Last active
August 29, 2015 14:26
-
-
Save raybogman/d6389c3ea33982c9387d to your computer and use it in GitHub Desktop.
PATCH_SUPEE-6482_CE_1.9.2.0-1.9.2.1_v2-UPDATE.sh
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Patch apllying tool template | |
| # | |
| # THIS PATCH IS A TEMP FIX FOR THE SUPEE-6482 RELEASE [CURRENT PATCH WAS NOT UP TO DATE, MISSING DATA] | |
| # | |
| # DO NOT CHANGE ANY LINE IN THIS FILE. | |
| # 1. Check required system tools | |
| _check_installed_tools() { | |
| local missed="" | |
| until [ -z "$1" ]; do | |
| type -t $1 >/dev/null 2>/dev/null | |
| if (( $? != 0 )); then | |
| missed="$missed $1" | |
| fi | |
| shift | |
| done | |
| echo $missed | |
| } | |
| REQUIRED_UTILS='sed patch' | |
| MISSED_REQUIRED_TOOLS=`_check_installed_tools $REQUIRED_UTILS` | |
| if (( `echo $MISSED_REQUIRED_TOOLS | wc -w` > 0 )); | |
| then | |
| echo -e "Error! Some required system tools, that are utilized in this sh script, are not installed:\nTool(s) \"$MISSED_REQUIRED_TOOLS\" is(are) missed, please install it(them)." | |
| exit 1 | |
| fi | |
| # 2. Determine bin path for system tools | |
| CAT_BIN=`which cat` | |
| PATCH_BIN=`which patch` | |
| SED_BIN=`which sed` | |
| PWD_BIN=`which pwd` | |
| BASENAME_BIN=`which basename` | |
| BASE_NAME=`$BASENAME_BIN "$0"` | |
| # 3. Help menu | |
| if [ "$1" = "-?" -o "$1" = "-h" -o "$1" = "--help" ] | |
| then | |
| $CAT_BIN << EOFH | |
| Usage: sh $BASE_NAME [--help] [-R|--revert] [--list] | |
| Apply embedded patch. | |
| -R, --revert Revert previously applied embedded patch | |
| --list Show list of applied patches | |
| --help Show this help message | |
| EOFH | |
| exit 0 | |
| fi | |
| # 4. Get "revert" flag and "list applied patches" flag | |
| REVERT_FLAG= | |
| SHOW_APPLIED_LIST=0 | |
| if [ "$1" = "-R" -o "$1" = "--revert" ] | |
| then | |
| REVERT_FLAG=-R | |
| fi | |
| if [ "$1" = "--list" ] | |
| then | |
| SHOW_APPLIED_LIST=1 | |
| fi | |
| # 5. File pathes | |
| CURRENT_DIR=`$PWD_BIN`/ | |
| APP_ETC_DIR=`echo "$CURRENT_DIR""app/etc/"` | |
| APPLIED_PATCHES_LIST_FILE=`echo "$APP_ETC_DIR""applied.patches.list"` | |
| # 6. Show applied patches list if requested | |
| if [ "$SHOW_APPLIED_LIST" -eq 1 ] ; then | |
| echo -e "Applied/reverted patches list:" | |
| if [ -e "$APPLIED_PATCHES_LIST_FILE" ] | |
| then | |
| if [ ! -r "$APPLIED_PATCHES_LIST_FILE" ] | |
| then | |
| echo "ERROR: \"$APPLIED_PATCHES_LIST_FILE\" must be readable so applied patches list can be shown." | |
| exit 1 | |
| else | |
| $SED_BIN -n "/SUP-\|SUPEE-/p" $APPLIED_PATCHES_LIST_FILE | |
| fi | |
| else | |
| echo "<empty>" | |
| fi | |
| exit 0 | |
| fi | |
| # 7. Check applied patches track file and its directory | |
| _check_files() { | |
| if [ ! -e "$APP_ETC_DIR" ] | |
| then | |
| echo "ERROR: \"$APP_ETC_DIR\" must exist for proper tool work." | |
| exit 1 | |
| fi | |
| if [ ! -w "$APP_ETC_DIR" ] | |
| then | |
| echo "ERROR: \"$APP_ETC_DIR\" must be writeable for proper tool work." | |
| exit 1 | |
| fi | |
| if [ -e "$APPLIED_PATCHES_LIST_FILE" ] | |
| then | |
| if [ ! -w "$APPLIED_PATCHES_LIST_FILE" ] | |
| then | |
| echo "ERROR: \"$APPLIED_PATCHES_LIST_FILE\" must be writeable for proper tool work." | |
| exit 1 | |
| fi | |
| fi | |
| } | |
| _check_files | |
| # 8. Apply/revert patch | |
