Skip to content

Instantly share code, notes, and snippets.

@lewalkingdad

lewalkingdad/README.md

Last active April 9, 2017 20:43
Show Gist options
  • Save lewalkingdad/4c123ecce0069918e006 to your computer and use it in GitHub Desktop.
Save lewalkingdad/4c123ecce0069918e006 to your computer and use it in GitHub Desktop.
Download ZIP
Magento Security Patch SUPEE-53XX.
Raw
README.md

##Patch SUPEE_53XX for almost every versions of Magento.

###Here is the mapping patch version - magento version

  • SUPEE_5344 : For magento 1.8.0.0 to Magento 1.9.1.0
  • SUPEE_5345 : For magento 1.7.0.2
  • SUPEE_5346 : For Magento 1.6.1.0
  • SUPEE_5341 : For Magento 1.6.0.0
  • SUPEE_5390 : For Magento 1.5.1.0
  • SUPEE_5388 : For Magento 1.4.0.0 to 1.5.0.1
Raw
SUPEE-5341 for magento 1.6.0.0
#!/bin/bash
# Patch apllying tool template
# v0.1.2
# (c) Copyright 2013. Magento Inc.
#
# DO NOT CHANGE ANY LINE IN THIS FILE.
# 1. Check required system tools
_check_installed_tools() {
local missed=""
until [ -z "$1" ]; do
type -t $1 >/dev/null 2>/dev/null
if (( $? != 0 )); then
missed="$missed $1"
fi
shift
done
echo $missed
}
REQUIRED_UTILS='sed patch'
MISSED_REQUIRED_TOOLS=`_check_installed_tools $REQUIRED_UTILS`
if (( `echo $MISSED_REQUIRED_TOOLS | wc -w` > 0 ));
then
echo -e "Error! Some required system tools, that are utilized in this sh script, are not installed:\nTool(s) \"$MISSED_REQUIRED_TOOLS\" is(are) missed, please install it(them)."
exit 1
fi
# 2. Determine bin path for system tools
CAT_BIN=`which cat`
PATCH_BIN=`which patch`
SED_BIN=`which sed`
PWD_BIN=`which pwd`
BASENAME_BIN=`which basename`
BASE_NAME=`$BASENAME_BIN "$0"`
# 3. Help menu
if [ "$1" = "-?" -o "$1" = "-h" -o "$1" = "--help" ]
then
$CAT_BIN << EOFH
Usage: sh $BASE_NAME [--help] [-R|--revert] [--list]
Apply embedded patch.
-R, --revert Revert previously applied embedded patch
--list Show list of applied patches
--help Show this help message
EOFH
exit 0
fi
# 4. Get "revert" flag and "list applied patches" flag
REVERT_FLAG=
SHOW_APPLIED_LIST=0
if [ "$1" = "-R" -o "$1" = "--revert" ]
then
REVERT_FLAG=-R
fi
if [ "$1" = "--list" ]
then
SHOW_APPLIED_LIST=1
fi
# 5. File pathes
CURRENT_DIR=`$PWD_BIN`/
APP_ETC_DIR=`echo "$CURRENT_DIR""app/etc/"`
APPLIED_PATCHES_LIST_FILE=`echo "$APP_ETC_DIR""applied.patches.list"`
# 6. Show applied patches list if requested
if [ "$SHOW_APPLIED_LIST" -eq 1 ] ; then
echo -e "Applied/reverted patches list:"
if [ -e "$APPLIED_PATCHES_LIST_FILE" ]
then
if [ ! -r "$APPLIED_PATCHES_LIST_FILE" ]
then
echo "ERROR: \"$APPLIED_PATCHES_LIST_FILE\" must be readable so applied patches list can be shown."
exit 1
else
$SED_BIN -n "/SUP-\|SUPEE-/p" $APPLIED_PATCHES_LIST_FILE
fi
else
echo "<empty>"
fi
exit 0
fi
# 7. Check applied patches track file and its directory
_check_files() {
if [ ! -e "$APP_ETC_DIR" ]
then
echo "ERROR: \"$APP_ETC_DIR\" must exist for proper tool work."
exit 1
fi
if [ ! -w "$APP_ETC_DIR" ]
then
echo "ERROR: \"$APP_ETC_DIR\" must be writeable for proper tool work."
exit 1
fi
if [ -e "$APPLIED_PATCHES_LIST_FILE" ]
then
if [ ! -w "$APPLIED_PATCHES_LIST_FILE" ]
then
echo "ERROR: \"$APPLIED_PATCHES_LIST_FILE\" must be writeable for proper tool work."
exit 1
fi
fi
}
_check_files
# 8. Apply/revert patch
# Note: there is no need to check files permissions for files to be patched.
# "patch" tool will not modify any file if there is not enough permissions for all files to be modified.
# Get start points for additional information and patch data
SKIP_LINES=$((`$SED_BIN -n "/^__PATCHFILE_FOLLOWS__$/=" "$CURRENT_DIR""$BASE_NAME"` + 1))
ADDITIONAL_INFO_LINE=$(($SKIP_LINES - 3))p
_apply_revert_patch() {
DRY_RUN_FLAG=
if [ "$1" = "dry-run" ]
then
DRY_RUN_FLAG=" --dry-run"
echo "Checking if patch can be applied/reverted successfully..."
fi
PATCH_APPLY_REVERT_RESULT=`$SED_BIN -e '1,/^__PATCHFILE_FOLLOWS__$/d' "$CURRENT_DIR""$BASE_NAME" | $PATCH_BIN $DRY_RUN_FLAG $REVERT_FLAG -p0`
PATCH_APPLY_REVERT_STATUS=$?
if [ $PATCH_APPLY_REVERT_STATUS -eq 1 ] ; then
echo -e "ERROR: Patch can't be applied/reverted successfully.\n\n$PATCH_APPLY_REVERT_RESULT"
exit 1
fi
if [ $PATCH_APPLY_REVERT_STATUS -eq 2 ] ; then
echo -e "ERROR: Patch can't be applied/reverted successfully."
exit 2
fi
}
REVERTED_PATCH_MARK=
if [ -n "$REVERT_FLAG" ]
then
REVERTED_PATCH_MARK=" | REVERTED"
fi
_apply_revert_patch dry-run
_apply_revert_patch
# 9. Track patch applying result
echo "Patch was applied/reverted successfully."
ADDITIONAL_INFO=`$SED_BIN -n ""$ADDITIONAL_INFO_LINE"" "$CURRENT_DIR""$BASE_NAME"`
APPLIED_REVERTED_ON_DATE=`date -u +"%F %T UTC"`
APPLIED_REVERTED_PATCH_INFO=`echo -n "$APPLIED_REVERTED_ON_DATE"" | ""$ADDITIONAL_INFO""$REVERTED_PATCH_MARK"`
echo -e "$APPLIED_REVERTED_PATCH_INFO\n$PATCH_APPLY_REVERT_RESULT\n\n" >> "$APPLIED_PATCHES_LIST_FILE"
exit 0
SUPEE-5341 | EE_1.11.0.0 | v1 | f2b879155e454a19b4c22d109139e4af36e20603 | Thu Feb 5 19:29:29 2015 +0200 | v1.11.0.0..HEAD
__PATCHFILE_FOLLOWS__
diff --git app/code/core/Mage/Admin/Model/Observer.php app/code/core/Mage/Admin/Model/Observer.php
index 23e243a..f22eba1 100644
--- app/code/core/Mage/Admin/Model/Observer.php
+++ app/code/core/Mage/Admin/Model/Observer.php
@@ -37,6 +37,10 @@ class Mage_Admin_Model_Observer
{
$session = Mage::getSingleton('admin/session');
/* @var $session Mage_Admin_Model_Session */
+
+ /**
+ * @var $request Mage_Core_Controller_Request_Http
+ */
$request = Mage::app()->getRequest();
$user = $session->getUser();
@@ -44,7 +48,7 @@ class Mage_Admin_Model_Observer
$request->setDispatched(true);
}
else {
- if($user) {
+ if ($user) {
$user->reload();
}
if (!$user || !$user->getId()) {
@@ -55,14 +59,15 @@ class Mage_Admin_Model_Observer
$user = $session->login($username, $password, $request);
$request->setPost('login', null);
}
- if (!$request->getParam('forwarded')) {
+ if (!$request->getInternallyForwarded()) {
+ $request->setInternallyForwarded();
if ($request->getParam('isIframe')) {
$request->setParam('forwarded', true)
->setControllerName('index')
->setActionName('deniedIframe')
->setDispatched(false);
}
- elseif($request->getParam('isAjax')) {
+ elseif ($request->getParam('isAjax')) {
$request->setParam('forwarded', true)
->setControllerName('index')
->setActionName('deniedJson')
diff --git app/code/core/Mage/Core/Controller/Request/Http.php app/code/core/Mage/Core/Controller/Request/Http.php
index 368f392..951b8f0 100644
--- app/code/core/Mage/Core/Controller/Request/Http.php
+++ app/code/core/Mage/Core/Controller/Request/Http.php
@@ -76,6 +76,13 @@ class Mage_Core_Controller_Request_Http extends Zend_Controller_Request_Http
protected $_beforeForwardInfo = array();
/**
+ * Flag for recognizing if request internally forwarded
+ *
+ * @var bool
+ */
+ protected $_internallyForwarded = false;
+
+ /**
* Returns ORIGINAL_PATH_INFO.
