Merge branch 'main' into htmlpurifier

.all-contributorsrc

@@ -1445,6 +1445,15 @@
       "contributions": [
         "code"
       ]
+  },
+  {
+      "login": "ma4nn",
+      "name": "Christoph Massmann",
+      "avatar_url": "https://avatars.githubusercontent.com/u/26252058?v=4",
+      "profile": "https://www.vianetz.com/",
+      "contributions": [
+        "code"
+      ]
     }
   ],
   "contributorsPerLine": 7

.ddev/web-build/openmage.cron

@@ -0,0 +1 @@
+* * * * * /var/www/html/cron.sh

.github/workflows/codeql-analysis.yml

@@ -18,7 +18,7 @@ on:
     branches: [ "main", "next", "v19" ]
   pull_request:
     # The branches below must be a subset of the branches above
-    branches: [ "main", "v20", "v19" ]
+    branches: [ "main", "next", "v19" ]
     paths-ignore:
       - '**/*.md'
       - '**/*.txt'

.gitignore

@@ -39,6 +39,7 @@
 # https://github.com/OpenMage/magento-lts/pull/1012
 /dev/openmage/docker-magento
 /dev/openmage/.env
+/dev/openmage/Caddyfile
 /dev/tests/functional/generated
 /dev/tests/functional/vendor
 

.phpstorm.meta.php/magento_blocks.meta.php

@@ -294,6 +294,7 @@
             'adminhtml/permissions_role' => \Mage_Adminhtml_Block_Permissions_Role::class,
             'adminhtml/permissions_role_grid_user' => \Mage_Adminhtml_Block_Permissions_Role_Grid_User::class,
             'adminhtml/permissions_roles' => \Mage_Adminhtml_Block_Permissions_Roles::class,
+            'adminhtml/permissions_orphanedResource' => \Mage_Adminhtml_Block_Permissions_OrphanedResource::class,
             'adminhtml/permissions_tab_roleinfo' => \Mage_Adminhtml_Block_Permissions_Tab_Roleinfo::class,
             'adminhtml/permissions_tab_rolesedit' => \Mage_Adminhtml_Block_Permissions_Tab_Rolesedit::class,
             'adminhtml/permissions_tab_rolesusers' => \Mage_Adminhtml_Block_Permissions_Tab_Rolesusers::class,

.phpstorm.meta.php/magento_blocks_methods.meta.php

@@ -294,6 +294,7 @@
             'adminhtml/permissions_role' => \Mage_Adminhtml_Block_Permissions_Role::class,
             'adminhtml/permissions_role_grid_user' => \Mage_Adminhtml_Block_Permissions_Role_Grid_User::class,
             'adminhtml/permissions_roles' => \Mage_Adminhtml_Block_Permissions_Roles::class,
+            'adminhtml/permissions_orphanedResource' => \Mage_Adminhtml_Block_Permissions_OrphanedResource::class,
             'adminhtml/permissions_tab_roleinfo' => \Mage_Adminhtml_Block_Permissions_Tab_Roleinfo::class,
             'adminhtml/permissions_tab_rolesedit' => \Mage_Adminhtml_Block_Permissions_Tab_Rolesedit::class,
             'adminhtml/permissions_tab_rolesusers' => \Mage_Adminhtml_Block_Permissions_Tab_Rolesusers::class,
@@ -554,6 +555,7 @@
             'adminhtml/sales_order_view_tab_history' => \Mage_Adminhtml_Block_Sales_Order_View_Tab_History::class,
             'adminhtml/sales_order_view_tab_info' => \Mage_Adminhtml_Block_Sales_Order_View_Tab_Info::class,
             'adminhtml/sales_order_view_tab_invoices' => \Mage_Adminhtml_Block_Sales_Order_View_Tab_Invoices::class,
+            'adminhtml/sales_order_view_tab_prova' => \Mage_Adminhtml_Block_Sales_Order_View_Tab_Prova::class,
             'adminhtml/sales_order_view_tab_shipments' => \Mage_Adminhtml_Block_Sales_Order_View_Tab_Shipments::class,
             'adminhtml/sales_order_view_tab_transactions' => \Mage_Adminhtml_Block_Sales_Order_View_Tab_Transactions::class,
             'adminhtml/sales_order_view_tabs' => \Mage_Adminhtml_Block_Sales_Order_View_Tabs::class,

