Skip to content
This repository has been archived by the owner on Mar 27, 2019. It is now read-only.

Commit

Permalink
Merge pull request #44 from infabo/magento-1.9.2.4-SUPEE-8788
Browse files Browse the repository at this point in the history 
apply SUPEE-8788
  • Loading branch information
Aleksey Razbakov authored Oct 13, 2016
2 parents f542f08 + 31f0b94 commit 86fa789
Show file tree
Hide file tree
Showing 80 changed files with 3,450 additions and 1,137 deletions.
26 changes: 16 additions & 10 deletions app/code/core/Mage/Adminhtml/Block/Catalog/Product/Helper/Form/Gallery/Content.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,12 @@
*/
class Mage_Adminhtml_Block_Catalog_Product_Helper_Form_Gallery_Content extends Mage_Adminhtml_Block_Widget
{
/**
* Type of uploader block
*
* @var string
*/
protected $_uploaderType = 'uploader/multiple';

public function __construct()
{
Expand All @@ -44,17 +50,17 @@ public function __construct()
protected function _prepareLayout()
{
$this->setChild('uploader',
$this->getLayout()->createBlock('adminhtml/media_uploader')
$this->getLayout()->createBlock($this->_uploaderType)
);

$this->getUploader()->getConfig()
->setUrl(Mage::getModel('adminhtml/url')->addSessionParam()->getUrl('*/catalog_product_gallery/upload'))
->setFileField('image')
->setFilters(array(
'images' => array(
'label' => Mage::helper('adminhtml')->__('Images (.gif, .jpg, .png)'),
'files' => array('*.gif', '*.jpg','*.jpeg', '*.png')
)
$this->getUploader()->getUploaderConfig()
->setFileParameterName('image')
->setTarget(Mage::getModel('adminhtml/url')->addSessionParam()->getUrl('*/catalog_product_gallery/upload'));

$browseConfig = $this->getUploader()->getButtonConfig();
$browseConfig
->setAttributes(array(
'accept' => $browseConfig->getMimeTypesByExtensions('gif, png, jpeg, jpg')
));

Mage::dispatchEvent('catalog_product_gallery_prepare_layout', array('block' => $this));
Expand All @@ -65,7 +71,7 @@ protected function _prepareLayout()
/**
* Retrive uploader block
*
* @return Mage_Adminhtml_Block_Media_Uploader
* @return Mage_Uploader_Block_Multiple
*/
public function getUploader()
{
Expand Down
29 changes: 12 additions & 17 deletions app/code/core/Mage/Adminhtml/Block/Cms/Wysiwyg/Images/Content/Uploader.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,29 +31,24 @@
* @package Mage_Adminhtml
* @author Magento Core Team <[email protected]>
*/
class Mage_Adminhtml_Block_Cms_Wysiwyg_Images_Content_Uploader extends Mage_Adminhtml_Block_Media_Uploader
class Mage_Adminhtml_Block_Cms_Wysiwyg_Images_Content_Uploader extends Mage_Uploader_Block_Multiple
{
/**
* Uploader block constructor
*/
public function __construct()
{
parent::__construct();
$params = $this->getConfig()->getParams();
$type = $this->_getMediaType();
$allowed = Mage::getSingleton('cms/wysiwyg_images_storage')->getAllowedExtensions($type);
$labels = array();
$files = array();
foreach ($allowed as $ext) {
$labels[] = '.' . $ext;
$files[] = '*.' . $ext;
}
$this->getConfig()
->setUrl(Mage::getModel('adminhtml/url')->addSessionParam()->getUrl('*/*/upload', array('type' => $type)))
->setParams($params)
->setFileField('image')
->setFilters(array(
'images' => array(
'label' => $this->helper('cms')->__('Images (%s)', implode(', ', $labels)),
'files' => $files
)
$this->getUploaderConfig()
->setFileParameterName('image')
->setTarget(
Mage::getModel('adminhtml/url')->addSessionParam()->getUrl('*/*/upload', array('type' => $type))
);
$this->getButtonConfig()
->setAttributes(array(
'accept' => $this->getButtonConfig()->getMimeTypesByExtensions($allowed)
));
}

Expand Down
191 changes: 11 additions & 180 deletions app/code/core/Mage/Adminhtml/Block/Media/Uploader.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,189 +31,20 @@
* @package Mage_Adminhtml
* @author Magento Core Team <[email protected]>
*/
class Mage_Adminhtml_Block_Media_Uploader extends Mage_Adminhtml_Block_Widget
{

protected $_config;

public function __construct()
{
parent::__construct();
$this->setId($this->getId() . '_Uploader');
$this->setTemplate('media/uploader.phtml');
$this->getConfig()->setUrl(Mage::getModel('adminhtml/url')->addSessionParam()->getUrl('*/*/upload'));
$this->getConfig()->setParams(array('form_key' => $this->getFormKey()));
$this->getConfig()->setFileField('file');
$this->getConfig()->setFilters(array(
'images' => array(
'label' => Mage::helper('adminhtml')->__('Images (.gif, .jpg, .png)'),
'files' => array('*.gif', '*.jpg', '*.png')
),
'media' => array(
'label' => Mage::helper('adminhtml')->__('Media (.avi, .flv, .swf)'),
'files' => array('*.avi', '*.flv', '*.swf')
),
'all' => array(
'label' => Mage::helper('adminhtml')->__('All Files'),
'files' => array('*.*')
)
));
}

protected function _prepareLayout()
{
$this->setChild(
'browse_button',
$this->getLayout()->createBlock('adminhtml/widget_button')
->addData(array(
'id' => $this->_getButtonId('browse'),
'label' => Mage::helper('adminhtml')->__('Browse Files...'),
'type' => 'button',
'onclick' => $this->getJsObjectName() . '.browse()'
))
);

$this->setChild(
'upload_button',
$this->getLayout()->createBlock('adminhtml/widget_button')
->addData(array(
'id' => $this->_getButtonId('upload'),
'label' => Mage::helper('adminhtml')->__('Upload Files'),
'type' => 'button',
'onclick' => $this->getJsObjectName() . '.upload()'
))
);

$this->setChild(
'delete_button',
$this->getLayout()->createBlock('adminhtml/widget_button')
->addData(array(
'id' => '{{id}}-delete',
'class' => 'delete',
'type' => 'button',
'label' => Mage::helper('adminhtml')->__('Remove'),
'onclick' => $this->getJsObjectName() . '.removeFile(\'{{fileId}}\')'
))
);

return parent::_prepareLayout();
}

protected function _getButtonId($buttonName)
{
return $this->getHtmlId() . '-' . $buttonName;
}

public function getBrowseButtonHtml()
{
return $this->getChildHtml('browse_button');
}

public function getUploadButtonHtml()
{
return $this->getChildHtml('upload_button');
}

public function getDeleteButtonHtml()
{
return $this->getChildHtml('delete_button');
}

/**
* Retrive uploader js object name
*
* @return string
*/
public function getJsObjectName()
{
return $this->getHtmlId() . 'JsObject';
}

/**
* Retrive config json
*
* @return string
*/
public function getConfigJson()
{
return Mage::helper('core')->jsonEncode($this->getConfig()->getData());
}

/**
* Retrive config object
*
* @return Varien_Config
*/
public function getConfig()
{
if(is_null($this->_config)) {
$this->_config = new Varien_Object();
}

return $this->_config;
}

public function getPostMaxSize()
{
return ini_get('post_max_size');
}

public function getUploadMaxSize()
{
return ini_get('upload_max_filesize');
}

public function getDataMaxSize()
{
return min($this->getPostMaxSize(), $this->getUploadMaxSize());
}

public function getDataMaxSizeInBytes()
{
$iniSize = $this->getDataMaxSize();
$size = substr($iniSize, 0, strlen($iniSize)-1);
$parsedSize = 0;
switch (strtolower(substr($iniSize, strlen($iniSize)-1))) {
case 't':
$parsedSize = $size*(1024*1024*1024*1024);
break;
case 'g':
$parsedSize = $size*(1024*1024*1024);
break;
case 'm':
$parsedSize = $size*(1024*1024);
break;
case 'k':
$parsedSize = $size*1024;
break;
case 'b':
default:
$parsedSize = $size;
break;
}
return $parsedSize;
}

/**
* @deprecated
* Class Mage_Adminhtml_Block_Media_Uploader
*/
class Mage_Adminhtml_Block_Media_Uploader extends Mage_Uploader_Block_Multiple
{
/**
* Retrieve full uploader SWF's file URL
* Implemented to solve problem with cross domain SWFs
* Now uploader can be only in the same URL where backend located
*
* @param string $url url to uploader in current theme
*
* @return string full URL
* Constructor for uploader block
*/
public function getUploaderUrl($url)
public function __construct()
{
if (!is_string($url)) {
$url = '';
}
$design = Mage::getDesign();
$theme = $design->getTheme('skin');
if (empty($url) || !$design->validateFile($url, array('_type' => 'skin', '_theme' => $theme))) {
$theme = $design->getDefaultTheme();
}
return Mage::getBaseUrl(Mage_Core_Model_Store::URL_TYPE_WEB) . 'skin/' .
$design->getArea() . '/' . $design->getPackageName() . '/' . $theme . '/' . $url;
parent::__construct();
$this->getUploaderConfig()->setTarget(Mage::getModel('adminhtml/url')->addSessionParam()->getUrl('*/*/upload'));
$this->getUploaderConfig()->setFileParameterName('file');
}
}
2 changes: 1 addition & 1 deletion app/code/core/Mage/Adminhtml/Block/Urlrewrite/Category/Tree.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,7 @@ protected function _getNodesArray($node)
'parent_id' => (int)$node->getParentId(),
'children_count' => (int)$node->getChildrenCount(),
'is_active' => (bool)$node->getIsActive(),
'name' => $node->getName(),
'name' => $this->escapeHtml($node->getName()),
'level' => (int)$node->getLevel(),
'product_count' => (int)$node->getProductCount()
);
Expand Down
13 changes: 11 additions & 2 deletions app/code/core/Mage/Adminhtml/Model/System/Config/Backend/Serialized.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,8 +29,17 @@ class Mage_Adminhtml_Model_System_Config_Backend_Serialized extends Mage_Core_Mo
protected function _afterLoad()
{
if (!is_array($this->getValue())) {
$value = $this->getValue();
$this->setValue(empty($value) ? false : unserialize($value));
$serializedValue = $this->getValue();
$unserializedValue = false;
if (!empty($serializedValue)) {
try {
$unserializedValue = Mage::helper('core/unserializeArray')
->unserialize($serializedValue);
} catch (Exception $e) {
Mage::logException($e);
}
}
$this->setValue($unserializedValue);
}
}