* This value is calculated instead of reading PATH_INFO
* directly from $_SERVER due to cross-platform differences.
@@ -530,4 +537,26 @@ class Mage_Core_Controller_Request_Http extends Zend_Controller_Request_Http
}
return false;
}
+
+ /**
+ * Define that request was forwarded internally
+ *
+ * @param boolean $flag
+ * @return Mage_Core_Controller_Request_Http
+ */
+ public function setInternallyForwarded($flag = true)
+ {
+ $this->_internallyForwarded = (bool)$flag;
+ return $this;
+ }
+
+ /**
+ * Checks if request was forwarded internally
+ *
+ * @return bool
+ */
+ public function getInternallyForwarded()
+ {
+ return $this->_internallyForwarded;
+ }
}
diff --git lib/Varien/Db/Adapter/Pdo/Mysql.php lib/Varien/Db/Adapter/Pdo/Mysql.php
index 0e5d4e6..8f16141 100644
--- lib/Varien/Db/Adapter/Pdo/Mysql.php
+++ lib/Varien/Db/Adapter/Pdo/Mysql.php
@@ -2595,10 +2595,6 @@ class Varien_Db_Adapter_Pdo_Mysql extends Zend_Db_Adapter_Pdo_Mysql implements V
$query = '';
if (is_array($condition)) {
- if (isset($condition['field_expr'])) {
- $fieldName = str_replace('#?', $this->quoteIdentifier($fieldName), $condition['field_expr']);
- unset($condition['field_expr']);
- }
$key = key(array_intersect_key($condition, $conditionKeyMap));
if (isset($condition['from']) || isset($condition['to'])) {
Raw
SUPEE-5344 for magento 1.8 to 1.9
#!/bin/bash
# Patch apllying tool template
# v0.1.2
# (c) Copyright 2013. Magento Inc.
#
# DO NOT CHANGE ANY LINE IN THIS FILE.
# 1. Check required system tools
_check_installed_tools() {
local missed=""
until [ -z "$1" ]; do
type -t $1 >/dev/null 2>/dev/null
if (( $? != 0 )); then
missed="$missed $1"
fi
shift
done
echo $missed
}
REQUIRED_UTILS='sed patch'
MISSED_REQUIRED_TOOLS=`_check_installed_tools $REQUIRED_UTILS`
if (( `echo $MISSED_REQUIRED_TOOLS | wc -w` > 0 ));
then
echo -e "Error! Some required system tools, that are utilized in this sh script, are not installed:\nTool(s) \"$MISSED_REQUIRED_TOOLS\" is(are) missed, please install it(them)."
exit 1
fi
# 2. Determine bin path for system tools
CAT_BIN=`which cat`
PATCH_BIN=`which patch`
SED_BIN=`which sed`
PWD_BIN=`which pwd`
BASENAME_BIN=`which basename`
BASE_NAME=`$BASENAME_BIN "$0"`
# 3. Help menu
if [ "$1" = "-?" -o "$1" = "-h" -o "$1" = "--help" ]
then
$CAT_BIN << EOFH
Usage: sh $BASE_NAME [--help] [-R|--revert] [--list]
Apply embedded patch.
-R, --revert Revert previously applied embedded patch
--list Show list of applied patches
--help Show this help message
EOFH
exit 0
fi
# 4. Get "revert" flag and "list applied patches" flag
REVERT_FLAG=
SHOW_APPLIED_LIST=0
if [ "$1" = "-R" -o "$1" = "--revert" ]
then
REVERT_FLAG=-R
fi
if [ "$1" = "--list" ]
then
SHOW_APPLIED_LIST=1
fi
# 5. File pathes
CURRENT_DIR=`$PWD_BIN`/
APP_ETC_DIR=`echo "$CURRENT_DIR""app/etc/"`
APPLIED_PATCHES_LIST_FILE=`echo "$APP_ETC_DIR""applied.patches.list"`
# 6. Show applied patches list if requested
if [ "$SHOW_APPLIED_LIST" -eq 1 ] ; then
echo -e "Applied/reverted patches list:"
if [ -e "$APPLIED_PATCHES_LIST_FILE" ]
then
if [ ! -r "$APPLIED_PATCHES_LIST_FILE" ]
then
echo "ERROR: \"$APPLIED_PATCHES_LIST_FILE\" must be readable so applied patches list can be shown."
exit 1
else
$SED_BIN -n "/SUP-\|SUPEE-/p" $APPLIED_PATCHES_LIST_FILE
fi
else
echo "<empty>"
fi
exit 0
fi
# 7. Check applied patches track file and its directory
_check_files() {
if [ ! -e "$APP_ETC_DIR" ]
then
echo "ERROR: \"$APP_ETC_DIR\" must exist for proper tool work."
exit 1
fi
if [ ! -w "$APP_ETC_DIR" ]
then
echo "ERROR: \"$APP_ETC_DIR\" must be writeable for proper tool work."
exit 1
fi
if [ -e "$APPLIED_PATCHES_LIST_FILE" ]
then
if [ ! -w "$APPLIED_PATCHES_LIST_FILE" ]
then
echo "ERROR: \"$APPLIED_PATCHES_LIST_FILE\" must be writeable for proper tool work."
exit 1
fi
fi
}
_check_files
# 8. Apply/revert patch
# Note: there is no need to check files permissions for files to be patched.
# "patch" tool will not modify any file if there is not enough permissions for all files to be modified.
# Get start points for additional information and patch data
SKIP_LINES=$((`$SED_BIN -n "/^__PATCHFILE_FOLLOWS__$/=" "$CURRENT_DIR""$BASE_NAME"` + 1))
ADDITIONAL_INFO_LINE=$(($SKIP_LINES - 3))p
_apply_revert_patch() {
DRY_RUN_FLAG=
if [ "$1" = "dry-run" ]
then
DRY_RUN_FLAG=" --dry-run"
echo "Checking if patch can be applied/reverted successfully..."
fi
PATCH_APPLY_REVERT_RESULT=`$SED_BIN -e '1,/^__PATCHFILE_FOLLOWS__$/d' "$CURRENT_DIR""$BASE_NAME" | $PATCH_BIN $DRY_RUN_FLAG $REVERT_FLAG -p0`
PATCH_APPLY_REVERT_STATUS=$?
if [ $PATCH_APPLY_REVERT_STATUS -eq 1 ] ; then
echo -e "ERROR: Patch can't be applied/reverted successfully.\n\n$PATCH_APPLY_REVERT_RESULT"
exit 1
fi
if [ $PATCH_APPLY_REVERT_STATUS -eq 2 ] ; then
echo -e "ERROR: Patch can't be applied/reverted successfully."
exit 2
fi
}
REVERTED_PATCH_MARK=
if [ -n "$REVERT_FLAG" ]
then
REVERTED_PATCH_MARK=" | REVERTED"
fi
_apply_revert_patch dry-run
_apply_revert_patch
# 9. Track patch applying result
echo "Patch was applied/reverted successfully."
