for more information.
20
+ *
21
+ * @category Mage
22
+ * @package Mage_Customer
23
+ * @copyright Copyright (c) 2006-2015 X.commerce, Inc. (http://www.magento.com)
24
+ * @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
25
+ */
26
+
27
+ /**
28
+ * Customer reset password form
29
+ *
30
+ * @category Mage
31
+ * @package Mage_Customer
32
+ * @author Magento Core Team <core@magentocommerce.com>
33
+ */
34
+ class Mage_Customer_Block_Account_Changeforgotten extends Mage_Core_Block_Template
35
+ {
36
+
37
+ }
app/code/core/Mage/Customer/Block/Account/Resetpassword.php CHANGED
@@ -32,6 +32,9 @@
32
* @author Magento Core Team <core@magentocommerce.com>
33
*/
34
35
class Mage_Customer_Block_Account_Resetpassword extends Mage_Core_Block_Template
36
{
37
32
* @author Magento Core Team <core@magentocommerce.com>
33
*/
34
35
+ /**
36
+ * @deprecated
37
+ */
38
class Mage_Customer_Block_Account_Resetpassword extends Mage_Core_Block_Template
39
{
40
app/code/core/Mage/Customer/controllers/AccountController.php CHANGED
@@ -33,6 +33,9 @@
33
*/
34
class Mage_Customer_AccountController extends Mage_Core_Controller_Front_Action
35
{
36
/**
37
* Action list where need check enabled cookie
38
*
@@ -72,6 +75,7 @@ class Mage_Customer_AccountController extends Mage_Core_Controller_Front_Action
72
'logoutsuccess',
73
'forgotpassword',
74
'forgotpasswordpost',
75
'resetpassword',
76
'resetpasswordpost',
77
'confirm',
@@ -268,15 +272,21 @@ class Mage_Customer_AccountController extends Mage_Core_Controller_Front_Action
268
*/
269
public function createPostAction()
270
{
271
/** @var $session Mage_Customer_Model_Session */
272
$session = $this->_getSession();
273
if ($session->isLoggedIn()) {
274
$this->_redirect('*/*/');
275
return;
276
}
277
- $session->setEscapeMessages(true); // prevent XSS injection in user input
278
if (!$this->getRequest()->isPost()) {
279
- $errUrl = $this->_getUrl('*/*/create', array('_secure' => true));
280
$this->_redirectError($errUrl);
281
return;
282
}
@@ -300,16 +310,15 @@ class Mage_Customer_AccountController extends Mage_Core_Controller_Front_Action
300
if ($e->getCode() === Mage_Customer_Model_Customer::EXCEPTION_EMAIL_EXISTS) {
301
$url = $this->_getUrl('customer/account/forgotpassword');
302
$message = $this->__('There is already an account with this email address. If you are sure that it is your email address, <a href="%s">click here</a> to get your password and access your account.', $url);
303
- $session->setEscapeMessages(false);
304
} else {
305
- $message = $e->getMessage();
306
}
307
$session->addError($message);
308
} catch (Exception $e) {
309
- $session->setCustomerFormData($this->getRequest()->getPost())
310
- ->addException($e, $this->__('Cannot save the customer.'));
311
}
312
- $errUrl = $this->_getUrl('*/*/create', array('_secure' => true));
313
$this->_redirectError($errUrl);
314
}
315
@@ -377,13 +386,24 @@ class Mage_Customer_AccountController extends Mage_Core_Controller_Front_Action
377
$session->setCustomerFormData($this->getRequest()->getPost());
378
if (is_array($errors)) {
379
foreach ($errors as $errorMessage) {
380
- $session->addError($errorMessage);
381
}
382
} else {
383
$session->addError($this->__('Invalid customer data'));
384
}
385
}
386
387
/**
388
* Validate customer data and return errors if they are
389
*
@@ -741,23 +761,39 @@ class Mage_Customer_AccountController extends Mage_Core_Controller_Front_Action
741
/**
742
* Display reset forgotten password form
743
*
744
- * User is redirected on this action when he clicks on the corresponding link in password reset confirmation email
745
- *
746
*/
747
- public function resetPasswordAction()
748
{
749
- $resetPasswordLinkToken = (string) $this->getRequest()->getQuery('token');
750
- $customerId = (int) $this->getRequest()->getQuery('id');
751
try {
752
$this->_validateResetPasswordLinkToken($customerId, $resetPasswordLinkToken);
753
$this->loadLayout();
754
- // Pass received parameters to the reset forgotten password form
755
- $this->getLayout()->getBlock('resetPassword')
756
- ->setCustomerId($customerId)
757
- ->setResetPasswordLinkToken($resetPasswordLinkToken);
758
$this->renderLayout();
759
} catch (Exception $exception) {
760
