Merge branch 'OpenMage:1.9.4.x' into fix-issues-with-product-category…

…-rewrites

.github/PULL_REQUEST_TEMPLATE.md

@@ -43,3 +43,11 @@
  - [ ] Pull request has a meaningful description of its purpose
  - [ ] All commits are accompanied by meaningful commit messages
  - [ ] All automated tests passed successfully (all builds are green)
+ - [ ] Add yourself to contributors list
+ <!--- 
+    Install: `yarn add --dev all-contributors-cli`
+    Add yourself: `yarn all-contributors add @YOUR_NAME <types>`
+    This updates `.all-contributorsrc, README.md` and commits this changes automatically
+    contribution types: code, doc, design
+    See other contributions type at https://allcontributors.org/docs/en/emoji-key
+ -->

.github/changelog/version_19.txt

@@ -1,6 +1,196 @@
 
-
-## v19.4.10 - unreleased
+## v19.4.16 - unreleased
+
+## v19.4.15 - 2021-08-26
+
+2 security updates
+
+CVE-2021-32758 - GHSA-26rr-v2j2-25fh - Layout XML Arbitrary Code Fix
+CVE-2021-32759 - GHSA-xm9f-vxmx-4m58 - Data Flow Sanitation Issue Fi
+
+more updates:
+
+#1478 make composer validation workflow use --strict
+#1687 Removed phpdoc to parent doc take effect
+Bump Version - align version with 20.0 branch
+#1698 Do not load product when it is already loaded
+#1715 Fix as attribute for cookie notice
+#1402 fix ArgumentCountError: array_merge_recursive()
+#1713 Fix retrun type of getColumn in Column_Renderer_Interface
+#1254 Fix undefined offset on redis session
+#1692 Add events list
+#1670 Updated new events in README.md.
+#1689 Fixed phpdoc of Mage_Core_Model_Resource_Db_Collection_Abstract::addExpressionFieldToSelect
+#1665 Removed deprecated flash js (AC_RunActiveContent.js)
+#1718 Handle empty Order increment prefix
+#1684 Enforce specific PNG compression level of 9
+#1628 Do not load captcha.js when disabled
+#1637 Grid range filter - optimize SQL query when from === to
+#1720 rewrite isTableExists for performance reasons
+#1733 fixes regression introduced by PR 1720
+#1746 Fixed phpdoc of Varien_Data_Collection_Db::getSelectSql
+#1711 Allow BASE_URL to be overridden by environment in install script.
+#1449 Add support for maintenance mode bypass via maintenance.ip file
+#1541 Move ahead commits from 1.9.3.x (#447)
+#1541 Move ahead commits from 1.9.3.x (#583)
+#1541 Move ahead commits from 1.9.3.x (#575)
+#1755 removed space after "To" in backend grids
+#1725 Log exception on api
+#1701 Code style (endif)
+#1594 Invalidate reset password token when user changes password.
+#1724 Add event sales_order_creditmemo_refund_before
+#1262 Add instruction to add him-/herself to contributors list.
+#1743 Fixed docblock in addStatusHistoryComment().
+#574 Mark indexProcess as STATUS_REQUIRE_REINDEX; it is cleared after
+#1197 Add redis, and specify in more details + add php7.4 mention
+#1243 Added proof of stability stack
+#1627 Fix README.md contributors badge
+#1380 Add check to avoid js error
+#1676 Add OpenMage version to API 'magento.info'.
+#1760 Update contributors list
+#1770 Add int casting in getLogCleanTime
+#1797 Phpdoc of Mage_Core_Model_Session_Abstract_Varien
+
+
+## v19.4.14 - 2021-06-25
+
+#1202 Fix #1190 - Fix the "$_FILES array is empty" exception when assiging products to a category or creating a category with the XMLRPC-API
+#1227 modified nav-bar padding to prevent the search box hiding menu items
+#1326 Fix notice when there are no sales rules for a given situation
+#1443 Log Exception the right way in Session, no need for custom message formatting anymore
+#1505 Fix the deprecation problem of idn_to_ascii() since php7.2
+#1484 Fix unserialization error when saving dataflow advanced profile.
+#1483 Mage_Core_Model_Abstract: Fix rollback when Throwable is thrown in save/delete method
+#1466 Improve error message of product required option by including option …
+#1035 Code style (endif endforeach endfor and more)
+#1577 Code style (endif and break)
+#1575 Product qty is incremented when comment is added on a Credit Memo from SOAP API v2
+#1557 Mark invoice as last when dummy items included
+#1554 Fix Coments in .htaccess
+#1571 Reduce getId calls
+#1565 Log exceptions when generating images
+#1582 Reset array on product reset
+#1598 fixed twitter share link, issue 1595
+#1591 removed magento logo in demo notice
+#1494 Update default USPS endpoint to HTTPS schema
+#1448 Remove _isDownloader flag
+#1481 DEV: add docker-dde setup
+#1534 Cleanup of getMimeType()
+#1384 Add icons in admin (icon-head)
+#1568 Fixes for #1564 and #1289
+- #1564 Checkout - Agreement content when empty (Terms and Conditions)
+- #1289 Wrong attributes order in comparison window
+#1593 fix documentation updateAttributeGroup()
+#640 add some logging for errors during paypal response validation
+#1169 do not connect to write adapter when getting the read adapter (#1167 )
+#1255 Change lowest PHP version to 7
+#1616 Revert "cleanup - remove orphan js/jscolor/* from XmlConnect package (#1436)" - as its used by MageWorx Advanced Product Options
+#1613 Fix getChildren must be compatible with SimpleXMLElement with PHP 8
