Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BC] Added form key validation to Contacts form #3146

Merged
merged 2 commits into from
Apr 10, 2023
Merged

[BC] Added form key validation to Contacts form #3146

merged 2 commits into from
Apr 10, 2023

Conversation

fballiano
Copy link
Contributor

@fballiano fballiano commented Apr 5, 2023

All credits for this PR go to @elidrissidev which created it originally in #2347. I think that PR should be merged but I made a slight modification, using the default "enable CSFR" instead of a new one.

This is BC because it requires all users to update their custom theme (if they customised their contact form template)

Related Pull Requests

#2347

Fixed Issues (if relevant)

  1. Fixes Contact Form - Some bots can use the controller behind the form #1911

Manual testing scenarios (*)

Explained in #2347

@github-actions github-actions bot added Component: Contacts Relates to Mage_Contacts Template : base Relates to base template Template : rwd Relates to rwd template translations Relates to app/locale labels Apr 5, 2023
@fballiano
Copy link
Contributor Author

@matteotestoni ;-)

matteotestoni
matteotestoni previously approved these changes Apr 5, 2023
@matteotestoni
Copy link

is they customised their contact form template

if they customised their contact form template

@fballiano
Copy link
Contributor Author

is they customised their contact form template

if they customised their contact form template

typo fixed

@elidrissidev
Copy link
Member

We may as well get rid of the separate Newsletter and Checkout flags while we're at it.

@fballiano
Copy link
Contributor Author

agree, but maybe in a separate PR

@justinbeaty
Copy link
Contributor

This is BC because it requires all users to update their custom theme (if they customised their contact form template)

Should it target next branch?

@fballiano
Copy link
Contributor Author

I'm a bit confused now... we're now in a situation where things became more confusing and I don't know what should I port to other branches or not...

@fballiano
Copy link
Contributor Author

btw this is a security concern that should be treated as such, and previously we released those same things in .patch versions

@justinbeaty
Copy link
Contributor

Since next is v21, any breaking change should target there. But if we consider it a security concern I think we have the ability for breaking changes in both v19 and v20.

Actually I’m a bit confused now too because I’m not sure why we have a v20 branch already, unless main is supposed to be v21 and next v22. I have to check the RFC issue when I get to my desk in a bit.

@colinmollenhour
Copy link
Member

Since next is v21, any breaking change should target there. But if we consider it a security concern I think we have the ability for breaking changes in both v19 and v20.

The deciding factor for PATCH is does it get a CVE? What risks does spamming the contact form entail?

  • It could be nuisance to the store owner
  • No real security risk?
  • DOS risk perhaps?

Does anyone use this contact form? I always immediately disabled it, basically for these reasons although adding a form key doesn't really mitigate DOS risk, just makes it slightly harder.. 😆

Actually I’m a bit confused now too because I’m not sure why we have a v20 branch already, unless main is supposed to be v21 and next v22. I have to check the RFC issue when I get to my desk in a bit.

Ahh, good call, there is no need for a v20 yet! I'll delete it..

@fballiano
Copy link
Contributor Author

@colinmollenhour in https://github.com/OpenMage/magento-lts/releases/tag/v20.0.19 we did exactly the same thing (add a formkey to a form) and it was considered as a security concern (it was the password reset instead of the contact form but..)

i'm ok with targeting next, at the end of the day we could also cancel 19.5 and 20.1 and release a 21.0 ;-) it would be time for that and would also match the big changes with composer etc...

@justinbeaty
Copy link
Contributor

i'm ok with targeting next, at the end of the day we could also cancel 19.5 and 20.1 and release a 21.0 ;-) it would be time for that and would also match the big changes with composer etc...

I almost think that is a better idea because it makes it easier for people who are used to their workflow without the vendor dir / release zip.

But then we have zend in our repos for those older branches for the next 5 years. However I am not sure there will be much bug patching there.

@fballiano
Copy link
Contributor Author

But then we have zend in our repos for those older branches for the next 5 years. However I am not sure there will be much bug patching there.

mmm it would be in v19 and in v20. v19 would be maintained for another 2 years but I don't think we've to maintain v20 at all, yes it could get "patches" but I hope we'll never have to do that.

@justinbeaty
Copy link
Contributor

But then we have zend in our repos for those older branches for the next 5 years. However I am not sure there will be much bug patching there.

mmm it would be in v19 and in v20. v19 would be maintained for another 2 years but I don't think we've to maintain v20 at all, yes it could get "patches" but I hope we'll never have to do that.