- $this->_getSession()->addError( $this->_getHelper('customer')->__('Your password reset link has expired.'));
761
$this->_redirect('*/*/forgotpassword');
762
}
763
}
@@ -768,15 +804,14 @@ class Mage_Customer_AccountController extends Mage_Core_Controller_Front_Action
768
*/
769
public function resetPasswordPostAction()
770
{
771
- $resetPasswordLinkToken = (string) $this->getRequest()->getQuery('token');
772
- $customerId = (int) $this->getRequest()->getQuery('id');
773
- $password = (string) $this->getRequest()->getPost('password');
774
- $passwordConfirmation = (string) $this->getRequest()->getPost('confirmation');
775
776
try {
777
$this->_validateResetPasswordLinkToken($customerId, $resetPasswordLinkToken);
778
} catch (Exception $exception) {
779
- $this->_getSession()->addError( $this->_getHelper('customer')->__('Your password reset link has expired.'));
780
$this->_redirect('*/*/');
781
return;
782
}
@@ -800,10 +835,7 @@ class Mage_Customer_AccountController extends Mage_Core_Controller_Front_Action
800
foreach ($errorMessages as $errorMessage) {
801
$this->_getSession()->addError($errorMessage);
802
}
803
- $this->_redirect('*/*/resetpassword', array(
804
- 'id' => $customerId,
805
- 'token' => $resetPasswordLinkToken
806
- ));
807
return;
808
}
809
@@ -813,14 +845,15 @@ class Mage_Customer_AccountController extends Mage_Core_Controller_Front_Action
813
$customer->setRpTokenCreatedAt(null);
814
$customer->cleanPasswordsValidationData();
815
$customer->save();
816
- $this->_getSession()->addSuccess( $this->_getHelper('customer')->__('Your password has been updated.'));
817
$this->_redirect('*/*/login');
818
} catch (Exception $exception) {
819
$this->_getSession()->addException($exception, $this->__('Cannot save a new password.'));
820
- $this->_redirect('*/*/resetpassword', array(
821
- 'id' => $customerId,
822
- 'token' => $resetPasswordLinkToken
823
- ));
824
return;
825
}
826
}
@@ -997,4 +1030,34 @@ class Mage_Customer_AccountController extends Mage_Core_Controller_Front_Action
997
{
998
return $this->_getHelper('customer/address')->isVatValidationEnabled($store);
999
}
1000
}
33
*/
34
class Mage_Customer_AccountController extends Mage_Core_Controller_Front_Action
35
{
36
+ const CUSTOMER_ID_SESSION_NAME = "customerId";
37
+ const TOKEN_SESSION_NAME = "token";
38
+
39
/**
40
* Action list where need check enabled cookie
41
*
75
'logoutsuccess',
76
'forgotpassword',
77
'forgotpasswordpost',
78
+ 'changeforgotten',
79
'resetpassword',
80
'resetpasswordpost',
81
'confirm',
272
*/
273
public function createPostAction()
274
{
275
+ $errUrl = $this->_getUrl('*/*/create', array('_secure' => true));
276
+
277
+ if (!$this->_validateFormKey()) {
278
+ $this->_redirectError($errUrl);
279
+ return;
280
+ }
281
+
282
/** @var $session Mage_Customer_Model_Session */
283
$session = $this->_getSession();
284
if ($session->isLoggedIn()) {
285
$this->_redirect('*/*/');
286
return;
287
}
288
+
289
if (!$this->getRequest()->isPost()) {
290
$this->_redirectError($errUrl);
291
return;
292
}
310
if ($e->getCode() === Mage_Customer_Model_Customer::EXCEPTION_EMAIL_EXISTS) {
311
$url = $this->_getUrl('customer/account/forgotpassword');
312
$message = $this->__('There is already an account with this email address. If you are sure that it is your email address, <a href="%s">click here</a> to get your password and access your account.', $url);
313
} else {
314
+ $message = $this->_escapeHtml($e->getMessage());
315
}
316
$session->addError($message);
317
} catch (Exception $e) {
318
+ $session->setCustomerFormData($this->getRequest()->getPost());
319
+ $session->addException($e, $this->__('Cannot save the customer.'));
320
}
321
+
322
$this->_redirectError($errUrl);
323
}
324
386
$session->setCustomerFormData($this->getRequest()->getPost());
387
if (is_array($errors)) {
388
foreach ($errors as $errorMessage) {
389
+ $session->addError($this->_escapeHtml($errorMessage));
390
}
391
} else {
392
$session->addError($this->__('Invalid customer data'));
393
}
394
}
395
396
+ /**
397
+ * Escape message text HTML.
398
+ *
399
+ * @param string $text
400
+ * @return string
401
+ */
402
+ protected function _escapeHtml($text)
403
+ {
404
+ return Mage::helper('core')->escapeHtml($text);
405
+ }
406
+
407
/**
408