diff --git a/RELEASE_NOTES.txt b/RELEASE_NOTES.txt
index cf5d95ebde5..6f87f6b1875 100644
--- a/RELEASE_NOTES.txt
+++ b/RELEASE_NOTES.txt
@@ -1,3 +1,11 @@
+==== 1.7.0.2 ====
+
+=== Fixes ===
+Fixed: Security vulnerability in Zend_XmlRpc - http://framework.zend.com/security/advisory/ZF2012-01
+Fixed: PayPal Standard does not display on frontend during checkout with some merchant countries
+
+
+
==== 1.7.0.1 ====
=== Major Highlights ===
diff --git a/app/Mage.php b/app/Mage.php
index 7cccc9f873b..bc7a6cb07a1 100644
--- a/app/Mage.php
+++ b/app/Mage.php
@@ -170,7 +170,7 @@ public static function getVersionInfo()
'major' => '1',
'minor' => '7',
'revision' => '0',
- 'patch' => '1',
+ 'patch' => '2',
'stability' => '',
'number' => '',
);
diff --git a/app/code/core/Mage/Paypal/Model/Config.php b/app/code/core/Mage/Paypal/Model/Config.php
index ddfe62b1a1d..56baa83d46f 100644
--- a/app/code/core/Mage/Paypal/Model/Config.php
+++ b/app/code/core/Mage/Paypal/Model/Config.php
@@ -516,37 +516,44 @@ public function getCountryMethods($countryCode = null)
self::METHOD_WPP_PE_EXPRESS,
),
'AU' => array(
+ self::METHOD_WPS,
self::METHOD_PAYFLOWPRO,
self::METHOD_HOSTEDPRO,
self::METHOD_WPP_EXPRESS,
self::METHOD_BILLING_AGREEMENT,
),
'NZ' => array(
+ self::METHOD_WPS,
self::METHOD_PAYFLOWPRO,
self::METHOD_WPP_EXPRESS,
self::METHOD_BILLING_AGREEMENT,
),
'JP' => array(
+ self::METHOD_WPS,
self::METHOD_HOSTEDPRO,
self::METHOD_WPP_EXPRESS,
self::METHOD_BILLING_AGREEMENT,
),
'FR' => array(
+ self::METHOD_WPS,
self::METHOD_HOSTEDPRO,
self::METHOD_WPP_EXPRESS,
self::METHOD_BILLING_AGREEMENT,
),
'IT' => array(
+ self::METHOD_WPS,
self::METHOD_HOSTEDPRO,
self::METHOD_WPP_EXPRESS,
self::METHOD_BILLING_AGREEMENT,
),
'ES' => array(
+ self::METHOD_WPS,
self::METHOD_HOSTEDPRO,
self::METHOD_WPP_EXPRESS,
self::METHOD_BILLING_AGREEMENT,
),
'HK' => array(
+ self::METHOD_WPS,
self::METHOD_HOSTEDPRO,
self::METHOD_WPP_EXPRESS,
self::METHOD_BILLING_AGREEMENT,
diff --git a/app/code/core/Zend/XmlRpc/Request.php b/app/code/core/Zend/XmlRpc/Request.php
new file mode 100644
index 00000000000..402c38a39cf
--- /dev/null
+++ b/app/code/core/Zend/XmlRpc/Request.php
@@ -0,0 +1,442 @@
+setMethod($method);
+ }
+
+ if ($params !== null) {
+ $this->setParams($params);
+ }
+ }
+
+
+ /**
+ * Set encoding to use in request
+ *
+ * @param string $encoding
+ * @return Zend_XmlRpc_Request
+ */
+ public function setEncoding($encoding)
+ {
+ $this->_encoding = $encoding;
+ Zend_XmlRpc_Value::setEncoding($encoding);
+ return $this;
+ }
+
+ /**
+ * Retrieve current request encoding
+ *
+ * @return string
+ */
+ public function getEncoding()
+ {
+ return $this->_encoding;
+ }
+
+ /**
+ * Set method to call
+ *
+ * @param string $method
+ * @return boolean Returns true on success, false if method name is invalid
+ */
+ public function setMethod($method)
+ {
+ if (!is_string($method) || !preg_match('/^[a-z0-9_.:\/]+$/i', $method)) {
+ $this->_fault = new Zend_XmlRpc_Fault(634, 'Invalid method name ("' . $method . '")');
+ $this->_fault->setEncoding($this->getEncoding());
+ return false;
+ }
+
+ $this->_method = $method;
+ return true;
+ }
+
+ /**
+ * Retrieve call method
+ *
+ * @return string
+ */
+ public function getMethod()
+ {
+ return $this->_method;
+ }
+
+ /**
+ * Add a parameter to the parameter stack
+ *
+ * Adds a parameter to the parameter stack, associating it with the type
+ * $type if provided
+ *
+ * @param mixed $value
+ * @param string $type Optional; type hinting
+ * @return void
+ */
+ public function addParam($value, $type = null)
+ {
+ $this->_params[] = $value;
+ if (null === $type) {
+ // Detect type if not provided explicitly
+ if ($value instanceof Zend_XmlRpc_Value) {
+ $type = $value->getType();
+ } else {
+ $xmlRpcValue = Zend_XmlRpc_Value::getXmlRpcValue($value);
+ $type = $xmlRpcValue->getType();
+ }
+ }
+ $this->_types[] = $type;
+ $this->_xmlRpcParams[] = array('value' => $value, 'type' => $type);
+ }
+
+ /**
+ * Set the parameters array
+ *
+ * If called with a single, array value, that array is used to set the
+ * parameters stack. If called with multiple values or a single non-array
+ * value, the arguments are used to set the parameters stack.
+ *
+ * Best is to call with array of the format, in order to allow type hinting
+ * when creating the XMLRPC values for each parameter:
+ *
+ * $array = array(
+ * array(
+ * 'value' => $value,
+ * 'type' => $type
+ * )[, ... ]
+ * );
+ *
+ *
+ * @access public
+ * @return void
+ */
+ public function setParams()
+ {
+ $argc = func_num_args();
+ $argv = func_get_args();
+ if (0 == $argc) {
+ return;
+ }
+
+ if ((1 == $argc) && is_array($argv[0])) {
+ $params = array();
+ $types = array();
+ $wellFormed = true;
+ foreach ($argv[0] as $arg) {
+ if (!is_array($arg) || !isset($arg['value'])) {
+ $wellFormed = false;
+ break;
+ }
+ $params[] = $arg['value'];
+
+ if (!isset($arg['type'])) {
+ $xmlRpcValue = Zend_XmlRpc_Value::getXmlRpcValue($arg['value']);
+ $arg['type'] = $xmlRpcValue->getType();
+ }
+ $types[] = $arg['type'];
+ }
+ if ($wellFormed) {
+ $this->_xmlRpcParams = $argv[0];
+ $this->_params = $params;
+ $this->_types = $types;
+ } else {
+ $this->_params = $argv[0];
+ $this->_types = array();
+ $xmlRpcParams = array();
+ foreach ($argv[0] as $arg) {
+ if ($arg instanceof Zend_XmlRpc_Value) {
+ $type = $arg->getType();
+ } else {
+ $xmlRpcValue = Zend_XmlRpc_Value::getXmlRpcValue($arg);
+ $type = $xmlRpcValue->getType();
+ }
+ $xmlRpcParams[] = array('value' => $arg, 'type' => $type);
+ $this->_types[] = $type;
+ }
+ $this->_xmlRpcParams = $xmlRpcParams;
+ }
+ return;
+ }
+
+ $this->_params = $argv;
+ $this->_types = array();
+ $xmlRpcParams = array();
+ foreach ($argv as $arg) {
+ if ($arg instanceof Zend_XmlRpc_Value) {
+ $type = $arg->getType();
+ } else {
+ $xmlRpcValue = Zend_XmlRpc_Value::getXmlRpcValue($arg);
+ $type = $xmlRpcValue->getType();
+ }
+ $xmlRpcParams[] = array('value' => $arg, 'type' => $type);
+ $this->_types[] = $type;
+ }
+ $this->_xmlRpcParams = $xmlRpcParams;
+ }
+
+ /**
+ * Retrieve the array of parameters
+ *
+ * @return array
+ */
+ public function getParams()
+ {
+ return $this->_params;
+ }
+
+ /**
+ * Return parameter types
+ *
+ * @return array
+ */
+ public function getTypes()
+ {
+ return $this->_types;
+ }
+
+ /**
+ * Load XML and parse into request components
+ *
+ * @param string $request
+ * @return boolean True on success, false if an error occurred.
+ */
+ public function loadXml($request)
+ {
+ if (!is_string($request)) {
+ $this->_fault = new Zend_XmlRpc_Fault(635);
+ $this->_fault->setEncoding($this->getEncoding());
+ return false;
+ }
+
+ $loadEntities = libxml_disable_entity_loader(true);
+ try {
+ $xml = new SimpleXMLElement($request);
+ libxml_disable_entity_loader($loadEntities);
+ } catch (Exception $e) {
+ // Not valid XML
+ $this->_fault = new Zend_XmlRpc_Fault(631);
+ $this->_fault->setEncoding($this->getEncoding());
+ libxml_disable_entity_loader($loadEntities);
+ return false;
+ }
+
+ // Check for method name
+ if (empty($xml->methodName)) {
+ // Missing method name
+ $this->_fault = new Zend_XmlRpc_Fault(632);
+ $this->_fault->setEncoding($this->getEncoding());
+ return false;
+ }
+
+ $this->_method = (string) $xml->methodName;
+
+ // Check for parameters
+ if (!empty($xml->params)) {
+ $types = array();
+ $argv = array();
+ foreach ($xml->params->children() as $param) {
+ if (!isset($param->value)) {
+ $this->_fault = new Zend_XmlRpc_Fault(633);
+ $this->_fault->setEncoding($this->getEncoding());
+ return false;
+ }
+
+ try {
+ $param = Zend_XmlRpc_Value::getXmlRpcValue($param->value, Zend_XmlRpc_Value::XML_STRING);
+ $types[] = $param->getType();
+ $argv[] = $param->getValue();
+ } catch (Exception $e) {
+ $this->_fault = new Zend_XmlRpc_Fault(636);
+ $this->_fault->setEncoding($this->getEncoding());
+ return false;
+ }
+ }
+
+ $this->_types = $types;
+ $this->_params = $argv;
+ }
+
+ $this->_xml = $request;
+
+ return true;
+ }
+
+ /**
+ * Does the current request contain errors and should it return a fault
+ * response?
+ *
+ * @return boolean
+ */
+ public function isFault()
+ {
+ return $this->_fault instanceof Zend_XmlRpc_Fault;
+ }
+
+ /**
+ * Retrieve the fault response, if any
+ *
+ * @return null|Zend_XmlRpc_Fault
+ */
+ public function getFault()
+ {
+ return $this->_fault;
+ }
+
+ /**
+ * Retrieve method parameters as XMLRPC values
+ *
+ * @return array
+ */
+ protected function _getXmlRpcParams()
+ {
+ $params = array();
+ if (is_array($this->_xmlRpcParams)) {
+ foreach ($this->_xmlRpcParams as $param) {
+ $value = $param['value'];
+ $type = isset($param['type']) ? $param['type'] : Zend_XmlRpc_Value::AUTO_DETECT_TYPE;
+
+ if (!$value instanceof Zend_XmlRpc_Value) {
+ $value = Zend_XmlRpc_Value::getXmlRpcValue($value, $type);
+ }
+ $params[] = $value;
+ }
+ }
+
+ return $params;
+ }
+
+ /**
+ * Create XML request
+ *
+ * @return string
+ */
+ public function saveXml()
+ {
+ $args = $this->_getXmlRpcParams();
+ $method = $this->getMethod();
+
+ $generator = Zend_XmlRpc_Value::getGenerator();
+ $generator->openElement('methodCall')
+ ->openElement('methodName', $method)
+ ->closeElement('methodName');
+
+ if (is_array($args) && count($args)) {
+ $generator->openElement('params');
+
+ foreach ($args as $arg) {
+ $generator->openElement('param');
+ $arg->generateXml();
+ $generator->closeElement('param');
+ }
+ $generator->closeElement('params');
+ }
+ $generator->closeElement('methodCall');
+
+ return $generator->flush();
+ }
+
+ /**
+ * Return XML request
+ *
+ * @return string
+ */
+ public function __toString()
+ {
+ return $this->saveXML();
+ }
+}
diff --git a/app/code/core/Zend/XmlRpc/Response.php b/app/code/core/Zend/XmlRpc/Response.php
new file mode 100644
index 00000000000..f4d46d1af20
--- /dev/null
+++ b/app/code/core/Zend/XmlRpc/Response.php
@@ -0,0 +1,254 @@
+setReturnValue($return, $type);
+ }
+
+ /**
+ * Set encoding to use in response
+ *
+ * @param string $encoding
+ * @return Zend_XmlRpc_Response
+ */
+ public function setEncoding($encoding)
+ {
+ $this->_encoding = $encoding;
+ Zend_XmlRpc_Value::setEncoding($encoding);
+ return $this;
+ }
+
+ /**
+ * Retrieve current response encoding
+ *
+ * @return string
+ */
+ public function getEncoding()
+ {
+ return $this->_encoding;
+ }
+
+ /**
+ * Set the return value
+ *
+ * Sets the return value, with optional type hinting if provided.
+ *
+ * @param mixed $value
+ * @param string $type
+ * @return void
+ */
+ public function setReturnValue($value, $type = null)
+ {
+ $this->_return = $value;
+ $this->_type = (string) $type;
+ }
+
+ /**
+ * Retrieve the return value
+ *
+ * @return mixed
+ */
+ public function getReturnValue()
+ {
+ return $this->_return;
+ }
+
+ /**
+ * Retrieve the XMLRPC value for the return value
+ *
+ * @return Zend_XmlRpc_Value
+ */
+ protected function _getXmlRpcReturn()
+ {
+ return Zend_XmlRpc_Value::getXmlRpcValue($this->_return);
+ }
+
+ /**
+ * Is the response a fault response?
+ *
+ * @return boolean
+ */
+ public function isFault()
+ {
+ return $this->_fault instanceof Zend_XmlRpc_Fault;
+ }
+
+ /**
+ * Returns the fault, if any.
+ *
+ * @return null|Zend_XmlRpc_Fault
+ */
+ public function getFault()
+ {
+ return $this->_fault;
+ }
+
+ /**
+ * Load a response from an XML response
+ *
+ * Attempts to load a response from an XMLRPC response, autodetecting if it
+ * is a fault response.
+ *
+ * @param string $response
+ * @return boolean True if a valid XMLRPC response, false if a fault
+ * response or invalid input
+ */
+ public function loadXml($response)
+ {
+ if (!is_string($response)) {
+ $this->_fault = new Zend_XmlRpc_Fault(650);
+ $this->_fault->setEncoding($this->getEncoding());
+ return false;
+ }
+
+ $loadEntities = libxml_disable_entity_loader(true);
+ $useInternalXmlErrors = libxml_use_internal_errors(true);
+ try {
+ $xml = new SimpleXMLElement($response);
+ libxml_disable_entity_loader($loadEntities);
+ libxml_use_internal_errors($useInternalXmlErrors);
+ } catch (Exception $e) {
+ libxml_disable_entity_loader($loadEntities);
+ libxml_use_internal_errors($useInternalXmlErrors);
+ // Not valid XML
+ $this->_fault = new Zend_XmlRpc_Fault(651);
+ $this->_fault->setEncoding($this->getEncoding());
+ return false;
+ }
+
+ if (!empty($xml->fault)) {
+ // fault response
+ $this->_fault = new Zend_XmlRpc_Fault();
+ $this->_fault->setEncoding($this->getEncoding());
+ $this->_fault->loadXml($response);
+ return false;
+ }
+
+ if (empty($xml->params)) {
+ // Invalid response
+ $this->_fault = new Zend_XmlRpc_Fault(652);
+ $this->_fault->setEncoding($this->getEncoding());
+ return false;
+ }
+
+ try {
+ if (!isset($xml->params) || !isset($xml->params->param) || !isset($xml->params->param->value)) {
+ throw new Zend_XmlRpc_Value_Exception('Missing XML-RPC value in XML');
+ }
+ $valueXml = $xml->params->param->value->asXML();
+ $value = Zend_XmlRpc_Value::getXmlRpcValue($valueXml, Zend_XmlRpc_Value::XML_STRING);
+ } catch (Zend_XmlRpc_Value_Exception $e) {
+ $this->_fault = new Zend_XmlRpc_Fault(653);
+ $this->_fault->setEncoding($this->getEncoding());
+ return false;
+ }
+
+ $this->setReturnValue($value->getValue());
+ return true;
+ }
+
+ /**
+ * Return response as XML
+ *
+ * @return string
+ */
+ public function saveXml()
+ {
+ $value = $this->_getXmlRpcReturn();
+ $generator = Zend_XmlRpc_Value::getGenerator();
+ $generator->openElement('methodResponse')
+ ->openElement('params')
+ ->openElement('param');
+ $value->generateXml();
+ $generator->closeElement('param')
+ ->closeElement('params')
+ ->closeElement('methodResponse');
+
+ return $generator->flush();
+ }
+
+ /**
+ * Return XML response
+ *
+ * @return string
+ */
+ public function __toString()
+ {
+ return $this->saveXML();
+ }
+}
diff --git a/var/package/Mage_All_Latest-1.7.0.1.xml b/var/package/Mage_All_Latest-1.7.0.2.xml
similarity index 86%
rename from var/package/Mage_All_Latest-1.7.0.1.xml
rename to var/package/Mage_All_Latest-1.7.0.2.xml
index b9d546fe611..580c7f26113 100644
--- a/var/package/Mage_All_Latest-1.7.0.1.xml
+++ b/var/package/Mage_All_Latest-1.7.0.2.xml
@@ -1,18 +1,18 @@
Mage_All_Latest
- 1.7.0.1
+ 1.7.0.2
stable
OSL v3.0
community
- Metapackage for latest Magento 1.7.0.1 release
- Metapackage for latest Magento 1.7.0.1 release
- 1.7.0.1
+ Metapackage for latest Magento 1.7.0.2 release
+ Metapackage for latest Magento 1.7.0.2 release
+ 1.7.0.2
Magento Core Teamcorecore@magentocommerce.com
- 2012-06-20
-
+ 2012-07-05
+
- 5.2.06.0.0Mage_Core_Modulescommunity1.7.0.11.7.0.1Mage_Core_Adminhtmlcommunity1.7.0.11.7.0.1Interface_Adminhtml_Defaultcommunity1.7.0.11.7.0.1Interface_Frontend_Defaultcommunity1.7.0.01.7.0.0Interface_Install_Defaultcommunity1.7.0.01.7.0.0Mage_Downloadercommunity1.7.0.11.7.0.2Mage_Centinelcommunity1.7.0.01.7.0.0Interface_Frontend_Base_Defaultcommunity1.7.0.11.7.0.1Phoenix_Moneybookerscommunity1.3.11.3.1Mage_Compilercommunity1.7.0.01.7.0.0Magento_Mobilecommunity1.7.0.1.22.11.7.0.2
+ 5.2.06.0.0Mage_Core_Modulescommunity1.7.0.21.7.0.2Mage_Core_Adminhtmlcommunity1.7.0.11.7.0.1Interface_Adminhtml_Defaultcommunity1.7.0.11.7.0.1Interface_Frontend_Defaultcommunity1.7.0.01.7.0.0Interface_Install_Defaultcommunity1.7.0.01.7.0.0Mage_Downloadercommunity1.7.0.11.7.0.2Mage_Centinelcommunity1.7.0.01.7.0.0Interface_Frontend_Base_Defaultcommunity1.7.0.11.7.0.1Phoenix_Moneybookerscommunity1.3.11.3.1Mage_Compilercommunity1.7.0.01.7.0.0Magento_Mobilecommunity1.7.0.1.22.11.7.0.2
diff --git a/var/package/Mage_Core_Modules-1.7.0.1.xml b/var/package/Mage_Core_Modules-1.7.0.2.xml
similarity index 98%
rename from var/package/Mage_Core_Modules-1.7.0.1.xml
rename to var/package/Mage_Core_Modules-1.7.0.2.xml
index 2d615a71563..437409fc45f 100644
--- a/var/package/Mage_Core_Modules-1.7.0.1.xml
+++ b/var/package/Mage_Core_Modules-1.7.0.2.xml
@@ -1,18 +1,18 @@
Mage_Core_Modules
- 1.7.0.1
+ 1.7.0.2
stable
OSL v3.0
community
Collection of Magento Core Modules
Collection of Magento Core Modules
- 1.7.0.1
+ 1.7.0.2
Magento Core Teamcorecore@magentocommerce.com
- 2012-06-20
-
-
+ 2012-07-05
+
+
5.2.06.0.0Lib_Variencommunity1.7.0.01.8.0.0Lib_Google_Checkoutcommunity1.5.0.01.5.1.0Lib_Js_Calendarcommunity1.51.1.11.52Lib_Js_Magecommunity1.7.0.11.8.0.0Lib_Js_Prototypecommunity1.7.0.0.31.7.1.0Lib_Phpseclibcommunity1.5.0.01.5.1.0Mage_Locale_en_UScommunity1.7.0.11.8.0.0Lib_Magecommunity1.7.0.11.8.0.0