Merge pull request #3472 in SW/shopware from sw-14719/4.3/prepare-rel…

…ease to 4.3 * commit '695786cfdf78d27bb11dc3244b19e272add702d7': SW-14719 - Improve input validation in ScriptRenderer Set sql_mode during build Revert "Prevent infinite recursion for invalid group ids" Revert "Enable environment in UpdateCommand"
shopware5 · Apr 8, 2016 · 567c282 · 567c282
2 parents ed5fa7c + 695786c
commit 567c282
Show file tree

Hide file tree

Showing 9 changed files with 53 additions and 43 deletions.
diff --git a/build/ApplyDeltas.php b/build/ApplyDeltas.php
@@ -56,6 +56,9 @@
     );
     $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
     $conn->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
+
+    // Reset sql_mode "STRICT_TRANS_TABLES" that will be default in MySQL 5.6
+    $conn->exec('SET @@session.sql_mode = ""');
 } catch(PDOException $e) {
     echo 'Could not connect to database: ' . $e->getMessage();
     exit(1);

diff --git a/engine/Library/Enlight/Controller/Plugins/ScriptRenderer/Bootstrap.php b/engine/Library/Enlight/Controller/Plugins/ScriptRenderer/Bootstrap.php
@@ -171,28 +171,35 @@ public function getTemplateName()
         }
 
         $templateNames = array();
-
         foreach ($fileNames as $fileName) {
+            // Remove unwanted characters
+            $fileName = preg_replace('/[^a-z0-9\/_-]/i', '', $fileName);
+
+            // Replace multiple forward slashes
+            $fileName = preg_replace('#/+#', '/', $fileName);
+
+            // Remove leading and trailing forward slash
+            $fileName = trim($fileName, '/');
+
             // if string starts with "m/" replace with "model/"
             $fileName = preg_replace('/^m\//', 'model/', $fileName);
             $fileName = preg_replace('/^c\//', 'controller/', $fileName);
             $fileName = preg_replace('/^v\//', 'view/', $fileName);
 
-            $fileName = ltrim(dirname($fileName) . '/' . basename($fileName, '.js'), '/.');
-
             if (empty($fileName)) {
                 continue;
             }
 
-            $templateNames[] = $inflector->filter(array(
+            $fileName = $inflector->filter(array(
                 'module'     => $moduleName,
                 'controller' => $controllerName,
-                'file'       => $fileName)
-            );
+                'file'       => $fileName
+            ));
+
+            $templateNames[]  = $fileName;
         }
 
         $count = count($templateNames);
-
         if ($count === 0) {
             return null;
         } elseif ($count === 1) {

diff --git a/engine/Shopware/Controllers/Backend/ExtJs.php b/engine/Shopware/Controllers/Backend/ExtJs.php
@@ -221,26 +221,36 @@ public function extendsAction()
         $this->View()->Engine()->setCompileId($this->View()->Engine()->getCompileId() . '_' . $this->Request()->getControllerName());
 
         foreach ($fileNames as $fileName) {
+            // Remove unwanted characters
+            $fileName = preg_replace('/[^a-z0-9\/_-]/i', '', $fileName);
+
+            // Replace multiple forward slashes
+            $fileName = preg_replace('#/+#', '/', $fileName);
+
+            // Remove leading and trailing forward slash
+            $fileName = trim($fileName, '/');
+
             // if string starts with "m/" replace with "model/"
             $fileName = preg_replace('/^m\//', 'model/', $fileName);
             $fileName = preg_replace('/^c\//', 'controller/', $fileName);
             $fileName = preg_replace('/^v\//', 'view/', $fileName);
 
-            $fileName = ltrim(dirname($fileName) . '/' . basename($fileName, '.js'), '/.');
             if (empty($fileName)) {
                 continue;
             }
+
             $templateBase = $inflector->filter(array(
-                'module' => $moduleName,
+                'module'     => $moduleName,
                 'controller' => $controllerName,
-                'file' => $fileName)
-            );
+                'file'       => $fileName
+            ));
 
             $templateExtend = $inflector->filter(array(
-                'module' => $moduleName,
+                'module'     => $moduleName,
                 'controller' => $this->Request()->getControllerName(),
-                'file' => $fileName)
-            );
+                'file'       => $fileName
+            ));
+
             if ($this->View()->templateExists($templateBase)) {
                 $template .= '{include file="' . $templateBase. '"}' . "\n";
             }