You are right, v19 is only until 2025 (then I think we throw a party with some cake to celebrate its demise.)

And yes, we don't need to maintain v20, only backport CVEs. But since there will never be a commit modifying Zend in v21 (since there is no Zend in the v21 codebase), then there's nothing to backport.

@fballiano fballiano changed the base branch from main to next April 5, 2023 14:03
@fballiano fballiano dismissed matteotestoni’s stale review April 5, 2023 14:03

The base branch was changed.

@elidrissidev
Copy link
Member

Now that this PR is targeting next, v19 and main(v20) will remain without CSRF protection.

@fballiano
Copy link
Contributor Author

😅 it's either one or the other, I don't have a preference since I think everybody should upgrade to v20 anyway and v19 should be dead and buried.

Since previously this same thing has been treated as a PATCH, I think this should too, let's vote on this for a couple of days and then move on :-)

matteotestoni
matteotestoni previously approved these changes Apr 6, 2023
@colinmollenhour
Copy link
Member

I'll defer to the rest of the community but I think releasing a v21 soon is a good idea since v20 has so many changes over v19 as it is.

elidrissidev
elidrissidev previously approved these changes Apr 7, 2023
@fballiano
Copy link
Contributor Author

@addison74 I think I fixed all the sentences as you suggested ;-)

@fballiano fballiano merged commit eaa1b47 into OpenMage:next Apr 10, 2023
@fballiano fballiano deleted the formkey branch April 10, 2023 21:36
@addison74
Copy link
Contributor

This PR was initially created for the v19 branch (#2347), but now I see that it was integrated into the next branch only. If the reason is RFC then the rules we have are not exactly good. This PR should be at least in v20. I have been using it in production for a long time and I have reduced by 95% the bots abuse on the contact form.

@fballiano
Copy link
Contributor Author

it has to be considered breaking change so we have to merge it in the next branch, that's what the RFC decided

@colinmollenhour
Copy link
Member

This PR should be at least in v20.

I don't disagree, but we do need for there to be an objective standard and we need to follow it. In this case, the lack of formkey is more of a nuissance and not really a security issue, but it is nuanced.. There may be users who are not having spam issues who would experience an unexpected regression in functionality (maybe they are behind Cloudflare or it is a private store, etc.), thus harming their confidence in the OpenMage project.

You could:

  1. Make a case that this is a more severe issue which merits a BC-breaking backport (probably in a new PR for main would be the appropriate place)
  2. Propose some language updates for the "rules" to better handle these grey areas
  3. Maintain some patches for the fixes that you want and let it remain as-is

Doing a quick search I came across this brief guide which is for maintaining patches in M2: https://devdocs.magento.com/guides/v2.3/comp-mgr/patching/composer.html

Here is a more in-depth one for Drupal, but should be the exact same process: https://davidjguru.github.io/blog/drupal-techniques-patching-modules-with-composer#4--creating-patches-for-drupal

I just wrote a quick blog post guide as well, maintianing your own patches is a lot easier than it used to be. :)
OpenMage/OpenMage.github.io#122

@sreichel
Copy link
Contributor

sreichel commented May 1, 2023

I just wrote a quick blog post guide as well, maintianing your own patches is a lot easier than it used to be. :)
OpenMage/OpenMage.github.io#122

Nice 👍

Maybe you can add a section about symplify/vendor-patches?

@colinmollenhour
Copy link
Member

Maybe you can add a section about symplify/vendor-patches?

Ahh, thanks, I was not aware of that tool, very nice. I added a section for it.

empiricompany pushed a commit to empiricompany/openmage that referenced this pull request Sep 16, 2023
empiricompany added a commit to empiricompany/openmage that referenced this pull request Sep 18, 2023
commit 58d063b
Merge: 4879f22 8a0c083
Author: Fabrizio Balliano <[email protected]>
Date:   Sun Sep 10 21:53:03 2023 +0100

    Merge branch 'next' into tinymce6

commit 8a0c083
Merge: 7b20aa2 26843d6
Author: Fabrizio Balliano <[email protected]>
Date:   Sun Sep 10 21:49:01 2023 +0100

    Merge branch 'main' into next

commit 7b20aa2
Author: Fabrizio Balliano <[email protected]>
Date:   Fri Sep 8 21:48:15 2023 +0100

    Fixed some PHPCS errors (OpenMage#3502)

commit 710d35d
Merge: 6b7dbf1 26e80e7
Author: Fabrizio Balliano <[email protected]>
Date:   Fri Sep 8 16:24:47 2023 +0100

