From 2a2a2fb504247e8966f8ffc2e17d614be5d43128 Mon Sep 17 00:00:00 2001 From: Colin Mollenhour Date: Tue, 29 Aug 2023 11:35:03 -0400 Subject: [PATCH 1/9] Merge pull request from GHSA-9358-cpvx-c2qp Co-authored-by: Fabrizio Balliano --- app/code/core/Mage/Core/Helper/Data.php | 35 +++++++++++++ app/code/core/Mage/Core/etc/config.xml | 4 ++ app/code/core/Mage/Core/etc/system.xml | 63 ++++++++++------------- app/code/core/Mage/Sales/Helper/Guest.php | 6 ++- app/code/core/Mage/Sales/Model/Order.php | 2 +- app/locale/en_US/Mage_Core.csv | 1 + 6 files changed, 73 insertions(+), 38 deletions(-) diff --git a/app/code/core/Mage/Core/Helper/Data.php b/app/code/core/Mage/Core/Helper/Data.php index 2d1043a8dd2..d9955c26c7f 100644 --- a/app/code/core/Mage/Core/Helper/Data.php +++ b/app/code/core/Mage/Core/Helper/Data.php @@ -1000,4 +1000,39 @@ public function unEscapeCSVData($data) } return $data; } + + /** + * @param bool $setErrorMessage Adds a predefined error message to the 'core/session' object + * @return bool + */ + public function isRateLimitExceeded($setErrorMessage = true, $recordRateLimitHit = true): bool + { + $active = Mage::getStoreConfigFlag('system/rate_limit/active'); + if ($active && $remoteAddr = Mage::helper('core/http')->getRemoteAddr()) { + $cacheTag = 'rate_limit_' . $remoteAddr; + if (Mage::app()->testCache($cacheTag)) { + $errorMessage = "Too Soon: You are trying to perform this operation too frequently. Please wait a few seconds and try again."; + Mage::getSingleton('core/session')->addError($this->__($errorMessage)); + return true; + } + + if ($recordRateLimitHit) { + $this->recordRateLimitHit(); + } + } + + return false; + } + + /** + * @return void + */ + public function recordRateLimitHit(): void + { + $active = Mage::getStoreConfigFlag('system/rate_limit/active'); + if ($active && $remoteAddr = Mage::helper('core/http')->getRemoteAddr()) { + $cacheTag = 'rate_limit_' . $remoteAddr; + Mage::app()->saveCache(1, $cacheTag, ['brute_force'], Mage::getStoreConfig('system/rate_limit/timeframe')); + } + } } diff --git a/app/code/core/Mage/Core/etc/config.xml b/app/code/core/Mage/Core/etc/config.xml index ef593b10ba2..d7ce041219d 100644 --- a/app/code/core/Mage/Core/etc/config.xml +++ b/app/code/core/Mage/Core/etc/config.xml @@ -315,6 +315,10 @@ 1 + + 1 + 30 + 30 2 * * * diff --git a/app/code/core/Mage/Core/etc/system.xml b/app/code/core/Mage/Core/etc/system.xml index 9864433dedb..489b1e6fcf2 100644 --- a/app/code/core/Mage/Core/etc/system.xml +++ b/app/code/core/Mage/Core/etc/system.xml @@ -50,6 +50,33 @@ + + + 10 + 1 + 1 + 1 + This functionality limits the number of requests a user (identified by IP address) can perform within a specific time frame, preventing excessive resources usage and maintaining system performance, stability and security. + + + + select + adminhtml/system_config_source_yesno + 10 + 1 + 1 + 1 + + + + 20 + 1 + 1 + 1 + Number of seconds between each allowed request. + + + 1000 @@ -69,13 +96,6 @@ - advanced @@ -84,35 +104,6 @@ 1 1 - adminhtml/system_config_form_fieldset_modules_disableOutput diff --git a/app/code/core/Mage/Sales/Helper/Guest.php b/app/code/core/Mage/Sales/Helper/Guest.php index cbb841b5a5b..9d6099d9304 100644 --- a/app/code/core/Mage/Sales/Helper/Guest.php +++ b/app/code/core/Mage/Sales/Helper/Guest.php @@ -105,6 +105,7 @@ public function loadValidOrder() $errors = true; } } else { + Mage::helper('core')->recordRateLimitHit(); $errors = true; } } @@ -114,7 +115,10 @@ public function loadValidOrder() return true; } - Mage::getSingleton('core/session')->addError($this->__($errorMessage)); + if (!Mage::helper('core')->isRateLimitExceeded(true, false)) { + Mage::getSingleton('core/session')->addError($this->__($errorMessage)); + } + Mage::app()->getResponse()->setRedirect(Mage::getUrl('sales/guest/form')); return false; } diff --git a/app/code/core/Mage/Sales/Model/Order.php b/app/code/core/Mage/Sales/Model/Order.php index ef55f66da25..ec00ea9bd88 100644 --- a/app/code/core/Mage/Sales/Model/Order.php +++ b/app/code/core/Mage/Sales/Model/Order.php @@ -2372,7 +2372,7 @@ protected function _beforeSave() } if (!$this->getId()) { - $this->setData('protect_code', substr(md5(uniqid(mt_rand(), true) . ':' . microtime(true)), 5, 6)); + $this->setData('protect_code', Mage::helper('core')->getRandomString(16)); } if ($this->getStatus() !