+#1392 Fix PHP8 Deprecated: Required parameter $A follows optional parameter
+#1183 Fixes cloning of a collection by also cloning the internal select object
+#802 Fix widgets layout handle on edit
+#1416 Page title for credit memo and shipment
+#1644 Fix fatal error - getRegionCollection() - issue #713
+#1588 Update report.php
+#1674 Resolves the PHP 7 error: Declaration of Mage_Tag_Model_Api_V2::items($productId, $store) should be compatible with Mage_Tag_Model_Api::items($productId, $store = NULL)
+
+
+## v19.4.13 - 2021-04-20
+
+2 security updates
+
+CVE-2021-21426 - GHSA-m496-x567-f98c - Fixing a bug in Zend Framework's Stream HTTP Wrapper
+CVE-2021-21427 - GHSA-fvrf-9428-527m - Security Update for SQLi for Magento 2 (a backport of CVE-2021-3007 of laminas-http)
+
+more updates:
+
+#1531 Throw an Exception in resource model if column not exists, instead of E_NOTICE
+#1454 Fix doc getCountry - returning string instead of int
+#1545 Re-add LICENSE.html because of errors during install process (#1542, #1160)
+#1540 Fix PHP8 error in App.php: method_exists() now throws an exception if the first argument is not string|object
+#1391 Fixes core and lib issues for PHP 8.0 compatibility
+#1552 Revert update to Prototype serialize method that breaks OpenMage functionality / Can not select multiple statuses with Prototype 1.7.3 in Reports (#1549, #1497)
+
+
+## v19.4.12 - 2021-04-06
+
+#1459 make Mage::getOpenMageVersionInfo() more stable for the release process
+#1468 fix markup in README.md
+#1469 Delete RELEASE_NOTES.txt
+#1436 Remove orphan js/jscolor
+#1201 Fix wrong payment info template paths
+#1439 Fixed syntax error ytheme-magento.css
+#1473 Fix integrity constraint violation when order is canceled (#1220 #1472)
+#1424 Ascending alphabetical sort for Attribute Set Name
+#1464 Updated composer.json branch alias (#1160 #1460)
+#194 fix paypal IPN postback response parsing
+#1446 Better error handling when store is disabled
+#1404 [BUGFIX] Count doesn't work with group by columns. This fix keeps the group by
+#1365 Updating phpstorm meta files with magerun 2.1.0
+#1156 Removed observer adminhtml_sales_order_create_create_order (#1154)
+#1358 Add a new event `adminhtml_block_widget_tabs_html_before`, for adding custom tab (#879)
+#1445 make Developer Mode controllable by environment variable for all execution paths
+#1302 Fix a bug where product media upload via API was not possible anymore (#1178 #1125 #666)
+#1485 New event "init_form_values_after" after data set on a form
+#1394 Replace alias methods (#986)
+#1480 Add checkout agreement position, closes #1288
+#1406 Mage_Rss - DOC block update
+#1398 Simplified true/false
+#1496 Mage_Core_Model_Translate: Removed unused local variable
+#1051 Add features from N98 layout helper (#321 #336 #416)
+#1276 Fix array_key_exists on objects (deprecated notice or fatal error)
+#1495 Removed unnecessary replacing of variable from parent
+#1456 Correct password length message grammar
+#1291 Removed redundant if statement
+#1324 Notification_Security block - private to protected for easier extending
+#1309 Removed unnecessary joins for global attributes
+#1497 Upgrade prototype to version 1.7.3
+#1450 Fixed CRLF to LF
+#1455 Massaction items - removed unused switch
+#1467 _exportIterateCollection performance optimization
+
+
+## v19.4.11 - 2021-02-14
+
+#1248 mark trigger_recollect before collectTotals
+#1418 Fix regression in configuration scope code. Refs #1417
+#1281 remove-reference-to-magentocommerce
+#1383 Remove latest occurrences of XmlConnect
+#1429 Revert "Removed 2 unneeded function calls. Local var is already there."
+Ignore media/captcha directory.
+#1412 Update static-code-analyses.yml
+#1441 Fixed menu cursor
+#1160 Updated README.md, closes #985 #992
+#1407 Reduced multiple dispatch events in login form for other themes.
+
+
+## v19.4.10 - 2021-01-21
+
+
+3 security updates
+
+GHSA-jrgf-vfw2-hj26 CMS Editor code execution
+GHSA-hj6w-xrv3-wjj9 Widget instances allows a hacker to inject an executable file on the server
+GHSA-99m6-r53j-4hh2 Layout XML RCE Vulnerability
+
+More Changes:
+#1246 Adds support for "SameSite" cookie property
+#1356 Fixed return type of Mage_Adminhtml_Block_System_Config_Form::_canShowField
+#1275 Add start & stop commands to ddev setup in readme
+#1273 Update static-code-analyses.yml
+#1206 Reduced multiple dispatch events in login form.
+#1140 Github Action Labeler Bot
+#1337 Allow rewrite of Mage_Core_Model_File_Validator_Image
+#1086 Allow debug in admin
+#1378 Declare two variables
+#1330 Allow min pass length to 5 during login
+#1373 Removed 2 unneeded function calls. Local var is already there.
+#1390 Fix class name and filename for case sensitive filesystems
+#1336 Fix getId() on bool when primary billing address is null
+#1370 Fixed adminhtml boxes.css fieldset-wide for note.
+#1168 New event "adminhtml_sales_order_create_save_before" when editing an order.
+#1393 Fixes PHP7.4 deprecated nested ternary operators
+#1403 TypeError: round(): Argument #1 ($num) must be of type int|float
 
 ## v19.4.9 - 2020-12-29
 
@@ -259,4 +449,3 @@ Additionally:
 
 
 ## before
-