diff --git a/STATUS.txt b/STATUS.txt index d3cb9f99db..d9b200dbdd 100644 --- a/STATUS.txt +++ b/STATUS.txt @@ -85,6 +85,7 @@ FIXED BUGS: #5689: Customer Export #5694: Unable to use capital letters in e-mail address #5695: Fatal error after password recovery in the admin page + #5712: Paypal Standard Shipping and Tax Issue #5714: magento crash when seting wrong package name #5720: no product description in default theme. Also prevented bug in blank. #5722: Error on Web Services -> Users @@ -111,10 +112,17 @@ FIXED BUGS: #5856: Exception after in the shopping cart with 0.00 tax rate #5873: Security Warning in Admin #5875: Sitemap error + #5833: Multistore: Call to a member function getStoreIds() #5881: catalogindex_reindex_all cron job fails #5882: Session of Admin User persists even after user is deleted #5891: Cannot add Custom Options in Safari 3x #5911: Can't add (inch) symbol + #6066: Configurable products not reducing when purchased + #6072: Virtual products and Paypal Standard + #6120: People can order configurable products when they are out of stock + #6121: Payment screen does not work correctly using Modern theme + #6147: Cannot check out shopping cart that use Check / Money Order as payment option + #6269: Fatal Error with Multiple Websites - getStoreIds() Fixed dynamic SKU & weight, fixed SKU for products with custom options, multiselect options Fixed admin notifications URL Fixed cache management issues @@ -196,6 +204,13 @@ FIXED BUGS: Fixed wrong SOAP content type Fixed errors in invoice/packingslip PDF print-out (added missing fonts, fixed overlapping columns and text wrapping, displaying of non-latin1 texts) Fixed non-working store switcher + Fixed paypal direct/express/standard errors and shipping calculation when only virtual products are in cart + Fixed internal redirects validation for secure URLs + Fixed configurable products stock deduction + Fixed minimal MySQL version checking in installation wizard + Fixed admin order refund - base tax amount was not stored after refund + Fixed single page checkout issues in modern theme + CHANGES: @@ -270,6 +285,9 @@ CHANGES: iPhone theme updated for 1.1 Upgraded core/helper/string for binary-safe string operations + Added html escaping in search queries in admin dashboard + Added displaying maximum allowed dataflow upload file size according to server settings + NOTES: diff --git a/app/Mage.php b/app/Mage.php index 66c5f21218..41109910c5 100644 --- a/app/Mage.php +++ b/app/Mage.php @@ -74,7 +74,7 @@ final class Mage { public static function getVersion() { - return '1.1.3'; + return '1.1.4'; } /** diff --git a/app/code/core/Mage/Catalog/Model/Category.php b/app/code/core/Mage/Catalog/Model/Category.php index 39e808a806..97e437eb71 100644 --- a/app/code/core/Mage/Catalog/Model/Category.php +++ b/app/code/core/Mage/Catalog/Model/Category.php @@ -429,4 +429,9 @@ public function getName() return $this->_getData('name'); } + protected function _beforeDelete() + { + $this->_protectFromNonAdmin(); + return parent::_beforeDelete(); + } } \ No newline at end of file diff --git a/app/code/core/Mage/Catalog/Model/Product.php b/app/code/core/Mage/Catalog/Model/Product.php index 8a1482eeb5..2cf7b560de 100644 --- a/app/code/core/Mage/Catalog/Model/Product.php +++ b/app/code/core/Mage/Catalog/Model/Product.php @@ -373,7 +373,8 @@ protected function _beforeDelete() { $this->_substractQtyFromQuotes(); $this->cleanCache(); - parent::_beforeDelete(); + $this->_protectFromNonAdmin(); + return parent::_beforeDelete(); } /** diff --git a/app/code/core/Mage/Catalog/Model/Product/Compare/Item.php b/app/code/core/Mage/Catalog/Model/Product/Compare/Item.php index a445bb4b59..56ca8c8d69 100644 --- a/app/code/core/Mage/Catalog/Model/Product/Compare/Item.php +++ b/app/code/core/Mage/Catalog/Model/Product/Compare/Item.php @@ -80,7 +80,6 @@ public function bindCustomerLogin() $customer = Mage::getSingleton('customer/session')->getCustomer(); $visitorItemCollection = Mage::getResourceModel('catalog/product_compare_item_collection') ->setObject('catalog/product_compare_item') - ->useProductItem(true) ->setVisitorId(Mage::getSingleton('log/visitor')->getId()) ->load(); diff --git a/app/code/core/Mage/Core/Model/Abstract.php b/app/code/core/Mage/Core/Model/Abstract.php index 9ee7c31fba..eb803ba109 100644 --- a/app/code/core/Mage/Core/Model/Abstract.php +++ b/app/code/core/Mage/Core/Model/Abstract.php @@ -313,6 +313,18 @@ protected function _beforeDelete() return $this; } + /** + * Safeguard func that will check, if we are in admin area + * + * @throws Mage_Core_Exception + */ + protected function _protectFromNonAdmin() + { + if (!Mage::app()->getStore()->isAdmin()) { + Mage::throwException(Mage::helper('core')->__('Cannot complete this operation from non-admin area.')); + } + } + /** * Processing object after delete data * diff --git a/app/code/core/Mage/Core/Model/Store.php b/app/code/core/Mage/Core/Model/Store.php index a0b14221a5..1402faa079 100644 --- a/app/code/core/Mage/Core/Model/Store.php +++ b/app/code/core/Mage/Core/Model/Store.php @@ -742,4 +742,9 @@ public function getName() return $this->_getData('name'); } + protected function _beforeDelete() + { + $this->_protectFromNonAdmin(); + return parent::_beforeDelete(); + } } diff --git a/app/code/core/Mage/Core/Model/Store/Group.php b/app/code/core/Mage/Core/Model/Store/Group.php index 5d79425324..5098910672 100644 --- a/app/code/core/Mage/Core/Model/Store/Group.php +++ b/app/code/core/Mage/Core/Model/Store/Group.php @@ -251,4 +251,9 @@ public function getWebsiteId() return $this->_getData('website_id'); } + protected function _beforeDelete() + { + $this->_protectFromNonAdmin(); + return parent::_beforeDelete(); + } } \ No newline at end of file diff --git a/app/code/core/Mage/Core/Model/Website.php b/app/code/core/Mage/Core/Model/Website.php index b641a4d955..553c149b73 100644 --- a/app/code/core/Mage/Core/Model/Website.php +++ b/app/code/core/Mage/Core/Model/Website.php @@ -433,4 +433,9 @@ public function getCode() return $this->_getData('code'); } + protected function _beforeDelete() + { + $this->_protectFromNonAdmin(); + return parent::_beforeDelete(); + } } diff --git a/app/code/core/Mage/Customer/Model/Customer.php b/app/code/core/Mage/Customer/Model/Customer.php index 7a9492014d..fa2c593e7b 100644 --- a/app/code/core/Mage/Customer/Model/Customer.php +++ b/app/code/core/Mage/Customer/Model/Customer.php @@ -924,4 +924,9 @@ function validateAddress(array $data, $type = 'billing') return false; } + protected function _beforeDelete() + { + $this->_protectFromNonAdmin(); + return parent::_beforeDelete(); + } } \ No newline at end of file diff --git a/app/code/core/Mage/Review/Model/Review.php b/app/code/core/Mage/Review/Model/Review.php index bcb3dd834d..eda5505255 100644 --- a/app/code/core/Mage/Review/Model/Review.php +++ b/app/code/core/Mage/Review/Model/Review.php @@ -127,4 +127,10 @@ public function appendSummary($collection) } } } + + protected function _beforeDelete() + { + $this->_protectFromNonAdmin(); + return parent::_beforeDelete(); + } } \ No newline at end of file diff --git a/app/code/core/Mage/Sales/Model/Order.php b/app/code/core/Mage/Sales/Model/Order.php index 1fc474d83a..0cb34d4c62 100644 --- a/app/code/core/Mage/Sales/Model/Order.php +++ b/app/code/core/Mage/Sales/Model/Order.php @@ -1417,4 +1417,10 @@ protected function _needToAddDummy($item, $qtys = array()) { return false; } } + + protected function _beforeDelete() + { + $this->_protectFromNonAdmin(); + return parent::_beforeDelete(); + } } \ No newline at end of file diff --git a/app/code/core/Mage/Sales/Model/Order/Creditmemo.php b/app/code/core/Mage/Sales/Model/Order/Creditmemo.php index dcc2d741ea..7ce8f04d44 100644 --- a/app/code/core/Mage/Sales/Model/Order/Creditmemo.php +++ b/app/code/core/Mage/Sales/Model/Order/Creditmemo.php @@ -667,4 +667,10 @@ protected function _getEmails($configPath) } return false; } + + protected function _beforeDelete() + { + $this->_protectFromNonAdmin(); + return parent::_beforeDelete(); + } } \ No newline at end of file diff --git a/app/code/core/Mage/Sales/Model/Order/Invoice.php b/app/code/core/Mage/Sales/Model/Order/Invoice.php index 99c382a2f9..f36f67026a 100644 --- a/app/code/core/Mage/Sales/Model/Order/Invoice.php +++ b/app/code/core/Mage/Sales/Model/Order/Invoice.php @@ -684,4 +684,10 @@ protected function _getEmails($configPath) } return false; } + + protected function _beforeDelete() + { + $this->_protectFromNonAdmin(); + return parent::_beforeDelete(); + } } \ No newline at end of file diff --git a/app/code/core/Mage/Sales/Model/Order/Shipment.php b/app/code/core/Mage/Sales/Model/Order/Shipment.php index 3b9f20670f..3bfe2c8a8d 100644 --- a/app/code/core/Mage/Sales/Model/Order/Shipment.php +++ b/app/code/core/Mage/Sales/Model/Order/Shipment.php @@ -448,4 +448,10 @@ protected function _beforeSave() ); } } + + protected function _beforeDelete() + { + $this->_protectFromNonAdmin(); + return parent::_beforeDelete(); + } } diff --git a/app/code/core/Mage/Tag/Model/Tag.php b/app/code/core/Mage/Tag/Model/Tag.php index 1d28bb818f..f707422493 100644 --- a/app/code/core/Mage/Tag/Model/Tag.php +++ b/app/code/core/Mage/Tag/Model/Tag.php @@ -142,4 +142,10 @@ public function getPopularCollection() { return Mage::getResourceModel('tag/popular_collection'); } + + protected function _beforeDelete() + { + $this->_protectFromNonAdmin(); + return parent::_beforeDelete(); + } } \ No newline at end of file