| # Note: there is no need to check files permissions for files to be patched. | |
| # "patch" tool will not modify any file if there is not enough permissions for all files to be modified. | |
| # Get start points for additional information and patch data | |
| SKIP_LINES=$((`$SED_BIN -n "/^__PATCHFILE_FOLLOWS__$/=" "$CURRENT_DIR""$BASE_NAME"` + 1)) | |
| ADDITIONAL_INFO_LINE=$(($SKIP_LINES - 3))p | |
| _apply_revert_patch() { | |
| DRY_RUN_FLAG= | |
| if [ "$1" = "dry-run" ] | |
| then | |
| DRY_RUN_FLAG=" --dry-run" | |
| echo "Checking if patch can be applied/reverted successfully..." | |
| fi | |
| PATCH_APPLY_REVERT_RESULT=`$SED_BIN -e '1,/^__PATCHFILE_FOLLOWS__$/d' "$CURRENT_DIR""$BASE_NAME" | $PATCH_BIN $DRY_RUN_FLAG $REVERT_FLAG -p0` | |
| PATCH_APPLY_REVERT_STATUS=$? | |
| if [ $PATCH_APPLY_REVERT_STATUS -eq 1 ] ; then | |
| echo -e "ERROR: Patch can't be applied/reverted successfully.\n\n$PATCH_APPLY_REVERT_RESULT" | |
| exit 1 | |
| fi | |
| if [ $PATCH_APPLY_REVERT_STATUS -eq 2 ] ; then | |
| echo -e "ERROR: Patch can't be applied/reverted successfully." | |
| exit 2 | |
| fi | |
| } | |
| REVERTED_PATCH_MARK= | |
| if [ -n "$REVERT_FLAG" ] | |
| then | |
| REVERTED_PATCH_MARK=" | REVERTED" | |
| fi | |
| _apply_revert_patch dry-run | |
| _apply_revert_patch | |
| # 9. Track patch applying result | |
| echo "Patch was applied/reverted successfully." | |
| ADDITIONAL_INFO=`$SED_BIN -n ""$ADDITIONAL_INFO_LINE"" "$CURRENT_DIR""$BASE_NAME"` | |
| APPLIED_REVERTED_ON_DATE=`date -u +"%F %T UTC"` | |
| APPLIED_REVERTED_PATCH_INFO=`echo -n "$APPLIED_REVERTED_ON_DATE"" | ""$ADDITIONAL_INFO""$REVERTED_PATCH_MARK"` | |
| echo -e "$APPLIED_REVERTED_PATCH_INFO\n$PATCH_APPLY_REVERT_RESULT\n\n" >> "$APPLIED_PATCHES_LIST_FILE" | |
| exit 0 | |
| SUPEE-6482 | CE_1.9.2.0 | v2 | | Wed Aug 5 12:00:00 2015 +0300 | www.supportdesk.nu - Ray Bogman | |
| __PATCHFILE_FOLLOWS__ | |
| diff -ru app/code/core/Mage/Api/Model/Server/Adapter/Soap.php app/code/core/Mage/Api/Model/Server/Adapter/Soap.php | |
| --- app/code/core/Mage/Api/Model/Server/Adapter/Soap.php 2015-06-26 10:53:38.000000000 +0200 | |
| +++ app/code/core/Mage/Api/Model/Server/Adapter/Soap.php 2015-08-03 12:35:02.000000000 +0200 | |
| @@ -233,9 +233,9 @@ | |
| : $urlModel->getUrl('*/*/*'); | |
| if ( $withAuth ) { | |
| - $phpAuthUser = $this->getController()->getRequest()->getServer('PHP_AUTH_USER', false); | |
| - $phpAuthPw = $this->getController()->getRequest()->getServer('PHP_AUTH_PW', false); | |
| - $scheme = $this->getController()->getRequest()->getScheme(); | |
| + $phpAuthUser = rawurlencode($this->getController()->getRequest()->getServer('PHP_AUTH_USER', false)); | |
| + $phpAuthPw = rawurlencode($this->getController()->getRequest()->getServer('PHP_AUTH_PW', false)); | |
| + $scheme = rawurlencode($this->getController()->getRequest()->getScheme()); | |
| if ($phpAuthUser && $phpAuthPw) { | |
| $wsdlUrl = sprintf("%s://%s:%s@%s", $scheme, $phpAuthUser, $phpAuthPw, | |
| diff -ru app/code/core/Mage/Catalog/etc/api.xml app/code/core/Mage/Catalog/etc/api.xml | |
| --- app/code/core/Mage/Catalog/etc/api.xml 2015-06-26 10:53:38.000000000 +0200 | |
| +++ app/code/core/Mage/Catalog/etc/api.xml 2015-08-03 12:35:04.000000000 +0200 | |
| @@ -163,7 +163,7 @@ | |
| <title>Update product</title> | |
| <acl>catalog/product/update</acl> | |
| </update> | |