    Merge branch 'main' into next

commit 6b7dbf1
Author: Fabrizio Balliano <[email protected]>
Date:   Fri Sep 8 16:24:17 2023 +0100

    Fixed implementation of SessionHandlerInterface in Mage_Core_Model_Resource_Session (OpenMage#3499)

    Co-authored-by: Mohamed ELIDRISSI <[email protected]>
    Co-authored-by: Ng Kiat Siong <[email protected]>

commit 08c6e41
Merge: 36593b5 ccbaa15
Author: Fabrizio Balliano <[email protected]>
Date:   Fri Sep 8 10:26:23 2023 +0100

    Merge branch 'main' into next

commit 36593b5
Merge: fdb003a 0b3d782
Author: Fabrizio Balliano <[email protected]>
Date:   Thu Sep 7 23:24:48 2023 +0100

    Merge branch 'main' into next

commit 4879f22
Merge: f2b033a fdb003a
Author: Fabrizio Balliano <[email protected]>
Date:   Wed Sep 6 10:13:11 2023 +0100

    Merge branch 'next' into tinymce6

commit fdb003a
Merge: 6e42c67 0f032f3
Author: Fabrizio Balliano <[email protected]>
Date:   Tue Sep 5 10:20:13 2023 +0100

    Merge branch 'main' into next

commit 6e42c67
Merge: bfd49a9 8558c35
Author: Fabrizio Balliano <[email protected]>
Date:   Mon Sep 4 14:54:15 2023 +0100

    Merge branch 'main' into next

commit bfd49a9
Merge: c55ecea 10b63c1
Author: Fabrizio Balliano <[email protected]>
Date:   Thu Aug 31 18:25:16 2023 +0100

    Merge branch 'main' into next

commit c55ecea
Merge: 94b44ac 046450a
Author: Fabrizio Balliano <[email protected]>
Date:   Thu Aug 31 11:49:16 2023 +0100

    Merge branch 'main' into next

commit f2b033a
Author: Fabrizio Balliano <[email protected]>
Date:   Wed Aug 30 15:26:43 2023 +0100

    TinyMCE 6.7.0

commit 94b44ac
Merge: aaa410d 2a2a2fb
Author: Colin Mollenhour <[email protected]>
Date:   Tue Aug 29 11:38:49 2023 -0400

    Merge remote-tracking branch 'openmage/main' into next

commit b8b39a3
Merge: b832fc5 aaa410d
Author: Fabrizio Balliano <[email protected]>
Date:   Tue Aug 29 10:28:23 2023 +0300

    Merge branch 'next' into tinymce6

commit aaa410d
Merge: d633770 621f21f
Author: Fabrizio Balliano <[email protected]>
Date:   Tue Aug 29 08:28:06 2023 +0100

    Merge branch 'main' into next

commit b832fc5
Author: Tony <[email protected]>
Date:   Fri Aug 25 13:11:29 2023 +0200

    fix openmage plugins breaks help (OpenMage#20)

commit 2cd4e0a
Author: Tony <[email protected]>
Date:   Wed Aug 23 11:53:50 2023 +0200

    fix icon openmagevariable (OpenMage#19)

commit 3a2ff97
Author: Fabrizio Balliano <[email protected]>
Date:   Wed Aug 23 09:33:17 2023 +0100

    Fixed "api.setActive is not a funcion"

commit 37f44a2
Author: Fabrizio Balliano <[email protected]>
Date:   Wed Aug 23 09:13:52 2023 +0100

    Fixed widget label

commit 0bc43f4
Author: Fabrizio Balliano <[email protected]>
Date:   Tue Aug 22 15:05:46 2023 +0100

    New layout for menus and menubars

commit 5dd9689
Author: Fabrizio Balliano <[email protected]>
Date:   Mon Aug 21 13:24:43 2023 +0100

    Toolbar mode scrolling

commit 1658ac3
Merge: 51f9491 d633770
Author: Fabrizio Balliano <[email protected]>
Date:   Mon Aug 21 12:46:39 2023 +0300

    Merge branch 'next' into tinymce6

commit d633770
Author: Fabrizio Balliano <[email protected]>
Date:   Mon Aug 21 12:17:37 2023 +0300

    RWD: removed enquire.js and converted to window.matchMedia (OpenMage#3208)

    Co-authored-by: Justin Beaty <[email protected]>

commit 51f9491
Merge: fd09b2f 15ffca5
Author: Fabrizio Balliano <[email protected]>
Date:   Mon Aug 21 11:13:33 2023 +0300