ADDITIONAL_INFO=`$SED_BIN -n ""$ADDITIONAL_INFO_LINE"" "$CURRENT_DIR""$BASE_NAME"`
APPLIED_REVERTED_ON_DATE=`date -u +"%F %T UTC"`
APPLIED_REVERTED_PATCH_INFO=`echo -n "$APPLIED_REVERTED_ON_DATE"" | ""$ADDITIONAL_INFO""$REVERTED_PATCH_MARK"`
echo -e "$APPLIED_REVERTED_PATCH_INFO\n$PATCH_APPLY_REVERT_RESULT\n\n" >> "$APPLIED_PATCHES_LIST_FILE"
exit 0
SUPEE-5344 | EE_1.14.1.0 | v1 | a5c9abcb6a387aabd6b33ebcb79f6b7a97bbde77 | Thu Feb 5 19:14:49 2015 +0200 | v1.14.1.0..HEAD
__PATCHFILE_FOLLOWS__
diff --git app/code/core/Mage/Admin/Model/Observer.php app/code/core/Mage/Admin/Model/Observer.php
index bd00181..6a5281c 100644
--- app/code/core/Mage/Admin/Model/Observer.php
+++ app/code/core/Mage/Admin/Model/Observer.php
@@ -44,6 +44,10 @@ class Mage_Admin_Model_Observer
{
$session = Mage::getSingleton('admin/session');
/** @var $session Mage_Admin_Model_Session */
+
+ /**
+ * @var $request Mage_Core_Controller_Request_Http
+ */
$request = Mage::app()->getRequest();
$user = $session->getUser();
@@ -58,7 +62,7 @@ class Mage_Admin_Model_Observer
if (in_array($requestedActionName, $openActions)) {
$request->setDispatched(true);
} else {
- if($user) {
+ if ($user) {
$user->reload();
}
if (!$user || !$user->getId()) {
@@ -69,13 +73,14 @@ class Mage_Admin_Model_Observer
$session->login($username, $password, $request);
$request->setPost('login', null);
}
- if (!$request->getParam('forwarded')) {
+ if (!$request->getInternallyForwarded()) {
+ $request->setInternallyForwarded();
if ($request->getParam('isIframe')) {
$request->setParam('forwarded', true)
->setControllerName('index')
->setActionName('deniedIframe')
->setDispatched(false);
- } elseif($request->getParam('isAjax')) {
+ } elseif ($request->getParam('isAjax')) {
$request->setParam('forwarded', true)
->setControllerName('index')
->setActionName('deniedJson')
diff --git app/code/core/Mage/Core/Controller/Request/Http.php app/code/core/Mage/Core/Controller/Request/Http.php
index 6513db9..31eb6d6 100644
--- app/code/core/Mage/Core/Controller/Request/Http.php
+++ app/code/core/Mage/Core/Controller/Request/Http.php
@@ -76,6 +76,13 @@ class Mage_Core_Controller_Request_Http extends Zend_Controller_Request_Http
protected $_beforeForwardInfo = array();
/**
+ * Flag for recognizing if request internally forwarded
+ *
+ * @var bool
+ */
+ protected $_internallyForwarded = false;
+
+ /**
* Returns ORIGINAL_PATH_INFO.
* This value is calculated instead of reading PATH_INFO
* directly from $_SERVER due to cross-platform differences.
@@ -534,4 +541,26 @@ class Mage_Core_Controller_Request_Http extends Zend_Controller_Request_Http
}
return false;
}
+
+ /**
+ * Define that request was forwarded internally
+ *
+ * @param boolean $flag
+ * @return Mage_Core_Controller_Request_Http
+ */
+ public function setInternallyForwarded($flag = true)
+ {
+ $this->_internallyForwarded = (bool)$flag;
+ return $this;
+ }
+
+ /**
+ * Checks if request was forwarded internally
+ *
+ * @return bool
+ */
+ public function getInternallyForwarded()
+ {
+ return $this->_internallyForwarded;
+ }
}
diff --git app/code/core/Mage/Oauth/controllers/Adminhtml/Oauth/AuthorizeController.php app/code/core/Mage/Oauth/controllers/Adminhtml/Oauth/AuthorizeController.php
index c30d273..36542f9 100644
--- app/code/core/Mage/Oauth/controllers/Adminhtml/Oauth/AuthorizeController.php
+++ app/code/core/Mage/Oauth/controllers/Adminhtml/Oauth/AuthorizeController.php
@@ -55,7 +55,7 @@ class Mage_Oauth_Adminhtml_Oauth_AuthorizeController extends Mage_Adminhtml_Cont
*/
public function preDispatch()
{
- $this->getRequest()->setParam('forwarded', true);
+ Mage::app()->getRequest()->setInternallyForwarded();
// check login data before it set null in Mage_Admin_Model_Observer::actionPreDispatchAdmin
$loginError = $this->_checkLoginIsEmpty();
diff --git app/code/core/Mage/XmlConnect/Model/Observer.php app/code/core/Mage/XmlConnect/Model/Observer.php
index e6cb947..36142ac 100644
--- app/code/core/Mage/XmlConnect/Model/Observer.php
+++ app/code/core/Mage/XmlConnect/Model/Observer.php
@@ -143,7 +143,7 @@ class Mage_XmlConnect_Model_Observer
/** @var $request Mage_Core_Controller_Request_Http */
$request = Mage::app()->getRequest();
if (true === $this->_checkAdminController($request, $event->getControllerAction())) {
- $request->setParam('forwarded', true)->setDispatched(true);
+ $request->setInternallyForwarded()->setDispatched(true);
}
}
@@ -160,7 +160,7 @@ class Mage_XmlConnect_Model_Observer
if (false === $this->_checkAdminController($request, $event->getControllerAction())
&& !Mage::getSingleton('admin/session')->isLoggedIn()
) {
- $request->setParam('forwarded', true)->setRouteName('adminhtml')->setControllerName('connect_user')
+ $request->setInternallyForwarded()->setRouteName('adminhtml')->setControllerName('connect_user')
->setActionName('loginform')->setDispatched(false);
}
}
diff --git lib/Varien/Db/Adapter/Pdo/Mysql.php lib/Varien/Db/Adapter/Pdo/Mysql.php
index 2226331..d1c6942 100644
--- lib/Varien/Db/Adapter/Pdo/Mysql.php
+++ lib/Varien/Db/Adapter/Pdo/Mysql.php
@@ -2834,10 +2834,6 @@ class Varien_Db_Adapter_Pdo_Mysql extends Zend_Db_Adapter_Pdo_Mysql implements V
$query = '';
if (is_array($condition)) {
- if (isset($condition['field_expr'])) {
- $fieldName = str_replace('#?', $this->quoteIdentifier($fieldName), $condition['field_expr']);
- unset($condition['field_expr']);
- }
$key = key(array_intersect_key($condition, $conditionKeyMap));
if (isset($condition['from']) || isset($condition['to'])) {
Raw
SUPEE-5345 for magento 1.7.0.2
#!/bin/bash
# Patch apllying tool template
# v0.1.2
# (c) Copyright 2013. Magento Inc.
#
# DO NOT CHANGE ANY LINE IN THIS FILE.
# 1. Check required system tools
_check_installed_tools() {
local missed=""
until [ -z "$1" ]; do
type -t $1 >/dev/null 2>/dev/null
if (( $? != 0 )); then
missed="$missed $1"
fi
shift
done
echo $missed
}
REQUIRED_UTILS='sed patch'
MISSED_REQUIRED_TOOLS=`_check_installed_tools $REQUIRED_UTILS`
if (( `echo $MISSED_REQUIRED_TOOLS | wc -w` > 0 ));
then
echo -e "Error! Some required system tools, that are utilized in this sh script, are not installed:\nTool(s) \"$MISSED_REQUIRED_TOOLS\" is(are) missed, please install it(them)."
exit 1
fi
# 2. Determine bin path for system tools
CAT_BIN=`which cat`
PATCH_BIN=`which patch`
SED_BIN=`which sed`
PWD_BIN=`which pwd`
BASENAME_BIN=`which basename`
BASE_NAME=`$BASENAME_BIN "$0"`
# 3. Help menu
if [ "$1" = "-?" -o "$1" = "-h" -o "$1" = "--help" ]
then
$CAT_BIN << EOFH
Usage: sh $BASE_NAME [--help] [-R|--revert] [--list]
Apply embedded patch.
