Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BC] Unified CSRF configuration #3147

Merged
merged 13 commits into from
May 3, 2023
Merged

[BC] Unified CSRF configuration #3147

merged 13 commits into from
May 3, 2023

Conversation

fballiano
Copy link
Contributor

@fballiano fballiano commented Apr 5, 2023

Following #3146 I'd like to unify all the CSRF configuration in a single one, the actual situation is a bit confusing with three different flags for the same thing (general one, newsletter, checkout).

Related Pull Requests

#3146

Fixed Issues (if relevant)

Fixes the problem that some user may enabled CSRF only for some of the modules and not for others.

Testing

  • enable system/csrf/use_form_key
  • check that both the newsletter forms and checkout have the form_key added to their <form element (actually the checkout does everything with ajax request so you'll have to check that the form_key is added to those requests in the developer console) as shown in this screenshot:

Screenshot 2023-04-05 alle 15 34 42

@github-actions github-actions bot added Component: Adminhtml Relates to Mage_Adminhtml Component: Checkout Relates to Mage_Checkout Component: Core Relates to Mage_Core labels Apr 5, 2023
matteotestoni
matteotestoni previously approved these changes Apr 6, 2023
@elidrissidev
Copy link
Member

elidrissidev commented Apr 6, 2023

We can also remove newsletter/security/enable_form_key from "New Config Options" in README.

Edit: translation for config notes can be removed too.

@fballiano
Copy link
Contributor Author

great catches, done, thank you!

@github-actions github-actions bot added the translations Relates to app/locale label Apr 6, 2023
@elidrissidev
Copy link
Member

Only one line left:

"<strong style=""color:red"">Important!</strong> Enabling this option means that your custom templates used for newsletter subscription must contain <code>form_key</code> block output. Otherwise newsletter subscription will not work.","<strong style=""color:red"">Important!</strong> Enabling this option means that your custom templates used for newsletter subscription must contain <code>form_key</code> block output. Otherwise newsletter subscription will not work."

@fballiano
Copy link
Contributor Author

heck! I searched and missed that, it's done now!

elidrissidev
elidrissidev previously approved these changes Apr 6, 2023
elidrissidev
elidrissidev previously approved these changes Apr 8, 2023
@matteotestoni
Copy link

matteotestoni commented Apr 11, 2023

how can i download openmage next? maybe skip 20.1 and create 21 beta 1?

@fballiano
Copy link
Contributor Author

@matteotestoni checkout the next branch then do a composer install, note that at the moment it's not in sync with all that was committed to main

@fballiano fballiano requested review from kiatng and removed request for matteotestoni April 11, 2023 23:18
@ADDISON74
Copy link
Contributor

Here is what appears in the Security section in the next branch

1

And here is what appears in the Security section in the branch of this PR. It is obvious that the "Enable Form Key Validation On Checkout" option has been removed

2

@ADDISON74
Copy link
Contributor

ADDISON74 commented Apr 27, 2023

The third comment is related to the purpose of this unification. It would be natural to see the modified option with the name "Enable From Key Validation" and under the label "Important! Enabling this option means that your custom templates used in checkout process, newsletter and contact contain form_key output. Otherwise the forms may not work".

The fourth comment, in the README.md file it is mandatory to mention which templates need to be modified.

A fifth comment, the unification proposed here is only for checkout and newsletter. Are we missing the contact form or maybe I am wrong? I am referring here to controlling all 3 forms with a single Enable/Disable option.

@elidrissidev
Copy link
Member

A fifth comment, the unification proposed here is only for checkout and newsletter. Are we missing the contact form or maybe I am wrong? I am referring here to controlling all 3 forms with a single Enable/Disable option.

It was already done in #3146

@fballiano
Copy link
Contributor Author

And here is what appears in the Security section in the branch of this PR. It is obvious that the "Enable Form Key Validation On Checkout" option has been removed

sure, because it's been unified with the general one, so both the newletter and checkout configurations are removed, it is the purpose of the PR :-)

@fballiano
Copy link
Contributor Author

The third comment is related to the purpose of this unification. It would be natural to see the modified option with the name "Enable From Key Validation" and under the label "Important! Enabling this option means that your custom templates used in checkout process, newsletter and contact contain form_key output. Otherwise the forms may not work".

mmmm the point is that everybody has to do that, all of the plaform has CSRF on everything nowadays, we can't be the only one that treat this fundamental security thing as a "sorry, maybe you want to enable it but it's causing you trouble" thing, in my opinion at least

The fourth comment, in the README.md file it is mandatory to mention which templates need to be modified.

fair enough, although for custom checkouts it's impossible to know

@ADDISON74
Copy link
Contributor

@elidrissidev - What I commented on point 5 is not resolved in #3146. I explained in the message, the 3 forms should be controlled by an option in the Security section. It will be set by default to the value No (this means to revert PR #871) until the developer checks his custom templates, then to make the warning message disappear it will set the value to Yes. Only Newsletter and Checkout offered this control facility, not Contact.

@fballiano - even if this unification is in the next version, who will use this branch I doubt it will have an adapted theme. Therefore, he must adapt his theme. He will only know about this if the warning that was up until PR #871 is still displaye and to have a control of the 3 forms after making the modification, that is to confirm the form_keys feature works. I didn't find the dropdown in the Backend, that's why I left a comment.

From the engineer's point of view, I have to limit myself to the worst user, if I create and offer a solution only for the smart ones, who pretend to be at my level of understanding or above, I will fail to sell my product on a large scale.

@elidrissidev
Copy link
Member

the 3 forms should be controlled by an option in the Security section.

They are already being controlled by the default config: system/csrf/use_form_key.

@fballiano
Copy link
Contributor Author

Here is what appears in the Security section in the next branch
And here is what appears in the Security section in the branch of this PR. It is obvious that the "Enable Form Key Validation On Checkout" option has been removed

the setting is now only one and it's the original, which was always in:
Screenshot 2023-04-29 alle 17 58 20

and it's still available (tested this PR right now just to check)

@ADDISON74
Copy link
Contributor

My comments based on @elidrissidev and @fballiano feedback

  1. First observation, the word protection in "CSRF protection" must be written with a capital P. Thus we follow a rule regarding Backend texts where each word begins with a capital letter, except small texts 1 - 3 letters.

  2. The important label must be inserted under the option "Important! Enabling this option means that your custom templates used in checkout process, contact and newsletter contain form_key output. Otherwise the forms may not work".

  3. I disabled the option and the paragraph beginning with Important is displayed at the top under the menu. It must be modified as text and link because it no longer concerns the Checkout form only, "Important: Formkey validation on checkout process, contact and newsletter are disabled. This may expose security risks. We strongly recommend to enable it in [System / CSRF Protection]."

formkey_message

@fballiano
Copy link
Contributor Author

  1. I've changed the translation of that label, although that specific label wasn't touched at all by this PR.
  2. I think that mentioning in the release notes and README is enough and it shouldn't be seen as a "problem" because it's an important security feature, when upgrading you upgrade your templates (cause the info is in the release notes) and that's it. If we add that disclaimer, all of the correctly upgraded websites will have that warning forever and I don't think it's the right choice.
  3. I've written it in a slightly different way "Important: Formkey validation is disabled. This may expose security risks. We strongly recommend to enable in Advanced / System, to protect your checkout process, newsletter subscription, contact form and more.", is that ok? maybe we can add something "please check with your developer that your custom templates are compatible with CSRF" in this same warning?

@github-actions github-actions bot added the Template : admin Relates to admin template label May 1, 2023
@ADDISON74
Copy link
Contributor

2 - Here I leave it to your discretion how many read the README file. I noticed that a lot of people don't read it and only those of us who are aware of the changes know about them. In another PR, the information about CSRF unification must be added in a section of the README.

3.1 - The link which appears in the warning is Admin / Security

link1

Based on this the new link must be System / CSRF Protection

link2

3.2 - For the warning message, the paragraph I propose is the following (keeping the idea from Magento and yours)

Important: Formkey validation is disabled. This may expose you to security risks. We strongly recommend to enable it in System / CSRF Protection to protect your checkout, contact and newsletter forms.

I chose to use "forms" because I am addressing the administrator who will immediately understand what it is about. I sorted them in the alphabetical order to be easier to identify. When we will add other protected forms we will insert them in the message.

@fballiano
Copy link
Contributor Author

  1. it is true that people don't read the README, I don't even blame them, they should read the release notes but we weren't the best at writing them precisely, I would actually add a docs/release-notes/v21 and have a text file for every release, I think it's easier for us to document the changes this way instead of keeping it too short in the README which is anyway already too long and a bit messy
    3.1 I had already changed the link before
    3.2 so much better. I've changed it (but I left the "Advanced" word as per the section of the admin configuration)

@elidrissidev
Copy link
Member

PHPStan is failing though

@fballiano fballiano merged commit 0a16e58 into OpenMage:next May 3, 2023
@fballiano fballiano deleted the csrf branch May 3, 2023 13:43
@fballiano
Copy link
Contributor Author

@elidrissidev it's failing on the next branch because we've to do #3163 (now that there's 8.1 in the composer.json) and probably fix something, but it's not related to this PR ;-)

@fballiano fballiano changed the title [BC ]Unified CSRF configuration [BC] Unified CSRF configuration May 3, 2023
empiricompany pushed a commit to empiricompany/openmage that referenced this pull request Sep 16, 2023
empiricompany added a commit to empiricompany/openmage that referenced this pull request Sep 18, 2023
commit 58d063b
Merge: 4879f22 8a0c083
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Sun Sep 10 21:53:03 2023 +0100

    Merge branch 'next' into tinymce6

commit 8a0c083
Merge: 7b20aa2 26843d6
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Sun Sep 10 21:49:01 2023 +0100

    Merge branch 'main' into next

commit 7b20aa2
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Fri Sep 8 21:48:15 2023 +0100

    Fixed some PHPCS errors (OpenMage#3502)

commit 710d35d
Merge: 6b7dbf1 26e80e7
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Fri Sep 8 16:24:47 2023 +0100

    Merge branch 'main' into next

commit 6b7dbf1
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Fri Sep 8 16:24:17 2023 +0100

    Fixed implementation of SessionHandlerInterface in Mage_Core_Model_Resource_Session (OpenMage#3499)

    Co-authored-by: Mohamed ELIDRISSI <67818913+elidrissidev@users.noreply.github.com>
    Co-authored-by: Ng Kiat Siong <kiatsiong.ng@gmail.com>

commit 08c6e41
Merge: 36593b5 ccbaa15
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Fri Sep 8 10:26:23 2023 +0100

    Merge branch 'main' into next

commit 36593b5
Merge: fdb003a 0b3d782
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Thu Sep 7 23:24:48 2023 +0100

    Merge branch 'main' into next

commit 4879f22
Merge: f2b033a fdb003a
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Wed Sep 6 10:13:11 2023 +0100

    Merge branch 'next' into tinymce6

commit fdb003a
Merge: 6e42c67 0f032f3
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Tue Sep 5 10:20:13 2023 +0100

    Merge branch 'main' into next

commit 6e42c67
Merge: bfd49a9 8558c35
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Mon Sep 4 14:54:15 2023 +0100

    Merge branch 'main' into next

commit bfd49a9
Merge: c55ecea 10b63c1
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Thu Aug 31 18:25:16 2023 +0100

    Merge branch 'main' into next

commit c55ecea
Merge: 94b44ac 046450a
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Thu Aug 31 11:49:16 2023 +0100

    Merge branch 'main' into next

commit f2b033a
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Wed Aug 30 15:26:43 2023 +0100

    TinyMCE 6.7.0

commit 94b44ac
Merge: aaa410d 2a2a2fb
Author: Colin Mollenhour <colin@mollenhour.com>
Date:   Tue Aug 29 11:38:49 2023 -0400

    Merge remote-tracking branch 'openmage/main' into next

commit b8b39a3
Merge: b832fc5 aaa410d
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Tue Aug 29 10:28:23 2023 +0300

    Merge branch 'next' into tinymce6

commit aaa410d
Merge: d633770 621f21f
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Tue Aug 29 08:28:06 2023 +0100

    Merge branch 'main' into next

commit b832fc5
Author: Tony <github@magemega.com>
Date:   Fri Aug 25 13:11:29 2023 +0200

    fix openmage plugins breaks help (OpenMage#20)

commit 2cd4e0a
Author: Tony <github@magemega.com>
Date:   Wed Aug 23 11:53:50 2023 +0200

    fix icon openmagevariable (OpenMage#19)

commit 3a2ff97
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Wed Aug 23 09:33:17 2023 +0100

    Fixed "api.setActive is not a funcion"

commit 37f44a2
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Wed Aug 23 09:13:52 2023 +0100

    Fixed widget label

commit 0bc43f4
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Tue Aug 22 15:05:46 2023 +0100

    New layout for menus and menubars

commit 5dd9689
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Mon Aug 21 13:24:43 2023 +0100

    Toolbar mode scrolling

commit 1658ac3
Merge: 51f9491 d633770
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Mon Aug 21 12:46:39 2023 +0300

    Merge branch 'next' into tinymce6

commit d633770
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Mon Aug 21 12:17:37 2023 +0300

    RWD: removed enquire.js and converted to window.matchMedia (OpenMage#3208)

    Co-authored-by: Justin Beaty <51970393+justinbeaty@users.noreply.github.com>

commit 51f9491
Merge: fd09b2f 15ffca5
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Mon Aug 21 11:13:33 2023 +0300

    Merge branch 'next' into tinymce6

commit 15ffca5
Merge: 146e878 e266417
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Mon Aug 21 09:13:02 2023 +0100

    Merge branch 'main' into next

commit fd09b2f
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Sun Aug 20 19:39:00 2023 +0100

    removed emoticons plugin, it is useless since our DB is not utf8mb4

commit 2d1c88e
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Sun Aug 20 17:54:18 2023 +0200

    more similar formatting between these two files

commit 7737fec
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Sun Aug 20 17:34:01 2023 +0200

    removed openmage colors from variables/widgets icons

commit 9247d52
Author: Tony <github@magemega.com>
Date:   Sun Aug 20 11:31:09 2023 +0200

    add searchandreplace, embedded media, fontfamily (OpenMage#18)

commit b4e4840
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Tue Aug 15 10:44:45 2023 +0200

    tinymce 6.6.2

commit 1eb6a06
Merge: 9b48a81 146e878
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Tue Aug 15 11:41:58 2023 +0300

    Merge branch 'next' into tinymce6

commit 9b48a81
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Tue Aug 15 10:41:23 2023 +0200

    Fixed php82 bug

commit 146e878
Merge: 9c7f6de 1668e3d
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Tue Aug 15 10:29:59 2023 +0200

    Merge branch main

commit a5941cd
Author: Tony <github@magemega.com>
Date:   Tue Aug 8 22:18:49 2023 +0200

    restore sysconfig original behavior (OpenMage#17)

commit d739ce3
Author: Tony <github@magemega.com>
Date:   Tue Aug 8 12:56:56 2023 +0200

    fix tab changed on first load (OpenMage#16)

commit d2cdcca
Author: Tony <github@magemega.com>
Date:   Tue Aug 8 09:25:26 2023 +0200

    set min-height (OpenMage#15)

commit 18f4196
Author: Tony <github@magemega.com>
Date:   Mon Aug 7 23:07:22 2023 +0200

    Fix prototype errors in chrome

commit 750a10c
Author: Tony <github@magemega.com>
Date:   Mon Aug 7 09:07:20 2023 +0200

    Tinymce skin config (OpenMage#13)

    * fix insert variable

    * temporary disable openmage widgets

    * fix insert widget

    * rebrand openmage variables

    * fix media browser callback

    * clean

    * removed empty lines

    * removed empty line

    * here we need the empty newline char ehhehe

    * we need newline at the end of the file

    * set toolbar buttons

    * reorder and fix

    * add skin default dark / draft the language support

    * stylish openmage widget

    * phpcs

    * vscode fucking things

    * first attempt to fix translator

    * fix system config multiple values depends

    * add tinymce skins to config

    * fix multiple alert errors in chrome

    * fix multiple alert errors in chrome

    * restore

    * copyright

    * tinymce-5 default skin

    ---------

    Co-authored-by: Fabrizio Balliano <fabrizio.balliano@gmail.com>

commit 3d36452
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Sun Aug 6 10:36:18 2023 +0200

    languages

commit 9b80c42
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Sun Aug 6 10:36:00 2023 +0200

    languages

commit 11d3133
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Sun Aug 6 09:52:07 2023 +0200

    removed custom css

commit 218a0f1
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Sun Aug 6 09:41:04 2023 +0200

    small cleanup

commit a7f3026
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Sun Aug 6 09:39:43 2023 +0200

    small cleanup

commit fb7d6cb
Merge: 885a440 9c7f6de
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Sun Aug 6 09:33:44 2023 +0200

    Merge branch next

commit 885a440
Author: Tony <github@magemega.com>
Date:   Sun Aug 6 09:31:26 2023 +0200

    fix tinymce openmage variable and widget plugins and toolbar buttuns (OpenMage#12)

    * fix insert variable

    * temporary disable openmage widgets

    * fix insert widget

    * rebrand openmage variables

    * fix media browser callback

    * clean

    * removed empty lines

    * removed empty line

    * here we need the empty newline char ehhehe

    * we need newline at the end of the file

    * set toolbar buttons

    * reorder and fix

    * add skin default dark / draft the language support

    * stylish openmage widget

    * phpcs

    ---------

    Co-authored-by: Fabrizio Balliano <fabrizio.balliano@gmail.com>

commit 4cbdd82
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Wed Aug 2 17:47:25 2023 +0100

    updated to 6.6.1

commit 9c7f6de
Merge: 4e8d0e5 d8cf078
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Fri Jul 28 09:30:30 2023 +0100

    Merge branch 'main' into next

commit 4e8d0e5
Merge: 7754300 875661e
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Mon Jul 24 20:53:48 2023 +0100

    Merge branch 'main' into next

commit 7754300
Merge: 56fa540 f578a5c
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Mon Jul 24 14:53:23 2023 +0100

    Merge branch 'main' into next

commit 1069158
Author: Tony <tonyweboss@gmail.com>
Date:   Fri Jul 21 12:25:08 2023 +0100

    encode/decode images directives

commit 1f98220
Merge: 1408f42 56fa540
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Fri Jul 21 12:01:43 2023 +0100

    Merge branch 'next' into tinymce6

commit 56fa540
Merge: 2b58041 4840185
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Fri Jul 21 09:09:54 2023 +0100

    Merge branch 'main' into next

commit 2b58041
Merge: 94d69b5 8572935
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Wed Jul 19 16:24:05 2023 +0100

    Merge branch 'main' into next

commit 94d69b5
Merge: 5f3e3b0 0cb5439
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Wed Jul 19 13:36:44 2023 +0100

    Merge branch 'main' into next

commit 5f3e3b0
Author: luigifab <31816829+luigifab@users.noreply.github.com>
Date:   Mon Jul 17 12:48:52 2023 +0200

    Removed all deprecated _Mysql4_ classes (OpenMage#2730)

    * Remove Mysql4 class

    * Remove deprecatedNode

    * Rename class with Mysql4

    * Remove deprecatedNode compatibility

    * PHPStan update

    * Add migration script

    ---------

    Co-authored-by: Fabrizio Balliano <fabrizio.balliano@gmail.com>

commit 1408f42
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Sat Jul 15 22:57:29 2023 +0100

    updated to 6.6.0

commit bdcf3ff
Merge: c32e341 49951c1
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Sat Jul 15 22:53:54 2023 +0100

    merged branch next

commit 19048e0
Author: luigifab <31816829+luigifab@users.noreply.github.com>
Date:   Sat Jul 15 23:49:39 2023 +0200

    Remove onmouseover/onmouseout from adminhtml menu (OpenMage#2737)

    Co-authored-by: Fabrizio Balliano <fabrizio.balliano@gmail.com>

commit 49951c1
Merge: 54f8074 a508ae5
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Sat Jul 15 15:42:40 2023 +0100

    Merge branch 'main' into next

commit 54f8074
Merge: b836666 8aae6e2
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Wed Jul 12 13:08:11 2023 +0100

    Merge branch 'main' into next

commit b836666
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Tue Jul 11 10:25:33 2023 +0100

    Fixed PHPStan warnings for branch "next" (PHP 8.1) (OpenMage#3269)

commit 5ea608f
Merge: 68900aa c36f57d
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Tue Jul 11 10:17:04 2023 +0100

    Merge branch 'main' into next

commit 68900aa
Merge: 5711907 d8bd81b
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Mon Jul 10 15:31:27 2023 +0100

    Merge branch 'main' into next

commit 5711907
Merge: 80dae5c 6892dee
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Tue Jul 4 19:53:20 2023 +0100

    Merge branch 'main' into next

commit 80dae5c
Merge: eaca57c 2764d0c
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Mon Jul 3 20:10:25 2023 +0100

    Merge branch 'main' into next

commit eaca57c
Merge: f157bc4 b20f568
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Fri Jun 30 08:16:38 2023 +0100

    Merge branch 'main' into next

commit f157bc4
Merge: 7d8e8b3 752debd
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Tue Jun 27 09:22:55 2023 +0100

    Merge branch 'main' into next

commit 7d8e8b3
Merge: 4feffa3 97e200d
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Sun Jun 25 18:25:56 2023 +0100

    Merge branch 'main' into next

commit 4feffa3
Merge: 66c2c20 b4cee73
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Fri Jun 23 11:17:43 2023 +0100

    Merge branch 'main' into next

commit 66c2c20
Merge: 0e0617d 0992d8c
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Thu Jun 22 07:22:10 2023 +0200

    Merge branch 'main' into next

commit 0e0617d
Merge: cc78b50 9b8eded
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Wed Jun 21 11:56:10 2023 +0200

    Merge branch 'main' into next

commit cc78b50
Merge: cc8b6c2 15f7623
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Mon Jun 19 08:47:13 2023 +0100

    Merge branch 'main' into next

commit cc8b6c2
Merge: 6a36dd9 3b14b96
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Thu Jun 15 09:43:12 2023 +0100

    Merge branch 'main' into next

commit 6a36dd9
Merge: bfabcdf 3f07160
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Thu Jun 15 09:08:40 2023 +0100

    Merge branch 'main' into next

commit bfabcdf
Merge: 7145d4f f703211
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Wed Jun 14 23:21:54 2023 +0100

    Merge branch 'main' into next

commit 7145d4f
Merge: e3d1626 dc52061
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Mon Jun 12 12:08:26 2023 +0100

    Merge branch 'main' into next

commit e3d1626
Merge: b478bde 1431628
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Thu Jun 8 08:39:06 2023 +0200

    Merge branch 'main' into next

commit b478bde
Merge: a1a66eb 2f606b9
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Wed Jun 7 09:49:50 2023 +0200

    Merge branch 'main' into next

commit a1a66eb
Merge: b844f34 820a805
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Sun Jun 4 18:03:31 2023 +0200

    Merge branch 'main' into next

commit b844f34
Merge: a80a482 f8069c4
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Wed May 31 08:55:05 2023 +0200

    Merge branch 'main' into next

commit a80a482
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Wed May 31 08:54:09 2023 +0200

    Removed unnecessary auto_detect_line_endings (OpenMage#3283)

commit 4beb3d7
Merge: 1c93e5b 1f54fc7
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Tue May 30 17:14:03 2023 +0200

    Merge branch 'main' into next

commit 1c93e5b
Merge: d7a095d 68cb9ec
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Sun May 21 12:04:57 2023 +0100

    Merge branch 'main' into next

commit d7a095d
Merge: 4a2f1f4 d6927f9
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Thu May 18 22:16:36 2023 +0100

    Merge branch 'main' into next

commit 4a2f1f4
Merge: 29a8f2c ce8622c
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Tue May 16 16:30:34 2023 +0100

    Merge branch 'main' into next

commit 29a8f2c
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Tue May 16 15:25:23 2023 +0100

    RWD theme: updated jQuery to 3.7.0 (OpenMage#3204)

commit 8fb4c4c
Merge: 3a1f906 e0d615e
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Mon May 15 19:53:00 2023 +0100

    Merge branch 'main' into next

commit 3a1f906
Merge: d468bc2 00da425
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Mon May 15 15:10:59 2023 +0100

    Merge branch 'main' into next

commit c32e341
Merge: f584bfe d468bc2
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Mon May 15 10:56:40 2023 +0100

    Merge branch 'next' into tinymce6

commit d468bc2
Merge: 6fce49b f12eb44
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Mon May 15 09:03:02 2023 +0100

    Merge branch 'main' into next

commit 6fce49b
Merge: a07b648 63595d0
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Sat May 13 14:13:51 2023 +0100

    Merge branch 'main' into next

commit a07b648
Merge: bb9cfc1 c0d136a
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Sat May 13 13:06:58 2023 +0100

    Merge branch 'main' into next

commit bb9cfc1
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Sat May 13 11:37:02 2023 +0100

    Converted RWD's default logos to SVG (and removed some Magento names) (OpenMage#3148)

commit fe3980a
Merge: 27ae828 4da40b1
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Fri May 12 16:47:38 2023 +0100

    Merge branch 'main' into next

commit 27ae828
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Wed May 10 09:10:27 2023 +0100

    Removed unmatched errors from PHPStan baseline after PHP8.1 upgrade (OpenMage#3240)

commit 1c29995
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Tue May 9 20:49:13 2023 +0100

    Removed scriptaculous/dragdrop.js from frontend (OpenMage#3215)

commit f584bfe
Merge: 4dc6a93 1a3aefb
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Tue May 9 20:01:37 2023 +0100

    Merge branch 'tinymce6' of github.com:fballiano/openmage into tinymce6

commit 4dc6a93
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Tue May 9 20:01:30 2023 +0100

    fix for image upload when tinymce is not enabled

commit 1a3aefb
Merge: 437b4da 976591d
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Tue May 9 19:55:12 2023 +0100

    Merge branch 'next' into tinymce6

commit 976591d
Merge: a7413b8 460ce65
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Tue May 9 19:36:08 2023 +0100

    Merge branch 'main' into next

commit 437b4da
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Tue May 9 18:55:13 2023 +0100

    file selector starts to work

commit a7413b8
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Tue May 9 17:19:59 2023 +0100

    Removed double span element from HTML buttons (OpenMage#3123)

commit 318ff9f
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Tue May 9 16:47:28 2023 +0100

    close window image was ugly

commit d43ca5c
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Tue May 9 16:32:44 2023 +0100

    removed tinyMceEditors hash from prototypejs

commit 828ef09
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Tue May 9 16:00:15 2023 +0100

    Fixed showing of plugin buttons

commit 56908d5
Merge: 938aff0 15c441e
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Tue May 9 14:06:11 2023 +0100

    Merge branch 'tinymce6' of github.com:fballiano/openmage into tinymce6

commit 938aff0
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Tue May 9 14:05:55 2023 +0100

    upgraded to 6.4.2

commit 15c441e
Merge: 51f3fd9 36f4fdb
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Tue May 9 14:03:37 2023 +0100

    Merge branch 'next' into tinymce6

commit 36f4fdb
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Fri May 5 09:02:33 2023 +0200

    Github workflows now run on PHP 8.1 (OpenMage#3163)

commit b639beb
Merge: 0a16e58 6b683d7
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Thu May 4 11:21:23 2023 +0200

    Merge branch 'main' into next

commit 0a16e58
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Wed May 3 15:43:02 2023 +0200

    [BC] Unified CSRF configuration (OpenMage#3147)

commit 78bd803
Merge: 210aa81 d3dcc76
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Tue May 2 22:34:47 2023 +0200

    Merge branch 'main' into next

commit 210aa81
Merge: bad757d cefa503
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Sat Apr 29 18:05:40 2023 +0100

    Merge branch 'main' into next

commit 51f3fd9
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Wed Apr 26 15:37:25 2023 +0100

    something starts to work

commit 38e3527
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Tue Apr 25 18:22:50 2023 +0100

    renames plugin javascript files

commit a6ccefd
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Tue Apr 25 18:16:01 2023 +0100

    typo

commit 138fda1
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Tue Apr 25 18:14:05 2023 +0100

    typo

commit c87b2cd
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Tue Apr 25 18:12:41 2023 +0100

    Coverted part of the "variable" plugin

commit c8fe0b5
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Tue Apr 25 17:58:26 2023 +0100

    First test converting the plugins

commit 3683b2d
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Tue Apr 25 17:22:57 2023 +0100

    First commit

commit bad757d
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Tue Apr 25 13:52:55 2023 +0100

    PHP8.1 is now the minimum required version for OM v21 (OpenMage#3160)

commit 0db9446
Merge: 13926d8 cde7af5
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Tue Apr 25 13:35:41 2023 +0100

    Merge branch 'main' into next

commit 13926d8
Merge: 62c3715 c71585a
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Sun Apr 23 00:28:23 2023 +0100

    Merge branch 'main' into next

commit 62c3715
Merge: 3775e0d 4874e5c
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Tue Apr 18 09:43:11 2023 +0100

    Merge branch 'main' into next

commit 3775e0d
Merge: 31601cb bd7d45a
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Thu Apr 13 15:52:09 2023 +0200

    Merge branch 'main' into next

commit 31601cb
Merge: 88a4156 f2f9f5d
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Thu Apr 13 15:49:44 2023 +0200

    Merge branch 'main' into next

commit 88a4156
Merge: eaa1b47 81702bc
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Thu Apr 13 15:19:49 2023 +0200

    Merge branch 'main' into next

commit eaa1b47
Author: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date:   Mon Apr 10 22:36:49 2023 +0100

    [BC] Added form key validation to Contacts form (OpenMage#3146)

    Co-authored-by: Mohamed ELIDRISSI <67818913+elidrissidev@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Component: Adminhtml Relates to Mage_Adminhtml Component: Checkout Relates to Mage_Checkout Component: Core Relates to Mage_Core documentation for previous versions Template : admin Relates to admin template translations Relates to app/locale
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants