Merge pull request #1645 from cubecart/6.1.8-branch

6.1.8 branch

CONTRIBUTING.md

@@ -3,7 +3,7 @@
 First of all THANK YOU! All contributions be it bug fix, reporting an issue or features request; we greatly appreciate your time which helps make CubeCart even better. 
 
 ## Feature Requests
-Please note that we close ALL new feature requests. This doesn't mean we won't implement them but it means they may well be opened at a later date and assigned to a milestone.
+Please submit feature requests to [http://features.cubecart.com](http://features.cubecart.com).
 
 ## Sponsored Feature Requests
 If you are really keen to see a specific feature and don't want to wait, the great news is that we take bribes! Please contact our sales department via our [helpdesk](https://support.cubecart.com/Tickets/Submit).

admin/sources/maintenance.index.inc.php

@@ -97,7 +97,7 @@ function crc_integrity_check($files, $mode = 'upgrade') {
 		$zip->addFile($file_path);
 		$zip->close();
 		$GLOBALS['main']->setACPNotify(sprintf($lang['maintain']['file_compressed'], basename($file_path)));
-		httpredir('?_g=maintenance&node=index#backup');	
+		httpredir('?_g=maintenance&node=index','backup');	
 	} else {
 		$GLOBALS['main']->setACPWarning("Error reading file ".basename($file_path));
 	}	
@@ -128,7 +128,7 @@ function crc_integrity_check($files, $mode = 'upgrade') {
     			$zip->close();
 			} else {
 				$GLOBALS['main']->setACPWarning("Error reading file ".$file_name);
-				httpredir('?_g=maintenance&node=index#backup');	
+				httpredir('?_g=maintenance&node=index','backup');	
 			}
 		}
 
@@ -156,7 +156,7 @@ function crc_integrity_check($files, $mode = 'upgrade') {
 		if ($import) {
 			$GLOBALS['main']->setACPNotify($lang['maintain']['db_restored']);
 			$GLOBALS['cache']->clear();
-			httpredir('?_g=maintenance&node=index#backup');
+			httpredir('?_g=maintenance&node=index','backup');
 		}
 
 	} elseif (preg_match('/^files/', $file_name)) { // restore archive
@@ -178,44 +178,44 @@ function crc_integrity_check($files, $mode = 'upgrade') {
 
 			if ($errors!==false) {				
 				$GLOBALS['main']->setACPWarning($lang['maintain']['files_restore_fail']);
-				httpredir('?_g=maintenance&node=index#backup');
+				httpredir('?_g=maintenance&node=index','backup');
 			} else {
 				$GLOBALS['main']->setACPNotify($lang['maintain']['files_restore_success']);
 				$GLOBALS['cache']->clear();
-				httpredir('?_g=maintenance&node=index#backup');
+				httpredir('?_g=maintenance&node=index','backup');
 			}
 		} else {
 			$GLOBALS['main']->setACPWarning($lang['maintain']['files_restore_not_possible']);	
 		}
 
 	} else {
 		$GLOBALS['main']->setACPWarning($lang['maintain']['files_restore_not_possible']);
-		httpredir('?_g=maintenance&node=index#backup');
+		httpredir('?_g=maintenance&node=index','backup');
 	}
 }
 
 if (isset($_GET['upgrade']) && !empty($_GET['upgrade'])) {
 
 	$contents = false;
 	## Download the version we want
-	$request = new Request('www.cubecart.com', '/download/'.$_GET['upgrade'].'.zip', 80, false, true, 10);
+	$request = new Request('www.cubecart.com', '/download/'.$_GET['upgrade'].'.zip', 80, false, true, 10);#
 	$request->setMethod('get');
 	$request->setSSL();
 	$request->setUserAgent('CubeCart');
 	$request->skiplog(true);
 
 	if (!$contents = $request->send()) {
-		$contents = file_get_contents('https://www.cubecart.com/download/'.$_GET['upgrade'].'.zip');
+		$contents = file_get_contents('http#s://www.cubecart.com/download/'.$_GET['upgrade'].'.zip');
 	}
 
 	if (empty($contents)) {
 		$GLOBALS['main']->setACPWarning($lang['maintain']['files_upgrade_download_fail']);
-		httpredir('?_g=maintenance&node=index#upgrade');
+		httpredir('?_g=maintenance&node=index','upgrade');
 	} else {
 
 		if (stristr($contents, 'DOCTYPE') ) {
 			$GLOBALS['main']->setACPWarning("Sorry. CubeCart-".$_GET['upgrade'].".zip was not found. Please try again later.");
-			httpredir('?_g=maintenance&node=index#upgrade');
+			httpredir('?_g=maintenance&node=index','upgrade');
 		}
 
 		$destination_path = CC_ROOT_DIR.'/backup/CubeCart-'.$_GET['upgrade'].'.zip';
@@ -253,7 +253,7 @@ function crc_integrity_check($files, $mode = 'upgrade') {
 
 				if ($errors!==false) {
 					$GLOBALS['main']->setACPWarning($lang['maintain']['files_upgrade_fail']);
-					httpredir('?_g=maintenance&node=index#upgrade');
+					httpredir('?_g=maintenance&node=index','upgrade');
 				} elseif ($_POST['force']) {
 					## Try to delete setup folder
 					recursiveDelete(CC_ROOT_DIR.'/setup');
@@ -263,13 +263,13 @@ function crc_integrity_check($files, $mode = 'upgrade') {
 						rename(CC_ROOT_DIR.'/setup', CC_ROOT_DIR.'/setup_'.md5(time().$_GET['upgrade']));
 					}
 					$GLOBALS['main']->setACPNotify($lang['maintain']['current_version_restored']);
-					httpredir('?_g=maintenance&node=index#upgrade');
+					httpredir('?_g=maintenance&node=index','upgrade');
 				} else {
 					httpredir(CC_ROOT_REL.'setup/index.php?autoupdate=1');
 				}
 			} else {
 				$GLOBALS['main']->setACPWarning("Unable to read archive.");
-				httpredir('?_g=maintenance&node=index#upgrade');
+				httpredir('?_g=maintenance&node=index','upgrade');
 			}			
 		}
 	}
@@ -279,20 +279,20 @@ function crc_integrity_check($files, $mode = 'upgrade') {
 	$file = 'backup/'.basename($_GET['delete']);
 	if(in_array($_GET['delete'], array('restore_error_log','upgrade_error_log'))) {
 		unlink($file);
-		httpredir('?_g=maintenance&node=index#backup');
+		httpredir('?_g=maintenance&node=index','backup');
 	} else if(file_exists($file) && preg_match('/^.*\.(sql|zip)$/i', $file)) {
 		## Generic error message for logs delete specific for backup
 		$message = preg_match('/\_error_log$/', $file) ? $lang['filemanager']['notify_file_delete'] : sprintf($lang['maintain']['backup_deleted'], basename($file));
 		$GLOBALS['main']->setACPNotify($message);
 		unlink($file);
-		httpredir('?_g=maintenance&node=index#backup');
+		httpredir('?_g=maintenance&node=index','backup');
 	}
 }
 if (isset($_GET['download'])) {
 	$file = 'backup/'.basename($_GET['download']);
 	if(file_exists($file)) {
 		deliverFile($file);
-		httpredir('?_g=maintenance&node=index#backup');
+		httpredir('?_g=maintenance&node=index','backup');
 	}
 }
 
@@ -503,7 +503,7 @@ function cleanImageCache($path = null) {
 		$zip->close();
 		$GLOBALS['main']->setACPNotify($lang['maintain']['files_backup_complete']);
 	}
-	httpredir('?_g=maintenance&node=index#backup');
+	httpredir('?_g=maintenance&node=index','backup');
 }
 
 if (isset($_POST['backup'])) {

admin/sources/products.index.inc.php

@@ -488,7 +488,7 @@
 if (isset($_GET['action']) && strtolower($_GET['action'])=='clone' && isset($_GET['product_id']) && (int)$_GET['product_id']>0 && Admin::getInstance()->permissions('products', CC_PERM_EDIT)) {
 
 	if ($GLOBALS['config']->get('config', 'product_clone')!=1)
-		httpredir(sprintf('%s?_g=settings#Extra', $glob['adminFile']));
+		httpredir(sprintf('%s?_g=settings', $glob['adminFile']), 'Extra');
 
 	$product_id_parent = (int)$_GET['product_id'];
 

admin/sources/products.reviews.inc.php

@@ -105,7 +105,7 @@
 	}
 	## origin variable tells us we need to come back to the dashboard now
 	if (isset($_GET['origin']) && !empty($_GET['origin']) && $_GET['origin']=="dashboard") {
-		httpredir('?#product_reviews');
+		httpredir('?', 'product_reviews');
 	}
 }
 

classes/catalogue.class.php

@@ -215,7 +215,7 @@ public function descriptionShort($product){
 		}
 
 		if($substr && $product_precis>0 && strlen($short_description)>$product_precis) {
-			return substr($short_description, 0, $product_precis).'…';
+			return htmlentities(substr(html_entity_decode($short_description, ENT_COMPAT, 'UTF-8'), 0, $product_precis), ENT_QUOTES, 'UTF-8').'…';
 		} else {
 			return $short_description;
 		}

classes/sanitize.class.php

@@ -30,26 +30,27 @@ static public function checkToken() {
 			$csrf_path = CC_ROOT_DIR.'/'.$glob['adminFolder'].'/skins/'.$GLOBALS['config']->get('config', 'admin_skin').'/csrf.inc.php';
 			if(file_exists($csrf_path)) {
 				require_once($csrf_path);
-				if(is_array($csrf_maps))
-				foreach($csrf_maps as $csrf_map) {
-					if(is_array($csrf_map)) {
-						$csrf_check = false;
-						foreach($csrf_map as $key => $value) {
-							if((!$value && isset($_GET[$key])) || (isset($_GET[$key]) && $_GET[$key]==$value)) {
-								$csrf_check = true;	
-							} else {
-								$csrf_check = false;
-								break;	
+				if(is_array($csrf_maps)) {
+					foreach($csrf_maps as $csrf_map) {
+						if(is_array($csrf_map)) {
+							$csrf_check = false;
+							foreach($csrf_map as $key => $value) {
+								if((!$value && isset($_GET[$key])) || (isset($_GET[$key]) && $_GET[$key]==$value)) {
+									$csrf_check = true;	
+								} else {
+									$csrf_check = false;
+									break;	
+								}
 							}
-						}
 
-						if($csrf_check) {
-							if (!isset($_GET['token']) || !$GLOBALS['session']->checkToken($_GET['token'])) {
-								//Make a new token just to insure that it doesn't get used again
-								$GLOBALS['session']->getToken(true);
-								self::_stopToken();
+							if($csrf_check) {
+								if (!isset($_GET['token']) || !$GLOBALS['session']->checkToken($_GET['token'])) {
+									//Make a new token just to insure that it doesn't get used again
+									$GLOBALS['session']->getToken(true);
+									self::_stopToken();
+								}
+								break;	
 							}
-							break;	
 						}
 					}
 				}

classes/session.class.php

@@ -100,8 +100,6 @@ final private function __construct() {
 			ini_set('session.cookie_path', $GLOBALS['rootRel']);
 		}
 
-		ini_set('session.cookie_httponly',true);
-
 		//If the current session time is longer we will not change anything
 		if ($ini['session.gc_maxlifetime'] < $this->_session_timeout) {
 			ini_set('session.gc_maxlifetime', $this->_session_timeout);
@@ -121,7 +119,7 @@ final private function __construct() {
 			// make sure session cookies are http ONLY!
 			ini_set('session.cookie_httponly',true);
 		}
-		if (!$ini['session.cookie_secure'] && $GLOBALS['config']->get('config', 'ssl')=='1') {
+		if (!$ini['session.cookie_secure'] && CC_SSL) {
 			// make sure session cookies are secure if SSL is enabled
 			ini_set('session.cookie_secure',true);
 		}
@@ -653,7 +651,8 @@ private function _start() {
 
 		}
 		session_cache_limiter('none');
-		session_name('CCS_'.strtoupper(substr(md5(CC_ROOT_DIR), 0,10)));
+		$session_prefix = CC_SSL ? 'S' : '';
+		session_name('CC'.$session_prefix.'_'.strtoupper(substr(md5(CC_ROOT_DIR), 0,10)));
 		session_start();
 
 		// Increase session length on each page load. NOT IE however as we all know it is a wingy PITA

ini.inc.php

@@ -50,7 +50,7 @@
 }
 
 /************* CUBECART SPECIFIC SETTINGS *************/
-define('CC_VERSION', '6.1.7');     // Version Number
+define('CC_VERSION', '6.1.8');     // Version Number
 define('CC_INI_SET', true);      // Stop includes and the like from being executed on their own
 define('CC_DS', DIRECTORY_SEPARATOR);   // Deprecated but kept for backward compatibility
 define('CC_PS', PATH_SEPARATOR);

setup/index.php

@@ -564,7 +564,7 @@
     $db->truncate('CubeCart_system_error_log');
     include $global_file;
     if ($_SESSION['setup']['autoupgrade'] && !$update_config) {
-      httpredir('../'.$glob['adminFile'].'?_g=maintenance&node=index#upgrade');
+      httpredir('../'.$glob['adminFile'].'?_g=maintenance&node=index', 'upgrade');
     }
   }
 }

skins/foundation/templates/content.category.php

@@ -213,10 +213,10 @@
       </div>
    </div>
    *}
-   {* Add "hide-for-small-up" to the class attribute to not display the more button *}
    <div class="hide" id="ccScrollCat">{$category.cat_id}</div>
    {if $page!=='all' && ($page < $total)}
    {$params[$var_name] = $page + 1}
+   {* Add "hide-for-medium-up" to the class attribute to not display the more button *}
    <a href="{$current}{http_build_query($params)}{$anchor}" data-next-page="{$params[$var_name]}" data-cat="{$category.cat_id}" class="button tiny expand ccScroll-next">{$LANG.common.more} <svg class="icon"><use xlink:href="#icon-angle-down"></use></svg></a>
    {/if}
 </div>