| - <multiUpdate translate="title" module="Mage_Catalog"> | |
| + <multiUpdate translate="title" module="catalog"> | |
| <title>Multi update product</title> | |
| <acl>catalog/product/update</acl> | |
| </multiUpdate> | |
| diff -ru app/code/core/Mage/Catalog/Helper/Product/Compare.php app/code/core/Mage/Catalog/Helper/Product/Compare.php | |
| --- app/code/core/Mage/Catalog/Helper/Product/Compare.php 2015-06-26 10:53:38.000000000 +0200 | |
| +++ app/code/core/Mage/Catalog/Helper/Product/Compare.php 2015-08-03 12:35:04.000000000 +0200 | |
| @@ -161,7 +161,7 @@ | |
| */ | |
| public function getAddUrl($product) | |
| { | |
| - if ($this->_logCondition->isVisitorLogEnabled()) { | |
| + if ($this->_logCondition->isVisitorLogEnabled() || $this->_customerSession->isLoggedIn()) { | |
| return $this->_getUrl('catalog/product_compare/add', $this->_getUrlParams($product)); | |
| } | |
| return ''; | |
| diff -ru app/code/core/Mage/Catalog/Model/Product/Api/V2.php app/code/core/Mage/Catalog/Model/Product/Api/V2.php | |
| --- app/code/core/Mage/Catalog/Model/Product/Api/V2.php 2015-06-26 10:53:38.000000000 +0200 | |
| +++ app/code/core/Mage/Catalog/Model/Product/Api/V2.php 2015-08-03 12:35:04.000000000 +0200 | |
| @@ -108,7 +108,7 @@ | |
| */ | |
| public function create($type, $set, $sku, $productData, $store = null) | |
| { | |
| - if (!$type || !$set || !$sku) { | |
| + if (!$type || !$set || !$sku || !is_object($productData)) { | |
| $this->_fault('data_invalid'); | |
| } | |
| @@ -243,6 +243,9 @@ | |
| */ | |
| protected function _prepareDataForSave ($product, $productData) | |
| { | |
| + if (!is_object($productData)) { | |
| + $this->_fault('data_invalid'); | |
| + } | |
| if (property_exists($productData, 'website_ids') && is_array($productData->website_ids)) { | |
| $product->setWebsiteIds($productData->website_ids); | |
| } | |
| diff -ru app/code/core/Mage/Cms/Block/Block.php app/code/core/Mage/Cms/Block/Block.php | |
| --- app/code/core/Mage/Cms/Block/Block.php 2015-06-26 10:53:38.000000000 +0200 | |
| +++ app/code/core/Mage/Cms/Block/Block.php 2015-08-03 12:35:02.000000000 +0200 | |
| @@ -72,4 +72,24 @@ | |
| } | |
| return $html; | |
| } | |
| + | |
| + /** | |
| + * Retrieve values of properties that unambiguously identify unique content | |
| + * | |
| + * @return array | |
| + */ | |
| + public function getCacheKeyInfo() | |
| + { | |
| + $blockId = $this->getBlockId(); | |
| + if ($blockId) { | |
| + $result = array( | |
| + 'CMS_BLOCK', | |
| + $blockId, | |
| + Mage::app()->getStore()->getCode(), | |
| + ); | |
| + } else { | |
| + $result = parent::getCacheKeyInfo(); | |
| + } | |
| + return $result; | |
| + } | |
| } | |
| diff -ru app/code/core/Mage/Cms/Block/Widget/Block.php app/code/core/Mage/Cms/Block/Widget/Block.php | |
| --- app/code/core/Mage/Cms/Block/Widget/Block.php 2015-06-26 10:53:38.000000000 +0200 | |
| +++ app/code/core/Mage/Cms/Block/Widget/Block.php 2015-08-03 12:35:02.000000000 +0200 | |
| @@ -82,10 +82,26 @@ | |
| $helper = Mage::helper('cms'); | |
| $processor = $helper->getBlockTemplateProcessor(); | |
| $this->setText($processor->filter($block->getContent())); | |
| + $this->addModelTags($block); | |
| } | |
| } | |
| unset(self::$_widgetUsageMap[$blockHash]); | |
| return $this; | |
| } | |
| + | |
| + /** | |