== $this->getOrigData('status')) { diff --git a/app/locale/en_US/Mage_Core.csv b/app/locale/en_US/Mage_Core.csv index 4322d2f9f70..91b9d95fadb 100644 --- a/app/locale/en_US/Mage_Core.csv +++ b/app/locale/en_US/Mage_Core.csv @@ -384,6 +384,7 @@ "Timezone","Timezone" "Title Prefix","Title Prefix" "Title Suffix","Title Suffix" +"Too Soon: You are trying to perform this operation too frequently. Please wait a few seconds and try again.","Too Soon: You are trying to perform this operation too frequently. Please wait a few seconds and try again." "Transactional Emails","Transactional Emails" "Translate Inline","Translate Inline" "Translate, blocks and other output caches should be disabled for both frontend and admin inline translations.","Translate, blocks and other output caches should be disabled for both frontend and admin inline translations." From 046450a07f4332ca8187ccf7011567b9231352c6 Mon Sep 17 00:00:00 2001 From: Ng Kiat Siong Date: Thu, 31 Aug 2023 18:48:55 +0800 Subject: [PATCH 2/9] Fixed out-of-range column `lognum` in the table `api_user` (#3480) --- app/code/core/Mage/Api/etc/config.xml | 2 +- .../mysql4-upgrade-1.6.0.2-1.6.0.3.php | 31 +++++++++++++++++++ 2 files changed, 32 insertions(+), 1 deletion(-) create mode 100644 app/code/core/Mage/Api/sql/api_setup/mysql4-upgrade-1.6.0.2-1.6.0.3.php diff --git a/app/code/core/Mage/Api/etc/config.xml b/app/code/core/Mage/Api/etc/config.xml index 783088142d6..770ca2c6865 100644 --- a/app/code/core/Mage/Api/etc/config.xml +++ b/app/code/core/Mage/Api/etc/config.xml @@ -17,7 +17,7 @@ - 1.6.0.2 + 1.6.0.3 diff --git a/app/code/core/Mage/Api/sql/api_setup/mysql4-upgrade-1.6.0.2-1.6.0.3.php b/app/code/core/Mage/Api/sql/api_setup/mysql4-upgrade-1.6.0.2-1.6.0.3.php new file mode 100644 index 00000000000..5a72f813794 --- /dev/null +++ b/app/code/core/Mage/Api/sql/api_setup/mysql4-upgrade-1.6.0.2-1.6.0.3.php @@ -0,0 +1,31 @@ +startSetup(); + +$this->getConnection()->changeColumn( + $this->getTable('api/user'), + 'lognum', + 'lognum', + [ + 'type' => Varien_Db_Ddl_Table::TYPE_INTEGER, + 'unsigned' => true, + 'nullable' => false, + 'default' => '0', + 'comment' => 'Quantity of log ins' + ] +); + +$this->endSetup(); From 10b63c1f65bd38f4d75a1c049d9dedaf9dffddde Mon Sep 17 00:00:00 2001 From: Fabrizio Balliano Date: Thu, 31 Aug 2023 18:22:11 +0100 Subject: [PATCH 3/9] Fixed ZF1F version in composer.json to avoid conflicts with our patches (#3475) --- .github/workflows/composer.yml | 2 +- composer.json | 2 +- composer.lock | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/composer.yml b/.github/workflows/composer.yml index 56929a37c25..d08f59ec6ac 100644 --- a/.github/workflows/composer.yml +++ b/.github/workflows/composer.yml @@ -26,4 +26,4 @@ jobs: restore-keys: ${{ runner.os }}-composer- - name: Validate composer - run: composer validate --strict + run: composer validate --strict --no-check-all diff --git a/composer.json b/composer.json index ed272c093ab..46cc0c203ad 100644 --- a/composer.json +++ b/composer.json @@ -29,7 +29,7 @@ "pelago/emogrifier": "^7.0", "phpseclib/mcrypt_compat": "^2.0.3", "phpseclib/phpseclib": "^3.0.14", - "shardj/zf1-future": "^1.22", + "shardj/zf1-future": "1.23.5", "symfony/polyfill-php74": "^1.27", "symfony/polyfill-php80": "^1.27", "symfony/polyfill-php81": "^1.27" diff --git a/composer.lock b/composer.lock index 9282a4d814b..ebe75fa6c8f 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "902e142809dc8d50b1e628dad67320a2", + "content-hash": "d2c7d1ef752587a200077be1ef2a74de", "packages": [ { "name": "colinmollenhour/cache-backend-redis", From 99804a0c1081acdc98134356d251f8e7c4bb09b2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Sep 2023 09:38:22 +0100 Subject: [PATCH 4/9] Bump symfony/polyfill-php74 from 1.27.0 to 1.28.0 (#3487) Bumps [symfony/polyfill-php74](https://github.com/symfony/polyfill-php74) from 1.27.0 to 1.28.0. - [Commits](https://github.com/symfony/polyfill-php74/compare/v1.27.0...v1.28.0) --- updated-dependencies: - dependency-name: symfony/polyfill-php74 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- composer.lock | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/composer.lock b/composer.lock index ebe75fa6c8f..67b36bf7c46 100644 --- a/composer.lock +++ b/composer.lock @@ -1687,16 +1687,16 @@ }, { "name": "symfony/polyfill-php74", - "version": "v1.27.0", + "version": "v1.28.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-php74.git", - "reference": "aa7f1231a1aa56d695e626043252b7be6a90c4ce" + "reference": "8b755b41a155c89f1af29cc33305538499fa05ea" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-php74/zipball/aa7f1231a1aa56d695e626043252b7be6a90c4ce", - "reference": "aa7f1231a1aa56d695e626043252b7be6a90c4ce", + "url": "https://api.github.com/repos/symfony/polyfill-php74/zipball/8b755b41a155c89f1af29cc33305538499fa05ea", + "reference": "8b755b41a155c89f1af29cc33305538499fa05ea", "shasum": "" }, "require": { @@ -1705,7 +1705,7 @@ "type": "library", "extra": { "branch-alias": { - "dev-main": "1.27-dev" + "dev-main": "1.28-dev" }, "thanks": { "name": "symfony/polyfill", @@ -1747,7 +1747,7 @@ "shim" ], "support": { - "source": "https://github.com/symfony/polyfill-php74/tree/v1.27.0" + "source": "https://github.com/symfony/polyfill-php74/tree/v1.28.0" }, "funding": [ { @@ -1763,7 +1763,7 @@ "type": "tidelift" } ], - "time": "2022-11-03T14:55:06+00:00" + "time": "2023-01-26T09:26:14+00:00" }, { "name": "symfony/polyfill-php80", From 0e44266cc57ee5aad6eac34150ddcfe988352836 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Sep 