    Merge branch 'next' into tinymce6

commit 15ffca5
Merge: 146e878 e266417
Author: Fabrizio Balliano <[email protected]>
Date:   Mon Aug 21 09:13:02 2023 +0100

    Merge branch 'main' into next

commit fd09b2f
Author: Fabrizio Balliano <[email protected]>
Date:   Sun Aug 20 19:39:00 2023 +0100

    removed emoticons plugin, it is useless since our DB is not utf8mb4

commit 2d1c88e
Author: Fabrizio Balliano <[email protected]>
Date:   Sun Aug 20 17:54:18 2023 +0200

    more similar formatting between these two files

commit 7737fec
Author: Fabrizio Balliano <[email protected]>
Date:   Sun Aug 20 17:34:01 2023 +0200

    removed openmage colors from variables/widgets icons

commit 9247d52
Author: Tony <[email protected]>
Date:   Sun Aug 20 11:31:09 2023 +0200

    add searchandreplace, embedded media, fontfamily (OpenMage#18)

commit b4e4840
Author: Fabrizio Balliano <[email protected]>
Date:   Tue Aug 15 10:44:45 2023 +0200

    tinymce 6.6.2

commit 1eb6a06
Merge: 9b48a81 146e878
Author: Fabrizio Balliano <[email protected]>
Date:   Tue Aug 15 11:41:58 2023 +0300

    Merge branch 'next' into tinymce6

commit 9b48a81
Author: Fabrizio Balliano <[email protected]>
Date:   Tue Aug 15 10:41:23 2023 +0200

    Fixed php82 bug

commit 146e878
Merge: 9c7f6de 1668e3d
Author: Fabrizio Balliano <[email protected]>
Date:   Tue Aug 15 10:29:59 2023 +0200

    Merge branch main

commit a5941cd
Author: Tony <[email protected]>
Date:   Tue Aug 8 22:18:49 2023 +0200

    restore sysconfig original behavior (OpenMage#17)

commit d739ce3
Author: Tony <[email protected]>
Date:   Tue Aug 8 12:56:56 2023 +0200

    fix tab changed on first load (OpenMage#16)

commit d2cdcca
Author: Tony <[email protected]>
Date:   Tue Aug 8 09:25:26 2023 +0200

    set min-height (OpenMage#15)

commit 18f4196
Author: Tony <[email protected]>
Date:   Mon Aug 7 23:07:22 2023 +0200

    Fix prototype errors in chrome

commit 750a10c
Author: Tony <[email protected]>
Date:   Mon Aug 7 09:07:20 2023 +0200

    Tinymce skin config (OpenMage#13)

    * fix insert variable

    * temporary disable openmage widgets

    * fix insert widget

    * rebrand openmage variables

    * fix media browser callback

    * clean

    * removed empty lines

    * removed empty line

    * here we need the empty newline char ehhehe

    * we need newline at the end of the file

    * set toolbar buttons

    * reorder and fix

    * add skin default dark / draft the language support

    * stylish openmage widget

    * phpcs

    * vscode fucking things

    * first attempt to fix translator

    * fix system config multiple values depends

    * add tinymce skins to config

    * fix multiple alert errors in chrome

    * fix multiple alert errors in chrome

    * restore

    * copyright

    * tinymce-5 default skin

    ---------

    Co-authored-by: Fabrizio Balliano <[email protected]>

commit 3d36452
Author: Fabrizio Balliano <[email protected]>
Date:   Sun Aug 6 10:36:18 2023 +0200

    languages

commit 9b80c42
Author: Fabrizio Balliano <[email protected]>
Date:   Sun Aug 6 10:36:00 2023 +0200

    languages

commit 11d3133
Author: Fabrizio Balliano <[email protected]>
Date:   Sun Aug 6 09:52:07 2023 +0200

    removed custom css

commit 218a0f1
Author: Fabrizio Balliano <[email protected]>
Date:   Sun Aug 6 09:41:04 2023 +0200

    small cleanup

commit a7f3026
Author: Fabrizio Balliano <[email protected]>
Date:   Sun Aug 6 09:39:43 2023 +0200

    small cleanup

commit fb7d6cb
Merge: 885a440 9c7f6de
Author: Fabrizio Balliano <[email protected]>
Date:   Sun Aug 6 09:33:44 2023 +0200

    Merge branch next

commit 885a440
Author: Tony <[email protected]>
Date:   Sun Aug 6 09:31:26 2023 +0200

    fix tinymce openmage variable and widget plugins and toolbar buttuns (OpenMage#12)