README.md

@@ -589,6 +589,7 @@ Thanks goes to these wonderful people ([emoji key](https://allcontributors.org/d
       <td align="center" valign="top" width="14.28%"><a href="https://github.com/leissbua"><img src="https://avatars.githubusercontent.com/u/68073221?v=4" loading="lazy" width="100" alt=""/><br /><sub><b>Michael Leiss</b></sub></a></td>
       <td align="center" valign="top" width="14.28%"><a href="https://www.riseart.com/"><img src="https://avatars.githubusercontent.com/u/26821235?v=4" loading="lazy" width="100" alt=""/><br /><sub><b>Marcos Steverlynck</b></sub></a></td>
       <td align="center" valign="top" width="14.28%"><a href="https://github.com/ahudock"><img src="https://avatars.githubusercontent.com/u/33500977?v=4" loading="lazy" width="100" alt=""/><br /><sub><b>Andy Hudock</b></sub></a></td>
+      <td align="center" valign="top" width="14.28%"><a href="https://www.vianetz.com/"><img src="https://avatars.githubusercontent.com/u/26252058?v=4" loading="lazy" width="100" alt=""/><br /><sub><b>Christoph Massmann</b></sub></a></td>
     </tr>
   </tbody>
 </table>

app/Mage.php

@@ -50,7 +50,7 @@
         $autoloaderPath = BP . DS . 'vendor';
     }
 }
-require $autoloaderPath . DS . 'autoload.php';
+require_once $autoloaderPath . DS . 'autoload.php';
 /** AUTOLOADER PATCH **/
 
 /* Support additional includes, such as composer's vendor/autoload.php files */
@@ -215,7 +215,7 @@ public static function getOpenMageVersionInfo(): array
         if (self::getOpenMageMajorVersion() === 20) {
             return [
                 'major'     => '20',
-                'minor'     => '3',
+                'minor'     => '4',
                 'patch'     => '0',
                 'stability' => '', // beta,alpha,rc
                 'number'    => '', // 1,2,3,0.3.7,x.7.z.92 @see https://semver.org/#spec-item-9

app/code/core/Mage/Admin/Model/Resource/Acl.php

@@ -23,6 +23,8 @@ class Mage_Admin_Model_Resource_Acl extends Mage_Core_Model_Resource_Db_Abstract
 {
     public const ACL_ALL_RULES = 'all';
 
+    protected $_orphanedResources = [];
+
     /**
      * Initialize resource
      *
@@ -131,12 +133,27 @@ public function loadRules(Mage_Admin_Model_Acl $acl, array $rulesArr)
                 } elseif ($rule['permission'] == 'deny') {
                     $acl->deny($role, $resource, $privileges, $assert);
                 }
+            } catch (Zend_Acl_Exception $e) {
+                if (!in_array($resource, $this->_orphanedResources) && strpos($e->getMessage(), "Resource '$resource' not found") !== false) {
+                    $this->_orphanedResources[] = $resource;
+                }
             } catch (Exception $e) {
                 if (Mage::getIsDeveloperMode()) {
                     Mage::logException($e);
                 }
             }
         }
+
+        if ($this->_orphanedResources !== []) {
+            Mage::getSingleton('adminhtml/session')->addNotice(
+                Mage::helper('adminhtml')->__(
+                    'The following role resources are no longer available in the system: %s. You can delete them by <a href="%s">clicking here</a>.',
+                    implode(', ', $this->_orphanedResources),
+                    Mage::helper("adminhtml")->getUrl('adminhtml/permissions_orphanedResource')
+                )
+            );
+        }
+
         return $this;
     }
 }

app/code/core/Mage/Admin/Model/Resource/Rules.php

@@ -80,4 +80,45 @@ public function saveRel(Mage_Admin_Model_Rules $rule)
             Mage::logException($e);
         }
     }
+
+    /**
+     * Set resource ID as ID field name
+     * @see Mage_Adminhtml_Block_Permissions_OrphanedResource_Grid::_prepareCollection()
+     *
+     * @return $this
+     */
+    public function setResourceIdAsIdFieldName()
+    {
+        $this->_idFieldName = 'resource_id';
+        return $this;
+    }
+
+    /**
+     * Delete orphaned resources
+     *
+     * @param array $orphanedIds
+     * @return int
+     * @throws Mage_Core_Exception
+     */
+    public function deleteOrphanedResources(array $orphanedIds): int
+    {
+        if ($orphanedIds === []) {
+            return 0;
+        }
+
+        $resourceIds = Mage::getModel('admin/roles')->getResourcesList2D();
+        // Validate orphaned IDs are not in the list of valid resource IDs.
+        $validIds = array_intersect($orphanedIds, $resourceIds);
+        if ($validIds !== []) {
+            throw new Mage_Core_Exception(
+                Mage::helper('adminhtml')->__(
+                    'The following role resource(s) are not orphaned: %s',
+                    implode(', ', $validIds)
+                )
+            );
+        }
+
+        return $this->_getWriteAdapter()
+            ->delete($this->getMainTable(), ['resource_id IN (?)' => $orphanedIds]);
+    }
 }

app/code/core/Mage/Adminhtml/Block/Newsletter/Template/Edit.php

@@ -261,13 +261,15 @@ public function getForm()
     }
 
     /**
-     * Return return template name for JS
-     *
      * @return string
      */
     public function getJsTemplateName()
     {
-        return addcslashes($this->escapeHtml($this->getModel()->getTemplateCode()), "\"\r\n\\");
+        $templateCode = $this->getModel()->getTemplateCode();
+        if ($templateCode === null) {
+            return '';
+        }
+        return addcslashes($this->escapeHtml($templateCode), "\"\r\n\\");
     }
 
     /**

app/code/core/Mage/Adminhtml/Block/Permissions/OrphanedResource.php

@@ -0,0 +1,42 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * OpenMage
+ *
+ * This source file is subject to the Open Software License (OSL 3.0)
+ * that is bundled with this package in the file LICENSE.txt.
+ * It is also available at https://opensource.org/license/osl-3-0-php
+ *
+ * @category   Mage
+ * @package    Mage_Adminhtml
+ * @copyright  Copyright (c) 2024 The OpenMage Contributors (https://www.openmage.org)
+ * @license    https://opensource.org/licenses/osl-3.0.php  Open Software License (OSL 3.0)
+ */
+
+/**
+ * Adminhtml permissions orphaned resource block
+ *
+ * @category   Mage
+ * @package    Mage_Adminhtml
+ */
+class Mage_Adminhtml_Block_Permissions_OrphanedResource extends Mage_Adminhtml_Block_Widget_Grid_Container
+{
+    public function __construct()
+    {
+        $this->_controller = 'permissions_orphanedResource';
+        $this->_headerText = Mage::helper('adminhtml')->__('Orphaned Role Resources');
+        parent::__construct();
+        $this->_removeButton('add');
+    }
+
+    /**
+     * @return string
+     */
+    protected function _toHtml(): string
+    {
+        Mage::dispatchEvent('permissions_orphanedresource_html_before', ['block' => $this]);
+        return parent::_toHtml();
+    }
+}

app/code/core/Mage/Adminhtml/Block/Permissions/OrphanedResource/Grid.php

@@ -0,0 +1,92 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * OpenMage
+ *
+ * This source file is subject to the Open Software License (OSL 3.0)
+ * that is bundled with this package in the file LICENSE.txt.
+ * It is also available at https://opensource.org/license/osl-3-0-php
+ *
+ * @category   Mage
+ * @package    Mage_Adminhtml
+ * @copyright  Copyright (c) 2024 The OpenMage Contributors (https://www.openmage.org)
+ * @license    https://opensource.org/licenses/osl-3.0.php  Open Software License (OSL 3.0)
+ */
+
+/**
+ * Adminhtml permissions orphanedResource grid
+ *
+ * @category   Mage
+ * @package    Mage_Adminhtml
+ */
+class Mage_Adminhtml_Block_Permissions_OrphanedResource_Grid extends Mage_Adminhtml_Block_Widget_Grid
+{
+    public function __construct()
+    {
+        parent::__construct();
+        $this->setId('permissionsOrphanedResourceGrid');
+        $this->setDefaultSort('resource_id');
+        $this->setDefaultDir('asc');
+    }
+
+    /**
+     * @inheritdoc
+     */
+    protected function _prepareCollection()
+    {
+        /** @var Mage_Admin_Model_Resource_Rules_Collection */
+        $collection = Mage::getResourceModel('admin/rules_collection')
+            ->addFieldToFilter('resource_id', ['nin' => Mage::getModel('admin/roles')->getResourcesList2D()])
+            ->addFieldToSelect('resource_id');
+        $collection->getSelect()->group('resource_id');
+
+        /**
+         * In order for mass action selection to work properly, we need to overwrite
+         * the model resource $_idFieldName, from the default 'rule_id' to 'resource_id'.
+         * @see Mage_Adminhtml_Block_Widget_Grid_Massaction_Abstract::getGridIdsJson()
+         * @var Mage_Admin_Model_Resource_Rules $resource
+         */
+        $resource = $collection->getResource();
+        $resource->setResourceIdAsIdFieldName();
+
+        $this->setCollection($collection);
+        return parent::_prepareCollection();
+    }
+
+    /**
+     * @inheritdoc
+     */
+    protected function _prepareColumns()
+    {
+        $this->addColumn('resource_id', [
+            'header' => Mage::helper('adminhtml')->__('Orphaned Role Resource'),
+            'index' => 'resource_id'
+        ]);
+
+        return parent::_prepareColumns();
+    }
+
+    /**
+     * @inheritdoc
+     */
+    protected function _prepareMassaction()
+    {
+        $this->setMassactionIdField('resource_id');
+        $this->getMassactionBlock()->setFormFieldName('resource_id');
+
+        $this->getMassactionBlock()->addItem('delete', [
+            'label'    => Mage::helper('adminhtml')->__('Delete'),
+            'url'      => $this->getUrl('*/*/massDelete'),
+            'confirm'  => Mage::helper('adminhtml')->__('Are you sure you want to do this?')
+        ]);
+
+        return $this;
+    }
+
+    public function getRowUrl($row): string
+    {
+        return '';
+    }
+}

app/code/core/Mage/Adminhtml/Block/Sales/Order/Create/Customer.php

@@ -40,11 +40,22 @@ public function getHeaderText()
      */
     public function getButtonsHtml()
     {
-        $addButtonData = [
+        $html = '';
+
+        $addButtonData = array(
             'label'     => Mage::helper('sales')->__('Create New Customer'),
             'onclick'   => 'order.setCustomerId(false)',
             'class'     => 'add',
-        ];
-        return $this->getLayout()->createBlock('adminhtml/widget_button')->setData($addButtonData)->toHtml();
+        );
+        $html .= $this->getLayout()->createBlock('adminhtml/widget_button')->setData($addButtonData)->toHtml();
+
+        $addButtonData = array(
+            'label'     => Mage::helper('sales')->__('Create Guest Order'),
+            'onclick'   => 'order.setCustomerIsGuest()',
+            'class'     => 'add',
+        );
+        $html .= $this->getLayout()->createBlock('adminhtml/widget_button')->setData($addButtonData)->toHtml();
+
+        return $html;
     }
 }

app/code/core/Mage/Adminhtml/Block/Sales/Order/Create/Form/Account.php

@@ -68,6 +68,7 @@ protected function _prepareForm()
             }
         }
 
+        // if quote is guest, unset customer_group_id
         if ($this->getQuote()->getCustomerIsGuest()) {
             unset($attributes['group_id']);
         }