2023 09:40:21 +0100 Subject: [PATCH 5/9] Bump friendsofphp/php-cs-fixer from 3.23.0 to 3.25.1 (#3490) Bumps [friendsofphp/php-cs-fixer](https://github.com/PHP-CS-Fixer/PHP-CS-Fixer) from 3.23.0 to 3.25.1. - [Release notes](https://github.com/PHP-CS-Fixer/PHP-CS-Fixer/releases) - [Changelog](https://github.com/PHP-CS-Fixer/PHP-CS-Fixer/blob/master/CHANGELOG.md) - [Commits](https://github.com/PHP-CS-Fixer/PHP-CS-Fixer/compare/v3.23.0...v3.25.1) --- updated-dependencies: - dependency-name: friendsofphp/php-cs-fixer dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- composer.lock | 400 ++++++++++---------------------------------------- 1 file changed, 74 insertions(+), 326 deletions(-) diff --git a/composer.lock b/composer.lock index 67b36bf7c46..92a577ec59a 100644 --- a/composer.lock +++ b/composer.lock @@ -1046,16 +1046,16 @@ }, { "name": "symfony/console", - "version": "v5.4.26", + "version": "v5.4.28", "source": { "type": "git", "url": "https://github.com/symfony/console.git", - "reference": "b504a3d266ad2bb632f196c0936ef2af5ff6e273" + "reference": "f4f71842f24c2023b91237c72a365306f3c58827" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/console/zipball/b504a3d266ad2bb632f196c0936ef2af5ff6e273", - "reference": "b504a3d266ad2bb632f196c0936ef2af5ff6e273", + "url": "https://api.github.com/repos/symfony/console/zipball/f4f71842f24c2023b91237c72a365306f3c58827", + "reference": "f4f71842f24c2023b91237c72a365306f3c58827", "shasum": "" }, "require": { @@ -1125,7 +1125,7 @@ "terminal" ], "support": { - "source": "https://github.com/symfony/console/tree/v5.4.26" + "source": "https://github.com/symfony/console/tree/v5.4.28" }, "funding": [ { @@ -1141,7 +1141,7 @@ "type": "tidelift" } ], - "time": "2023-07-19T20:11:33+00:00" + "time": "2023-08-07T06:12:30+00:00" }, { "name": "symfony/css-selector", @@ -1278,16 +1278,16 @@ }, { "name": "symfony/polyfill-ctype", - "version": "v1.27.0", + "version": "v1.28.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-ctype.git", - "reference": "5bbc823adecdae860bb64756d639ecfec17b050a" + "reference": "ea208ce43cbb04af6867b4fdddb1bdbf84cc28cb" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/5bbc823adecdae860bb64756d639ecfec17b050a", - "reference": "5bbc823adecdae860bb64756d639ecfec17b050a", + "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/ea208ce43cbb04af6867b4fdddb1bdbf84cc28cb", + "reference": "ea208ce43cbb04af6867b4fdddb1bdbf84cc28cb", "shasum": "" }, "require": { @@ -1302,7 +1302,7 @@ "type": "library", "extra": { "branch-alias": { - "dev-main": "1.27-dev" + "dev-main": "1.28-dev" }, "thanks": { "name": "symfony/polyfill", @@ -1340,7 +1340,7 @@ "portable" ], "support": { - "source": "https://github.com/symfony/polyfill-ctype/tree/v1.27.0" + "source": "https://github.com/symfony/polyfill-ctype/tree/v1.28.0" }, "funding": [ { @@ -1356,20 +1356,20 @@ "type": "tidelift" } ], - "time": "2022-11-03T14:55:06+00:00" + "time": "2023-01-26T09:26:14+00:00" }, { "name": "symfony/polyfill-intl-grapheme", - "version": "v1.27.0", + "version": "v1.28.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-intl-grapheme.git", - "reference": "511a08c03c1960e08a883f4cffcacd219b758354" + "reference": "875e90aeea2777b6f135677f618529449334a612" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-intl-grapheme/zipball/511a08c03c1960e08a883f4cffcacd219b758354", - "reference": "511a08c03c1960e08a883f4cffcacd219b758354", + "url": "https://api.github.com/repos/symfony/polyfill-intl-grapheme/zipball/875e90aeea2777b6f135677f618529449334a612", + "reference": "875e90aeea2777b6f135677f618529449334a612", "shasum": "" }, "require": { @@ -1381,7 +1381,7 @@ "type": "library", "extra": { "branch-alias": { - "dev-main": "1.27-dev" + "dev-main": "1.28-dev" }, "thanks": { "name": "symfony/polyfill", @@ -1421,7 +1421,7 @@ "shim" ], "support": { - "source": "https://github.com/symfony/polyfill-intl-grapheme/tree/v1.27.0" + "source": "https://github.com/symfony/polyfill-intl-grapheme/tree/v1.28.0" }, "funding": [ { @@ -1437,20 +1437,20 @@ "type": "tidelift" } ], - "time": "2022-11-03T14:55:06+00:00" + "time": "2023-01-26T09:26:14+00:00" }, { "name": "symfony/polyfill-intl-normalizer", - "version": "v1.27.0", + "version": "v1.28.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-intl-normalizer.git", - "reference": "19bd1e4fcd5b91116f14d8533c57831ed00571b6" + "reference": "8c4ad05dd0120b6a53c1ca374dca2ad0a1c4ed92" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-intl-normalizer/zipball/19bd1e4fcd5b91116f14d8533c57831ed00571b6", - "reference": "19bd1e4fcd5b91116f14d8533c57831ed00571b6", + "url": "https://api.github.com/repos/symfony/polyfill-intl-normalizer/zipball/8c4ad05dd0120b6a53c1ca374dca2ad0a1c4ed92", + "reference": "8c4ad05dd0120b6a53c1ca374dca2ad0a1c4ed92", "shasum": "" }, "require": { @@ -1462,7 +1462,7 @@ "type": "library", "extra": { "branch-alias": { - "dev-main": "1.27-dev" + "dev-main": "1.28-dev" }, "thanks": { "name": "symfony/polyfill", @@ -1505,7 +1505,7 @@ "shim" ], "support": { - "source": "https://github.com/symfony/polyfill-intl-normalizer/tree/v1.27.0" + "source": "https://github.com/symfony/polyfill-intl-normalizer/tree/v1.28.0" }, "funding": [ { @@ -1521,20 +1521,20 @@ "type": "tidelift" } ], - "time": "2022-11-03T14:55:06+00:00" + "time": "2023-01-26T09:26:14+00:00" }, { "name": "symfony/polyfill-mbstring", - "version": "v1.27.0", + "version": "v1.28.