Merge tag 'v19.4.9' into 20.0

.all-contributorsrc

@@ -910,6 +910,15 @@
       "contributions": [
         "code"
       ]
+    },
+    {
+      "login": "boesbo",
+      "name": "Francesco Boes",
+      "avatar_url": "https://avatars1.githubusercontent.com/u/12744378?v=4",
+      "profile": "https://github.com/boesbo",
+      "contributions": [
+        "code"
+      ]
     }
   ],
   "contributorsPerLine": 7

.github/changelog/version_19.txt

@@ -1,6 +1,38 @@
 
 
-## v19.4.9 - unreleased
+## v19.4.10 - unreleased
+
+## v19.4.9 - 2020-12-29
+
+increase composer.json php version range to include 8.0
+#1349 Fixed Zend Lib Deprecated Notice PHP8
+#1213 Fix strpos with non-string needle
+add UnitTests to Github Actions
+#1348 Fixed Zend Lib Tool Deprecated Notice
+#1347 Fixed Zend Lib Amf Deprecated Notice
+#1340 Fixed Zend Lib Barcode Deprecated
+#1346 Fixed Zend Lib Validate Deprecated Notice
+#1256 Fix libxml_disable_entity_loader for PHP 8
+#1251 Disable class unserialization where it is not needed.
+#1350 Trim values from XML so auto-formatting our XML does not break the autoloader.
+#1345 Fixed Zend Lib Wildfire Deprecated Notice
+#1344 Fixed Zend Lib View Deprecated Notice
+#1343 Fixed Zend Lib JSON Deprecated Notice
+#1342 Fixed Zend Lib Filter Deprecated Notice
+#1341 fix "Cannot unset $this" error
+#1261 getAttributeRawValue() move operations with store to if statement
+#1274 Removed unused fetchAll in addRatingInfo()
+#1278 Handled the case where the coupon no longer exists
+#1328 Fix phpDoc for set/getStepData in Checkout
+#1323 Improve PHPDoc
+#1319 Fix for currency symbol not saved with fatal PHP error #1318
+#1297 Update SECURITY.md
+allow version 4 of hackathon composer installer
+#1292 Support the logging of Throwables
+#1285 Mage core model url - method call is provided 2 parameters, but the method signature uses 1 parameters
+#1161 cleanup: Remove some files left in previous PRs
+#1207 bugfix: don't cast min_sale_qty to int as it can be a decimal
+#1279 Remove php short open tag
 
 
 ## v19.4.8 - 2020-10-20

.github/changelog/version_20.txt

@@ -1,7 +1,11 @@
 
 
 
-## v20.0.5 - unreleased
+## v20.0.6 - unreleased
+
+## v20.0.5 - 2020-12-29
+
+merged changes from v19.4.9
 
 
 ## v20.0.4 - 2020-10-20

.github/workflows/php.yml

@@ -22,7 +22,7 @@ jobs:
       run: composer validate
 
     - name: Install dependencies
-      run: composer install --prefer-dist --no-progress --no-suggest
+      run: composer install --prefer-dist --no-progress --no-suggest --ignore-platform-reqs
 
     # Add a test script to composer.json, for instance: "test": "vendor/bin/phpunit"
     # Docs: https://getcomposer.org/doc/articles/scripts.md

.github/workflows/unit-tests.yml

@@ -0,0 +1,41 @@
+name: OpenMage LTS - Unit Tests
+
+on:
+  push:
+  pull_request:
+
+jobs:
+  unit-tests:
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          repository: OpenMage/Testfield
+          path: ./
+
+      - name: php & Composer version
+        run: php --version && composer --version
+
+      - name: Install dependencies
+        run: composer install --prefer-dist --no-progress --ignore-platform-reqs
+
+      - name: Checkout OpenMage repo
+        uses: actions/checkout@v2
+        with:
+          path: openmage
+
+      - name: Install OpenMage dependencies
+        working-directory: ./openmage
+        run: composer install --prefer-dist --no-progress --ignore-platform-reqs
+
+      - name: run phpUnit
+        run: bash ./run_unit_tests.sh
+
+      - name: Publish Unit Test Results
+        uses: EnricoMi/[email protected]
+        if: always()
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          files: output/*.xml

SECURITY.md

@@ -8,7 +8,8 @@ We will keep the details of your security vulnerability report private and only
 
 | OpenMage LTS Tag     | Magento Version   | Branch           | Supported          |
 | -------------------- | ----------------- | ---------------- | ------------------ |
-| ~19.4.3              | 1.9.4.5           | 1.9.4.x          | :white_check_mark: |
+| ~20.0.4              | 1.9.4.5           | 20.0             | :white_check_mark: |
+| ~19.4.8              | 1.9.4.5           | 1.9.4.x          | :white_check_mark: |
 | -                    | <= 1.9.4.4        | multiple         | :x:                |
 
 ## Reporting a Vulnerability

app/Mage.php

@@ -215,7 +215,7 @@ public static function getOpenMageVersionInfo()
         return array(
             'major'     => '20',
             'minor'     => '0',
-            'patch'     => '4',
+            'patch'     => '5',
             'stability' => '', // beta,alpha,rc
             'number'    => '', // 1,2,3,0.3.7,x.7.z.92 @see https://semver.org/#spec-item-9
         );
@@ -905,9 +905,9 @@ public static function log($message, $level = null, $file = '', $forceLog = fals
     /**
      * Write exception to log
      *
-     * @param Exception $e
+     * @param Throwable $e
      */
-    public static function logException(Exception $e)
+    public static function logException(Throwable $e)
     {
         if (!self::getConfig()) {
             return;
@@ -941,9 +941,9 @@ public static function getIsDeveloperMode()
     /**
      * Display exception
      *
-     * @param Exception $e
+     * @param Throwable $e
      */
-    public static function printException(Exception $e, $extra = '')
+    public static function printException(Throwable $e, $extra = '')
     {
         if (self::$_isDeveloperMode) {
             print '<pre>';

app/bootstrap.php

@@ -29,6 +29,6 @@
  * @link https://bugs.php.net/bug.php?id=62577
  * @link https://bugs.php.net/bug.php?id=64938
  */
-if (function_exists('libxml_disable_entity_loader')) {
+if ((LIBXML_VERSION < 20900) && function_exists('libxml_disable_entity_loader')) {
     libxml_disable_entity_loader(false);
 }

app/code/core/Mage/Admin/Model/Resource/Acl.php

@@ -133,7 +133,7 @@ public function loadRules(Mage_Admin_Model_Acl $acl, array $rulesArr)
             $assert = null;
             if (0 != $rule['assert_id']) {
                 $assertClass = Mage::getSingleton('admin/config')->getAclAssert($rule['assert_type'])->getClassName();
-                $assert = new $assertClass(unserialize($rule['assert_data']));
+                $assert = new $assertClass(unserialize($rule['assert_data'], ['allowed_classes' => false]));
             }
             try {
                 if ($rule['permission'] == 'allow') {

app/code/core/Mage/Adminhtml/Block/Sales/Order/Shipment/Packaging.php

@@ -201,7 +201,7 @@ public function getPackages()
     {
         $packages = $this->getShipment()->getPackages();
         if ($packages) {
-            $packages = unserialize($packages);
+            $packages = unserialize($packages, ['allowed_classes' => false]);
         } else {
             $packages = array();
         }

app/code/core/Mage/Adminhtml/Model/Sales/Order/Create.php

@@ -580,7 +580,7 @@ public function moveQuoteItem($item, $moveTo, $qty)
                         $info = $item->getOptionByCode('info_buyRequest');
                         if ($info) {
                             $info = new Varien_Object(
-                                unserialize($info->getValue())
+                                unserialize($info->getValue(), ['allowed_classes' => false])
                             );
                             $info->setQty($qty);
                             $info->setOptions($this->_prepareOptionsForRequest($item));
@@ -1511,7 +1511,7 @@ protected function _prepareQuoteItems()
             }
             $addOptions = $item->getOptionByCode('additional_options');
             if ($addOptions) {
-                $options['additional_options'] = unserialize($addOptions->getValue());
+                $options['additional_options'] = unserialize($addOptions->getValue(), ['allowed_classes' => false]);
             }
             $item->setProductOrderOptions($options);
         }

app/code/core/Mage/Api/Model/Resource/Acl.php

@@ -123,7 +123,7 @@ public function loadRules(Mage_Api_Model_Acl $acl, array $rulesArr)
             $assert = null;
             if (0!=$rule['assert_id']) {
                 $assertClass = Mage::getSingleton('api/config')->getAclAssert($rule['assert_type'])->getClassName();
-                $assert = new $assertClass(unserialize($rule['assert_data']));
+                $assert = new $assertClass(unserialize($rule['assert_data'], ['allowed_classes' => false]));
             }
             try {
                 if ($rule['api_permission'] == 'allow') {

app/code/core/Mage/Bundle/Block/Adminhtml/Sales/Order/Items/Renderer.php

@@ -167,7 +167,7 @@ public function getSelectionAttributes($item)
             $options = $item->getOrderItem()->getProductOptions();
         }
         if (isset($options['bundle_selection_attributes'])) {
-            return unserialize($options['bundle_selection_attributes']);
+            return unserialize($options['bundle_selection_attributes'], ['allowed_classes' => false]);
         }
         return null;
     }

app/code/core/Mage/Bundle/Block/Adminhtml/Sales/Order/View/Items/Renderer.php

@@ -126,7 +126,7 @@ public function getSelectionAttributes($item)
             $options = $item->getOrderItem()->getProductOptions();
         }
         if (isset($options['bundle_selection_attributes'])) {
-            return unserialize($options['bundle_selection_attributes']);
+            return unserialize($options['bundle_selection_attributes'], ['allowed_classes' => false]);
         }
         return null;
     }

app/code/core/Mage/Bundle/Block/Sales/Order/Items/Renderer.php

@@ -131,7 +131,7 @@ public function getSelectionAttributes($item)
             $options = $item->getOrderItem()->getProductOptions();
         }
         if (isset($options['bundle_selection_attributes'])) {
-            return unserialize($options['bundle_selection_attributes']);
+            return unserialize($options['bundle_selection_attributes'], ['allowed_classes' => false]);
         }
         return null;
     }

app/code/core/Mage/Bundle/Helper/Catalog/Product/Configuration.php

@@ -91,7 +91,7 @@ public function getBundleOptions(Mage_Catalog_Model_Product_Configuration_Item_I
 
         // get bundle options
         $optionsQuoteItemOption = $item->getOptionByCode('bundle_option_ids');
-        $bundleOptionsIds = $optionsQuoteItemOption ? unserialize($optionsQuoteItemOption->getValue()) : array();
+        $bundleOptionsIds = $optionsQuoteItemOption ? unserialize($optionsQuoteItemOption->getValue(), ['allowed_classes' => false]) : array();
         if ($bundleOptionsIds) {
             /**
             * @var Mage_Bundle_Model_Resource_Option_Collection
@@ -101,11 +101,11 @@ public function getBundleOptions(Mage_Catalog_Model_Product_Configuration_Item_I
             // get and add bundle selections collection
             $selectionsQuoteItemOption = $item->getOptionByCode('bundle_selection_ids');
 
-            $bundleSelectionIds = unserialize($selectionsQuoteItemOption->getValue());
+            $bundleSelectionIds = unserialize($selectionsQuoteItemOption->getValue(), ['allowed_classes' => false]);
 
             if (!empty($bundleSelectionIds)) {
                 $selectionsCollection = $typeInstance->getSelectionsByIds(
-                    unserialize($selectionsQuoteItemOption->getValue()),
+                    unserialize($selectionsQuoteItemOption->getValue(), ['allowed_classes' => false]),
                     $product
                 );
 

app/code/core/Mage/Bundle/Model/Product/Price.php

@@ -88,7 +88,7 @@ public function getTotalBundleItemsPrice($product, $qty = null)
         if ($product->hasCustomOptions()) {
             $customOption = $product->getCustomOption('bundle_selection_ids');
             if ($customOption) {
-                $selectionIds = unserialize($customOption->getValue());
+                $selectionIds = unserialize($customOption->getValue(), ['allowed_classes' => false]);
                 /** @var Mage_Bundle_Model_Resource_Selection_Collection $selections */
                 $selections = $product->getTypeInstance(true)->getSelectionsByIds($selectionIds, $product);
                 $selections->addTierPriceData();

app/code/core/Mage/Bundle/Model/Product/Type.php

@@ -148,7 +148,7 @@ public function getSku($product = null)
 
             if ($this->getProduct($product)->hasCustomOptions()) {
                 $customOption = $this->getProduct($product)->getCustomOption('bundle_selection_ids');
-                $selectionIds = unserialize($customOption->getValue());
+                $selectionIds = unserialize($customOption->getValue(), ['allowed_classes' => false]);
                 if (!empty($selectionIds)) {
                     $selections = $this->getSelectionsByIds($selectionIds, $product);
                     foreach ($selections->getItems() as $selection) {
@@ -176,7 +176,7 @@ public function getWeight($product = null)
 
             if ($this->getProduct($product)->hasCustomOptions()) {
                 $customOption = $this->getProduct($product)->getCustomOption('bundle_selection_ids');
-                $selectionIds = unserialize($customOption->getValue());
+                $selectionIds = unserialize($customOption->getValue(), ['allowed_classes' => false]);
                 $selections = $this->getSelectionsByIds($selectionIds, $product);
                 foreach ($selections->getItems() as $selection) {
                     $qtyOption = $this->getProduct($product)
@@ -202,7 +202,7 @@ public function isVirtual($product = null)
     {
         if ($this->getProduct($product)->hasCustomOptions()) {
             $customOption = $this->getProduct($product)->getCustomOption('bundle_selection_ids');
-            $selectionIds = unserialize($customOption->getValue());
+            $selectionIds = unserialize($customOption->getValue(), ['allowed_classes' => false]);
             $selections = $this->getSelectionsByIds($selectionIds, $product);
             $virtualCount = 0;
             foreach ($selections->getItems() as $selection) {
@@ -788,10 +788,10 @@ public function getOrderOptions($product = null)
 
         if ($product->hasCustomOptions()) {
             $customOption = $product->getCustomOption('bundle_option_ids');
-            $optionIds = unserialize($customOption->getValue());
+            $optionIds = unserialize($customOption->getValue(), ['allowed_classes' => false]);
             $options = $this->getOptionsByIds($optionIds, $product);
             $customOption = $product->getCustomOption('bundle_selection_ids');
-            $selectionIds = unserialize($customOption->getValue());
+            $selectionIds = unserialize($customOption->getValue(), ['allowed_classes' => false]);
             $selections = $this->getSelectionsByIds($selectionIds, $product);
             foreach ($selections->getItems() as $selection) {
                 if ($selection->isSalable()) {
@@ -934,9 +934,9 @@ public function checkProductBuyState($product = null)
         $productOptionIds   = $this->getOptionsIds($product);
         $productSelections  = $this->getSelectionsCollection($productOptionIds, $product);
         $selectionIds       = $product->getCustomOption('bundle_selection_ids');
-        $selectionIds       = (array) unserialize($selectionIds->getValue());
+        $selectionIds       = (array) unserialize($selectionIds->getValue(), ['allowed_classes' => false]);
         $buyRequest         = $product->getCustomOption('info_buyRequest');
-        $buyRequest         = new Varien_Object(unserialize($buyRequest->getValue()));
+        $buyRequest         = new Varien_Object(unserialize($buyRequest->getValue(), ['allowed_classes' => false]));
         $bundleOption       = $buyRequest->getBundleOption();
 
         if (empty($bundleOption) && empty($selectionIds)) {

app/code/core/Mage/Bundle/Model/Sales/Order/Pdf/Items/Abstract.php

@@ -196,7 +196,7 @@ public function getSelectionAttributes($item)
             $options = $item->getOrderItem()->getProductOptions();
         }
         if (isset($options['bundle_selection_attributes'])) {
-            return unserialize($options['bundle_selection_attributes']);
+            return unserialize($options['bundle_selection_attributes'], ['allowed_classes' => false]);
         }
         return null;
     }

app/code/core/Mage/Catalog/Helper/Product/Configuration.php

@@ -85,7 +85,7 @@ public function getCustomOptions(Mage_Catalog_Model_Product_Configuration_Item_I
 
         $addOptions = $item->getOptionByCode('additional_options');
         if ($addOptions) {
-            $options = array_merge($options, unserialize($addOptions->getValue()));
+            $options = array_merge($options, unserialize($addOptions->getValue(), ['allowed_classes' => false]));
         }
 
         return $options;

app/code/core/Mage/Catalog/Model/Product/Attribute/Source/Countryofmanufacture.php

@@ -42,7 +42,7 @@ public function getAllOptions()
     {
         $cacheKey = 'DIRECTORY_COUNTRY_SELECT_STORE_' . Mage::app()->getStore()->getCode();
         if (Mage::app()->useCache('config') && $cache = Mage::app()->loadCache($cacheKey)) {
-            $options = unserialize($cache);
+            $options = unserialize($cache, ['allowed_classes' => false]);
         } else {
             $collection = Mage::getModel('directory/country')->getResourceCollection();
             if (!Mage::app()->getStore()->isAdmin()) {

app/code/core/Mage/Catalog/Model/Product/Type/Abstract.php

@@ -602,7 +602,7 @@ public function getOrderOptions($product = null)
     {
         $optionArr = array();
         if ($info = $this->getProduct($product)->getCustomOption('info_buyRequest')) {
-            $optionArr['info_buyRequest'] = unserialize($info->getValue());
+            $optionArr['info_buyRequest'] = unserialize($info->getValue(), ['allowed_classes' => false]);
         }
 
         if ($optionIds = $this->getProduct($product)->getCustomOption('option_ids')) {

app/code/core/Mage/Catalog/Model/Product/Type/Configurable.php

@@ -548,7 +548,7 @@ public function getSelectedAttributesInfo($product = null)
         $attributes = array();
         Varien_Profiler::start('CONFIGURABLE:'.__METHOD__);
         if ($attributesOption = $this->getProduct($product)->getCustomOption('attributes')) {
-            $data = unserialize($attributesOption->getValue());
+            $data = unserialize($attributesOption->getValue(), ['allowed_classes' => false]);
             $this->getUsedProductAttributeIds($product);
 
             $usedAttributes = $this->getProduct($product)->getData($this->_usedAttributes);
@@ -681,7 +681,7 @@ public function checkProductBuyState($product = null)
         $product = $this->getProduct($product);
         $option = $product->getCustomOption('info_buyRequest');
         if ($option instanceof Mage_Sales_Model_Quote_Item_Option) {
-            $buyRequest = new Varien_Object(unserialize($option->getValue()));
+            $buyRequest = new Varien_Object(unserialize($option->getValue(), ['allowed_classes' => false]));
             $attributes = $buyRequest->getSuperAttribute();
             if (is_array($attributes)) {
                 foreach ($attributes as $key => $val) {

app/code/core/Mage/Catalog/Model/Product/Type/Configurable/Price.php

@@ -78,7 +78,7 @@ public function getTotalConfigurableItemsPrice($product, $finalPrice)
 
         $selectedAttributes = array();
         if ($product->getCustomOption('attributes')) {
-            $selectedAttributes = unserialize($product->getCustomOption('attributes')->getValue());
+            $selectedAttributes = unserialize($product->getCustomOption('attributes')->getValue(), ['allowed_classes' => false]);
         }
 
         /** @var Mage_Catalog_Model_Product_Type_Configurable_Attribute $attribute */