Merge pull request #75 from SnowCommerceBrand/magento-1.9.3.8

Applied SUPEE-10570 v2

app/code/core/Mage/Adminhtml/controllers/CustomerController.php

@@ -333,7 +333,6 @@ public function saveAction()
                 // Force new customer confirmation
                 if ($isNewCustomer) {
                     $customer->setPassword($data['account']['password']);
-                    $customer->setPasswordCreatedAt(time());
                     $customer->setForceConfirmed(true);
                     if ($customer->getPassword() == 'auto') {
                         $sendPassToEmail = true;

app/code/core/Mage/Core/Model/Session/Abstract/Varien.php

@@ -33,7 +33,6 @@ class Mage_Core_Model_Session_Abstract_Varien extends Varien_Object
     const VALIDATOR_HTTP_VIA_KEY                = 'http_via';
     const VALIDATOR_REMOTE_ADDR_KEY             = 'remote_addr';
     const VALIDATOR_SESSION_EXPIRE_TIMESTAMP    = 'session_expire_timestamp';
-    const VALIDATOR_PASSWORD_CREATE_TIMESTAMP   = 'password_create_timestamp';
     const SECURE_COOKIE_CHECK_KEY               = '_secure_cookie_check';
 
     /**
@@ -394,16 +393,6 @@ public function useValidateSessionExpire()
         return $this->getCookie()->getLifetime() > 0;
     }
 
-    /**
-     * Use password creation timestamp in validator key
-     *
-     * @return bool
-     */
-    public function useValidateSessionPasswordTimestamp()
-    {
-        return true;
-    }
-
     /**
      * Retrieve skip User Agent validation strings (Flash etc)
      *
@@ -481,14 +470,6 @@ protected function _validate()
             $this->_data[self::VALIDATOR_KEY][self::VALIDATOR_SESSION_EXPIRE_TIMESTAMP]
                 = $validatorData[self::VALIDATOR_SESSION_EXPIRE_TIMESTAMP];
         }
-        if ($this->useValidateSessionPasswordTimestamp()
-            && isset($validatorData[self::VALIDATOR_PASSWORD_CREATE_TIMESTAMP])
-            && isset($sessionData[self::VALIDATOR_SESSION_EXPIRE_TIMESTAMP])
-            && $validatorData[self::VALIDATOR_PASSWORD_CREATE_TIMESTAMP]
-            > $sessionData[self::VALIDATOR_SESSION_EXPIRE_TIMESTAMP] - $this->getCookie()->getLifetime()
-        ) {
-            return false;
-        }
 
         return true;
     }
@@ -525,11 +506,6 @@ public function getValidatorData()
 
         $parts[self::VALIDATOR_SESSION_EXPIRE_TIMESTAMP] = time() + $this->getCookie()->getLifetime();
 
-        if (isset($this->_data['visitor_data']['customer_id'])) {
-            $parts[self::VALIDATOR_PASSWORD_CREATE_TIMESTAMP] =
-                Mage::helper('customer')->getPasswordTimestamp($this->_data['visitor_data']['customer_id']);
-        }
-
         return $parts;
     }
 

app/code/core/Mage/Customer/Helper/Data.php

@@ -722,23 +722,6 @@ public function getVatValidationUserMessage($customerAddress, $customerGroupAuto
         return $validationMessageEnvelope;
     }
 
-    /**
-     * Get customer password creation timestamp or customer account creation timestamp
-     *
-     * @param $customerId
-     * @return int
-     */
-    public function getPasswordTimestamp($customerId)
-    {
-        /** @var $customer Mage_Customer_Model_Customer */
-        $customer = Mage::getModel('customer/customer')
-            ->setWebsiteId(Mage::app()->getStore()->getWebsiteId())
-            ->load((int)$customerId);
-        $passwordCreatedAt = $customer->getPasswordCreatedAt();
-
-        return is_null($passwordCreatedAt) ? $customer->getCreatedAtTimestamp() : $passwordCreatedAt;
-    }
-
     /**
      * Create SOAP client based on VAT validation service WSDL
      *

app/code/core/Mage/Customer/Model/Resource/Customer.php

@@ -235,9 +235,8 @@ public function loadByEmail(Mage_Customer_Model_Customer $customer, $email, $tes
      */
     public function changePassword(Mage_Customer_Model_Customer $customer, $newPassword)
     {
-        $customer->setPassword($newPassword)->setPasswordCreatedAt(time());
+        $customer->setPassword($newPassword);
         $this->saveAttribute($customer, 'password_hash');
-        $this->saveAttribute($customer, 'password_created_at');
         return $this;
     }
 

app/code/core/Mage/Customer/controllers/AccountController.php

@@ -298,7 +298,6 @@ public function createPostAction()
 
             if (empty($errors)) {
                 $customer->cleanPasswordsValidationData();
-                $customer->setPasswordCreatedAt(time());
                 $customer->save();
                 $this->_dispatchRegisterSuccess($customer);
                 $this->_successProcessRegistration($customer);
@@ -866,7 +865,6 @@ public function resetPasswordPostAction()
             $customer->setRpToken(null);
             $customer->setRpTokenCreatedAt(null);
             $customer->cleanPasswordsValidationData();
-            $customer->setPasswordCreatedAt(time());
             $customer->save();
 
             $this->_getSession()->unsetData(self::TOKEN_SESSION_NAME);
@@ -1011,7 +1009,6 @@ public function editPostAction()
 
             try {
                 $customer->cleanPasswordsValidationData();
-                $customer->setPasswordCreatedAt(time());
 
                 // Reset all password reset tokens if all data was sufficient and correct on email change
                 if ($customer->getIsChangeEmail()) {

app/etc/applied.patches.list

@@ -0,0 +1,8 @@
+2018-04-10 20:23:55 UTC | SUPEE-10570_CE_v1.9.3.8 | CE_1.9.3.8 | v1 | 9d4a4788d8c8380da1937c223301b4f70e643b57 | Fri Mar 16 13:10:50 2018 +0200 | ce-1.9.3.8-dev
+patching file app/code/core/Mage/Adminhtml/controllers/CustomerController.php
+patching file app/code/core/Mage/Core/Model/Session/Abstract/Varien.php
+patching file app/code/core/Mage/Customer/Helper/Data.php
+patching file app/code/core/Mage/Customer/Model/Resource/Customer.php
+patching file app/code/core/Mage/Customer/controllers/AccountController.php
+
+