Merge branch '1.9.3.x' into remove-mage-compiler

.htaccess

@@ -26,6 +26,9 @@
 
     DirectoryIndex index.php
 
+############################################
+## php5 settings
+
 <IfModule mod_php5.c>
 
 ############################################
@@ -63,6 +66,21 @@
 
 </IfModule>
 
+############################################
+## php7 settings
+## see above for php_flag descriptions
+
+<IfModule mod_php7.c>
+    #php_value memory_limit 64M
+    php_value memory_limit 256M
+    php_value max_execution_time 18000
+    php_flag magic_quotes_gpc off
+    php_flag session.auto_start off
+    #php_flag zlib.output_compression on
+    php_flag suhosin.session.cryptua off
+    php_flag zend.ze1_compatibility_mode Off
+</IfModule>
+
 <IfModule mod_security.c>
 ###########################################
 # disable POST processing to not break multiple image upload

.travis.yml

@@ -5,10 +5,14 @@ php:
   - 7.0
   - 7.1
   - 7.2
+  - 7.3
+  - nightly
 
 matrix:
   allow_failures:
-    - php: 7.2
+    - php:
+      - nightly
+      - 7.3
 
 script:
   - '! find . -not \( -path ./lib/PEAR -prune \) -not \( -path ./lib/phpseclib -prune \) -not \( -path ./lib/Zend -prune \) -type f -name "*.php" -exec php -d error_reporting=32767 -l {} \; 2>&1 >&- | grep "^"'

CODE_OF_CONDUCT.md

@@ -0,0 +1,73 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, sex characteristics, gender identity and expression,
+level of experience, education, socio-economic status, nationality, personal
+appearance, race, religion, or sexual identity and orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+  advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+  address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting one or multiple members of the project team(see Maintainers section in README.md). All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
+
+[homepage]: https://www.contributor-covenant.org

README.md

@@ -1,42 +1,48 @@
-#Applied Patches
-
-| Patch | Commit |
-| ----- | ------ |
-| SUPEE-9652 | [03835f8](https://github.com/OpenMage/magento-lts/commit/03835f8) |
-| SUPEE-10266 | [40720ca](https://github.com/OpenMage/magento-lts/commit/40720ca) |
-
 # Magento - Long Term Support
 
-This repository aims to be a dependably patched archive of the Magento CE core releases. These sources should stay as close to the sources released by Magento as possible (no new features).  **However, pull requests with unofficial bug fixes and security patches from the community are definitely encouraged.** It's our goal to apply patches available from Magento as quickly as possible, but these do not always cover all known issues.
+This repository is the home of an **unofficial** community-driven project. It's goal is to be a dependable alternative
+to the Magento CE official releases which integrates improvements directly from the community while maintaining a high
+level of backwards compatibility to the official releases.
 
-Though Magento does not follow [Semantic Versioning](http://semver.org/) we aim to provide a workable system for dependancy definition.  
-Each Magento `1.<minor>.<revision>` release will get its own branch (named `1.<minor>.<revision>.x`) that will be independently maintained (for as long as it makes sense to do so) with upstream patches and community bug fixes. For example, Magento version `1.9.3.4` was merged into the `1.9.3.x` branch.
+**Pull requests with unofficial bug fixes and security patches from the community are encouraged and welcome!**
 
-Note, the branches older than `1.9.3.x` that were created before this strategy came into practice are not maintained.
+Though Magento does not follow [Semantic Versioning](http://semver.org/) we aim to provide a workable system for
+dependency definition. Each Magento `1.<minor>.<revision>` release will get its own branch (named `1.<minor>.<revision>.x`)
+that will be independently maintained with upstream patches and community bug fixes for as long as it makes sense
+to do so (based on available resources). For example, Magento version `1.9.3.4` was merged into the `1.9.3.x` branch.
 
+Note, the branches older than `1.9.3.x` that were created before this strategy came into practice are **not maintained**.
 
 ## Installation
-This allows you to define your version dependencies safely in composer.json:
+
+Download the latest archive and extract it, clone the repo, or add a composer dependency to your existing project like so:
 
 ```json
-"openmage/magento-lts": "1.9.2.1-dev"
+"openmage/magento-lts": "1.9.3.x"
 ```
 
-## Important to note
-PHP 7 support was added as of version 1.9.2.3. based on the Inchoo article and [described here](https://github.com/OpenMage/magento-lts/pull/62).
+[More Information](http://openmage.github.io/magento-lts/install.html)
+
+## Requirements
+
+- PHP 5.6+ (PHP 7.1 and OpenSSL extension strongly recommended)
+- MySQL 5.6+
+
+## Translations
+There are some new or changed tranlations, if you want add them to your locale pack please check:
+- `app/locale/en_US/*_LTS.csv`
 
 ## License
+
 [OSL v3.0](http://opensource.org/licenses/OSL-3.0)
 
 ## Public Communication and online Community places
+
 * [Discord](https://discord.gg/EV8aNbU) (maintained by Flyingmana)
 
 ## Maintainers
+
 * [Lee Saferite](https://github.com/LeeSaferite)
 * [David Robinson](https://github.com/drobinson)
 * [Daniel Fahlke aka Flyingmana](https://github.com/Flyingmana)
 * Pull requests are welcome
-
-
-## TODO
-* Travis CI tests to check for newly availble patches for each version

RELEASE_NOTES.txt

@@ -1,3 +1,13 @@
+==== 1.9.3.10 ====
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+] NOTE: Current Release Notes are maintained at:                                                                              [
+]                                                                                                                             [
+] http://devdocs.magento.com/guides/m1x/ce19-ee114/ce1.9_release-notes.html                                                   [
+]                                                                                                                             [
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
 ==== 1.9.3.9 ====
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

app/Mage.php

@@ -46,6 +46,14 @@
 
 Varien_Autoload::register();
 
+include_once "phpseclib/bootstrap.php";
+include_once "mcrypt_compat/mcrypt.php";
+
+/* Support additional includes, such as composer's vendor/autoload.php files */
+foreach (glob(BP . DS . 'app' . DS . 'etc' . DS . 'includes' . DS . '*.php') as $path) {
+    include_once $path;
+}
+
 /**
  * Main Mage hub class
  *
@@ -164,7 +172,7 @@ public static function getVersionInfo()
             'major'     => '1',
             'minor'     => '9',
             'revision'  => '3',
-            'patch'     => '9',
+            'patch'     => '10',
             'stability' => '',
             'number'    => '',
         );

app/code/core/Mage/Admin/Model/Resource/User.php

@@ -458,6 +458,26 @@ public function saveExtra($object, $data)
         return $this;
     }
 
+    /**
+     * Set reload ACL flag
+     *
+     * @param Mage_Core_Model_Abstract $object
+     * @param int $flag
+     * @return Mage_Admin_Model_Resource_User
+     */
+    public function saveReloadAclFlag($object, $flag)
+    {
+        if ($object->getId()) {
+            $this->_getWriteAdapter()->update(
+                $this->getMainTable(),
+                array('reload_acl_flag' => $flag),
+                array('user_id = ?' => (int) $object->getId())
+            );
+        }
+
+        return $this;
+    }
+
     /**
      * Unserializes user extra data
      *

app/code/core/Mage/Admin/Model/Session.php

@@ -31,6 +31,11 @@
  * @category    Mage
  * @package     Mage_Admin
  * @author      Magento Core Team <core@magentocommerce.com>
+ *
+ * @method Mage_Admin_Model_User getUser()
+ * @method $this setUser(Mage_Admin_Model_User $user)
+ * @method Mage_Admin_Model_Acl getAcl()
+ * @method $this setAcl(Mage_Admin_Model_Acl $acl)
  */
 class Mage_Admin_Model_Session extends Mage_Core_Model_Session_Abstract
 {
@@ -186,8 +191,7 @@ public function refreshAcl($user = null)
             $this->setAcl(Mage::getResourceModel('admin/acl')->loadAcl());
         }
         if ($user->getReloadAclFlag()) {
-            $user->unsetData('password');
-            $user->setReloadAclFlag('0')->save();
+            $user->getResource()->saveReloadAclFlag($user, 0);
         }
         return $this;
     }

app/code/core/Mage/Admin/Model/User.php

@@ -66,6 +66,10 @@ class Mage_Admin_Model_User extends Mage_Core_Model_Abstract
     const XML_PATH_FORGOT_EMAIL_TEMPLATE    = 'admin/emails/forgot_email_template';
     const XML_PATH_FORGOT_EMAIL_IDENTITY    = 'admin/emails/forgot_email_identity';
     const XML_PATH_STARTUP_PAGE             = 'admin/startup/page';
+
+    /** Configuration paths for notifications */
+    const XML_PATH_ADDITIONAL_EMAILS             = 'general/additional_notification_emails/admin_user_create';
+    const XML_PATH_NOTIFICATION_EMAILS_TEMPLATE  = 'admin/emails/admin_notification_email_template';
     /**#@-*/
 
     /**
@@ -692,4 +696,53 @@ protected function _getDateNow($dayOnly = false)
     {
         return now($dayOnly);
     }
+
+    /**
+     * Send notification to general Contact and additional emails when new admin user created.
+     * You can declare additional emails in Mage_Core general/additional_notification_emails/admin_user_create node.
+     *
+     * @param $user
+     * @return $this
+     */
+    public function sendAdminNotification($user)
+    {
+        // define general contact Name and Email
+        $generalContactName = Mage::getStoreConfig('trans_email/ident_general/name');
+        $generalContactEmail = Mage::getStoreConfig('trans_email/ident_general/email');
+
+        // collect general and additional emails
+        $emails = $this->getUserCreateAdditionalEmail();
+        $emails[] = $generalContactEmail;
+
+        /** @var $mailer Mage_Core_Model_Email_Template_Mailer */
+        $mailer    = Mage::getModel('core/email_template_mailer');
+        $emailInfo = Mage::getModel('core/email_info');
+        $emailInfo->addTo(array_filter($emails), $generalContactName);
+        $mailer->addEmailInfo($emailInfo);
+
+        // Set all required params and send emails
+        $mailer->setSender(array(
+            'name'  => $generalContactName,
+            'email' => $generalContactEmail,
+        ));
+        $mailer->setStoreId(0);
+        $mailer->setTemplateId(Mage::getStoreConfig(self::XML_PATH_NOTIFICATION_EMAILS_TEMPLATE));
+        $mailer->setTemplateParams(array(
+            'user' => $user,
+        ));
+        $mailer->send();
+
+        return $this;
+    }
+
+    /**
+     * Get additional emails for notification from config.
+     *
+     * @return array
+     */
+    public function getUserCreateAdditionalEmail()
+    {
+        $emails = str_replace(' ', '', Mage::getStoreConfig(self::XML_PATH_ADDITIONAL_EMAILS));
+        return explode(',', $emails);
+    }
 }

app/code/core/Mage/Admin/etc/config.xml

@@ -84,6 +84,7 @@
         <admin>
             <emails>
                 <forgot_email_template>admin_emails_forgot_email_template</forgot_email_template>
+                <admin_notification_email_template>admin_emails_admin_notification_email_template</admin_notification_email_template>
                 <forgot_email_identity>general</forgot_email_identity>
                 <password_reset_link_expiration_period>2</password_reset_link_expiration_period>
             </emails>

app/code/core/Mage/Adminhtml/Block/Catalog/Product/Edit/Tab/Super/Config.php

@@ -154,6 +154,7 @@ public function getAttributesJson()
         } else {
             // Hide price if needed
             foreach ($attributes as &$attribute) {
+                $attribute['label'] = $this->escapeHtml($attribute['label']);
                 if (isset($attribute['values']) && is_array($attribute['values'])) {
                     foreach ($attribute['values'] as &$attributeValue) {
                         if (!$this->getCanReadPrice()) {

app/code/core/Mage/Adminhtml/Block/Sales/Order/Create/Header.php

@@ -41,10 +41,10 @@ protected function _toHtml()
         $storeId    = $this->getStoreId();
         $out = '';
         if ($customerId && $storeId) {
-            $out.= Mage::helper('sales')->__('Create New Order for %s in %s', $this->getCustomer()->getName(), $this->getStore()->getName());
+            $out.= Mage::helper('sales')->__('Create New Order for %s in %s - %s', $this->getCustomer()->getName(), $this->getStore()->getWebsite()->getName(), $this->getStore()->getName());
         }
         elseif (!is_null($customerId) && $storeId){
-            $out.= Mage::helper('sales')->__('Create New Order for New Customer in %s', $this->getStore()->getName());
+            $out.= Mage::helper('sales')->__('Create New Order for New Customer in %s - %s', $this->getStore()->getWebsite()->getName(), $this->getStore()->getName());
         }
         elseif ($customerId) {
             $out.= Mage::helper('sales')->__('Create New Order for %s', $this->getCustomer()->getName());

app/code/core/Mage/Adminhtml/Block/Widget/Grid/Massaction/Abstract.php

@@ -190,7 +190,7 @@ public function getGridJsObjectName()
     public function getSelectedJson()
     {
         if($selected = $this->getRequest()->getParam($this->getFormFieldNameInternal())) {
-            $selected = explode(',', $selected);
+            $selected = explode(',', $this->quoteEscape($selected));
             return join(',', $selected);
         } else {
             return '';
@@ -205,7 +205,7 @@ public function getSelectedJson()
     public function getSelected()
     {
         if($selected = $this->getRequest()->getParam($this->getFormFieldNameInternal())) {
-            $selected = explode(',', $selected);
+            $selected = explode(',', $this->quoteEscape($selected));
             return $selected;
         } else {
             return array();