-R, --revert Revert previously applied embedded patch
--list Show list of applied patches
--help Show this help message
EOFH
exit 0
fi
# 4. Get "revert" flag and "list applied patches" flag
REVERT_FLAG=
SHOW_APPLIED_LIST=0
if [ "$1" = "-R" -o "$1" = "--revert" ]
then
REVERT_FLAG=-R
fi
if [ "$1" = "--list" ]
then
SHOW_APPLIED_LIST=1
fi
# 5. File pathes
CURRENT_DIR=`$PWD_BIN`/
APP_ETC_DIR=`echo "$CURRENT_DIR""app/etc/"`
APPLIED_PATCHES_LIST_FILE=`echo "$APP_ETC_DIR""applied.patches.list"`
# 6. Show applied patches list if requested
if [ "$SHOW_APPLIED_LIST" -eq 1 ] ; then
echo -e "Applied/reverted patches list:"
if [ -e "$APPLIED_PATCHES_LIST_FILE" ]
then
if [ ! -r "$APPLIED_PATCHES_LIST_FILE" ]
then
echo "ERROR: \"$APPLIED_PATCHES_LIST_FILE\" must be readable so applied patches list can be shown."
exit 1
else
$SED_BIN -n "/SUP-\|SUPEE-/p" $APPLIED_PATCHES_LIST_FILE
fi
else
echo "<empty>"
fi
exit 0
fi
# 7. Check applied patches track file and its directory
_check_files() {
if [ ! -e "$APP_ETC_DIR" ]
then
echo "ERROR: \"$APP_ETC_DIR\" must exist for proper tool work."
exit 1
fi
if [ ! -w "$APP_ETC_DIR" ]
then
echo "ERROR: \"$APP_ETC_DIR\" must be writeable for proper tool work."
exit 1
fi
if [ -e "$APPLIED_PATCHES_LIST_FILE" ]
then
if [ ! -w "$APPLIED_PATCHES_LIST_FILE" ]
then
echo "ERROR: \"$APPLIED_PATCHES_LIST_FILE\" must be writeable for proper tool work."
exit 1
fi
fi
}
_check_files
# 8. Apply/revert patch
# Note: there is no need to check files permissions for files to be patched.
# "patch" tool will not modify any file if there is not enough permissions for all files to be modified.
# Get start points for additional information and patch data
SKIP_LINES=$((`$SED_BIN -n "/^__PATCHFILE_FOLLOWS__$/=" "$CURRENT_DIR""$BASE_NAME"` + 1))
ADDITIONAL_INFO_LINE=$(($SKIP_LINES - 3))p
_apply_revert_patch() {
DRY_RUN_FLAG=
if [ "$1" = "dry-run" ]
then
DRY_RUN_FLAG=" --dry-run"
echo "Checking if patch can be applied/reverted successfully..."
fi
PATCH_APPLY_REVERT_RESULT=`$SED_BIN -e '1,/^__PATCHFILE_FOLLOWS__$/d' "$CURRENT_DIR""$BASE_NAME" | $PATCH_BIN $DRY_RUN_FLAG $REVERT_FLAG -p0`
PATCH_APPLY_REVERT_STATUS=$?
if [ $PATCH_APPLY_REVERT_STATUS -eq 1 ] ; then
echo -e "ERROR: Patch can't be applied/reverted successfully.\n\n$PATCH_APPLY_REVERT_RESULT"
exit 1
fi
if [ $PATCH_APPLY_REVERT_STATUS -eq 2 ] ; then
echo -e "ERROR: Patch can't be applied/reverted successfully."
exit 2
fi
}
REVERTED_PATCH_MARK=
if [ -n "$REVERT_FLAG" ]
then
REVERTED_PATCH_MARK=" | REVERTED"
fi
_apply_revert_patch dry-run
_apply_revert_patch
# 9. Track patch applying result
echo "Patch was applied/reverted successfully."
ADDITIONAL_INFO=`$SED_BIN -n ""$ADDITIONAL_INFO_LINE"" "$CURRENT_DIR""$BASE_NAME"`
APPLIED_REVERTED_ON_DATE=`date -u +"%F %T UTC"`
APPLIED_REVERTED_PATCH_INFO=`echo -n "$APPLIED_REVERTED_ON_DATE"" | ""$ADDITIONAL_INFO""$REVERTED_PATCH_MARK"`
echo -e "$APPLIED_REVERTED_PATCH_INFO\n$PATCH_APPLY_REVERT_RESULT\n\n" >> "$APPLIED_PATCHES_LIST_FILE"
exit 0
SUPEE-5345 | EE_1.12.0.2 | v1 | 2d36f61cf684ed26286b6d10307fcb99dd47ff02 | Thu Feb 5 19:39:01 2015 +0200 | v1.12.0.2..HEAD
__PATCHFILE_FOLLOWS__
diff --git app/code/core/Mage/Admin/Model/Observer.php app/code/core/Mage/Admin/Model/Observer.php
index 2544df4..56411af 100644
--- app/code/core/Mage/Admin/Model/Observer.php
+++ app/code/core/Mage/Admin/Model/Observer.php
@@ -44,6 +44,10 @@ class Mage_Admin_Model_Observer
{
$session = Mage::getSingleton('admin/session');
/** @var $session Mage_Admin_Model_Session */
+
+ /**
+ * @var $request Mage_Core_Controller_Request_Http
+ */
$request = Mage::app()->getRequest();
$user = $session->getUser();
@@ -58,7 +62,7 @@ class Mage_Admin_Model_Observer
if (in_array($requestedActionName, $openActions)) {
$request->setDispatched(true);
} else {
- if($user) {
+ if ($user) {
$user->reload();
}
if (!$user || !$user->getId()) {
@@ -69,13 +73,14 @@ class Mage_Admin_Model_Observer
$session->login($username, $password, $request);
$request->setPost('login', null);
}
- if (!$request->getParam('forwarded')) {
+ if (!$request->getInternallyForwarded()) {
+ $request->setInternallyForwarded();
if ($request->getParam('isIframe')) {
$request->setParam('forwarded', true)
->setControllerName('index')
->setActionName('deniedIframe')
->setDispatched(false);
- } elseif($request->getParam('isAjax')) {
+ } elseif ($request->getParam('isAjax')) {
$request->setParam('forwarded', true)
->setControllerName('index')
->setActionName('deniedJson')
diff --git app/code/core/Mage/Core/Controller/Request/Http.php app/code/core/Mage/Core/Controller/Request/Http.php
index a7e8dbf..699e74b 100644
--- app/code/core/Mage/Core/Controller/Request/Http.php
+++ app/code/core/Mage/Core/Controller/Request/Http.php
@@ -76,6 +76,13 @@ class Mage_Core_Controller_Request_Http extends Zend_Controller_Request_Http
protected $_beforeForwardInfo = array();
/**
+ * Flag for recognizing if request internally forwarded
+ *
+ * @var bool
+ */
+ protected $_internallyForwarded = false;
+
+ /**
* Returns ORIGINAL_PATH_INFO.
* This value is calculated instead of reading PATH_INFO
* directly from $_SERVER due to cross-platform differences.