diff --git a/engine/core/class/sConfigurator.php b/engine/core/class/sConfigurator.php
@@ -243,10 +243,12 @@ public function getArticleConfigurator($id, $articleData, $recursiveCall = false
         if (!empty($selectedItems) && empty($selected)) {
             if ($settings['type'] == self::TYPE_STANDARD) {
                 unset($this->sSYSTEM->_POST["group"]);
+                return $this->getArticleConfigurator($id, $articleData, true);
+
             } elseif ($settings['type'] == self::TYPE_SELECTION) {
-                array_pop($this->sSYSTEM->_POST["group"]);
-            }
-            if (count($this->sSYSTEM->_POST["group"])) {
+                $group = $this->sSYSTEM->_POST["group"];
+                array_pop($group);
+                $this->sSYSTEM->_POST["group"] = $group;
                 return $this->getArticleConfigurator($id, $articleData, true);
             }
         }

diff --git a/recovery/common/autoload.php b/recovery/common/autoload.php
@@ -9,8 +9,4 @@
     SW_PATH . '/engine/Shopware/Components/Migrations/'
 );
 
-$autoloader->addClassMap(array(
-    'Shopware\\Components\\ConfigLoader' => SW_PATH . '/engine/Shopware/Components/ConfigLoader.php'
-));
-
 return $autoloader;
diff --git a/recovery/update/src/Command/UpdateCommand.php b/recovery/update/src/Command/UpdateCommand.php
@@ -39,7 +39,6 @@
 use Symfony\Component\Console\Helper\DialogHelper;
 use Symfony\Component\Console\Helper\ProgressHelper;
 use Symfony\Component\Console\Input\InputInterface;
-use Symfony\Component\Console\Input\InputOption;
 use Symfony\Component\Console\Output\OutputInterface;
 
 class UpdateCommand extends Command
@@ -65,7 +64,6 @@ class UpdateCommand extends Command
     protected function configure()
     {
         $this->setName('update');
-        $this->addOption('env', 'e', InputOption::VALUE_OPTIONAL, 'Sets the environment');
     }
 
     /**

diff --git a/recovery/update/src/Console/Application.php b/recovery/update/src/Console/Application.php
@@ -47,7 +47,6 @@ public function __construct($env)
 
         $config = require __DIR__ . '/../../config/config.php';
         $this->container = new Container(new \Pimple(), $config);
-        $this->container->setParameter('environment', $env);
     }
 
     /**

diff --git a/recovery/update/src/DependencyInjection/Container.php b/recovery/update/src/DependencyInjection/Container.php
@@ -25,7 +25,6 @@
 
 namespace Shopware\Recovery\Update\DependencyInjection;
 
-use Shopware\Components\ConfigLoader;
 use Shopware\Components\Migrations\Manager as MigrationManager;
 use Shopware\Recovery\Common\DependencyInjection\Container as BaseContainer;
 use Shopware\Recovery\Common\Dump;
@@ -44,8 +43,7 @@ public function setup(\Pimple $pimple)
         $me = $this;
 
         $pimple['db'] = function () use ($me) {
-            $shopwareConfig = $me->get('shopware.config');
-            $conn = Utils::getConnection($shopwareConfig);
+            $conn = Utils::getConnection(SW_PATH);
 
             return $conn;
         };
@@ -95,25 +93,12 @@ public function setup(\Pimple $pimple)
             return $slim;
         };
 
-        $pimple['controller.batch'] = function () use ($me) {
+       $pimple['controller.batch'] = function () use ($me) {
             return new BatchController(
                 $me->get('slim.request'),
                 $me->get('slim.response'),
                 $me
             );
         };
-
-        $pimple['shopware.config'] = function () use ($me) {
-            $env = $me->hasParameter('environment') ? $me->getParameter('environment') : 'production';
-
-            $configLoader = new ConfigLoader(
-                SW_PATH . '/',
-                $env,
-                'Shopware'
-            );
-            $config = $configLoader->loadConfig(SW_PATH . '/engine/Shopware/Configs/Default.php');
-
-            return $config;
-        };
     }
 }
diff --git a/recovery/update/src/Utils.php b/recovery/update/src/Utils.php
@@ -180,12 +180,22 @@ public static function getLanguage(Request $request, $lang = null)
     }
 
     /**
-     * @param array $config Shopware Configuration
+     * @param string $shopPath
      *
      * @return \PDO
      */
-    public static function getConnection(array $config = array())
+    public static function getConnection($shopPath)
     {
+        if (file_exists($shopPath . '/config.php')) {
+            $config = require $shopPath . '/config.php';
+        } elseif (file_exists($shopPath . '/config.update.php')) {
+            $config = require $shopPath . '/config.update.php';
+        } elseif (file_exists($shopPath . '/engine/Shopware/Configs/Custom.php')) {
+            $config = require $shopPath . '/engine/Shopware/Configs/Custom.php';
+        } else {
+            die('Could not find shopware config');
+        }
+
         $dbConfig = $config['db'];
         if (!isset($dbConfig['host'])) {
             $dbConfig['host'] = 'localhost';