    * fix insert variable

    * temporary disable openmage widgets

    * fix insert widget

    * rebrand openmage variables

    * fix media browser callback

    * clean

    * removed empty lines

    * removed empty line

    * here we need the empty newline char ehhehe

    * we need newline at the end of the file

    * set toolbar buttons

    * reorder and fix

    * add skin default dark / draft the language support

    * stylish openmage widget

    * phpcs

    ---------

    Co-authored-by: Fabrizio Balliano <[email protected]>

commit 4cbdd82
Author: Fabrizio Balliano <[email protected]>
Date:   Wed Aug 2 17:47:25 2023 +0100

    updated to 6.6.1

commit 9c7f6de
Merge: 4e8d0e5 d8cf078
Author: Fabrizio Balliano <[email protected]>
Date:   Fri Jul 28 09:30:30 2023 +0100

    Merge branch 'main' into next

commit 4e8d0e5
Merge: 7754300 875661e
Author: Fabrizio Balliano <[email protected]>
Date:   Mon Jul 24 20:53:48 2023 +0100

    Merge branch 'main' into next

commit 7754300
Merge: 56fa540 f578a5c
Author: Fabrizio Balliano <[email protected]>
Date:   Mon Jul 24 14:53:23 2023 +0100

    Merge branch 'main' into next

commit 1069158
Author: Tony <[email protected]>
Date:   Fri Jul 21 12:25:08 2023 +0100

    encode/decode images directives

commit 1f98220
Merge: 1408f42 56fa540
Author: Fabrizio Balliano <[email protected]>
Date:   Fri Jul 21 12:01:43 2023 +0100

    Merge branch 'next' into tinymce6

commit 56fa540
Merge: 2b58041 4840185
Author: Fabrizio Balliano <[email protected]>
Date:   Fri Jul 21 09:09:54 2023 +0100

    Merge branch 'main' into next

commit 2b58041
Merge: 94d69b5 8572935
Author: Fabrizio Balliano <[email protected]>
Date:   Wed Jul 19 16:24:05 2023 +0100

    Merge branch 'main' into next

commit 94d69b5
Merge: 5f3e3b0 0cb5439
Author: Fabrizio Balliano <[email protected]>
Date:   Wed Jul 19 13:36:44 2023 +0100

    Merge branch 'main' into next

commit 5f3e3b0
Author: luigifab <[email protected]>
Date:   Mon Jul 17 12:48:52 2023 +0200

    Removed all deprecated _Mysql4_ classes (OpenMage#2730)

    * Remove Mysql4 class

    * Remove deprecatedNode

    * Rename class with Mysql4

    * Remove deprecatedNode compatibility

    * PHPStan update

    * Add migration script

    ---------

    Co-authored-by: Fabrizio Balliano <[email protected]>

commit 1408f42
Author: Fabrizio Balliano <[email protected]>
Date:   Sat Jul 15 22:57:29 2023 +0100

    updated to 6.6.0

commit bdcf3ff
Merge: c32e341 49951c1
Author: Fabrizio Balliano <[email protected]>
Date:   Sat Jul 15 22:53:54 2023 +0100

    merged branch next

commit 19048e0
Author: luigifab <[email protected]>
Date:   Sat Jul 15 23:49:39 2023 +0200

    Remove onmouseover/onmouseout from adminhtml menu (OpenMage#2737)

    Co-authored-by: Fabrizio Balliano <[email protected]>

commit 49951c1
Merge: 54f8074 a508ae5
Author: Fabrizio Balliano <[email protected]>
Date:   Sat Jul 15 15:42:40 2023 +0100

    Merge branch 'main' into next

commit 54f8074
Merge: b836666 8aae6e2
Author: Fabrizio Balliano <[email protected]>
Date:   Wed Jul 12 13:08:11 2023 +0100

    Merge branch 'main' into next

commit b836666
Author: Fabrizio Balliano <[email protected]>
Date:   Tue Jul 11 10:25:33 2023 +0100

    Fixed PHPStan warnings for branch "next" (PHP 8.1) (OpenMage#3269)

commit 5ea608f
Merge: 68900aa c36f57d
Author: Fabrizio Balliano <[email protected]>
Date:   Tue Jul 11 10:17:04 2023 +0100

    Merge branch 'main' into next

commit 68900aa
Merge: 5711907 d8bd81b
Author: Fabrizio Balliano <[email protected]>
Date:   Mon Jul 10 15:31:27 2023 +0100

    Merge branch 'main' into next

commit 5711907
Merge: 80dae5c 6892dee
Author: Fabrizio Balliano <[email protected]>
Date:   Tue Jul 4 19:53:20 2023 +0100

    Merge branch 'main' into next

commit 80dae5c
Merge: eaca57c 2764d0c
Author: Fabrizio Balliano <[email protected]>
Date:   Mon Jul 3 20:10:25 2023 +0100

    Merge branch 'main' into next

commit eaca57c
Merge: f157bc4 b20f568
Author: Fabrizio Balliano <[email protected]>
Date:   Fri Jun 30 08:16:38 2023 +0100

    Merge branch 'main' into next

commit f157bc4
Merge: 7d8e8b3 752debd
Author: Fabrizio Balliano <[email protected]>
Date:   Tue Jun 27 09:22:55 2023 +0100

    Merge branch 'main' into next

commit 7d8e8b3
Merge: 4feffa3 97e200d
Author: Fabrizio Balliano <[email protected]>
Date:   Sun Jun 25 18:25:56 2023 +0100

    Merge branch 'main' into next

commit 4feffa3
Merge: 66c2c20 b4cee73
Author: Fabrizio Balliano <[email protected]>
Date:   Fri Jun 23 11:17:43 2023 +0100

    Merge branch 'main' into next

commit 66c2c20
Merge: 0e0617d 0992d8c
Author: Fabrizio Balliano <[email protected]>
Date:   Thu Jun 22 07:22:10 2023 +0200

    Merge branch 'main' into next

commit 0e0617d
Merge: cc78b50 9b8eded
Author: Fabrizio Balliano <[email protected]>
Date:   Wed Jun 21 11:56:10 2023 +0200

    Merge branch 'main' into next

commit cc78b50
Merge: cc8b6c2 15f7623
Author: Fabrizio Balliano <[email protected]>
Date:   Mon Jun 19 08:47:13 2023 +0100

    Merge branch 'main' into next

commit cc8b6c2
Merge: 6a36dd9 3b14b96
Author: Fabrizio Balliano <[email protected]>
Date:   Thu Jun 15 09:43:12 2023 +0100

    Merge branch 'main' into next

commit 6a36dd9
Merge: bfabcdf 3f07160
Author: Fabrizio Balliano <[email protected]>
Date:   Thu Jun 15 09:08:40 2023 +0100

    Merge branch 'main' into next

commit bfabcdf
Merge: 7145d4f f703211
Author: Fabrizio Balliano <[email protected]>
Date:   Wed Jun 14 23:21:54 2023 +0100

    Merge branch 'main' into next

commit 7145d4f
Merge: e3d1626 dc52061
Author: Fabrizio Balliano <[email protected]>
Date:   Mon Jun 12 12:08:26 2023 +0100

    Merge branch 'main' into next

commit e3d1626
Merge: b478bde 1431628
Author: Fabrizio Balliano <[email protected]>
Date:   Thu Jun 8 08:39:06 2023 +0200

    Merge branch 'main' into next

commit b478bde
Merge: a1a66eb 2f606b9
Author: Fabrizio Balliano <[email protected]>
Date:   Wed Jun 7 09:49:50 2023 +0200

    Merge branch 'main' into next

commit a1a66eb
Merge: b844f34 820a805
Author: Fabrizio Balliano <[email protected]>
Date:   Sun Jun 4 18:03:31 2023 +0200

    Merge branch 'main' into next

commit b844f34
Merge: a80a482 f8069c4
Author: Fabrizio Balliano <[email protected]>
Date:   Wed May 31 08:55:05 2023 +0200

    Merge branch 'main' into next

commit a80a482
Author: Fabrizio Balliano <[email protected]>
Date:   Wed May 31 08:54:09 2023 +0200

    Removed unnecessary auto_detect_line_endings (OpenMage#3283)

commit 4beb3d7
Merge: 1c93e5b 1f54fc7
Author: Fabrizio Balliano <[email protected]>
Date:   Tue May 30 17:14:03 2023 +0200

    Merge branch 'main' into next

commit 1c93e5b
Merge: d7a095d 68cb9ec
Author: Fabrizio Balliano <[email protected]>
Date:   Sun May 21 12:04:57 2023 +0100

    Merge branch 'main' into next

commit d7a095d
Merge: 4a2f1f4 d6927f9
Author: Fabrizio Balliano <[email protected]>
Date:   Thu May 18 22:16:36 2023 +0100

    Merge branch 'main' into next

commit 4a2f1f4
Merge: 29a8f2c ce8622c
Author: Fabrizio Balliano <[email protected]>
Date:   Tue May 16 16:30:34 2023 +0100

    Merge branch 'main' into next

commit 29a8f2c
Author: Fabrizio Balliano <[email protected]>
Date:   Tue May 16 15:25:23 2023 +0100

    RWD theme: updated jQuery to 3.7.0 (OpenMage#3204)

commit 8fb4c4c
Merge: 3a1f906 e0d615e
Author: Fabrizio Balliano <[email protected]>
Date:   Mon May 15 19:53:00 2023 +0100

    Merge branch 'main' into next

commit 3a1f906
Merge: d468bc2 00da425
Author: Fabrizio Balliano <[email protected]>
Date:   Mon May 15 15:10:59 2023 +0100

    Merge branch 'main' into next

commit c32e341
Merge: f584bfe d468bc2
Author: Fabrizio Balliano <[email protected]>
Date:   Mon May 15 10:56:40 2023 +0100

    Merge branch 'next' into tinymce6

commit d468bc2
Merge: 6fce49b f12eb44
Author: Fabrizio Balliano <[email protected]>
Date:   Mon May 15 09:03:02 2023 +0100

    Merge branch 'main' into next

commit 6fce49b
Merge: a07b648 63595d0
Author: Fabrizio Balliano <[email protected]>
Date:   Sat May 13 14:13:51 2023 +0100

    Merge branch 'main' into next

commit a07b648
Merge: bb9cfc1 c0d136a
Author: Fabrizio Balliano <[email protected]>
Date:   Sat May 13 13:06:58 2023 +0100

    Merge branch 'main' into next

commit bb9cfc1
Author: Fabrizio Balliano <[email protected]>
Date:   Sat May 13 11:37:02 2023 +0100

    Converted RWD's default logos to SVG (and removed some Magento names) (OpenMage#3148)

commit fe3980a
Merge: 27ae828 4da40b1
Author: Fabrizio Balliano <[email protected]>
Date:   Fri May 12 16:47:38 2023 +0100

    Merge branch 'main' into next

commit 27ae828
Author: Fabrizio Balliano <[email protected]>
Date:   Wed May 10 09:10:27 2023 +0100

    Removed unmatched errors from PHPStan baseline after PHP8.1 upgrade (OpenMage#3240)

commit 1c29995
Author: Fabrizio Balliano <[email protected]>
Date:   Tue May 9 20:49:13 2023 +0100

    Removed scriptaculous/dragdrop.js from frontend (OpenMage#3215)

commit f584bfe
Merge: 4dc6a93 1a3aefb
Author: Fabrizio Balliano <[email protected]>
Date:   Tue May 9 20:01:37 2023 +0100

    Merge branch 'tinymce6' of github.com:fballiano/openmage into tinymce6

commit 4dc6a93
Author: Fabrizio Balliano <[email protected]>
Date:   Tue May 9 20:01:30 2023 +0100

    fix for image upload when tinymce is not enabled

commit 1a3aefb
Merge: 437b4da 976591d
Author: Fabrizio Balliano <[email protected]>
Date:   Tue May 9 19:55:12 2023 +0100

    Merge branch 'next' into tinymce6

commit 976591d
Merge: a7413b8 460ce65
Author: Fabrizio Balliano <[email protected]>
Date:   Tue May 9 19:36:08 2023 +0100

    Merge branch 'main' into next

commit 437b4da
Author: Fabrizio Balliano <[email protected]>
Date:   Tue May 9 18:55:13 2023 +0100

    file selector starts to work

commit a7413b8
Author: Fabrizio Balliano <[email protected]>
Date:   Tue May 9 17:19:59 2023 +0100

    Removed double span element from HTML buttons (OpenMage#3123)

commit 318ff9f
Author: Fabrizio Balliano <[email protected]>
Date:   Tue May 9 16:47:28 2023 +0100

    close window image was ugly

commit d43ca5c
Author: Fabrizio Balliano <[email protected]>
Date:   Tue May 9 16:32:44 2023 +0100

    removed tinyMceEditors hash from prototypejs

commit 828ef09
Author: Fabrizio Balliano <[email protected]>
Date:   Tue May 9 16:00:15 2023 +0100

    Fixed showing of plugin buttons

commit 56908d5
Merge: 938aff0 15c441e
Author: Fabrizio Balliano <[email protected]>
Date:   Tue May 9 14:06:11 2023 +0100

