Merge branch '1.9.4.x' into cleanup/docs/Varien-1

.github/workflows/static-code-analyses.yml

@@ -12,7 +12,7 @@ jobs:
       max-parallel: 5
       matrix:
         operating-system: [ubuntu-latest]
-        php-versions: ['5.6', '7.0', '7.1', '7.2', '7.3']
+        php-versions: ['7.0', '7.1', '7.2', '7.3']
     steps:
       - uses: actions/checkout@v1
       - name: Setup PHP

.htaccess

@@ -70,11 +70,9 @@
 
 <IfModule mod_php7.c>
     php_value max_execution_time 18000
-    php_flag magic_quotes_gpc off
     php_flag session.auto_start off
     #php_flag zlib.output_compression on
     php_flag suhosin.session.cryptua off
-    php_flag zend.ze1_compatibility_mode Off
 </IfModule>
 
 <IfModule mod_security.c>

README.md

@@ -1,3 +1,9 @@
+<p align="center">
+<a href="https://travis-ci.org/openmage/magento-lts"><img src="https://travis-ci.org/openmage/magento-lts.svg" alt="Build Status"></a>
+<a href="https://packagist.org/packages/openmage/magento-lts"><img src="https://poser.pugx.org/openmage/magento-lts/d/total.svg" alt="Total Downloads"></a>
+<a href="https://packagist.org/packages/openmage/magento-lts"><img src="https://poser.pugx.org/openmage/magento-lts/license.svg" alt="License"></a>
+</p>
+
 # Magento - Long Term Support
 
 This repository is the home of an **unofficial** community-driven project. It's goal is to be a dependable alternative
@@ -25,7 +31,7 @@ Download the latest archive and extract it, clone the repo, or add a composer de
 
 ## Requirements
 
-- PHP 5.6+ (PHP 7.3 and OpenSSL extension strongly recommended)
+- PHP 7.0+ (PHP 7.3 and OpenSSL extension strongly recommended)
 - MySQL 5.6+ (8.0+ Recommended)
 
 ## Translations

SECURITY.md

@@ -0,0 +1,28 @@
+# Security Policy
+
+OpenMage LTS is a fork of Magento CE 1.9 which provides a place for the Magento community to continue to contribute to the Magento 1 code base. We appreciate you disclosing important security vulnerabilities responsibly and privately by following the easy process defined below.
+
+We will keep the details of your security vulnerability report private and only share it with verified members of our organization or our partner organizations and only on an as-needed basis.
+
+## Supported Versions
+
+| OpenMage LTS Tag     | Magento Version   | Branch           | Supported          |
+| -------------------- | ----------------- | ---------------- | ------------------ |
+| ~19.4.3              | 1.9.4.5           | 1.9.4.x          | :white_check_mark: |
+| -                    | <= 1.9.4.4        | multiple         | :x:                |
+
+## Reporting a Vulnerability
+
+To report a vulnerability, please *DO NOT* open a public Issue or Pull Request.
+
+Please email your security vulnerability report to security@openmage.org along with your Github user name so that once we create a security advisory you may be added to it as a collaborator for further review.
+
+We will review the advisory and work with you to find a suitable solution. We will publicly disclose the vulnerability once a patch is prepared and our community and partners have an easy path forward to apply the patch promptly. We will be sure to give you credit for the vulnerability discovery unless you request otherwise.
+
+## Limitation of Liability
+
+As per section 8 of the [OSL 3.0 license](https://opensource.org/licenses/OSL-3.0) by which this source code is made available to the general public, we offer this source code only on a "use at your own risk" basis.
+
+> 8) Limitation of Liability. Under no circumstances and under no legal theory, whether in tort (including negligence), contract, or otherwise, shall the Licensor be liable to anyone for any indirect, special, incidental, or consequential damages of any character arising as a result of this License or the use of the Original Work including, without limitation, damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses. This limitation of liability shall not apply to the extent applicable law prohibits such limitation.
+
+For the full text see `LICENSE.md`.