@@ -530,4 +537,26 @@ class Mage_Core_Controller_Request_Http extends Zend_Controller_Request_Http
}
return false;
}
+
+ /**
+ * Define that request was forwarded internally
+ *
+ * @param boolean $flag
+ * @return Mage_Core_Controller_Request_Http
+ */
+ public function setInternallyForwarded($flag = true)
+ {
+ $this->_internallyForwarded = (bool)$flag;
+ return $this;
+ }
+
+ /**
+ * Checks if request was forwarded internally
+ *
+ * @return bool
+ */
+ public function getInternallyForwarded()
+ {
+ return $this->_internallyForwarded;
+ }
}
diff --git app/code/core/Mage/Oauth/controllers/Adminhtml/Oauth/AuthorizeController.php app/code/core/Mage/Oauth/controllers/Adminhtml/Oauth/AuthorizeController.php
index a7f4655..eb1adf4 100644
--- app/code/core/Mage/Oauth/controllers/Adminhtml/Oauth/AuthorizeController.php
+++ app/code/core/Mage/Oauth/controllers/Adminhtml/Oauth/AuthorizeController.php
@@ -55,7 +55,7 @@ class Mage_Oauth_Adminhtml_Oauth_AuthorizeController extends Mage_Adminhtml_Cont
*/
public function preDispatch()
{
- $this->getRequest()->setParam('forwarded', true);
+ Mage::app()->getRequest()->setInternallyForwarded();
// check login data before it set null in Mage_Admin_Model_Observer::actionPreDispatchAdmin
$loginError = $this->_checkLoginIsEmpty();
diff --git lib/Varien/Db/Adapter/Pdo/Mysql.php lib/Varien/Db/Adapter/Pdo/Mysql.php
index 80ed9b5..a3d5924 100644
--- lib/Varien/Db/Adapter/Pdo/Mysql.php
+++ lib/Varien/Db/Adapter/Pdo/Mysql.php
@@ -2672,10 +2672,6 @@ class Varien_Db_Adapter_Pdo_Mysql extends Zend_Db_Adapter_Pdo_Mysql implements V
$query = '';
if (is_array($condition)) {
- if (isset($condition['field_expr'])) {
- $fieldName = str_replace('#?', $this->quoteIdentifier($fieldName), $condition['field_expr']);
- unset($condition['field_expr']);
- }
$key = key(array_intersect_key($condition, $conditionKeyMap));
if (isset($condition['from']) || isset($condition['to'])) {
Raw
SUPEE-5346 for magento 1.6.1.0
#!/bin/bash
# Patch apllying tool template
# v0.1.2
# (c) Copyright 2013. Magento Inc.
#
# DO NOT CHANGE ANY LINE IN THIS FILE.
# 1. Check required system tools
_check_installed_tools() {
local missed=""
until [ -z "$1" ]; do
type -t $1 >/dev/null 2>/dev/null
if (( $? != 0 )); then
missed="$missed $1"
fi
shift
done
echo $missed
}
REQUIRED_UTILS='sed patch'
MISSED_REQUIRED_TOOLS=`_check_installed_tools $REQUIRED_UTILS`
if (( `echo $MISSED_REQUIRED_TOOLS | wc -w` > 0 ));
then
echo -e "Error! Some required system tools, that are utilized in this sh script, are not installed:\nTool(s) \"$MISSED_REQUIRED_TOOLS\" is(are) missed, please install it(them)."
exit 1
fi
# 2. Determine bin path for system tools
CAT_BIN=`which cat`
PATCH_BIN=`which patch`
SED_BIN=`which sed`
PWD_BIN=`which pwd`
BASENAME_BIN=`which basename`
BASE_NAME=`$BASENAME_BIN "$0"`
# 3. Help menu
if [ "$1" = "-?" -o "$1" = "-h" -o "$1" = "--help" ]
then
$CAT_BIN << EOFH
Usage: sh $BASE_NAME [--help] [-R|--revert] [--list]
Apply embedded patch.
-R, --revert Revert previously applied embedded patch
--list Show list of applied patches
--help Show this help message
EOFH
exit 0
fi
# 4. Get "revert" flag and "list applied patches" flag
REVERT_FLAG=
SHOW_APPLIED_LIST=0
if [ "$1" = "-R" -o "$1" = "--revert" ]
then
REVERT_FLAG=-R
fi
if [ "$1" = "--list" ]
then
SHOW_APPLIED_LIST=1
fi
# 5. File pathes
CURRENT_DIR=`$PWD_BIN`/
APP_ETC_DIR=`echo "$CURRENT_DIR""app/etc/"`
APPLIED_PATCHES_LIST_FILE=`echo "$APP_ETC_DIR""applied.patches.list"`
# 6. Show applied patches list if requested
if [ "$SHOW_APPLIED_LIST" -eq 1 ] ; then
echo -e "Applied/reverted patches list:"
if [ -e "$APPLIED_PATCHES_LIST_FILE" ]
then
if [ ! -r "$APPLIED_PATCHES_LIST_FILE" ]
then
echo "ERROR: \"$APPLIED_PATCHES_LIST_FILE\" must be readable so applied patches list can be shown."
exit 1
else
$SED_BIN -n "/SUP-\|SUPEE-/p" $APPLIED_PATCHES_LIST_FILE
fi
else
echo "<empty>"
fi
exit 0
fi
# 7. Check applied patches track file and its directory
_check_files() {
if [ ! -e "$APP_ETC_DIR" ]
then
echo "ERROR: \"$APP_ETC_DIR\" must exist for proper tool work."
exit 1
fi
if [ ! -w "$APP_ETC_DIR" ]
then
echo "ERROR: \"$APP_ETC_DIR\" must be writeable for proper tool work."
exit 1
fi
if [ -e "$APPLIED_PATCHES_LIST_FILE" ]
then
if [ ! -w "$APPLIED_PATCHES_LIST_FILE" ]
then
echo "ERROR: \"$APPLIED_PATCHES_LIST_FILE\" must be writeable for proper tool work."
exit 1
fi
fi
}
_check_files
# 8. Apply/revert patch
# Note: there is no need to check files permissions for files to be patched.
# "patch" tool will not modify any file if there is not enough permissions for all files to be modified.
# Get start points for additional information and patch data
SKIP_LINES=$((`$SED_BIN -n "/^__PATCHFILE_FOLLOWS__$/=" "$CURRENT_DIR""$BASE_NAME"` + 1))
ADDITIONAL_INFO_LINE=$(($SKIP_LINES - 3))p
_apply_revert_patch() {
DRY_RUN_FLAG=
if [ "$1" = "dry-run" ]
then
DRY_RUN_FLAG=" --dry-run"
echo "Checking if patch can be applied/reverted successfully..."
fi
PATCH_APPLY_REVERT_RESULT=`$SED_BIN -e '1,/^__PATCHFILE_FOLLOWS__$/d' "$CURRENT_DIR""$BASE_NAME" | $PATCH_BIN $DRY_RUN_FLAG $REVERT_FLAG -p0`
PATCH_APPLY_REVERT_STATUS=$?
if [ $PATCH_APPLY_REVERT_STATUS -eq 1 ] ; then
echo -e "ERROR: Patch can't be applied/reverted successfully.\n\n$PATCH_APPLY_REVERT_RESULT"
exit 1
fi
if [ $PATCH_APPLY_REVERT_STATUS -eq 2 ] ; then
echo -e "ERROR: Patch can't be applied/reverted successfully."
exit 2
fi
}
REVERTED_PATCH_MARK=
if [ -n "$REVERT_FLAG" ]
then
REVERTED_PATCH_MARK=" | REVERTED"
fi
_apply_revert_patch dry-run
_apply_revert_patch
# 9. Track patch applying result
echo "Patch was applied/reverted successfully."