    Merge branch 'tinymce6' of github.com:fballiano/openmage into tinymce6

commit 938aff0
Author: Fabrizio Balliano <[email protected]>
Date:   Tue May 9 14:05:55 2023 +0100

    upgraded to 6.4.2

commit 15c441e
Merge: 51f3fd9 36f4fdb
Author: Fabrizio Balliano <[email protected]>
Date:   Tue May 9 14:03:37 2023 +0100

    Merge branch 'next' into tinymce6

commit 36f4fdb
Author: Fabrizio Balliano <[email protected]>
Date:   Fri May 5 09:02:33 2023 +0200

    Github workflows now run on PHP 8.1 (OpenMage#3163)

commit b639beb
Merge: 0a16e58 6b683d7
Author: Fabrizio Balliano <[email protected]>
Date:   Thu May 4 11:21:23 2023 +0200

    Merge branch 'main' into next

commit 0a16e58
Author: Fabrizio Balliano <[email protected]>
Date:   Wed May 3 15:43:02 2023 +0200

    [BC] Unified CSRF configuration (OpenMage#3147)

commit 78bd803
Merge: 210aa81 d3dcc76
Author: Fabrizio Balliano <[email protected]>
Date:   Tue May 2 22:34:47 2023 +0200

    Merge branch 'main' into next

commit 210aa81
Merge: bad757d cefa503
Author: Fabrizio Balliano <[email protected]>
Date:   Sat Apr 29 18:05:40 2023 +0100

    Merge branch 'main' into next

commit 51f3fd9
Author: Fabrizio Balliano <[email protected]>
Date:   Wed Apr 26 15:37:25 2023 +0100

    something starts to work

commit 38e3527
Author: Fabrizio Balliano <[email protected]>
Date:   Tue Apr 25 18:22:50 2023 +0100

    renames plugin javascript files

commit a6ccefd
Author: Fabrizio Balliano <[email protected]>
Date:   Tue Apr 25 18:16:01 2023 +0100

    typo

commit 138fda1
Author: Fabrizio Balliano <[email protected]>
Date:   Tue Apr 25 18:14:05 2023 +0100

    typo

commit c87b2cd
Author: Fabrizio Balliano <[email protected]>
Date:   Tue Apr 25 18:12:41 2023 +0100

    Coverted part of the "variable" plugin

commit c8fe0b5
Author: Fabrizio Balliano <[email protected]>
Date:   Tue Apr 25 17:58:26 2023 +0100

    First test converting the plugins

commit 3683b2d
Author: Fabrizio Balliano <[email protected]>
Date:   Tue Apr 25 17:22:57 2023 +0100

    First commit

commit bad757d
Author: Fabrizio Balliano <[email protected]>
Date:   Tue Apr 25 13:52:55 2023 +0100

    PHP8.1 is now the minimum required version for OM v21 (OpenMage#3160)

commit 0db9446
Merge: 13926d8 cde7af5
Author: Fabrizio Balliano <[email protected]>
Date:   Tue Apr 25 13:35:41 2023 +0100

    Merge branch 'main' into next

commit 13926d8
Merge: 62c3715 c71585a
Author: Fabrizio Balliano <[email protected]>
Date:   Sun Apr 23 00:28:23 2023 +0100

    Merge branch 'main' into next

commit 62c3715
Merge: 3775e0d 4874e5c
Author: Fabrizio Balliano <[email protected]>
Date:   Tue Apr 18 09:43:11 2023 +0100

    Merge branch 'main' into next

commit 3775e0d
Merge: 31601cb bd7d45a
Author: Fabrizio Balliano <[email protected]>
Date:   Thu Apr 13 15:52:09 2023 +0200

    Merge branch 'main' into next

commit 31601cb
Merge: 88a4156 f2f9f5d
Author: Fabrizio Balliano <[email protected]>
Date:   Thu Apr 13 15:49:44 2023 +0200

    Merge branch 'main' into next

commit 88a4156
Merge: eaa1b47 81702bc
Author: Fabrizio Balliano <[email protected]>
Date:   Thu Apr 13 15:19:49 2023 +0200

    Merge branch 'main' into next

commit eaa1b47
Author: Fabrizio Balliano <[email protected]>
Date:   Mon Apr 10 22:36:49 2023 +0100

    [BC] Added form key validation to Contacts form (OpenMage#3146)

    Co-authored-by: Mohamed ELIDRISSI <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Component: Contacts Relates to Mage_Contacts for previous versions Template : base Relates to base template Template : rwd Relates to rwd template translations Relates to app/locale
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Contact Form - Some bots can use the controller behind the form
7 participants