Expand Down
2 changes: 1 addition & 1 deletion app/code/core/Mage/Adminhtml/controllers/DashboardController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,7 @@ public function tunnelAction()
$gaHash = $this->getRequest()->getParam('h');
if ($gaData && $gaHash) {
$newHash = Mage::helper('adminhtml/dashboard_data')->getChartDataHash($gaData);
if ($newHash == $gaHash) {
if (hash_equals($newHash, $gaHash)) {
$params = json_decode(base64_decode(urldecode($gaData)), true);
if ($params) {
$response = $httpClient->setUri(Mage_Adminhtml_Block_Dashboard_Graph::API_URL)
Expand Down
2 changes: 1 addition & 1 deletion app/code/core/Mage/Adminhtml/controllers/IndexController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -391,7 +391,7 @@ protected function _validateResetPasswordLinkToken($userId, $resetPasswordLinkTo
}

$userToken = $user->getRpToken();
if (strcmp($userToken, $resetPasswordLinkToken) != 0 || $user->isResetPasswordLinkTokenExpired()) {
if (!hash_equals($userToken, $resetPasswordLinkToken) || $user->isResetPasswordLinkTokenExpired()) {
throw Mage::exception('Mage_Core', Mage::helper('adminhtml')->__('Your password reset link has expired.'));
}
}
Expand Down
2 changes: 1 addition & 1 deletion app/code/core/Mage/Adminhtml/controllers/Media/UploaderController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ public function indexAction()
{
$this->loadLayout();
$this->_addContent(
$this->getLayout()->createBlock('adminhtml/media_uploader')
$this->getLayout()->createBlock('uploader/multiple')
);
$this->renderLayout();
}
Expand Down
9 changes: 8 additions & 1 deletion app/code/core/Mage/Catalog/Helper/Image.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ class Mage_Catalog_Helper_Image extends Mage_Core_Helper_Abstract
{
const XML_NODE_PRODUCT_BASE_IMAGE_WIDTH = 'catalog/product_image/base_width';
const XML_NODE_PRODUCT_SMALL_IMAGE_WIDTH = 'catalog/product_image/small_width';
const XML_NODE_PRODUCT_MAX_DIMENSION = 'catalog/product_image/max_dimension';

/**
* Current model
Expand Down Expand Up @@ -634,10 +635,16 @@ public function getOriginalSizeArray()
* @throws Mage_Core_Exception
*/
public function validateUploadFile($filePath) {
if (!getimagesize($filePath)) {
$maxDimension = Mage::getStoreConfig(self::XML_NODE_PRODUCT_MAX_DIMENSION);
$imageInfo = getimagesize($filePath);
if (!$imageInfo) {
Mage::throwException($this->__('Disallowed file type.'));
}

if ($imageInfo[0] > $maxDimension || $imageInfo[1] > $maxDimension) {
Mage::throwException($this->__('Disalollowed file format.'));
}

$_processor = new Varien_Image($filePath);
return $_processor->getMimeType() !== null;
}
Expand Down
1 change: 1 addition & 0 deletions app/code/core/Mage/Catalog/etc/config.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -807,6 +807,7 @@
<product_image>
<base_width>1800</base_width>
<small_width>210</small_width>
<max_dimension>5000</max_dimension>
</product_image>
<seo>
<product_url_suffix>.html</product_url_suffix>
Expand Down
9 changes: 9 additions & 0 deletions app/code/core/Mage/Catalog/etc/system.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -211,6 +211,15 @@
<show_in_website>1</show_in_website>
<show_in_store>1</show_in_store>
</small_width>
<max_dimension translate="label comment">
<label>Maximum resolution for upload image</label>
<comment>Maximum width and height resolutions for upload image</comment>
<frontend_type>text</frontend_type>
<sort_order>30</sort_order>
<show_in_default>1</show_in_default>
<show_in_website>1</show_in_website>
<show_in_store>1</show_in_store>
</max_dimension>
</fields>
</product_image>
<placeholder translate="label">
Expand Down
Loading

0 comments on commit 86fa789

Please sign in to comment.