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-mbstring.git", - "reference": "8ad114f6b39e2c98a8b0e3bd907732c207c2b534" + "reference": "42292d99c55abe617799667f454222c54c60e229" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/8ad114f6b39e2c98a8b0e3bd907732c207c2b534", - "reference": "8ad114f6b39e2c98a8b0e3bd907732c207c2b534", + "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/42292d99c55abe617799667f454222c54c60e229", + "reference": "42292d99c55abe617799667f454222c54c60e229", "shasum": "" }, "require": { @@ -1549,7 +1549,7 @@ "type": "library", "extra": { "branch-alias": { - "dev-main": "1.27-dev" + "dev-main": "1.28-dev" }, "thanks": { "name": "symfony/polyfill", @@ -1588,7 +1588,7 @@ "shim" ], "support": { - "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.27.0" + "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.28.0" }, "funding": [ { @@ -1604,20 +1604,20 @@ "type": "tidelift" } ], - "time": "2022-11-03T14:55:06+00:00" + "time": "2023-07-28T09:04:16+00:00" }, { "name": "symfony/polyfill-php73", - "version": "v1.27.0", + "version": "v1.28.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-php73.git", - "reference": "9e8ecb5f92152187c4799efd3c96b78ccab18ff9" + "reference": "fe2f306d1d9d346a7fee353d0d5012e401e984b5" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-php73/zipball/9e8ecb5f92152187c4799efd3c96b78ccab18ff9", - "reference": "9e8ecb5f92152187c4799efd3c96b78ccab18ff9", + "url": "https://api.github.com/repos/symfony/polyfill-php73/zipball/fe2f306d1d9d346a7fee353d0d5012e401e984b5", + "reference": "fe2f306d1d9d346a7fee353d0d5012e401e984b5", "shasum": "" }, "require": { @@ -1626,7 +1626,7 @@ "type": "library", "extra": { "branch-alias": { - "dev-main": "1.27-dev" + "dev-main": "1.28-dev" }, "thanks": { "name": "symfony/polyfill", @@ -1667,7 +1667,7 @@ "shim" ], "support": { - "source": "https://github.com/symfony/polyfill-php73/tree/v1.27.0" + "source": "https://github.com/symfony/polyfill-php73/tree/v1.28.0" }, "funding": [ { @@ -1683,7 +1683,7 @@ "type": "tidelift" } ], - "time": "2022-11-03T14:55:06+00:00" + "time": "2023-01-26T09:26:14+00:00" }, { "name": "symfony/polyfill-php74", @@ -1767,16 +1767,16 @@ }, { "name": "symfony/polyfill-php80", - "version": "v1.27.0", + "version": "v1.28.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-php80.git", - "reference": "7a6ff3f1959bb01aefccb463a0f2cd3d3d2fd936" + "reference": "6caa57379c4aec19c0a12a38b59b26487dcfe4b5" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-php80/zipball/7a6ff3f1959bb01aefccb463a0f2cd3d3d2fd936", - "reference": "7a6ff3f1959bb01aefccb463a0f2cd3d3d2fd936", + "url": "https://api.github.com/repos/symfony/polyfill-php80/zipball/6caa57379c4aec19c0a12a38b59b26487dcfe4b5", + "reference": "6caa57379c4aec19c0a12a38b59b26487dcfe4b5", "shasum": "" }, "require": { @@ -1785,7 +1785,7 @@ "type": "library", "extra": { "branch-alias": { - "dev-main": "1.27-dev" + "dev-main": "1.28-dev" }, "thanks": { "name": "symfony/polyfill", @@ -1830,7 +1830,7 @@ "shim" ], "support": { - "source": "https://github.com/symfony/polyfill-php80/tree/v1.27.0" + "source": "https://github.com/symfony/polyfill-php80/tree/v1.28.0" }, "funding": [ { @@ -1846,20 +1846,20 @@ "type": "tidelift" } ], - "time": "2022-11-03T14:55:06+00:00" + "time": "2023-01-26T09:26:14+00:00" }, { "name": "symfony/polyfill-php81", - "version": "v1.27.0", + "version": "v1.28.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-php81.git", - "reference": "707403074c8ea6e2edaf8794b0157a0bfa52157a" + "reference": "7581cd600fa9fd681b797d00b02f068e2f13263b" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-php81/zipball/707403074c8ea6e2edaf8794b0157a0bfa52157a", - "reference": "707403074c8ea6e2edaf8794b0157a0bfa52157a", + "url": "https://api.github.com/repos/symfony/polyfill-php81/zipball/7581cd600fa9fd681b797d00b02f068e2f13263b", + "reference": "7581cd600fa9fd681b797d00b02f068e2f13263b", "shasum": "" }, "require": { @@ -1868,7 +1868,7 @@ "type": "library", "extra": { "branch-alias": { - "dev-main": "1.27-dev" + "dev-main": "1.28-dev" }, "thanks": { "name": "symfony/polyfill", @@ -1909,7 +1909,7 @@ "shim" ], "support": { - "source": "https://github.com/symfony/polyfill-php81/tree/v1.27.0" + "source": "https://github.com/symfony/polyfill-php81/tree/v1.28.0" }, "funding": [ { @@ -1925,7 +1925,7 @@ "type": "tidelift" } ], - "time": "2022-11-03T14:55:06+00:00" + "time": "2023-01-26T09:26:14+00:00" }, { "name": "symfony/service-contracts", @@ -2171,16 +2171,16 @@ }, { "name": "composer/semver", - "version": "3.3.2", + "version": "3.4.0", "source": { "type": "git", "url": "https://github.com/composer/semver.git", - "reference": "3953f23262f2bff1919fc82183ad9acb13ff62c9" + "reference": "35e8d0af4486141bc745f23a29cc2091eb624a32" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/composer/semver/zipball/3953f23262f2bff1919fc82183ad9acb13ff62c9", - "reference": "3953f23262f2bff1919fc82183ad9acb13ff62c9", + "url": "https://api.github.com/repos/composer/semver/zipball/35e8d0af4486141bc745f23a29cc2091eb624a32", + "reference": "35e8d0af4486141bc745f23a29cc2091eb624a32", "shasum": "" }, "require": { @@ -2230,9 +2230,9 @@ "versioning" ], "support": { - "irc": "irc://irc.freenode.org/composer", + "irc": "ircs://irc.libera.chat:6697/composer", "issues": "https://github.com/composer/semver/issues", - "source": "https://github.com/composer/semver/tree/3.3.2" + "source": "https://github.com/composer/semver/tree/3.4.0" }, "funding": [ { @@ -2248,7 +2248,7 @@ "type": "tidelift" } ], - "time": "2022-04-01T19:23:25+00:00" + "time": "2023-08-31T09:50:34+00:00" }, { "name": "composer/xdebug-handler", @@ -2394,129 +2394,6 @@ }, "time": "2023-01-05T11:28:13+00:00" }, - { - "name": "doctrine/annotations", - "version": "2.0.1", - "source": { - "type": "git", - "url": "https://github.com/doctrine/annotations.git", - "reference": "e157ef3f3124bbf6fe7ce0ffd109e8a8ef284e7f" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/doctrine/annotations/zipball/e157ef3f3124bbf6fe7ce0ffd109e8a8ef284e7f", - "reference": "e157ef3f3124bbf6fe7ce0ffd109e8a8ef284e7f", - "shasum": "" - }, - "require": { - "doctrine/lexer": "^2 || ^3", - "ext-tokenizer": "*", - "php": "^7.2 || ^8.0", - "psr/cache": "^1 || ^2 || ^3" - }, - "require-dev": { - "doctrine/cache": "^2.0", - "doctrine/coding-standard": "^10", - "phpstan/phpstan": "^1.8.0", - "phpunit/phpunit": "^7.5 || ^8.5 || ^9.5", - "symfony/cache": "^5.4 || ^6", - "vimeo/psalm": "^4.10" - }, - "suggest": { - "php": "PHP 8.0 or higher comes with attributes, a native replacement for annotations" - }, - "type": "library", - "autoload": { - "psr-4": { - "Doctrine\\Common\\Annotations\\": "lib/Doctrine/Common/Annotations" - } - }, - "notification-url": "https://packagist.org/downloads/", - "license": [ - "MIT" - ], - "authors": [ - { - "name": "Guilherme Blanco", - "email": "guilhermeblanco@gmail.com" - }, - { - "name": "Roman Borschel", - "email": "roman@code-factory.org" - }, - { - "name": "Benjamin Eberlei", - "email": "kontakt@beberlei.de" - }, - { - "name": "Jonathan Wage", - "email": "jonwage@gmail.com" - }, - { - "name": "Johannes Schmitt", - "email": "schmittjoh@gmail.com" - } - ], - "description": "Docblock Annotations Parser", - "homepage": "https://www.doctrine-project.org/projects/annotations.html", - "keywords": [ - "annotations", - "docblock", - "parser" - ], - "support": { - "issues": "https://github.com/doctrine/annotations/issues", - "source": "https://github.com/doctrine/annotations/tree/2.0.1" - }, - "time": "2023-02-02T22:02:53+00:00" - }, - { - "name": "doctrine/deprecations", - "version": "v1.1.1", - "source": { - "type": "git", - "url": "https://github.com/doctrine/deprecations.git", - "reference": "612a3ee5ab0d5dd97b7cf3874a6efe24325efac3" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/doctrine/deprecations/zipball/612a3ee5ab0d5dd97b7cf3874a6efe24325efac3", - "reference": "612a3ee5ab0d5dd97b7cf3874a6efe24325efac3", - "shasum": "" - }, - "require": { - "php": "^7.1 || ^8.0" - }, - "require-dev": { - "doctrine/coding-standard": "^9", - "phpstan/phpstan": "1.4.10 || 1.10.15", - "phpstan/phpstan-phpunit": "^1.0", - "phpunit/phpunit": "^7.5 || ^8.5 || ^9.5", - "psalm/plugin-phpunit": "0.18.4", - "psr/log": "^1 || ^2 || ^3", - "vimeo/psalm": "4.30.0 || 5.12.0" - }, - "suggest": { - "psr/log": "Allows logging deprecations via PSR-3 logger implementation" - }, - "type": "library", - "autoload": { - "psr-4": { - "Doctrine\\Deprecations\\": "lib/Doctrine/Deprecations" - } - }, - "notification-url": "https://packagist.org/downloads/", - "license": [ - "MIT" - ], - "description": "A small layer on top of trigger_error(E_USER_DEPRECATED) or PSR-3 logging with options to disable all deprecations or selectively for packages.", - "homepage": "https://www.doctrine-project.org/", - "support": { - "issues": "https://github.com/doctrine/deprecations/issues", - "source": "https://github.com/doctrine/deprecations/tree/v1.1.1" - }, - "time": "2023-06-03T09:27:29+00:00" - }, { "name": "doctrine/instantiator", "version": "1.5.0", @@ -2587,103 +2464,23 @@ ], "time": "2022-12-30T00:15:36+00:00" }, - { - "name": "doctrine/lexer", - "version": "2.1.0", - "source": { - "type": "git", - "url": "https://github.com/doctrine/lexer.git", - "reference": "39ab8fcf5a51ce4b85ca97c7a7d033eb12831124" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/doctrine/lexer/zipball/39ab8fcf5a51ce4b85ca97c7a7d033eb12831124", - "reference": "39ab8fcf5a51ce4b85ca97c7a7d033eb12831124", - "shasum": "" - }, - "require": { - "doctrine/deprecations": "^1.0", - "php": "^7.1 || ^8.0" - }, - "require-dev": { - "doctrine/coding-standard": "^9 || ^10", - "phpstan/phpstan": "^1.3", - "phpunit/phpunit": "^7.5 || ^8.5 || ^9.5", - "psalm/plugin-phpunit": "^0.18.3", - "vimeo/psalm": "^4.11 || ^5.0" - }, - "type": "library", - "autoload": { - "psr-4": { - "Doctrine\\Common\\Lexer\\": "src" - } - }, - "notification-url": "https://packagist.org/downloads/", - "license": [ - "MIT" - ], - "authors": [ - { - "name": "Guilherme Blanco", - "email": "guilhermeblanco@gmail.com" - }, - { - "name": "Roman Borschel", - "email": "roman@code-factory.org" - }, - { - "name": "Johannes Schmitt", - "email": "schmittjoh@gmail.com" - } - ], - "description": "PHP Doctrine Lexer parser library that can be used in Top-Down, Recursive Descent Parsers.", - "homepage": "https://www.doctrine-project.org/projects/lexer.html", - "keywords": [ - "annotations", - "docblock", - "lexer", - "parser", - "php" - ], - "support": { - "issues": "https://github.com/doctrine/lexer/issues", - "source": "https://github.com/doctrine/lexer/tree/2.1.0" - }, - "funding": [ - { - "url": "https://www.doctrine-project.org/sponsorship.html", - "type": "custom" - }, - { - "url": "https://www.patreon.com/phpdoctrine", - "type": "patreon" - }, - { - "url": "https://tidelift.com/funding/github/packagist/doctrine%2Flexer", - "type": "tidelift" - } - ], - "time": "2022-12-14T08:49:07+00:00" - }, { "name": "friendsofphp/php-cs-fixer", - "version": "v3.23.0", + "version": "v3.25.1", "source": { "type": "git", "url": "https://github.com/PHP-CS-Fixer/PHP-CS-Fixer.git", - "reference": "35af3cbbacfa91e164b252a28ec0b644f1ed4e78" + "reference": "8e21d69801de6b5ecb0dbe0bcdf967b335b1260b" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/PHP-CS-Fixer/PHP-CS-Fixer/zipball/35af3cbbacfa91e164b252a28ec0b644f1ed4e78", - "reference": "35af3cbbacfa91e164b252a28ec0b644f1ed4e78", + "url": "https://api.github.com/repos/PHP-CS-Fixer/PHP-CS-Fixer/zipball/8e21d69801de6b5ecb0dbe0bcdf967b335b1260b", + "reference": "8e21d69801de6b5ecb0dbe0bcdf967b335b1260b", "shasum": "" }, "require": { "composer/semver": "^3.3", "composer/xdebug-handler": "^3.0.3", - "doctrine/annotations": "^2", - "doctrine/lexer": "^2 || ^3", "ext-json": "*", "ext-tokenizer": "*", "php": "^7.4 || ^8.0", @@ -2752,7 +2549,7 @@ ], "support": { "issues": "https://github.com/PHP-CS-Fixer/PHP-CS-Fixer/issues", - "source": "https://github.com/PHP-CS-Fixer/PHP-CS-Fixer/tree/v3.23.0" + "source": "https://github.com/PHP-CS-Fixer/PHP-CS-Fixer/tree/v3.25.1" }, "funding": [ { @@ -2760,7 +2557,7 @@ "type": "github" } ], - "time": "2023-08-14T12:27:35+00:00" + "time": "2023-09-04T01:22:52+00:00" }, { "name": "macopedia/phpstan-magento1", @@ -3864,55 +3661,6 @@ ], "time": "2023-08-19T07:10:56+00:00" }, - { - "name": "psr/cache", - "version": "1.0.1", - "source": { - "type": "git", - "url": "https://github.com/php-fig/cache.git", - "reference": "d11b50ad223250cf17b86e38383413f5a6764bf8" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/php-fig/cache/zipball/d11b50ad223250cf17b86e38383413f5a6764bf8", - "reference": "d11b50ad223250cf17b86e38383413f5a6764bf8", - "shasum": "" - }, - "require": { - "php": ">=5.3.0" - }, - "type": "library", - "extra": { - "branch-alias": { - "dev-master": "1.0.x-dev" - } - }, - "autoload": { - "psr-4": { - "Psr\\Cache\\": "src/" - } - }, - "notification-url": "https://packagist.org/downloads/", - "license": [ - "MIT" - ], - "authors": [ - { - "name": "PHP-FIG", - "homepage": "http://www.php-fig.org/" - } - ], - "description": "Common interface for caching libraries", - "keywords": [ - "cache", - "psr", - "psr-6" - ], - "support": { - "source": "https://github.com/php-fig/cache/tree/master" - }, - "time": "2016-08-06T20:24:11+00:00" - }, { "name": "psr/event-dispatcher", "version": "1.0.0", @@ -5564,16 +5312,16 @@ }, { "name": "symfony/process", - "version": "v5.4.26", + "version": "v5.4.28", "source": { "type": "git", "url": "https://github.com/symfony/process.git", - "reference": "1a44dc377ec86a50fab40d066cd061e28a6b482f" + "reference": "45261e1fccad1b5447a8d7a8e67aa7b4a9798b7b" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/process/zipball/1a44dc377ec86a50fab40d066cd061e28a6b482f", - "reference": "1a44dc377ec86a50fab40d066cd061e28a6b482f", + "url": "https://api.github.com/repos/symfony/process/zipball/45261e1fccad1b5447a8d7a8e67aa7b4a9798b7b", + "reference": "45261e1fccad1b5447a8d7a8e67aa7b4a9798b7b", "shasum": "" }, "require": { @@ -5606,7 +5354,7 @@ "description": "Executes commands in sub-processes", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/process/tree/v5.4.26" + "source": "https://github.com/symfony/process/tree/v5.4.28" }, "funding": [ { @@ -5622,7 +5370,7 @@ "type": "tidelift" } ], - "time": "2023-07-12T15:44:31+00:00" + "time": "2023-08-07T10:36:04+00:00" }, { "name": "symfony/stopwatch", From 1d161eb6a9c8cfb3b079fcb839cf2f65ce887d79 Mon Sep 17 00:00:00 2001 From: Mohamed ELIDRISSI <67818913+elidrissidev@users.noreply.github.com> Date: Mon, 4 Sep 2023 14:52:17 +0100 Subject: [PATCH 6/9] Fix a Type Error when converting an Order with no Coupon to a Quote (#3492) --- app/code/core/Mage/Sales/Model/Quote.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/code/core/Mage/Sales/Model/Quote.php b/app/code/core/Mage/Sales/Model/Quote.php index ceca03d598b..c051774cdb7 100644 --- a/app/code/core/Mage/Sales/Model/Quote.php +++ b/app/code/core/Mage/Sales/Model/Quote.php @@ -2096,10 +2096,10 @@ public function getCouponCode(): string } /** - * @param string $couponCode + * @param string|null $couponCode * @return $this */ - public function setCouponCode(string $couponCode) + public function setCouponCode(?string $couponCode) { return $this->setData('coupon_code', $couponCode); } From 8558c355fbe160010295fc7f3ac4178cebcef5af Mon Sep 17 00:00:00 2001 From: Fabrizio Balliano Date: Mon, 4 Sep 2023 14:53:55 +0100 Subject: [PATCH 7/9] Version bump --- app/Mage.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/Mage.php b/app/Mage.php index 6c733fd664a..5d31a215511 100644 --- a/app/Mage.php +++ b/app/Mage.php @@ -216,7 +216,7 @@ public static function getOpenMageVersionInfo(): array return [ 'major' => '20', 'minor' => '1', - 'patch' => '0', + 'patch' => '1', 'stability' => '', // beta,alpha,rc 'number' => '', // 1,2,3,0.3.7,x.7.z.92 @see https://semver.org/#spec-item-9 ]; @@ -225,7 +225,7 @@ public static function getOpenMageVersionInfo(): array return [ 'major' => '19', 'minor' => '5', - 'patch' => '0', + 'patch' => '1', 'stability' => '', // beta,alpha,rc 'number' => '', // 1,2,3,0.3.7,x.7.z.92 @see https://semver.org/#spec-item-9 ]; From 888e566f0a8086cfabf0a8f50eca77e38329b874 Mon Sep 17 00:00:00 2001 From: Fabrizio Balliano Date: Tue, 5 Sep 2023 01:10:39 +0100 Subject: [PATCH 8/9] Added composer patch to get.php, ref. #3453 (#3476) --- get.php | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/get.php b/get.php index 05d0fb28c21..01a73752c64 100644 --- a/get.php +++ b/get.php @@ -28,7 +28,7 @@ /** * Set include path */ - +$paths = []; $paths[] = $bp . $ds . 'app' . $ds . 'code' . $ds . 'local'; $paths[] = $bp . $ds . 'app' . $ds . 'code' . $ds . 'community'; $paths[] = $bp . $ds . 'app' . $ds . 'code' . $ds . 'core'; @@ -36,12 +36,22 @@ $appPath = implode($ps, $paths); set_include_path($appPath . $ps . get_include_path()); - include_once 'Mage/Core/functions.php'; include_once 'Varien/Autoload.php'; Varien_Autoload::register(); +/** AUTOLOADER PATCH **/ +$autoloaderPath = getenv('COMPOSER_VENDOR_PATH'); +if (!$autoloaderPath) { + $autoloaderPath = dirname($bp) . $ds . 'vendor'; + if (!is_dir($autoloaderPath)) { + $autoloaderPath = $bp . $ds . 'vendor'; + } +} +require $autoloaderPath . $ds . 'autoload.php'; +/** AUTOLOADER PATCH **/ + $varDirectory = $bp . $ds . Mage_Core_Model_Config_Options::VAR_DIRECTORY; $configCacheFile = $varDirectory . $ds . 'resource_config.json'; From 0f032f375598b50d1c9c553206a9c750796bf1d6 Mon Sep 17 00:00:00 2001 From: Ng Kiat Siong Date: Tue, 5 Sep 2023 17:09:06 +0800 Subject: [PATCH 9/9] Fixed unnecessary entries in table `api-session` when using insta-login in API calls (#3477) * Fixed unnecessary entries in table `api-session` when using insta-login in API calls. * CX-fixer * Removed unused method _isSessionExpired() which has a bug. * Update phpstan.dist.baseline.neon * Update app/code/core/Mage/Api/Model/Server/Handler/Abstract.php Co-authored-by: Mohamed ELIDRISSI <67818913+elidrissidev@users.noreply.github.com> --------- Co-authored-by: Fabrizio Balliano Co-authored-by: Mohamed ELIDRISSI <67818913+elidrissidev@users.noreply.github.com> --- .../Api/Model/Server/Handler/Abstract.php | 60 ++++++++----------- app/code/core/Mage/Api/Model/Session.php | 33 +++++++++- phpstan.dist.baseline.neon | 5 -- 3 files changed, 56 insertions(+), 42 deletions(-) diff --git a/app/code/core/Mage/Api/Model/Server/Handler/Abstract.php b/app/code/core/Mage/Api/Model/Server/Handler/Abstract.php index 78e3eb1f909..5ad0ad18ad8 100644 --- a/app/code/core/Mage/Api/Model/Server/Handler/Abstract.php +++ b/app/code/core/Mage/Api/Model/Server/Handler/Abstract.php @@ -87,6 +87,21 @@ protected function _startSession($sessionId = null) return $this; } + /** + * Allow insta-login via HTTP Basic Auth + * + * @param string $sessionId + * @return $this + */ + protected function _instaLogin(&$sessionId) + { + if ($sessionId === null && !empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])) { + $this->_getSession()->setIsInstaLogin(); + $sessionId = $this->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']); + } + return $this; + } + /** * Check current user permission on resource and privilege * @@ -100,16 +115,6 @@ protected function _isAllowed($resource, $privilege = null) return $this->_getSession()->isAllowed($resource, $privilege); } - /** - * Check session expiration - * - * @return bool - */ - protected function _isSessionExpired() - { - return $this->_getSession()->isSessionExpired(); - } - /** * Dispatch webservice fault * @@ -225,11 +230,8 @@ public function login($username, $apiKey = null) */ public function call($sessionId, $apiPath, $args = []) { - // Allow insta-login via HTTP Basic Auth - if ($sessionId === null && ! empty($_SERVER['PHP_AUTH_USER']) && ! empty($_SERVER['PHP_AUTH_PW'])) { - $sessionId = $this->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']); - } - $this->_startSession($sessionId); + $this->_instaLogin($sessionId) + ->_startSession($sessionId); if (!$this->_getSession()->isLoggedIn($sessionId)) { return $this->_fault('session_expired'); @@ -313,11 +315,8 @@ public function call($sessionId, $apiPath, $args = []) */ public function multiCall($sessionId, array $calls = [], $options = []) { - // Allow insta-login via HTTP Basic Auth - if ($sessionId === null && ! empty($_SERVER['PHP_AUTH_USER']) && ! empty($_SERVER['PHP_AUTH_PW'])) { - $sessionId = $this->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']); - } - $this->_startSession($sessionId); + $this->_instaLogin($sessionId) + ->_startSession($sessionId); if (!$this->_getSession()->isLoggedIn($sessionId)) { return $this->_fault('session_expired'); @@ -445,11 +444,8 @@ public function multiCall($sessionId, array $calls = [], $options = []) */ public function resources($sessionId) { - // Allow insta-login via HTTP Basic Auth - if ($sessionId === null && ! empty($_SERVER['PHP_AUTH_USER']) && ! empty($_SERVER['PHP_AUTH_PW'])) { - $sessionId = $this->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']); - } - $this->_startSession($sessionId); + $this->_instaLogin($sessionId) + ->_startSession($sessionId); if (!$this->_getSession()->isLoggedIn($sessionId)) { return $this->_fault('session_expired'); @@ -513,11 +509,8 @@ public function resources($sessionId) */ public function resourceFaults($sessionId, $resourceName) { - // Allow insta-login via HTTP Basic Auth - if ($sessionId === null && ! empty($_SERVER['PHP_AUTH_USER']) && ! empty($_SERVER['PHP_AUTH_PW'])) { - $sessionId = $this->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']); - } - $this->_startSession($sessionId); + $this->_instaLogin($sessionId) + ->_startSession($sessionId); if (!$this->_getSession()->isLoggedIn($sessionId)) { return $this->_fault('session_expired'); @@ -553,11 +546,8 @@ public function resourceFaults($sessionId, $resourceName) */ public function globalFaults($sessionId) { - // Allow insta-login via HTTP Basic Auth - if ($sessionId === null && ! empty($_SERVER['PHP_AUTH_USER']) && ! empty($_SERVER['PHP_AUTH_PW'])) { - $sessionId = $this->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']); - } - $this->_startSession($sessionId); + $this->_instaLogin($sessionId) + ->_startSession($sessionId); return array_values($this->_getConfig()->getFaults()); } diff --git a/app/code/core/Mage/Api/Model/Session.php b/app/code/core/Mage/Api/Model/Session.php index 07952339dcf..e91e6b71b02 100644 --- a/app/code/core/Mage/Api/Model/Session.php +++ b/app/code/core/Mage/Api/Model/Session.php @@ -96,6 +96,28 @@ public function clear() return true; } + /** + * Flag login as HTTP Basic Auth. + * + * @param bool $isInstaLogin + * @return $this + */ + public function setIsInstaLogin(bool $isInstaLogin = true) + { + $this->setData('is_insta_login', $isInstaLogin); + return $this; + } + + /** + * Is insta-login? + * + * @return bool + */ + public function getIsInstaLogin(): bool + { + return (bool) $this->getData('is_insta_login'); + } + /** * @param string $username * @param string $apiKey @@ -105,8 +127,15 @@ public function clear() public function login($username, $apiKey) { $user = Mage::getModel('api/user') - ->setSessid($this->getSessionId()) - ->login($username, $apiKey); + ->setSessid($this->getSessionId()); + if ($this->getIsInstaLogin() && $user->authenticate($username, $apiKey)) { + Mage::dispatchEvent('api_user_authenticated', [ + 'model' => $user, + 'api_key' => $apiKey, + ]); + } else { + $user->login($username, $apiKey); + } if ($user->getId() && $user->getIsActive() != '1') { Mage::throwException(Mage::helper('api')->__('Your account has been deactivated.')); diff --git a/phpstan.dist.baseline.neon b/phpstan.dist.baseline.neon index 44909be6289..8a1e7f903af 100644 --- a/phpstan.dist.baseline.neon +++ b/phpstan.dist.baseline.neon @@ -765,11 +765,6 @@ parameters: count: 2 path: app/code/core/Mage/Api/Model/Server/Handler/Abstract.php - - - message: "#^Method Mage_Api_Model_Session\\:\\:isSessionExpired\\(\\) invoked with 0 parameters, 1 required\\.$#" - count: 1 - path: app/code/core/Mage/Api/Model/Server/Handler/Abstract.php - - message: "#^Result of method SoapServer\\:\\:handle\\(\\) \\(void\\) is used\\.$#" count: 1