Some of the important information share with here.Most of the files from Magento backend. The file lists:
app/code/core/Mage/Admin/Model/Session.php
app/code/core/Mage/Adminhtml/Block/Notification/Grid/Renderer/Notice.php
app/code/core/Mage/Adminhtml/Block/Widget/Form/Container.php
app/code/core/Mage/Adminhtml/Controller/Action.php
app/code/core/Mage/Adminhtml/Model/LayoutUpdate/Validator.php
app/code/core/Mage/Adminhtml/controllers/CustomerController.php
app/code/core/Mage/Adminhtml/controllers/Newsletter/TemplateController.php
app/code/core/Mage/Checkout/controllers/CartController.php
app/code/core/Mage/Core/Model/Email/Template/Abstract.php
app/code/core/Mage/Core/Model/File/Validator/Image.php
app/code/core/Mage/Core/Model/Session/Abstract/Varien.php
app/code/core/Mage/Core/etc/config.xml
app/code/core/Mage/Rss/Helper/Data.php
app/code/core/Mage/Sales/Model/Resource/Order/Item/Collection.php
app/code/core/Zend/Serializer/Adapter/PhpCode.php
app/design/adminhtml/default/default/template/backup/dialogs.phtml
app/design/adminhtml/default/default/template/catalog/product/edit/options/type/file.phtml
app/design/adminhtml/default/default/template/customer/tab/view.phtml
app/design/adminhtml/default/default/template/login.phtml
app/design/adminhtml/default/default/template/notification/toolbar.phtml
app/design/adminhtml/default/default/template/oauth/authorize/form/login.phtml
app/design/adminhtml/default/default/template/resetforgottenpassword.phtml
app/design/adminhtml/default/default/template/sales/order/view/history.phtml
app/design/adminhtml/default/default/template/sales/order/view/info.phtml
app/design/install/default/default/template/install/create_admin.phtml
app/locale/en_US/Mage_Adminhtml.csv
downloader/template/login.phtml
The important thing need to check this three files.
app/code/core/Mage/Checkout/controllers/CartController.php
app/code/core/Mage/Sales/Model/Resource/Order/Item/Collection.php
app/code/core/Mage/Core/Model/File/Validator/Image.php
app/code/core/Mage/Checkout/controllers/CartController.php additional condition check customer id:
diff --git app/code/core/Mage/Checkout/controllers/CartController.php app/code/core/Mage/Checkout/controllers/CartController.php
index 7c9f28f..bee6034 100644
--- app/code/core/Mage/Checkout/controllers/CartController.php
+++ app/code/core/Mage/Checkout/controllers/CartController.php
@@ -284,14 +284,16 @@ class Mage_Checkout_CartController extends Mage_Core_Controller_Front_Action
public function addgroupAction()
{
$orderItemIds = $this->getRequest()->getParam('order_items', array());
+ $customerId = $this->_getCustomerSession()->getCustomerId();
- if (!is_array($orderItemIds) || !$this->_validateFormKey()) {
+ if (!is_array($orderItemIds) || !$this->_validateFormKey() || !$customerId) {
$this->_goBack();
return;
}
$itemsCollection = Mage::getModel('sales/order_item')
->getCollection()
+ ->addFilterByCustomerId($customerId)
->addIdFilter($orderItemIds)
->load();
/* @var $itemsCollection Mage_Sales_Model_Mysql4_Order_Item_Collection */
@@ -709,4 +711,14 @@ class Mage_Checkout_CartController extends Mage_Core_Controller_Front_Action
$this->getResponse()->setHeader('Content-type', 'application/json');
$this->getResponse()->setBody(Mage::helper('core')->jsonEncode($result));
}
+
+ /**
+ * Get customer session model
+ *
+ * @return Mage_Customer_Model_Session
+ */
+ protected function _getCustomerSession()
+ {
+ return Mage::getSingleton('customer/session');
+ }
}
app/code/core/Mage/Sales/Model/Resource/Order/Item/Collection.php added Additional method addFilterByCustomerId in collection.
diff --git app/code/core/Mage/Sales/Model/Resource/Order/Item/Collection.php app/code/core/Mage/Sales/Model/Resource/Order/Item/Collection.php
index ee83ad48..c02afdf 100644
--- app/code/core/Mage/Sales/Model/Resource/Order/Item/Collection.php
+++ app/code/core/Mage/Sales/Model/Resource/Order/Item/Collection.php
@@ -152,4 +152,20 @@ class Mage_Sales_Model_Resource_Order_Item_Collection extends Mage_Sales_Model_R
$this->getSelect()->where($resultCondition);
return $this;
}
+
+ /**
+ * Filter by customerId
+ *
+ * @param int|array $customerId
+ * @return Mage_Sales_Model_Resource_Order_Item_Collection
+ */
+ public function addFilterByCustomerId($customerId)
+ {
+ $this->getSelect()->joinInner(
+ array('order' => $this->getTable('sales/order')),
+ 'main_table.order_id = order.entity_id', array())
+ ->where('order.customer_id IN(?)', $customerId);
+
+ return $this;
+ }
}
app/code/core/Mage/Core/Model/File/Validator/Image.php
if 'general/reprocess_images/active' false then skip image reprocessing. NOTE: If you turn off images reprocessing, then your upload images process may cause security risks
diff --git app/code/core/Mage/Core/Model/File/Validator/Image.php app/code/core/Mage/Core/Model/File/Validator/Image.php
index 9d57202..6a939c3 100644
--- app/code/core/Mage/Core/Model/File/Validator/Image.php
+++ app/code/core/Mage/Core/Model/File/Validator/Image.php
@@ -91,6 +91,13 @@ class Mage_Core_Model_File_Validator_Image
list($imageWidth, $imageHeight, $fileType) = getimagesize($filePath);
if ($fileType) {
if ($this->isImageType($fileType)) {
+ /**
+ * if 'general/reprocess_images/active' false then skip image reprocessing.
+ * NOTE: If you turn off images reprocessing, then your upload images process may cause security risks.
+ */
+ if (!Mage::getStoreConfigFlag('general/reprocess_images/active')) {
+ return null;
+ }
//replace tmp image with re-sampled copy to exclude images with malicious data
$image = imagecreatefromstring(file_get_contents($filePath));
if ($image !== false) {
Hope it will helpful. I think
Best Answer
Here is the list of modified files by the SUPEE-10570 patch:
EDIT
Finally after deploying on my prod website (CE 1.7.0.2), i noticed a critical blocking issue (checkout process blocked).
The context: after step 1 address, i directly create AND log the customer, he should see only the next checkout step.
The problem: after supee-10570, the checkout process is broken after step 1 (in case account creation) and the customer is redirected to homepage (with shopping cart empty + logged out) = impossible to achieve his checkout.
The emergency fix: In case you encounter similar problem with your checkout / customer session, comment the lines 414-430 from app/code/core/Mage/Core/Model/Session/Abstract/Varien.php (the ones added by the patch, see below).
EDIT (2)
I think the following condition will always return false (Mage_Core_Model_Session_Abstract_Varien at lines 414-419, especially lines 417+418).
VALIDATOR_PASSWORD_CREATE_TIMESTAMP will be always greater than VALIDATOR_SESSION_EXPIRE_TIMESTAMP. The session "expiration" timestamp is redefined at account creation, so inevitably older than session init.
So for instance if you create the customer during checkout, this will return false and the customer will be just kickedout (= end checkout, redirect to homepage & cart empty). Pretty bad.
I've reported this issue to magento team. I'll give feedback here asap.
EDIT (3)
A new patch is wip (on the magento patch download page it's write "SUPEE-10570 for CE 1.7.0.0 - UPDATED PATCH EXPECTED, DO NOT USE (0.06 MB)").
EDIT (4) ~1 month after initial blocking issue reported
Hi! Hope you're all goods (and hope you didn't keep the initial patch state until now, unless your business income had probably seriously decreased^^).
I've noticed the following sentence from official page: "Magento is now providing an updated patch (SUPEE-10570v2) that no longer causes this issue. Note, however, that this new patch no longer protects against two low risk session handling-related security issues that patch SUPEE-10570 protected against." from official supee-10570 page.
On the release page we can finally find the v2 file (PATCH_SUPEE-10570_CE_v1.7.0.2_v2-2018-03-29-08-52-37.sh).
I've investigated the modifications in details. Finally it seems magento team just decided to drop a security part of the patch. Hope this security hole won't cause serious damages (it's low critical according official note).
After revert v1 + apply v2, please take care the following files are reverted as their initial state (before v1 was applied):
PS: obviously some other files are also modified, please check accordingly.