Skip to content

Commit

Permalink
Import Magento Release 1.3.2.4
Browse files Browse the repository at this point in the history
  • Loading branch information
LeeSaferite committed Sep 24, 2009
1 parent 69c3ea0 commit e3b8ddb
Show file tree
Hide file tree
Showing 4 changed files with 36 additions and 5 deletions.
2 changes: 1 addition & 1 deletion app/Mage.php
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,7 @@ final class Mage {

public static function getVersion()
{
return '1.3.2.3';
return '1.3.2.4';
}

/**
Expand Down
31 changes: 28 additions & 3 deletions app/code/core/Mage/Core/Block/Messages.php
Original file line number Diff line number Diff line change
Expand Up @@ -40,13 +40,30 @@ class Mage_Core_Block_Messages extends Mage_Core_Block_Template
*/
protected $_messages;

/**
* Flag which require message text escape
*
* @var bool
*/
protected $_escapeMessageFlag = false;

public function _prepareLayout()
{
$this->addMessages(Mage::getSingleton('core/session')->getMessages(true));

parent::_prepareLayout();
}

/**
* Set message escape flag
* @param bool $flag
* @return Mage_Core_Block_Messages
*/
public function setEscapeMessageFlag($flag)
{
$this->_escapeMessageFlag = $flag;
return $this;
}

/**
* Set messages collection
*
Expand All @@ -59,6 +76,12 @@ public function setMessages(Mage_Core_Model_Message_Collection $messages)
return $this;
}

/**
* Add messages to display
*
* @param Mage_Core_Model_Message_Collection $messages
* @return Mage_Core_Block_Messages
*/
public function addMessages(Mage_Core_Model_Message_Collection $messages)
{
foreach ($messages->getItems() as $message) {
Expand Down Expand Up @@ -161,7 +184,9 @@ public function getHtml($type=null)
{
$html = '<ul id="admin_messages">';
foreach ($this->getMessages($type) as $message) {
$html.= '<li class="'.$message->getType().'-msg">'.$message->getText().'</li>';
$html.= '<li class="'.$message->getType().'-msg">'
. ($this->_escapeMessageFlag) ? $this->htmlEscape($message->getText()) : $message->getText()
. '</li>';
}
$html .= '</ul>';
return $html;
Expand Down Expand Up @@ -192,7 +217,7 @@ public function getGroupedHtml()

foreach ( $messages as $message ) {
$html.= '<li>';
$html.= $message->getText();
$html.= ($this->_escapeMessageFlag) ? $this->htmlEscape($message->getText()) : $message->getText();
$html.= '</li>';
}
$html .= '</ul>';
Expand Down
3 changes: 3 additions & 0 deletions app/code/core/Mage/Core/Controller/Varien/Action.php
Original file line number Diff line number Diff line change
Expand Up @@ -553,6 +553,9 @@ protected function _initLayoutMessages($messagesStorage)
{
if ($storage = Mage::getSingleton($messagesStorage)) {
$this->getLayout()->getMessagesBlock()->addMessages($storage->getMessages(true));
$this->getLayout()->getMessagesBlock()->setEscapeMessageFlag(
$storage->getEscapeMessages(true)
);
}
else {
Mage::throwException(
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -318,7 +318,10 @@ public function createPostAction()
->addException($e, $this->__('Can\'t save customer'));
}
}

/**
* Protect XSS injection in user input
*/
$this->_getSession()->setEscapeMessages(true);
$this->_redirectError(Mage::getUrl('*/*/create', array('_secure'=>true)));
}

Expand Down

0 comments on commit e3b8ddb

Please sign in to comment.