| + * Retrieve values of properties that unambiguously identify unique content | |
| + * | |
| + * @return array | |
| + */ | |
| + public function getCacheKeyInfo() | |
| + { | |
| + $result = parent::getCacheKeyInfo(); | |
| + $blockId = $this->getBlockId(); | |
| + if ($blockId) { | |
| + $result[] = $blockId; | |
| + } | |
| + return $result; | |
| + } | |
| } | |
| diff -ru app/code/core/Mage/Core/Controller/Request/Http.php app/code/core/Mage/Core/Controller/Request/Http.php | |
| --- app/code/core/Mage/Core/Controller/Request/Http.php 2015-06-26 10:53:38.000000000 +0200 | |
| +++ app/code/core/Mage/Core/Controller/Request/Http.php 2015-08-03 12:35:04.000000000 +0200 | |
| @@ -298,11 +298,19 @@ | |
| if (!isset($_SERVER['HTTP_HOST'])) { | |
| return false; | |
| } | |
| + $host = $_SERVER['HTTP_HOST']; | |
| if ($trimPort) { | |
| - $host = explode(':', $_SERVER['HTTP_HOST']); | |
| - return $host[0]; | |
| + $hostParts = explode(':', $_SERVER['HTTP_HOST']); | |
| + $host = $hostParts[0]; | |
| } | |
| - return $_SERVER['HTTP_HOST']; | |
| + | |
| + if (strpos($host, ',') !== false || strpos($host, ';') !== false) { | |
| + $response = new Zend_Controller_Response_Http(); | |
| + $response->setHttpResponseCode(400)->sendHeaders(); | |
| + exit(); | |
| + } | |
| + | |
| + return $host; | |
| } | |
| /** | |
| diff -ru app/code/core/Mage/Log/Model/Resource/Visitor.php app/code/core/Mage/Log/Model/Resource/Visitor.php | |
| --- app/code/core/Mage/Log/Model/Resource/Visitor.php 2015-06-26 10:53:38.000000000 +0200 | |
| +++ app/code/core/Mage/Log/Model/Resource/Visitor.php 2015-08-03 12:35:04.000000000 +0200 | |
| @@ -125,7 +125,7 @@ | |
| return $this; | |
| } | |
| if ($visitor->getIsNewVisitor()) { | |
| - if ($this->_urlLoggingCondition->isLogEnabled()) { | |
| + if ($this->_urlLoggingCondition->isVisitorLogEnabled()) { | |
| $this->_saveVisitorInfo($visitor); | |
| $visitor->setIsNewVisitor(false); | |
| } | |
| diff -ru app/code/core/Mage/PageCache/etc/adminhtml.xml app/code/core/Mage/PageCache/etc/adminhtml.xml | |
| --- app/code/core/Mage/PageCache/etc/adminhtml.xml 2015-06-26 10:53:38.000000000 +0200 | |
| +++ app/code/core/Mage/PageCache/etc/adminhtml.xml 2015-08-03 12:35:02.000000000 +0200 | |
| @@ -30,7 +30,7 @@ | |
| <resources> | |
| <admin> | |
| <children> | |
| - <page_cache translate="title" module="pageCache"> | |
| + <page_cache translate="title" module="pagecache"> | |
| <title>External Page Cache</title> | |
| <sort_order>0</sort_order> | |
| </page_cache> | |
| diff -ru app/design/frontend/base/default/template/page/js/cookie.phtml app/design/frontend/base/default/template/page/js/cookie.phtml | |
| --- app/design/frontend/base/default/template/page/js/cookie.phtml 2015-06-26 10:53:38.000000000 +0200 | |
| +++ app/design/frontend/base/default/template/page/js/cookie.phtml 2015-08-03 12:35:04.000000000 +0200 | |
| @@ -34,7 +34,7 @@ | |
| <script type="text/javascript"> | |
| //<![CDATA[ | |
| -Mage.Cookies.path = '<?php echo $this->getPath()?>'; | |
| -Mage.Cookies.domain = '<?php echo $this->getDomain()?>'; | |
| +Mage.Cookies.path = '<?php echo Mage::helper('core')->jsQuoteEscape($this->getPath()) ?>'; | |
| +Mage.Cookies.domain = '<?php echo Mage::helper('core')->jsQuoteEscape($this->getDomain()) ?>'; | |
| //]]> | |
| </script> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment