Add BL_CustomGrid #48
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Where did version 0.9.3.0 come from? I'm not sure the extension source, but https://github.com/mage-eag/mage-enhanced-admin-grids shows 0.9.0.1 as latest published. Should also have either an update URL or 'Abandoned' in the last column if there no longer is one. |
|
@rhoerr I will be forking it and providing 0.9.3.0 as update in few days. Update URL will be provided then. Latest version published is 0.9.2.1 which was published via Magento Marketplace 2015. |
|
I'm not sure if this is good, like me providing updates in a repository, but this is the way we can also provide the fix for this. Any comments about this, in case of future cases, like this? From my view, this PR could be merged now. Changes I made, can be found bellow. diff --git a/README.md b/README.md
index 901b11e..8c0b2df 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,21 @@
# Enhanced Admin Grids
-## Version 0.9.0
+## Version 0.9.3.0
+
+This is Security updates ONLY repository for BL CustomGrid.
+Any PRs relating following are accepted:
+- Bug fixes.
+- Security fixes.
+- Performance fixes.
+
+
+Changelog
+---
+0.9.3.0 Provides fixes to security related issues and PHP 7.2 support.
-Enhanced Admin Grids extension for Magento.
-More informations about the extension can be found on its Magento Connect page [here](https://www.magentocommerce.com/magento-connect/enhanced-admin-grids-editor.html).
-_The 1.0.0 version is now under development, and is available as work-in-progress [here](https://github.com/mage-eag/mage-enhanced-admin-grids/tree/1.0.0-wip) (testing purposes only)._
\ No newline at end of file
+
+Other:
+---
+
+Enhanced Admin Grids extension for Magento.
+More informations about the extension can be found on its Magento Connect page [here](https://www.magentocommerce.com/magento-connect/enhanced-admin-grids-editor.html).
\ No newline at end of file
diff --git a/app/code/community/BL/CustomGrid/Block/Rewrite/_blank b/app/code/community/BL/CustomGrid/Block/Rewrite/_blank
new file mode 100644
index 0000000..db80cdd
--- /dev/null
+++ b/app/code/community/BL/CustomGrid/Block/Rewrite/_blank
@@ -0,0 +1 @@
+This is a blank file to ensure the rewrite directory gets created by the Magento Connect Manager.
\ No newline at end of file
diff --git a/app/code/community/BL/CustomGrid/Block/Widget/Grid/Column/Renderer/Product/Categories.php b/app/code/community/BL/CustomGrid/Block/Widget/Grid/Column/Renderer/Product/Categories.php
index 2b0c8cb..1f487cc 100644
--- a/app/code/community/BL/CustomGrid/Block/Widget/Grid/Column/Renderer/Product/Categories.php
+++ b/app/code/community/BL/CustomGrid/Block/Widget/Grid/Column/Renderer/Product/Categories.php
@@ -48,7 +48,7 @@ class BL_CustomGrid_Block_Widget_Grid_Column_Renderer_Product_Categories
}
}
} else {
- $result = array_map(create_function('$v', 'return array($v);'), $ids);
+ $result = array_map(function ($v) { return array($v); }, $ids);
}
return $result;
@@ -57,7 +57,7 @@ class BL_CustomGrid_Block_Widget_Grid_Column_Renderer_Product_Categories
protected function _renderRow($row, $levelSep, $resultSep)
{
$result = $this->_getRowResult($row);
- array_walk($result, create_function('&$v, $k, $s', '$v = implode($v, $s);'), $levelSep);
+ array_walk($result, function (&$v, $k, $s) { $v = implode($v, $s); }, $levelSep);
return implode($resultSep, $result);
}
diff --git a/app/code/community/BL/CustomGrid/Helper/Collection.php b/app/code/community/BL/CustomGrid/Helper/Collection.php
index c73f281..df8937d 100644
--- a/app/code/community/BL/CustomGrid/Helper/Collection.php
+++ b/app/code/community/BL/CustomGrid/Helper/Collection.php
@@ -120,12 +120,14 @@ class BL_CustomGrid_Helper_Collection
$adapterKey = spl_object_hash($adapter);
if (!isset($this->_quoteIdentifierCallbacks[$adapterKey])) {
- $callback = create_function('$v', 'return Mage::helper(\'customgrid/collection\')->callQuoteIdentifier($v, '.++$this->_qiCallbacksCount.');');
-
+
$this->_quoteIdentifierCallbacks[$adapterKey] = array(
'adapter' => $adapter,
'index' => $this->_qiCallbacksCount,
- 'callback' => $callback
+ 'callback' => function ($v)
+ {
+ return Mage::helper('customgrid/collection')->callQuoteIdentifier($v, ++$this->_qiCallbacksCount);
+ }
);
}
diff --git a/app/code/community/BL/CustomGrid/Helper/Data.php b/app/code/community/BL/CustomGrid/Helper/Data.php
index fcf9de8..6b850ac 100644
--- a/app/code/community/BL/CustomGrid/Helper/Data.php
+++ b/app/code/community/BL/CustomGrid/Helper/Data.php
@@ -27,31 +27,36 @@ class BL_CustomGrid_Helper_Data extends Mage_Core_Helper_Abstract
protected function _parseIntValue($value)
{
- return ($value !== '' ? intval($value) : null);
+ return ($value !== '' ? (int)$value : null);
}
-
+
public function parseCsvIntArray($string, $unique=true, $sorted=false, $min=null, $max=null)
{
$values = array_map(array($this, '_parseIntValue'), explode(',', $string));
- $filterCodes = array('!is_null($v)');
-
+
if ($unique) {
$values = array_unique($values);
}
- if (!is_null($min)) {
- $filterCodes[] = '($v >= '.intval($min).')';
- }
- if (!is_null($max)) {
- $filterCodes[] = '($v <= '.intval($max).')';
- }
-
- $filterCode = 'return ('.implode(' && ', $filterCodes).');';
- $values = array_filter($values, create_function('$v', $filterCode));
-
+
+ $values = array_filter($values, function ($v) use ($min, $max) {
+ if ($min !== null && $max !== null) {
+ return (($v !== null) && ($v >= (int)$min) && ($v <= (int)$max));
+ }
+
+ if ($min !== null && $max === null) {
+ return (($v !== null) && ($v >= (int)$min));
+ }
+
+ if ($min === null && $max !== null) {
+ return (($v !== null) && ($v <= (int)$max));
+ }
+ return ($v !== null);
+ });
+
if ($sorted) {
sort($values, SORT_NUMERIC);
}
-
+
return $values;
}
diff --git a/app/code/community/BL/CustomGrid/Model/Config/Abstract.php b/app/code/community/BL/CustomGrid/Model/Config/Abstract.php
index ebc2496..31478f4 100644
--- a/app/code/community/BL/CustomGrid/Model/Config/Abstract.php
+++ b/app/code/community/BL/CustomGrid/Model/Config/Abstract.php
@@ -216,16 +216,22 @@ abstract class BL_CustomGrid_Model_Config_Abstract extends Varien_Object
public function encodeParameters($parameters)
{
if (is_array($parameters)) {
- return serialize($parameters);
+ return base64_encode(json_encode($parameters));
}
- return $parameters;
+ return base64_encode(json_encode(['__encoded_data' => $parameters]));
}
public function decodeParameters($parameters, $forceArray=false)
{
if (is_string($parameters)) {
- $parameters = unserialize($parameters);
+ $parameters = json_decode(base64_decode($parameters), true);
}
+
+ if (is_array($parameters) && isset($parameters['__encoded_data']))
+ {
+ $parameters = $parameters['__encoded_data'];
+ }
+
return ($forceArray && !is_array($parameters) ? array() : $parameters);
}
diff --git a/app/code/community/BL/CustomGrid/Model/Grid/Type/Abstract.php b/app/code/community/BL/CustomGrid/Model/Grid/Type/Abstract.php
index a72e482..0ed9a15 100644
--- a/app/code/community/BL/CustomGrid/Model/Grid/Type/Abstract.php
+++ b/app/code/community/BL/CustomGrid/Model/Grid/Type/Abstract.php
@@ -334,7 +334,10 @@ abstract class BL_CustomGrid_Model_Grid_Type_Abstract extends Varien_Object
$xmlColumns,
$response->getColumns()
),
- create_function('$m', 'return ($m instanceof BL_CustomGrid_Model_Custom_Column_Abstract);')
+ function ($m)
+ {
+ return ($m instanceof BL_CustomGrid_Model_Custom_Column_Abstract);
+ }
);
uasort($this->_customColumns, array($this, '_sortCustomColumns'));
@@ -1179,7 +1182,11 @@ abstract class BL_CustomGrid_Model_Grid_Type_Abstract extends Varien_Object
'global' => array_diff_key($request->getParams(), array_flip(array($idsKey, $additionalKey, $valuesKey))),
);
- return array_map(create_function('$a', 'return (is_array($a) ? $a : array());'), $params);
+ return array_map(function ($a)
+ {
+ return (is_array($a) ? $a : array());
+ },
+ $params);
}
/**
diff --git a/app/code/community/BL/CustomGrid/Model/Grid/Type/Checkout/Agreement.php b/app/code/community/BL/CustomGrid/Model/Grid/Type/Checkout/Agreement.php
index e014c02..6c259c3 100644
--- a/app/code/community/BL/CustomGrid/Model/Grid/Type/Checkout/Agreement.php
+++ b/app/code/community/BL/CustomGrid/Model/Grid/Type/Checkout/Agreement.php
@@ -109,7 +109,7 @@ class BL_CustomGrid_Model_Grid_Type_Checkout_Agreement
$config = parent::_prepareEditableFieldCommonConfig($type, $id, $config);
if (($config['type'] == 'editor') && isset($config['layout_handles'])) {
- array_filter($config['layout_handles'], create_function('$a', 'return ($a != \'custom_grid_editor_handle_editor\');'));
+ array_filter($config['layout_handles'], function ($a) {return ($a != 'custom_grid_editor_handle_editor');});
}
return $config;
diff --git a/app/code/community/BL/CustomGrid/etc/config.xml b/app/code/community/BL/CustomGrid/etc/config.xml
index ee4f7bc..46d00d6 100644
--- a/app/code/community/BL/CustomGrid/etc/config.xml
+++ b/app/code/community/BL/CustomGrid/etc/config.xml
@@ -17,7 +17,7 @@
<config>
<modules>
<BL_CustomGrid>
- <version>0.9.0.1</version>
+ <version>0.9.3.0</version>
</BL_CustomGrid>
</modules>
<global> |
Merge update
|
I defer to Willem or others here. |
Merge master to patch-2
|
Hi @Niko9911, thanks for contributing. Policy: ideally the vendor provides an official update but as it is unmaintained, an unofficial patch seems preferable. One request though, you seem to have mixed up the "relevant uri path" and "update url" columns in this PR. The relevant uri path is used to grep access logs for possible attacks. |
|
@gwillem Done. |
|
Now the last two columns are mixed. See README.md for a description. This is the CSV header: |
|
Oh, my bad. Sorry for wait!! Feel fee to merge. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See https://xn--gran-8qa.fi/magento-1-bl-customgrid-security-flaw/ for reference.
Will be providing later update url for fixed version. (I will fork this and provide update.)
Closes #28