app/Mage.php

@@ -215,7 +215,7 @@ public static function getOpenMageVersionInfo()
         return array(
             'major'     => '19',
             'minor'     => '4',
-            'patch'     => '2',
+            'patch'     => '3',
             'stability' => '', // beta,alpha,rc
             'number'    => '', // 1,2,3,0.3.7,x.7.z.92 @see https://semver.org/#spec-item-9
         );
@@ -317,7 +317,7 @@ public static function setRoot($appRoot = '')
 
         $appRoot = realpath($appRoot);
 
-        if (is_dir($appRoot) and is_readable($appRoot)) {
+        if (is_dir($appRoot) && is_readable($appRoot)) {
             self::$_appRoot = $appRoot;
         } else {
             self::throwException($appRoot . ' is not a directory or not readable by this user');

app/code/core/Mage/Admin/Helper/Block.php

@@ -60,7 +60,7 @@ public function isTypeAllowed($type)
     /**
      *  Get disallowed names for block
      *
-     * @return bool
+     * @return array
      */
     public function getDisallowedBlockNames()
     {

app/code/core/Mage/Admin/Helper/Rules/Fallback.php

@@ -36,7 +36,7 @@ class Mage_Admin_Helper_Rules_Fallback extends Mage_Core_Helper_Abstract
 {
     /**
      * Fallback to resource parent node
-     * @param $resourceId
+     * @param string $resourceId
      *
      * @return string
      */
@@ -50,8 +50,8 @@ protected function _getParentResourceId($resourceId)
 
     /**
      * Fallback resource permissions similarly to zend_acl
-     * @param        $resources
-     * @param        $resourceId
+     * @param array $resources
+     * @param string $resourceId
      * @param string $defaultValue
      *
      * @return string

app/code/core/Mage/Admin/Model/Acl.php

@@ -24,13 +24,17 @@
  * @license    http://opensource.org/licenses/osl-3.0.php  Open Software License (OSL 3.0)
  */
 
-
 /**
  * Acl model
- * 
+ *
  * @category   Mage
  * @package    Mage_Admin
  * @author      Magento Core Team <core@magentocommerce.com>
+ *
+ * @property Mage_Admin_Model_Acl_Role_Registry $_roleRegistry
+ *
+ * @method Mage_Admin_Model_Resource_Acl _getResource()
+ * @method Mage_Admin_Model_Resource_Acl getResource()
  */
 class Mage_Admin_Model_Acl extends Zend_Acl
 {
@@ -63,7 +67,7 @@ class Mage_Admin_Model_Acl extends Zend_Acl
      *
      */
     const RULE_PERM_ALLOW = 2;
-    
+
     /**
      * Get role registry object or create one
      *
@@ -80,8 +84,8 @@ protected function _getRoleRegistry()
     /**
      * Add parent to role object
      *
-     * @param Zend_Acl_Role $role
-     * @param Zend_Acl_Role $parent
+     * @param Zend_Acl_Role|string $role
+     * @param Zend_Acl_Role|string $parent
      * @return $this
      */
     public function addRoleParent($role, $parent)

app/code/core/Mage/Admin/Model/Acl/Assert/Ip.php

@@ -37,18 +37,24 @@ class Mage_Admin_Model_Acl_Assert_Ip implements Zend_Acl_Assert_Interface
     /**
      * Check whether ip is allowed
      *
-     * @param Zend_Acl $acl
-     * @param Zend_Acl_Role_Interface $role
-     * @param Zend_Acl_Resource_Interface $resource
+     * @param Mage_Admin_Model_Acl $acl
+     * @param Mage_Admin_Model_Acl_Role $role
+     * @param Mage_Admin_Model_Acl_Resource $resource
      * @param string $privilege
      * @return boolean
      */
-    public function assert(Mage_Admin_Model_Acl $acl, Mage_Admin_Model_Acl_Role $role = null,
-                           Mage_Admin_Model_Acl_Resource $resource = null, $privilege = null)
-    {
+    public function assert(
+        Mage_Admin_Model_Acl $acl,
+        Mage_Admin_Model_Acl_Role $role = null,
+        Mage_Admin_Model_Acl_Resource $resource = null,
+        $privilege = null
+    ) {
         return $this->_isCleanIP(Mage::helper('core/http')->getRemoteAddr());
     }
 
+    /**
+     * @param string|false $ip
+     */
     protected function _isCleanIP($ip)
     {
         // ...

app/code/core/Mage/Admin/Model/Acl/Assert/Time.php

@@ -27,28 +27,34 @@
 
 /**
  * Assert time for admin acl
- * 
+ *
  * @category   Mage
  * @package    Mage_Admin
  * @author      Magento Core Team <core@magentocommerce.com>
  */
-class Mage_Admin_Model_Acl_Assert_Time implements Zend_Acl_Assert_Interface 
+class Mage_Admin_Model_Acl_Assert_Time implements Zend_Acl_Assert_Interface
 {
     /**
      * Assert time
      *
-     * @param Zend_Acl $acl
-     * @param Zend_Acl_Role_Interface $role
-     * @param Zend_Acl_Resource_Interface $resource
+     * @param Mage_Admin_Model_Acl $acl
+     * @param Mage_Admin_Model_Acl_Role $role
+     * @param Mage_Admin_Model_Acl_Resource $resource
      * @param string $privilege
      * @return boolean
      */
-    public function assert(Mage_Admin_Model_Acl $acl, Mage_Admin_Model_Acl_Role $role = null,
-                           Mage_Admin_Model_Acl_Resource $resource = null, $privilege = null)
-    {
+    public function assert(
+        Mage_Admin_Model_Acl $acl,
+        Mage_Admin_Model_Acl_Role $role = null,
+        Mage_Admin_Model_Acl_Resource $resource = null,
+        $privilege = null
+    ) {
         return $this->_isCleanTime(time());
     }
 
+    /**
+     * @param int $time
+     */
     protected function _isCleanTime($time)
     {
         // ...

app/code/core/Mage/Admin/Model/Acl/Resource.php

@@ -27,12 +27,12 @@
 
 /**
  * Acl resource
- * 
+ *
  * @category   Mage
  * @package    Mage_Admin
  * @author      Magento Core Team <core@magentocommerce.com>
  */
-class Mage_Admin_Model_Acl_Resource extends Zend_Acl_Resource 
+class Mage_Admin_Model_Acl_Resource extends Zend_Acl_Resource
 {
 
 }

app/code/core/Mage/Admin/Model/Acl/Role.php

@@ -47,11 +47,11 @@
  * @package     Mage_Admin
  * @author      Magento Core Team <core@magentocommerce.com>
  */
-class Mage_Admin_Model_Acl_Role extends Mage_Core_Model_Abstract 
+class Mage_Admin_Model_Acl_Role extends Mage_Core_Model_Abstract
 {
     /**
      * Initialize resource model
-     * 
+     *
      */
     protected function _construct()
     {

app/code/core/Mage/Admin/Model/Acl/Role/Generic.php

@@ -27,12 +27,12 @@
 
 /**
  * User acl role
- * 
+ *
  * @category   Mage
  * @package    Mage_Admin
  * @author      Magento Core Team <core@magentocommerce.com>
  */
-class Mage_Admin_Model_Acl_Role_Generic extends Zend_Acl_Role 
+class Mage_Admin_Model_Acl_Role_Generic extends Zend_Acl_Role
 {
 
 }

app/code/core/Mage/Admin/Model/Acl/Role/Group.php

@@ -27,7 +27,7 @@
 
 /**
  * Acl Group model
- * 
+ *
  * @category   Mage
  * @package    Mage_Admin
  * @author      Magento Core Team <core@magentocommerce.com>

