Merge branch 'next' into tinymce6

README.md

@@ -267,6 +267,15 @@ If you see SQL errors after upgrading please remember to check for this specific
 
 UPS shut down their old CGI APIs so we removed the support for it from the Mage_Usa module.
 
+### Between OpenMage 20.x and 21.x (unreleased, available on branch `next`)
+
+- PHP 8.1 as minimum required version
+- Removed scriptaculous/dragdrop.js (#3215)
+- RWD theme: updated jQuery to 3.7.0 (#3204)
+- Unified CSRF configuration (#3147) and added form key validation to Contacts form (#3146)
+- Removed double span element from HTML buttons (#3123)
+- Removed all deprecated Mysql4_ classes (#2730). If there are any old modules/extensions in your installation that use such classes, you must run `shell/rename-mysql4-class-to-resource.php` in the command line in order to convert them. Backup all files before running the script
+
 ### New Config Options
 
 - `admin/design/use_legacy_theme`

app/code/core/Mage/Api/Model/Server/Adapter/Jsonrpc.php

@@ -0,0 +1,103 @@
+<?php
+/**
+ * OpenMage
+ *
+ * This source file is subject to the Open Software License (OSL 3.0)
+ * that is bundled with this package in the file LICENSE.txt.
+ * It is also available at https://opensource.org/license/osl-3-0-php
+ *
+ * @category   Mage
+ * @package    Mage
+ * @copyright  Copyright (c) 2006-2020 Magento, Inc. (https://www.magento.com)
+ * @copyright  Copyright (c) 2020 The OpenMage Contributors (https://www.openmage.org)
+ * @license    https://opensource.org/licenses/osl-3.0.php  Open Software License (OSL 3.0)
+ */
+
+/**
+ * @category   Mage
+ * @package    Mage_Api
+ */
+class Mage_Api_Model_Server_Adapter_Jsonrpc extends Varien_Object implements Mage_Api_Model_Server_Adapter_Interface
+{
+    protected $_jsonRpc = null;
+
+    /**
+     * Set handler class name for webservice
+     *
+     * @param string $handler
+     * @return $this
+     */
+    public function setHandler($handler)
+    {
+        $this->setData('handler', $handler);
+        return $this;
+    }
+
+    /**
+     * Retrieve handler class name for webservice
+     *
+     * @return string
+     */
+    public function getHandler()
+    {
+        return $this->getData('handler');
+    }
+
+    /**
+     * Set webservice api controller
+     *
+     * @param Mage_Api_Controller_Action $controller
+     * @return $this
+     */
+    public function setController(Mage_Api_Controller_Action $controller)
+    {
+        $this->setData('controller', $controller);
+        return $this;
+    }
+
+    /**
+     * Retrieve webservice api controller. If no controller have been set - emulate it by the use of Varien_Object
+     *
+     * @return Mage_Api_Controller_Action|Varien_Object
+     */
+    public function getController()
+    {
+        $controller = $this->getData('controller');
+
+        if (null === $controller) {
+            $controller = new Varien_Object(
+                array('request' => Mage::app()->getRequest(), 'response' => Mage::app()->getResponse())
+            );
+
+            $this->setData('controller', $controller);
+        }
+        return $controller;
+    }
+
+    /**
+     * Run webservice
+     *
+     * @return $this
+     */
+    public function run()
+    {
+        $this->_jsonRpc = new Zend_Json_Server();
+        $this->_jsonRpc->setClass($this->getHandler());
+        $this->getController()->getResponse()
+            ->clearHeaders()
+            ->setHeader('Content-Type', 'application/json; charset=utf8')
+            ->setBody($this->_jsonRpc->handle());
+        return $this;
+    }
+
+    /**
+     * Dispatch webservice fault
+     *
+     * @param int $code
+     * @param string $message
+     */
+    public function fault($code, $message)
+    {
+        throw new Zend_Json_Exception($message, $code);
+    }
+}

app/code/core/Mage/Api/Model/Server/Handler/Abstract.php

@@ -35,9 +35,9 @@ public function __construct()
      * @param string $errorFile
      * @return bool
      */
-    public function handlePhpError($errorCode, $errorMessage, $errorFile)
+    public function handlePhpError($errorCode, $errorMessage, $errorFile, $errLine)
     {
-        Mage::log($errorMessage . $errorFile);
+        Mage::log($errorMessage . ' in ' . $errorFile . ' on line ' . $errLine, Zend_Log::ERR);
         if (in_array($errorCode, [E_ERROR, E_USER_ERROR, E_RECOVERABLE_ERROR])) {
             $this->_fault('internal');
         }
@@ -225,6 +225,10 @@ public function login($username, $apiKey = null)
      */
     public function call($sessionId, $apiPath, $args = [])
     {
+        // Allow insta-login via HTTP Basic Auth
+        if ($sessionId === null && ! empty($_SERVER['PHP_AUTH_USER']) && ! empty($_SERVER['PHP_AUTH_PW'])) {
+            $sessionId = $this->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
+        }
         $this->_startSession($sessionId);
 
         if (!$this->_getSession()->isLoggedIn($sessionId)) {
@@ -309,6 +313,10 @@ public function call($sessionId, $apiPath, $args = [])
      */
     public function multiCall($sessionId, array $calls = [], $options = [])
     {
+        // Allow insta-login via HTTP Basic Auth
+        if ($sessionId === null && ! empty($_SERVER['PHP_AUTH_USER']) && ! empty($_SERVER['PHP_AUTH_PW'])) {
+            $sessionId = $this->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
+        }
         $this->_startSession($sessionId);
 
         if (!$this->_getSession()->isLoggedIn($sessionId)) {
@@ -437,6 +445,10 @@ public function multiCall($sessionId, array $calls = [], $options = [])
      */
     public function resources($sessionId)
     {
+        // Allow insta-login via HTTP Basic Auth
+        if ($sessionId === null && ! empty($_SERVER['PHP_AUTH_USER']) && ! empty($_SERVER['PHP_AUTH_PW'])) {
+            $sessionId = $this->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
+        }
         $this->_startSession($sessionId);
 
         if (!$this->_getSession()->isLoggedIn($sessionId)) {
@@ -501,6 +513,10 @@ public function resources($sessionId)
      */
     public function resourceFaults($sessionId, $resourceName)
     {
+        // Allow insta-login via HTTP Basic Auth
+        if ($sessionId === null && ! empty($_SERVER['PHP_AUTH_USER']) && ! empty($_SERVER['PHP_AUTH_PW'])) {
+            $sessionId = $this->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
+        }
         $this->_startSession($sessionId);
 
         if (!$this->_getSession()->isLoggedIn($sessionId)) {
@@ -537,6 +553,10 @@ public function resourceFaults($sessionId, $resourceName)
      */
     public function globalFaults($sessionId)
     {
+        // Allow insta-login via HTTP Basic Auth
+        if ($sessionId === null && ! empty($_SERVER['PHP_AUTH_USER']) && ! empty($_SERVER['PHP_AUTH_PW'])) {
+            $sessionId = $this->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
+        }
         $this->_startSession($sessionId);
         return array_values($this->_getConfig()->getFaults());
     }

app/code/core/Mage/Api/controllers/JsonrpcController.php

@@ -0,0 +1,29 @@
+<?php
+/**
+ * OpenMage
+ *
+ * This source file is subject to the Open Software License (OSL 3.0)
+ * that is bundled with this package in the file LICENSE.txt.
+ * It is also available at https://opensource.org/license/osl-3-0-php
+ *
+ * @category   Mage
+ * @package    Mage_Api
+ * @copyright  Copyright (c) 2006-2020 Magento, Inc. (https://www.magento.com)
+ * @copyright  Copyright (c) 2020-2022 The OpenMage Contributors (https://www.openmage.org)
+ * @license    https://opensource.org/licenses/osl-3.0.php  Open Software License (OSL 3.0)
+ */
+
+/**
+ * Webservice main controller
+ *
+ * @category   Mage
+ * @package    Mage_Api
+ */
+class Mage_Api_JsonrpcController extends Mage_Api_Controller_Action
+{
+    public function indexAction()
+    {
+        $this->_getServer()->init($this, 'jsonrpc')
+            ->run();
+    }
+}

app/code/core/Mage/Api/etc/api.xml

@@ -58,6 +58,11 @@
                 <handler>default</handler>
                 <active>1</active>
             </xmlrpc>
+            <jsonrpc>
+                <model>api/server_adapter_jsonrpc</model>
+                <handler>default</handler>
+                <active>1</active>
+            </jsonrpc>
             <default>
                 <use>soap</use>
             </default>