Skip to content
This repository has been archived by the owner on Mar 27, 2019. It is now read-only.

Patch 9767 applied #60

Open
wants to merge 1 commit into
base: magento-1.9.3.2
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions app/code/core/Mage/Admin/Model/Session.php
Original file line number Diff line number Diff line change
Expand Up @@ -138,6 +138,9 @@ public function login($username, $password, $request = null)
Mage::throwException(Mage::helper('adminhtml')->__('Invalid User Name or Password.'));
}
} catch (Mage_Core_Exception $e) {
$e->setMessage(
Mage::helper('adminhtml')->__('You did not sign in correctly or your account is temporarily disabled.')
);
Mage::dispatchEvent('admin_session_user_login_failed',
array('user_name' => $username, 'exception' => $e));
if ($request && !$request->getParam('messageSent')) {
Expand Down
52 changes: 52 additions & 0 deletions app/code/core/Mage/Adminhtml/Block/Checkout/Formkey.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
<?php
/**
* Magento Enterprise Edition
*
* NOTICE OF LICENSE
*
* This source file is subject to the Magento Enterprise Edition End User License Agreement
* that is bundled with this package in the file LICENSE_EE.txt.
* It is also available through the world-wide-web at this URL:
* http://www.magento.com/license/enterprise-edition
* If you did not receive a copy of the license and are unable to
* obtain it through the world-wide-web, please send an email
* to license@magento.com so we can send you a copy immediately.
*
* DISCLAIMER
*
* Do not edit or add to this file if you wish to upgrade Magento to newer
* versions in the future. If you wish to customize Magento for your
* needs please refer to http://www.magento.com for more information.
*
* @category Mage
* @package Mage_Admin
* @copyright Copyright (c) 2006-2017 X.commerce, Inc. and affiliates (http://www.magento.com)
* @license http://www.magento.com/license/enterprise-edition
*/

/**
* Class Mage_Adminhtml_Block_Checkout_Formkey
*/
class Mage_Adminhtml_Block_Checkout_Formkey extends Mage_Adminhtml_Block_Template
{
/**
* Check form key validation on checkout.
* If disabled, show notice.
*
* @return boolean
*/
public function canShow()
{
return !Mage::getStoreConfigFlag('admin/security/validate_formkey_checkout');
}

/**
* Get url for edit Advanced -> Admin section
*
* @return string
*/
public function getSecurityAdminUrl()
{
return Mage::helper("adminhtml")->getUrl('adminhtml/system_config/edit/section/admin');
}
}
36 changes: 36 additions & 0 deletions app/code/core/Mage/Adminhtml/Block/Notification/Symlink.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
<?php
/**
* Magento Enterprise Edition
*
* NOTICE OF LICENSE
*
* This source file is subject to the Magento Enterprise Edition End User License Agreement
* that is bundled with this package in the file LICENSE_EE.txt.
* It is also available through the world-wide-web at this URL:
* http://www.magento.com/license/enterprise-edition
* If you did not receive a copy of the license and are unable to
* obtain it through the world-wide-web, please send an email
* to license@magento.com so we can send you a copy immediately.
*
* DISCLAIMER
*
* Do not edit or add to this file if you wish to upgrade Magento to newer
* versions in the future. If you wish to customize Magento for your
* needs please refer to http://www.magento.com for more information.
*
* @category Mage
* @package Mage_Admin
* @copyright Copyright (c) 2006-2017 X.commerce, Inc. and affiliates (http://www.magento.com)
* @license http://www.magento.com/license/enterprise-edition
*/

class Mage_Adminhtml_Block_Notification_Symlink extends Mage_Adminhtml_Block_Template
{
/**
* @return bool
*/
public function isSymlinkEnabled()
{
return Mage::getStoreConfigFlag(self::XML_PATH_TEMPLATE_ALLOW_SYMLINK);
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -146,11 +146,11 @@ public function setValue($value)
if (isset($value['locale'])) {
if (!empty($value['from'])) {
$value['orig_from'] = $value['from'];
$value['from'] = $this->_convertDate($value['from'], $value['locale']);
$value['from'] = $this->_convertDate($this->stripTags($value['from']), $value['locale']);
}
if (!empty($value['to'])) {
$value['orig_to'] = $value['to'];
$value['to'] = $this->_convertDate($value['to'], $value['locale']);
$value['to'] = $this->_convertDate($this->stripTags($value['to']), $value['locale']);
}
}
if (empty($value['from']) && empty($value['to'])) {
Expand Down
3 changes: 3 additions & 0 deletions app/code/core/Mage/Adminhtml/Model/Config/Data.php
Original file line number Diff line number Diff line change
Expand Up @@ -167,6 +167,9 @@ public function save()
if (is_object($fieldConfig)) {
$configPath = (string)$fieldConfig->config_path;
if (!empty($configPath) && strrpos($configPath, '/') > 0) {
if (!Mage::getSingleton('admin/session')->isAllowed($configPath)) {
Mage::throwException('Access denied.');
}
// Extend old data with specified section group
$groupPath = substr($configPath, 0, strrpos($configPath, '/'));
if (!isset($oldConfigAdditionalGroups[$groupPath])) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,11 @@ public function uploadAction()
Mage::helper('catalog/image'), 'validateUploadFile');
$uploader->setAllowRenameFiles(true);
$uploader->setFilesDispersion(true);
$uploader->addValidateCallback(
Mage_Core_Model_File_Validator_Image::NAME,
Mage::getModel('core/file_validator_image'),
'validate'
);
$result = $uploader->save(
Mage::getSingleton('catalog/product_media_config')->getBaseTmpMediaPath()
);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -233,6 +233,12 @@ public function addressesPostAction()
$this->_redirect('*/multishipping_address/newShipping');
return;
}

if ($this->isFormkeyValidationOnCheckoutEnabled() && !$this->_validateFormKey()) {
$this->_redirect('*/*/addresses');
return;
}

try {
if ($this->getRequest()->getParam('continue', false)) {
$this->_getCheckout()->setCollectRatesFlag(true);
Expand Down Expand Up @@ -353,6 +359,11 @@ public function backToShippingAction()
*/
public function shippingPostAction()
{
if ($this->isFormkeyValidationOnCheckoutEnabled() && !$this->_validateFormKey()) {
$this->_redirect('*/*/shipping');
return;
}

$shippingMethods = $this->getRequest()->getPost('shipping_method');
try {
Mage::dispatchEvent(
Expand Down Expand Up @@ -462,6 +473,11 @@ public function overviewAction()
return $this;
}

if ($this->isFormkeyValidationOnCheckoutEnabled() && !$this->_validateFormKey()) {
$this->_redirect('*/*/billing');
return;
}

$this->_getState()->setActiveStep(Mage_Checkout_Model_Type_Multishipping_State::STEP_OVERVIEW);

try {
Expand Down
25 changes: 25 additions & 0 deletions app/code/core/Mage/Checkout/controllers/OnepageController.php
Original file line number Diff line number Diff line change
Expand Up @@ -349,6 +349,11 @@ public function saveMethodAction()
if ($this->_expireAjax()) {
return;
}

if ($this->isFormkeyValidationOnCheckoutEnabled() && !$this->_validateFormKey()) {
return;
}

if ($this->getRequest()->isPost()) {
$method = $this->getRequest()->getPost('method');
$result = $this->getOnepage()->saveCheckoutMethod($method);
Expand All @@ -364,6 +369,11 @@ public function saveBillingAction()
if ($this->_expireAjax()) {
return;
}

if ($this->isFormkeyValidationOnCheckoutEnabled() && !$this->_validateFormKey()) {
return;
}

if ($this->getRequest()->isPost()) {
$data = $this->getRequest()->getPost('billing', array());
$customerAddressId = $this->getRequest()->getPost('billing_address_id', false);
Expand Down Expand Up @@ -406,6 +416,11 @@ public function saveShippingAction()
if ($this->_expireAjax()) {
return;
}

if ($this->isFormkeyValidationOnCheckoutEnabled() && !$this->_validateFormKey()) {
return;
}

if ($this->getRequest()->isPost()) {
$data = $this->getRequest()->getPost('shipping', array());
$customerAddressId = $this->getRequest()->getPost('shipping_address_id', false);
Expand All @@ -430,6 +445,11 @@ public function saveShippingMethodAction()
if ($this->_expireAjax()) {
return;
}

if ($this->isFormkeyValidationOnCheckoutEnabled() && !$this->_validateFormKey()) {
return;
}

if ($this->getRequest()->isPost()) {
$data = $this->getRequest()->getPost('shipping_method', '');
$result = $this->getOnepage()->saveShippingMethod($data);
Expand Down Expand Up @@ -464,6 +484,11 @@ public function savePaymentAction()
if ($this->_expireAjax()) {
return;
}

if ($this->isFormkeyValidationOnCheckoutEnabled() && !$this->_validateFormKey()) {
return;
}

try {
if (!$this->getRequest()->isPost()) {
$this->_ajaxRedirectResponse();
Expand Down
18 changes: 18 additions & 0 deletions app/code/core/Mage/Checkout/etc/system.xml
Original file line number Diff line number Diff line change
Expand Up @@ -232,5 +232,23 @@
</payment_failed>
</groups>
</checkout>
<admin>
<groups>
<security>
<fields>
<validate_formkey_checkout translate="label comment">
<label>Enable Form Key Validation On Checkout</label>
<frontend_type>select</frontend_type>
<source_model>adminhtml/system_config_source_yesno</source_model>
<sort_order>4</sort_order>
<comment><![CDATA[<strong style="color:red">Important!</strong> Enabling this option means
that your custom templates used in checkout process contain form_key output.
Otherwise checkout may not work.]]></comment>
<show_in_default>1</show_in_default>
</validate_formkey_checkout>
</fields>
</security>
</groups>
</admin>
</sections>
</config>
5 changes: 5 additions & 0 deletions app/code/core/Mage/Cms/Model/Wysiwyg/Images/Storage.php
Original file line number Diff line number Diff line change
Expand Up @@ -283,6 +283,11 @@ public function uploadFile($targetPath, $type = null)
}
$uploader->setAllowRenameFiles(true);
$uploader->setFilesDispersion(false);
$uploader->addValidateCallback(
Mage_Core_Model_File_Validator_Image::NAME,
Mage::getModel('core/file_validator_image'),
'validate'
);
$result = $uploader->save($targetPath);

if (!$result) {
Expand Down
10 changes: 10 additions & 0 deletions app/code/core/Mage/Core/Controller/Front/Action.php
Original file line number Diff line number Diff line change
Expand Up @@ -188,4 +188,14 @@ protected function _isFormKeyEnabled()
{
return Mage::getStoreConfigFlag(self::XML_CSRF_USE_FLAG_CONFIG_PATH);
}

/**
* Check if form_key validation enabled on checkout process
*
* @return bool
*/
protected function isFormkeyValidationOnCheckoutEnabled()
{
return Mage::getStoreConfigFlag('admin/security/validate_formkey_checkout');
}
}
5 changes: 4 additions & 1 deletion app/code/core/Mage/Core/Controller/Request/Http.php
Original file line number Diff line number Diff line change
Expand Up @@ -148,7 +148,10 @@ public function setPathInfo($pathInfo = null)
$baseUrl = $this->getBaseUrl();
$pathInfo = substr($requestUri, strlen($baseUrl));

if ((null !== $baseUrl) && (false === $pathInfo)) {
if ($baseUrl && $pathInfo && (0 !== stripos($pathInfo, '/'))) {
$pathInfo = '';
$this->setActionName('noRoute');
} elseif ((null !== $baseUrl) && (false === $pathInfo)) {
$pathInfo = '';
} elseif (null === $baseUrl) {
$pathInfo = $requestUri;
Expand Down
32 changes: 27 additions & 5 deletions app/code/core/Mage/Core/Model/File/Validator/Image.php
Original file line number Diff line number Diff line change
Expand Up @@ -88,10 +88,33 @@ public function setAllowedImageTypes(array $imageFileExtensions = array())
*/
public function validate($filePath)
{
$fileInfo = getimagesize($filePath);
if (is_array($fileInfo) and isset($fileInfo[2])) {
if ($this->isImageType($fileInfo[2])) {
return null;
list($imageWidth, $imageHeight, $fileType) = getimagesize($filePath);
if ($fileType) {
if ($this->isImageType($fileType)) {
//replace tmp image with re-sampled copy to exclude images with malicious data
$image = imagecreatefromstring(file_get_contents($filePath));
if ($image !== false) {
$img = imagecreatetruecolor($imageWidth, $imageHeight);
imagecopyresampled($img, $image, 0, 0, 0, 0, $imageWidth, $imageHeight, $imageWidth, $imageHeight);
switch ($fileType) {
case IMAGETYPE_GIF:
imagegif($img, $filePath);
break;
case IMAGETYPE_JPEG:
imagejpeg($img, $filePath, 100);
break;
case IMAGETYPE_PNG:
imagepng($img, $filePath);
break;
default:
return;
}
imagedestroy($img);
imagedestroy($image);
return null;
} else {
throw Mage::exception('Mage_Core', Mage::helper('core')->__('Invalid image.'));
}
}
}
throw Mage::exception('Mage_Core', Mage::helper('core')->__('Invalid MIME type.'));
Expand All @@ -106,5 +129,4 @@ protected function isImageType($nImageType)
{
return in_array($nImageType, $this->_allowedImageTypes);
}

}
20 changes: 0 additions & 20 deletions app/code/core/Mage/Core/etc/system.xml
Original file line number Diff line number Diff line change
Expand Up @@ -597,26 +597,6 @@
</template_hints_blocks>
</fields>
</debug>
<template translate="label">
<label>Template Settings</label>
<frontend_type>text</frontend_type>
<sort_order>25</sort_order>
<show_in_default>1</show_in_default>
<show_in_website>1</show_in_website>
<show_in_store>1</show_in_store>
<fields>
<allow_symlink translate="label comment">
<label>Allow Symlinks</label>
<frontend_type>select</frontend_type>
<source_model>adminhtml/system_config_source_yesno</source_model>
<sort_order>10</sort_order>
<show_in_default>1</show_in_default>
<show_in_website>1</show_in_website>
<show_in_store>1</show_in_store>
<comment>Warning! Enabling this feature is not recommended on production environments because it represents a potential security risk.</comment>
</allow_symlink>
</fields>
</template>
<translate_inline translate="label">
<label>Translate Inline</label>
<frontend_type>text</frontend_type>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,9 @@ public function getResource()
if (!$this->_resource) {
$this->_resource = Zend_Cache::factory($this->getVar('frontend', 'Core'), $this->getVar('backend', 'File'));
}
if ($this->_resource->getBackend() instanceof Zend_Cache_Backend_Static) {
throw new Exception(Mage::helper('dataflow')->__('Backend name "Static" not supported.'));
}
return $this->_resource;
}

Expand Down
Loading