ADDITIONAL_INFO=`$SED_BIN -n ""$ADDITIONAL_INFO_LINE"" "$CURRENT_DIR""$BASE_NAME"`
APPLIED_REVERTED_ON_DATE=`date -u +"%F %T UTC"`
APPLIED_REVERTED_PATCH_INFO=`echo -n "$APPLIED_REVERTED_ON_DATE"" | ""$ADDITIONAL_INFO""$REVERTED_PATCH_MARK"`
echo -e "$APPLIED_REVERTED_PATCH_INFO\n$PATCH_APPLY_REVERT_RESULT\n\n" >> "$APPLIED_PATCHES_LIST_FILE"
exit 0
SUPEE-5346 | EE_1.11.1.0 | v1 | 08e4b6cd424a9603d24d16cf8b57e11301fa8528 | Thu Feb 5 20:06:56 2015 +0200 | v1.11.1.0..HEAD
__PATCHFILE_FOLLOWS__
diff --git app/code/core/Mage/Admin/Model/Observer.php app/code/core/Mage/Admin/Model/Observer.php
index cb2aa4f..ef3020c 100644
--- app/code/core/Mage/Admin/Model/Observer.php
+++ app/code/core/Mage/Admin/Model/Observer.php
@@ -43,6 +43,10 @@ class Mage_Admin_Model_Observer
{
$session = Mage::getSingleton('admin/session');
/** @var $session Mage_Admin_Model_Session */
+
+ /**
+ * @var $request Mage_Core_Controller_Request_Http
+ */
$request = Mage::app()->getRequest();
$user = $session->getUser();
@@ -56,7 +60,7 @@ class Mage_Admin_Model_Observer
if (in_array($requestedActionName, $openActions)) {
$request->setDispatched(true);
} else {
- if($user) {
+ if ($user) {
$user->reload();
}
if (!$user || !$user->getId()) {
@@ -67,13 +71,14 @@ class Mage_Admin_Model_Observer
$user = $session->login($username, $password, $request);
$request->setPost('login', null);
}
- if (!$request->getParam('forwarded')) {
+ if (!$request->getInternallyForwarded()) {
+ $request->setInternallyForwarded();
if ($request->getParam('isIframe')) {
$request->setParam('forwarded', true)
->setControllerName('index')
->setActionName('deniedIframe')
->setDispatched(false);
- } elseif($request->getParam('isAjax')) {
+ } elseif ($request->getParam('isAjax')) {
$request->setParam('forwarded', true)
->setControllerName('index')
->setActionName('deniedJson')
diff --git app/code/core/Mage/Core/Controller/Request/Http.php app/code/core/Mage/Core/Controller/Request/Http.php
index 368f392..123e89e 100644
--- app/code/core/Mage/Core/Controller/Request/Http.php
+++ app/code/core/Mage/Core/Controller/Request/Http.php
@@ -76,6 +76,13 @@ class Mage_Core_Controller_Request_Http extends Zend_Controller_Request_Http
protected $_beforeForwardInfo = array();
/**
+ * Flag for recognizing if request internally forwarded
+ *
+ * @var bool
+ */
+ protected $_internallyForwarded = false;
+
+ /**
* Returns ORIGINAL_PATH_INFO.
* This value is calculated instead of reading PATH_INFO
* directly from $_SERVER due to cross-platform differences.
@@ -530,4 +537,27 @@ class Mage_Core_Controller_Request_Http extends Zend_Controller_Request_Http
}
return false;
}
+
+ /**
+ * Define that request was forwarded internally
+ *
+ * @param boolean $flag
+ * @return Mage_Core_Controller_Request_Http
+ */
+ public function setInternallyForwarded($flag = true)
+ {
+ $this->_internallyForwarded = (bool)$flag;
+ return $this;
+ }
+
+ /**
+ * Checks if request was forwarded internally
+ *
+ * @return bool
+ */
+ public function getInternallyForwarded()
+ {
+ return $this->_internallyForwarded;
+ }
+
}
diff --git lib/Varien/Db/Adapter/Pdo/Mysql.php lib/Varien/Db/Adapter/Pdo/Mysql.php
index 7b903df..a688695 100644
--- lib/Varien/Db/Adapter/Pdo/Mysql.php
+++ lib/Varien/Db/Adapter/Pdo/Mysql.php
@@ -2651,10 +2651,6 @@ class Varien_Db_Adapter_Pdo_Mysql extends Zend_Db_Adapter_Pdo_Mysql implements V
$query = '';
if (is_array($condition)) {
- if (isset($condition['field_expr'])) {
- $fieldName = str_replace('#?', $this->quoteIdentifier($fieldName), $condition['field_expr']);
- unset($condition['field_expr']);
- }
$key = key(array_intersect_key($condition, $conditionKeyMap));
if (isset($condition['from']) || isset($condition['to'])) {
Raw
SUPEE-5388 for magento 1.4.0.0 to 1.5.0.1
#!/bin/bash
# Patch apllying tool template
# v0.1.2
# (c) Copyright 2013. Magento Inc.
#
# DO NOT CHANGE ANY LINE IN THIS FILE.
# 1. Check required system tools
_check_installed_tools() {
local missed=""
until [ -z "$1" ]; do
type -t $1 >/dev/null 2>/dev/null
if (( $? != 0 )); then
missed="$missed $1"
fi
shift
done
echo $missed
}
REQUIRED_UTILS='sed patch'
MISSED_REQUIRED_TOOLS=`_check_installed_tools $REQUIRED_UTILS`
if (( `echo $MISSED_REQUIRED_TOOLS | wc -w` > 0 ));
then
echo -e "Error! Some required system tools, that are utilized in this sh script, are not installed:\nTool(s) \"$MISSED_REQUIRED_TOOLS\" is(are) missed, please install it(them)."
exit 1
fi
# 2. Determine bin path for system tools
CAT_BIN=`which cat`
PATCH_BIN=`which patch`
SED_BIN=`which sed`
PWD_BIN=`which pwd`
BASENAME_BIN=`which basename`
BASE_NAME=`$BASENAME_BIN "$0"`
# 3. Help menu
if [ "$1" = "-?" -o "$1" = "-h" -o "$1" = "--help" ]
then
$CAT_BIN << EOFH
Usage: sh $BASE_NAME [--help] [-R|--revert] [--list]
Apply embedded patch.
-R, --revert Revert previously applied embedded patch
--list Show list of applied patches
--help Show this help message
EOFH
exit 0
fi
# 4. Get "revert" flag and "list applied patches" flag
REVERT_FLAG=
SHOW_APPLIED_LIST=0
if [ "$1" = "-R" -o "$1" = "--revert" ]
then
REVERT_FLAG=-R
fi
if [ "$1" = "--list" ]
then
SHOW_APPLIED_LIST=1
fi
# 5. File pathes
CURRENT_DIR=`$PWD_BIN`/
APP_ETC_DIR=`echo "$CURRENT_DIR""app/etc/"`
APPLIED_PATCHES_LIST_FILE=`echo "$APP_ETC_DIR""applied.patches.list"`
# 6. Show applied patches list if requested
if [ "$SHOW_APPLIED_LIST" -eq 1 ] ; then
echo -e "Applied/reverted patches list:"
if [ -e "$APPLIED_PATCHES_LIST_FILE" ]
then
if [ ! -r "$APPLIED_PATCHES_LIST_FILE" ]
then
echo "ERROR: \"$APPLIED_PATCHES_LIST_FILE\" must be readable so applied patches list can be shown."
exit 1
else
$SED_BIN -n "/SUP-\|SUPEE-/p" $APPLIED_PATCHES_LIST_FILE
fi
else
echo "<empty>"
fi
exit 0
fi
# 7. Check applied patches track file and its directory
_check_files() {
if [ ! -e "$APP_ETC_DIR" ]
then
echo "ERROR: \"$APP_ETC_DIR\" must exist for proper tool work."
exit 1
fi
if [ ! -w "$APP_ETC_DIR" ]
then
echo "ERROR: \"$APP_ETC_DIR\" must be writeable for proper tool work."
exit 1
fi
if [ -e "$APPLIED_PATCHES_LIST_FILE" ]
then
if [ ! -w "$APPLIED_PATCHES_LIST_FILE" ]
then
echo "ERROR: \"$APPLIED_PATCHES_LIST_FILE\" must be writeable for proper tool work."
exit 1
fi
fi
}
_check_files
# 8. Apply/revert patch
# Note: there is no need to check files permissions for files to be patched.
# "patch" tool will not modify any file if there is not enough permissions for all files to be modified.
# Get start points for additional information and patch data
SKIP_LINES=$((`$SED_BIN -n "/^__PATCHFILE_FOLLOWS__$/=" "$CURRENT_DIR""$BASE_NAME"` + 1))
ADDITIONAL_INFO_LINE=$(($SKIP_LINES - 3))p
_apply_revert_patch() {
DRY_RUN_FLAG=
if [ "$1" = "dry-run" ]
then
DRY_RUN_FLAG=" --dry-run"
echo "Checking if patch can be applied/reverted successfully..."
fi
PATCH_APPLY_REVERT_RESULT=`$SED_BIN -e '1,/^__PATCHFILE_FOLLOWS__$/d' "$CURRENT_DIR""$BASE_NAME" | $PATCH_BIN $DRY_RUN_FLAG $REVERT_FLAG -p0`
PATCH_APPLY_REVERT_STATUS=$?
if [ $PATCH_APPLY_REVERT_STATUS -eq 1 ] ; then
echo -e "ERROR: Patch can't be applied/reverted successfully.\n\n$PATCH_APPLY_REVERT_RESULT"
exit 1
fi
if [ $PATCH_APPLY_REVERT_STATUS -eq 2 ] ; then
echo -e "ERROR: Patch can't be applied/reverted successfully."
exit 2
fi
}
REVERTED_PATCH_MARK=
if [ -n "$REVERT_FLAG" ]
then
REVERTED_PATCH_MARK=" | REVERTED"
fi
_apply_revert_patch dry-run
_apply_revert_patch
# 9. Track patch applying result
echo "Patch was applied/reverted successfully."
ADDITIONAL_INFO=`$SED_BIN -n ""$ADDITIONAL_INFO_LINE"" "$CURRENT_DIR""$BASE_NAME"`
APPLIED_REVERTED_ON_DATE=`date -u +"%F %T UTC"`
APPLIED_REVERTED_PATCH_INFO=`echo -n "$APPLIED_REVERTED_ON_DATE"" | ""$ADDITIONAL_INFO""$REVERTED_PATCH_MARK"`
echo -e "$APPLIED_REVERTED_PATCH_INFO\n$PATCH_APPLY_REVERT_RESULT\n\n" >> "$APPLIED_PATCHES_LIST_FILE"
exit 0
SUPEE-5388 | EE_1.8.0.0 | v1 | 488a0787fd5dc50378ed96f643faa2eabeb39c21 | Wed Feb 11 13:47:07 2015 +0200 | v1.8.0.0..HEAD
__PATCHFILE_FOLLOWS__
diff --git app/code/core/Mage/Admin/Model/Observer.php app/code/core/Mage/Admin/Model/Observer.php
index 1b436a2..d26eeaa 100644
--- app/code/core/Mage/Admin/Model/Observer.php
+++ app/code/core/Mage/Admin/Model/Observer.php
@@ -37,6 +37,10 @@ class Mage_Admin_Model_Observer
{
$session = Mage::getSingleton('admin/session');
/* @var $session Mage_Admin_Model_Session */
+
+ /**
+ * @var $request Mage_Core_Controller_Request_Http
+ */
$request = Mage::app()->getRequest();
$user = $session->getUser();
@@ -44,7 +48,7 @@ class Mage_Admin_Model_Observer
$request->setDispatched(true);
}
else {
- if($user) {
+ if ($user) {
$user->reload();
}
if (!$user || !$user->getId()) {
@@ -55,14 +59,15 @@ class Mage_Admin_Model_Observer
$user = $session->login($username, $password, $request);
$request->setPost('login', null);
}
- if (!$request->getParam('forwarded')) {
+ if (!$request->getInternallyForwarded()) {
+ $request->setInternallyForwarded();
if ($request->getParam('isIframe')) {
$request->setParam('forwarded', true)
->setControllerName('index')
->setActionName('deniedIframe')
->setDispatched(false);
}
- elseif($request->getParam('isAjax')) {
+ elseif ($request->getParam('isAjax')) {
$request->setParam('forwarded', true)
->setControllerName('index')
->setActionName('deniedJson')
diff --git app/code/core/Mage/Core/Controller/Request/Http.php app/code/core/Mage/Core/Controller/Request/Http.php
index d5e8597..35db9f8 100644
--- app/code/core/Mage/Core/Controller/Request/Http.php
+++ app/code/core/Mage/Core/Controller/Request/Http.php
@@ -37,6 +37,13 @@ class Mage_Core_Controller_Request_Http extends Zend_Controller_Request_Http
const XML_NODE_DIRECT_FRONT_NAMES = 'global/request/direct_front_name';
/**
+ * Flag for recognizing if request internally forwarded
+ *
+ * @var bool
+ */
+ protected $_internallyForwarded = false;
+
+ /**
* ORIGINAL_PATH_INFO
* @var string
*/
@@ -459,4 +466,26 @@ class Mage_Core_Controller_Request_Http extends Zend_Controller_Request_Http
}
return $this->_isStraight;
}
+
+ /**
+ * Define that request was forwarded internally
+ *
+ * @param boolean $flag
+ * @return Mage_Core_Controller_Request_Http
+ */
+ public function setInternallyForwarded($flag = true)
+ {
+ $this->_internallyForwarded = (bool)$flag;
+ return $this;
+ }
+
+ /**
+ * Checks if request was forwarded internally
+ *
+ * @return bool
+ */
+ public function getInternallyForwarded()
+ {
+ return $this->_internallyForwarded;
+ }
}
diff --git lib/Varien/Data/Collection/Db.php lib/Varien/Data/Collection/Db.php
index dbe6162..b4e6c4b 100644
--- lib/Varien/Data/Collection/Db.php
+++ lib/Varien/Data/Collection/Db.php
@@ -421,9 +421,6 @@ class Varien_Data_Collection_Db extends Varien_Data_Collection
$sql = '';
$fieldName = $this->_getConditionFieldName($fieldName);
- if (is_array($condition) && isset($condition['field_expr'])) {
- $fieldName = str_replace('#?', $this->getConnection()->quoteIdentifier($fieldName), $condition['field_expr']);
- }
if (is_array($condition)) {
if (isset($condition['from']) || isset($condition['to'])) {
if (isset($condition['from'])) {
Raw
SUPEE-5390 for magento 1.5.1.0
#!/bin/bash
# Patch apllying tool template
# v0.1.2
# (c) Copyright 2013. Magento Inc.
#
# DO NOT CHANGE ANY LINE IN THIS FILE.
# 1. Check required system tools
_check_installed_tools() {
local missed=""
until [ -z "$1" ]; do
type -t $1 >/dev/null 2>/dev/null
if (( $? != 0 )); then
missed="$missed $1"
fi
shift
done
echo $missed
}
REQUIRED_UTILS='sed patch'
MISSED_REQUIRED_TOOLS=`_check_installed_tools $REQUIRED_UTILS`
if (( `echo $MISSED_REQUIRED_TOOLS | wc -w` > 0 ));
then
echo -e "Error! Some required system tools, that are utilized in this sh script, are not installed:\nTool(s) \"$MISSED_REQUIRED_TOOLS\" is(are) missed, please install it(them)."
exit 1
fi
# 2. Determine bin path for system tools
CAT_BIN=`which cat`
PATCH_BIN=`which patch`
SED_BIN=`which sed`
PWD_BIN=`which pwd`
BASENAME_BIN=`which basename`
BASE_NAME=`$BASENAME_BIN "$0"`
# 3. Help menu
if [ "$1" = "-?" -o "$1" = "-h" -o "$1" = "--help" ]
then
$CAT_BIN << EOFH
Usage: sh $BASE_NAME [--help] [-R|--revert] [--list]
Apply embedded patch.
-R, --revert Revert previously applied embedded patch
--list Show list of applied patches
--help Show this help message
EOFH
exit 0
fi
# 4. Get "revert" flag and "list applied patches" flag
REVERT_FLAG=
SHOW_APPLIED_LIST=0
if [ "$1" = "-R" -o "$1" = "--revert" ]
then
REVERT_FLAG=-R
fi
if [ "$1" = "--list" ]
then
SHOW_APPLIED_LIST=1
fi
# 5. File pathes
CURRENT_DIR=`$PWD_BIN`/
APP_ETC_DIR=`echo "$CURRENT_DIR""app/etc/"`
APPLIED_PATCHES_LIST_FILE=`echo "$APP_ETC_DIR""applied.patches.list"`
# 6. Show applied patches list if requested
if [ "$SHOW_APPLIED_LIST" -eq 1 ] ; then
echo -e "Applied/reverted patches list:"
if [ -e "$APPLIED_PATCHES_LIST_FILE" ]
then
if [ ! -r "$APPLIED_PATCHES_LIST_FILE" ]
then
echo "ERROR: \"$APPLIED_PATCHES_LIST_FILE\" must be readable so applied patches list can be shown."
exit 1
else
$SED_BIN -n "/SUP-\|SUPEE-/p" $APPLIED_PATCHES_LIST_FILE
fi
else
echo "<empty>"
fi
exit 0
fi
# 7. Check applied patches track file and its directory
_check_files() {
if [ ! -e "$APP_ETC_DIR" ]
then
echo "ERROR: \"$APP_ETC_DIR\" must exist for proper tool work."
exit 1
fi
if [ ! -w "$APP_ETC_DIR" ]
then
echo "ERROR: \"$APP_ETC_DIR\" must be writeable for proper tool work."
exit 1
fi
if [ -e "$APPLIED_PATCHES_LIST_FILE" ]
then
if [ ! -w "$APPLIED_PATCHES_LIST_FILE" ]
then
echo "ERROR: \"$APPLIED_PATCHES_LIST_FILE\" must be writeable for proper tool work."
exit 1
fi
fi
}
_check_files
# 8. Apply/revert patch
# Note: there is no need to check files permissions for files to be patched.
# "patch" tool will not modify any file if there is not enough permissions for all files to be modified.
# Get start points for additional information and patch data
SKIP_LINES=$((`$SED_BIN -n "/^__PATCHFILE_FOLLOWS__$/=" "$CURRENT_DIR""$BASE_NAME"` + 1))
ADDITIONAL_INFO_LINE=$(($SKIP_LINES - 3))p
_apply_revert_patch() {
DRY_RUN_FLAG=
if [ "$1" = "dry-run" ]
then
DRY_RUN_FLAG=" --dry-run"
echo "Checking if patch can be applied/reverted successfully..."
fi
PATCH_APPLY_REVERT_RESULT=`$SED_BIN -e '1,/^__PATCHFILE_FOLLOWS__$/d' "$CURRENT_DIR""$BASE_NAME" | $PATCH_BIN $DRY_RUN_FLAG $REVERT_FLAG -p0`
PATCH_APPLY_REVERT_STATUS=$?
if [ $PATCH_APPLY_REVERT_STATUS -eq 1 ] ; then
echo -e "ERROR: Patch can't be applied/reverted successfully.\n\n$PATCH_APPLY_REVERT_RESULT"
exit 1
fi
if [ $PATCH_APPLY_REVERT_STATUS -eq 2 ] ; then
echo -e "ERROR: Patch can't be applied/reverted successfully."
exit 2
fi
}
REVERTED_PATCH_MARK=
if [ -n "$REVERT_FLAG" ]
then
REVERTED_PATCH_MARK=" | REVERTED"
fi
_apply_revert_patch dry-run
_apply_revert_patch
# 9. Track patch applying result
echo "Patch was applied/reverted successfully."
ADDITIONAL_INFO=`$SED_BIN -n ""$ADDITIONAL_INFO_LINE"" "$CURRENT_DIR""$BASE_NAME"`
APPLIED_REVERTED_ON_DATE=`date -u +"%F %T UTC"`
APPLIED_REVERTED_PATCH_INFO=`echo -n "$APPLIED_REVERTED_ON_DATE"" | ""$ADDITIONAL_INFO""$REVERTED_PATCH_MARK"`
echo -e "$APPLIED_REVERTED_PATCH_INFO\n$PATCH_APPLY_REVERT_RESULT\n\n" >> "$APPLIED_PATCHES_LIST_FILE"
exit 0
SUPEE-5390 | EE_1.10.1.0 | v1 | 6b4151716e436e74d74f2055faa35b8741048bba | Wed Feb 11 14:03:25 2015 +0200 | v1.10.1.0..HEAD
__PATCHFILE_FOLLOWS__
diff --git app/code/core/Mage/Admin/Model/Observer.php app/code/core/Mage/Admin/Model/Observer.php
index 9379239..c39747f 100644
--- app/code/core/Mage/Admin/Model/Observer.php
+++ app/code/core/Mage/Admin/Model/Observer.php
@@ -37,6 +37,10 @@ class Mage_Admin_Model_Observer
{
$session = Mage::getSingleton('admin/session');
/* @var $session Mage_Admin_Model_Session */
+
+ /**
+ * @var $request Mage_Core_Controller_Request_Http
+ */
$request = Mage::app()->getRequest();
$user = $session->getUser();
@@ -44,7 +48,7 @@ class Mage_Admin_Model_Observer
$request->setDispatched(true);
}
else {
- if($user) {
+ if ($user) {
$user->reload();
}
if (!$user || !$user->getId()) {
@@ -55,14 +59,15 @@ class Mage_Admin_Model_Observer
$user = $session->login($username, $password, $request);
$request->setPost('login', null);
}
- if (!$request->getParam('forwarded')) {
+ if (!$request->getInternallyForwarded()) {
+ $request->setInternallyForwarded();
if ($request->getParam('isIframe')) {
$request->setParam('forwarded', true)
->setControllerName('index')
->setActionName('deniedIframe')
->setDispatched(false);
}
- elseif($request->getParam('isAjax')) {
+ elseif ($request->getParam('isAjax')) {
$request->setParam('forwarded', true)
->setControllerName('index')
->setActionName('deniedJson')
diff --git app/code/core/Mage/Core/Controller/Request/Http.php app/code/core/Mage/Core/Controller/Request/Http.php
index be8dc60..a86afdb 100644
--- app/code/core/Mage/Core/Controller/Request/Http.php
+++ app/code/core/Mage/Core/Controller/Request/Http.php
@@ -38,6 +38,13 @@ class Mage_Core_Controller_Request_Http extends Zend_Controller_Request_Http
const DEFAULT_HTTP_PORT = 80;
/**
+ * Flag for recognizing if request internally forwarded
+ *
+ * @var bool
+ */
+ protected $_internallyForwarded = false;
+
+ /**
* ORIGINAL_PATH_INFO
* @var string
*/
@@ -529,4 +536,26 @@ class Mage_Core_Controller_Request_Http extends Zend_Controller_Request_Http
}
return false;
}
+
+ /**
+ * Define that request was forwarded internally
+ *
+ * @param boolean $flag
+ * @return Mage_Core_Controller_Request_Http
+ */
+ public function setInternallyForwarded($flag = true)
+ {
+ $this->_internallyForwarded = (bool)$flag;
+ return $this;
+ }
+
+ /**
+ * Checks if request was forwarded internally
+ *
+ * @return bool
+ */
+ public function getInternallyForwarded()
+ {
+ return $this->_internallyForwarded;
+ }
}
diff --git lib/Varien/Data/Collection/Db.php lib/Varien/Data/Collection/Db.php
index d779f5b..b403c94 100644
--- lib/Varien/Data/Collection/Db.php
+++ lib/Varien/Data/Collection/Db.php
@@ -442,13 +442,6 @@ class Varien_Data_Collection_Db extends Varien_Data_Collection
$sql = '';
$fieldName = $this->_getConditionFieldName($fieldName);
- if (is_array($condition) && isset($condition['field_expr'])) {
- $fieldName = str_replace(
- '#?',
- $this->getConnection()->quoteIdentifier($fieldName),
- $condition['field_expr']
- );
- }
if (is_array($condition)) {
if (isset($condition['from']) || isset($condition['to'])) {
if (isset($condition['from'])) {
@lewalkingdad
Copy link
Author

@Mohamed_GHARBI, indeed, thanks ofr the feedback, I renamed patches and added a readme to make it clear.

@Dr3am3rz
Copy link

Hi Damien,

Do you have a version for developers who can't use SSH?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment