Applied PATCH_SUPEE-5994_EE_1.14.1.0_v1-2015-05-14-05-05-02.sh

app/code/core/Mage/Authorizenet/controllers/Directpost/PaymentController.php

@@ -68,6 +68,8 @@ protected function _getIframeBlock()
     public function responseAction()
     {
         $data = $this->getRequest()->getPost();
+        unset($data['redirect_parent']);
+        unset($data['redirect']);
         /* @var $paymentMethod Mage_Authorizenet_Model_DirectPost */
         $paymentMethod = Mage::getModel('authorizenet/directpost');
 
@@ -113,6 +115,8 @@ public function responseAction()
     public function redirectAction()
     {
         $redirectParams = $this->getRequest()->getParams();
+        unset($redirectParams['redirect_parent']);
+        unset($redirectParams['redirect']);
         $params = array();
         if (!empty($redirectParams['success'])
             && isset($redirectParams['x_invoice_num'])

app/code/core/Mage/Core/Controller/Varien/Router/Admin.php

@@ -129,4 +129,15 @@ public function collectRoutes($configArea, $useRouterName)
         }
         parent::collectRoutes($configArea, $useRouterName);
     }
+
+    /**
+     * Check if current controller instance is allowed in current router.
+     * 
+     * @param Mage_Core_Controller_Varien_Action $controllerInstance
+     * @return boolean
+     */
+    protected function _validateControllerInstance($controllerInstance)
+    {
+        return true;
+    }
 }

app/code/core/Mage/Core/Controller/Varien/Router/Standard.php

@@ -201,6 +201,10 @@ public function match(Zend_Controller_Request_Http $request)
             // instantiate controller class
             $controllerInstance = Mage::getControllerInstance($controllerClassName, $request, $front->getResponse());
 
+            if (!$this->_validateControllerInstance($controllerInstance)) {
+                continue;
+            }
+
             if (!$controllerInstance->hasAction($action)) {
                 continue;
             }
@@ -271,6 +275,17 @@ protected function _noRouteShouldBeApplied()
         return false;
     }
 
+    /**
+     * Check if current controller instance is allowed in current router.
+     * 
+     * @param Mage_Core_Controller_Varien_Action $controllerInstance
+     * @return boolean
+     */
+    protected function _validateControllerInstance($controllerInstance)
+    {
+        return $controllerInstance instanceof Mage_Core_Controller_Front_Action;
+    }
+
     /**
      * Generating and validating class file name,
      * class and if evrything ok do include if needed and return of class name
@@ -297,7 +312,6 @@ protected function _validateControllerClassName($realModule, $controller)
         return $controllerClassName;
     }
 
-
     /**
      * @deprecated
      * @see _includeControllerClass()

app/code/core/Mage/Customer/Model/Customer.php

@@ -273,8 +273,11 @@ public function addAddress(Mage_Customer_Model_Address $address)
      */
     public function getAddressById($addressId)
     {
-        return Mage::getModel('customer/address')
-            ->load($addressId);
+        $address = Mage::getModel('customer/address')->load($addressId);
+        if ($this->getId() == $address->getParentId()) {
+            return $address;
+        }
+        return Mage::getModel('customer/address');
     }
 
     /**

app/code/core/Mage/Dataflow/Model/Convert/Parser/Csv.php

@@ -266,6 +266,10 @@ public function getCsvString($fields = array()) {
         $str = '';
 
         foreach ($fields as $value) {
+            if (substr($value, 0, 1) === '=') {
+                $value = ' ' . $value;
+            }
+
             if (strpos($value, $delimiter) !== false ||
                 empty($enclosure) ||
                 strpos($value, $enclosure) !== false ||

app/code/core/Mage/ImportExport/Model/Export/Adapter/Csv.php

@@ -109,9 +109,21 @@ public function writeRow(array $rowData)
         if (null === $this->_headerCols) {
             $this->setHeaderCols(array_keys($rowData));
         }
+
+        /**
+         * Security enchancement for CSV data processing by Excel-like applications.
+         * @see https://bugzilla.mozilla.org/show_bug.cgi?id=1054702
+         */
+        $data = array_merge($this->_headerCols, array_intersect_key($rowData, $this->_headerCols));
+        foreach ($data as $key => $value) {
+            if (substr($value, 0, 1) === '=') {
+                $data[$key] = ' ' . $value;
+            }
+        }
+
         fputcsv(
             $this->_fileHandler,
-            array_merge($this->_headerCols, array_intersect_key($rowData, $this->_headerCols)),
+            $data,
             $this->_delimiter,
             $this->_enclosure
         );

app/code/core/Mage/Install/Controller/Router/Install.php

@@ -0,0 +1,39 @@
+<?php
+/**
+ * Magento Enterprise Edition
+ *
+ * NOTICE OF LICENSE
+ *
+ * This source file is subject to the Magento Enterprise Edition End User License Agreement
+ * that is bundled with this package in the file LICENSE_EE.txt.
+ * It is also available through the world-wide-web at this URL:
+ * http://www.magento.com/license/enterprise-edition
+ * If you did not receive a copy of the license and are unable to
+ * obtain it through the world-wide-web, please send an email
+ * to license@magento.com so we can send you a copy immediately.
+ *
+ * DISCLAIMER
+ *
+ * Do not edit or add to this file if you wish to upgrade Magento to newer
+ * versions in the future. If you wish to customize Magento for your
+ * needs please refer to http://www.magento.com for more information.
+ *
+ * @category    Mage
+ * @package     Mage_Install
+ * @copyright Copyright (c) 2006-2014 X.commerce, Inc. (http://www.magento.com)
+ * @license http://www.magento.com/license/enterprise-edition
+ */
+
+class Mage_Install_Controller_Router_Install extends Mage_Core_Controller_Varien_Router_Standard
+{
+    /**
+     * Check if current controller instance is allowed in current router.
+     * 
+     * @param Mage_Core_Controller_Varien_Action $controllerInstance
+     * @return boolean
+     */
+    protected function _validateControllerInstance($controllerInstance)
+    {
+        return $controllerInstance instanceof Mage_Install_Controller_Action;
+    }
+}

app/code/core/Mage/Install/etc/config.xml

@@ -48,13 +48,35 @@
             </install>
         </blocks>
     </global>
+    <default>
+        <web>
+            <routers>
+                <install>
+                    <area>frontend</area>
+                    <class>Mage_Install_Controller_Router_Install</class>
+                </install>
+            </routers>
+        </web>
+    </default>
+    <stores>
+        <default>
+            <web>
+                <routers>
+                    <install>
+                        <area>frontend</area>
+                        <class>Mage_Install_Controller_Router_Install</class>
+                    </install>
+                </routers>
+            </web>
+        </default>
+    </stores>
     <frontend>
         <secure_url>
             <install>/install/wizard/checkSecureHost</install>
         </secure_url>
         <routers>
             <install>
-                <use>standard</use>
+                <use>install</use>
                 <args>
                     <module>Mage_Install</module>
                     <frontName>install</frontName>

app/code/core/Mage/Sales/controllers/Recurring/ProfileController.php

@@ -190,8 +190,9 @@ protected function _viewAction()
      */
     protected function _initProfile()
     {
+        /** @var Mage_Sales_Model_Recurring_Profile $profile */
         $profile = Mage::getModel('sales/recurring_profile')->load($this->getRequest()->getParam('profile'));
-        if (!$profile->getId()) {
+        if (!$profile->getId() || $this->_session->getCustomerId() != $profile->getCustomerId()) {
             Mage::throwException($this->__('Specified profile does not exist.'));
         }
         Mage::register('current_recurring_profile', $profile);

app/etc/applied.patches.list

@@ -25,3 +25,24 @@ patching file api.php
 patching file app/code/core/Mage/ConfigurableSwatches/Block/Catalog/Media/Js/Abstract.php
 
 
+-e -n 2015-05-15 00:48:37 UTC | SUPEE-5998 | EE_1.14.1.0 | v1 | 9324d922a64fac99ceb3725062eb498d634401dc | Thu May 14 13:46:45 2015 +0300 | v1.14.1.0..HEAD
+patching file app/code/core/Mage/Authorizenet/controllers/Directpost/PaymentController.php
+patching file app/code/core/Mage/Core/Controller/Varien/Router/Admin.php
+patching file app/code/core/Mage/Core/Controller/Varien/Router/Standard.php
+patching file app/code/core/Mage/Customer/Model/Customer.php
+patching file app/code/core/Mage/Dataflow/Model/Convert/Parser/Csv.php
+patching file app/code/core/Mage/ImportExport/Model/Export/Adapter/Csv.php
+patching file app/code/core/Mage/Install/Controller/Router/Install.php
+patching file app/code/core/Mage/Install/etc/config.xml
+patching file app/code/core/Mage/Sales/controllers/Recurring/ProfileController.php
+patching file downloader/Maged/Model/Connect.php
+patching file downloader/Maged/View.php
+patching file downloader/template/connect/packages_prepare.phtml
+patching file downloader/template/messages.phtml
+patching file get.php
+Hunk #1 succeeded at 36 (offset -1 lines).
+patching file lib/PEAR/PEAR/PEAR.php
+patching file lib/PEAR/PEAR/PEAR5.php
+patching file lib/Varien/Io/File.php
+
+

downloader/Maged/Model/Connect.php

@@ -100,8 +100,11 @@ public function prepareToInstall($id)
     {
         $match = array();
         if (!$this->checkExtensionKey($id, $match)) {
-            echo('Invalid package identifier provided: '.$id);
-            exit;
+            $errorMessage[] = sprintf('Invalid package identifier provided: %s', $id);
+            $packages = array(
+                'errors' => array('error'=> $errorMessage)
+            );
+            return $packages;
         }
 
         $channel = $match[1];

downloader/Maged/View.php

@@ -162,4 +162,36 @@ public function getFormKey()
     {
         return $this->controller()->getFormKey();
     }
+
+    /**
+     * Escape html entities
+     *
+     * @param   mixed $data
+     * @param   array $allowedTags
+     * @return  mixed
+     */
+    public function escapeHtml($data, $allowedTags = null)
+    {
+        if (is_array($data)) {
+            $result = array();
+            foreach ($data as $item) {
+                $result[] = $this->escapeHtml($item);
+            }
+        } else {
+            // process single item
+            if (strlen($data)) {
+                if (is_array($allowedTags) and !empty($allowedTags)) {
+                    $allowed = implode('|', $allowedTags);
+                    $result = preg_replace('/<([\/\s\r\n]*)(' . $allowed . ')([\/\s\r\n]*)>/si', '##$1$2$3##', $data);
+                    $result = htmlspecialchars($result, ENT_COMPAT, 'UTF-8', false);
+                    $result = preg_replace('/##([\/\s\r\n]*)(' . $allowed . ')([\/\s\r\n]*)##/si', '<$1$2$3>', $result);
+                } else {
+                    $result = htmlspecialchars($data, ENT_COMPAT, 'UTF-8', false);
+                }
+            } else {
+                $result = $data;
+            }
+        }
+        return $result;
+    }
 }

downloader/template/connect/packages_prepare.phtml

@@ -33,7 +33,7 @@
 Extension dependencies
 <form action="<?php
     echo $this->url('connectInstallPackagePost')?>" method="post" target="connect_iframe" onsubmit="onSubmit(this)">
-    <input type="hidden" name="install_package_id" value="<?php echo $this->get('package_id'); ?>">
+    <input type="hidden" name="install_package_id" value="<?php echo $this->escapeHtml($this->get('package_id')); ?>">
     <table cellspacing="0" cellpadding="0" width="100%">
         <col width="150" />
         <col width="250" />

downloader/template/messages.phtml

@@ -30,7 +30,7 @@
     <li>
         <ul class="<?php echo $type ?>-msg">
         <?php foreach ($msgs as $msg): ?>
-            <li><?php echo $msg ?></li>
+            <li><?php echo $this->escapeHtml($msg) ?></li>
         <?php endforeach; ?>
         </ul>
     </li>

get.php

@@ -36,7 +36,7 @@
  * Error reporting
  */
 error_reporting(E_ALL | E_STRICT);
-ini_set('display_errors', 1);
+ini_set('display_errors', 0);
 
 $ds = DIRECTORY_SEPARATOR;
 $ps = PATH_SEPARATOR;