app/code/core/Mage/Admin/Model/Acl/Role/Registry.php

@@ -27,21 +27,21 @@
 
 /**
  * Acl role registry
- * 
+ *
  * @category   Mage
  * @package    Mage_Admin
  * @author      Magento Core Team <core@magentocommerce.com>
  */
-class Mage_Admin_Model_Acl_Role_Registry extends Zend_Acl_Role_Registry 
+class Mage_Admin_Model_Acl_Role_Registry extends Zend_Acl_Role_Registry
 {
     /**
      * Add parent to the $role node
      *
      * @param Zend_Acl_Role_Interface|string $role
      * @param array|Zend_Acl_Role_Interface|string $parents
-     * @return Mage_Auth_Model_Acl_Role_Registry
+     * @return $this
      */
-    function addParent($role, $parents)
+    public function addParent($role, $parents)
     {
         try {
             if ($role instanceof Zend_Acl_Role_Interface) {
@@ -53,7 +53,7 @@ function addParent($role, $parents)
         } catch (Zend_Acl_Role_Registry_Exception $e) {
             throw new Zend_Acl_Role_Registry_Exception("Child Role id '$roleId' does not exist");
         }
-        
+
         if (!is_array($parents)) {
             $parents = array($parents);
         }

app/code/core/Mage/Admin/Model/Acl/Role/User.php

@@ -27,12 +27,12 @@
 
 /**
  * User acl role
- * 
+ *
  * @category   Mage
  * @package    Mage_Admin
  * @author      Magento Core Team <core@magentocommerce.com>
  */
-class Mage_Admin_Model_Acl_Role_User extends Mage_Admin_Model_Acl_Role_Generic 
+class Mage_Admin_Model_Acl_Role_User extends Mage_Admin_Model_Acl_Role_Generic
 {
 
 }

app/code/core/Mage/Admin/Model/Block.php

@@ -27,6 +27,13 @@
 /**
  * Class Mage_Admin_Model_Block
  *
+ * @method Mage_Admin_Model_Resource_Block _getResource()
+ * @method Mage_Admin_Model_Resource_Block getResource()
+ * @method Mage_Admin_Model_Resource_Block_Collection getCollection()
+ *
+ * @method string getBlockName()
+ * @method string getIsAllowed()
+ *
  * @category   Mage
  * @package    Mage_Adminhtml
  * @author     Magento Core Team <core@magentocommerce.com>

app/code/core/Mage/Admin/Model/Config.php

@@ -49,7 +49,7 @@ public function __construct()
         parent::__construct();
         $this->setCacheId('adminhtml_acl_menu_config');
 
-        /* @var $adminhtmlConfig Varien_Simplexml_Config */
+        /* @var Varien_Simplexml_Config $adminhtmlConfig */
         $adminhtmlConfig = Mage::app()->loadCache($this->getCacheId());
         if ($adminhtmlConfig) {
             $this->_adminhtmlConfig = new Varien_Simplexml_Config($adminhtmlConfig);
@@ -73,8 +73,11 @@ public function __construct()
             }
 
             if (Mage::app()->useCache('config')) {
-                Mage::app()->saveCache($adminhtmlConfig->getXmlString(), $this->getCacheId(),
-                    array(Mage_Core_Model_Config::CACHE_TAG));
+                Mage::app()->saveCache(
+                    $adminhtmlConfig->getXmlString(),
+                    $this->getCacheId(),
+                    array(Mage_Core_Model_Config::CACHE_TAG)
+                );
             }
         }
     }
@@ -103,7 +106,7 @@ public function loadAclResources(Mage_Admin_Model_Acl $acl, $resource = null, $p
 
         if (isset($resource->admin)) {
             $children = $resource->admin;
-        } elseif (isset($resource->children)){
+        } elseif (isset($resource->children)) {
             $children = $resource->children->children();
         }
 
@@ -126,7 +129,7 @@ public function loadAclResources(Mage_Admin_Model_Acl $acl, $resource = null, $p
      * Get acl assert config
      *
      * @param string $name
-     * @return Mage_Core_Model_Config_Element|boolean
+     * @return false|SimpleXMLElement|Varien_Simplexml_Element|Mage_Core_Model_Config_Element
      */
     public function getAclAssert($name = '')
     {
@@ -146,7 +149,7 @@ public function getAclAssert($name = '')
      * Retrieve privilege set by name
      *
      * @param string $name
-     * @return Mage_Core_Model_Config_Element|boolean
+     * @return false|SimpleXMLElement|Varien_Simplexml_Element
      */
     public function getAclPrivilegeSet($name = '')
     {