The patch should not cause any issues due to the scope of changes: minor code correction in 3 files and noindex tag in 3 templates.
Note: Install this and any other missing patches with our Magento patch installation service or upgrade to OpenMage LTS v19.4.15 (released on August 26, 2021).
Download SUPEE-11295
Magento version | SUPEE-11295 | MD5 checksum |
---|---|---|
Magento CE 1.5.1.0 | SUPEE-11295 1.5.1.0 | b14496276a73077f1e2a378a87b64621 |
Magento CE 1.6.2.0 | SUPEE-11295 1.6.2.0 | 210159b6994c40a5c9661d0ae3486723 |
Magento CE 1.7.0.2 | SUPEE-11295 1.7.0.2 | b25eb12636dc2a3f94d0c14e3a32252d |
Magento CE 1.8.0.0 | SUPEE-11295 1.8.0.0 | c94959fce8689a441922dd8d8fb1bec8 |
Magento CE 1.8.1.0 | SUPEE-11295 1.8.1.0 | 01e10ceed1646a01eaae5e5a5e5c35b9 |
Magento CE 1.9.0.0 | SUPEE-11295 1.9.0.0 | 663f157a2cb2fab0e25ba41b9f483943 |
Magento CE 1.9.0.1 | SUPEE-11295 1.9.0.1 | d8c10ded1b396e8e0d168cf474bd90ba |
Magento CE 1.9.1.0 | SUPEE-11295 1.9.1.0 | 3256480bd36ce56d86abe5f24206c479 |
Magento CE 1.9.1.1 | SUPEE-11295 1.9.1.1 | ba20782c54810aec0ecdfbc2fa5c618c |
Magento CE 1.9.2.0 | SUPEE-11295 1.9.2.0 | 9f39d72e5dd0eeca2ef84697dc1dab19 |
Magento CE 1.9.2.1 | SUPEE-11295 1.9.2.1 | e79a45780f01e9a802ca3612a24052a5 |
Magento CE 1.9.2.2 | SUPEE-11295 1.9.2.2 | e3b997e45d2022277e804d77f10049da |
Magento CE 1.9.2.3 | SUPEE-11295 1.9.2.3 | 0efb4181214f895e6d4fe3d599e2349f |
Magento CE 1.9.2.4 | SUPEE-11295 1.9.2.4 | 7d3d69e5be9a50b600455ce920481c62 |
Magento CE 1.9.3.0 | SUPEE-11295 1.9.3.0 | 8877f10762ae7b0182b6e16b10907b83 |
Magento CE 1.9.3.1 | SUPEE-11295 1.9.3.1 | a93eced94fedf65c7a75872af66019f4 |
Magento CE 1.9.3.2 | SUPEE-11295 1.9.3.2 | e3d6bba517f904bd11eaecf4840770fa |
Magento CE 1.9.3.3 | SUPEE-11295 1.9.3.3 | f6a1807f9a70170243eca908548c9006 |
Magento CE 1.9.3.4 | SUPEE-11295 1.9.3.4 | c34fe793626b8619919e10b4f32a923a |
Magento CE 1.9.3.6 | SUPEE-11295 1.9.3.6 | 7221d10de33b15c69a04d205c709a109 |
Magento CE 1.9.3.7 | SUPEE-11295 1.9.3.7 | fbdaf46a9f70ff18ea4ef27dba1e94ea |
Magento CE 1.9.3.8 | SUPEE-11295 1.9.3.8 | fcb55c20f05108f6296e6a3b0754cac6 |
Magento CE 1.9.3.9 | SUPEE-11295 1.9.3.9 | bad5cda6d182acfb7e03e5016b24ab51 |
Magento CE 1.9.3.10 | SUPEE-11295 1.9.3.10 | f14da1d10e2a3432b8feebf5a6d8bff7 |
Magento CE 1.9.4.0 | SUPEE-11295 1.9.4.0 | fdd5b15796c76d5681fe27b9a7d580b5 |
Magento CE 1.9.4.1 | SUPEE-11295 1.9.4.1 | ff75a4e70ce85d37b3773191a0da8e36 |
Magento CE 1.9.4.2 | SUPEE-11295 1.9.4.2 | 842fa0bd01ae3a2731659517aad83b6c |
Magento CE 1.9.4.3 | SUPEE-11295 1.9.4.3 | 889313a61fc9d91aa4eccae62c3b209c |
Magento CE 1.9.4.4 | the patch is already included | |
OpenMage v19.4.3 | the patch is already included |
diff --git app/code/core/Mage/Adminhtml/Block/Catalog/Product/Helper/Form/Gallery/Content.php app/code/core/Mage/Adminhtml/Block/Catalog/Product/Helper/Form/Gallery/Content.php index ff633cee5eb..5dab2f1e7d5 100644 --- app/code/core/Mage/Adminhtml/Block/Catalog/Product/Helper/Form/Gallery/Content.php +++ app/code/core/Mage/Adminhtml/Block/Catalog/Product/Helper/Form/Gallery/Content.php @@ -55,7 +55,10 @@ class Mage_Adminhtml_Block_Catalog_Product_Helper_Form_Gallery_Content extends M $this->getUploader()->getUploaderConfig() ->setFileParameterName('image') - ->setTarget(Mage::getModel('adminhtml/url')->addSessionParam()->getUrl('*/catalog_product_gallery/upload')); + ->setTarget(Mage::getModel('adminhtml/url')->addSessionParam()->getUrl( + '*/catalog_product_gallery/upload', + array('_query' => false) + )); $browseConfig = $this->getUploader()->getButtonConfig(); $browseConfig diff --git app/code/core/Mage/Adminhtml/Block/Cms/Wysiwyg/Images/Content/Uploader.php app/code/core/Mage/Adminhtml/Block/Cms/Wysiwyg/Images/Content/Uploader.php index 7db75d0dbda..81c26e23349 100644 --- app/code/core/Mage/Adminhtml/Block/Cms/Wysiwyg/Images/Content/Uploader.php +++ app/code/core/Mage/Adminhtml/Block/Cms/Wysiwyg/Images/Content/Uploader.php @@ -44,7 +44,10 @@ class Mage_Adminhtml_Block_Cms_Wysiwyg_Images_Content_Uploader extends Mage_Uplo $this->getUploaderConfig() ->setFileParameterName('image') ->setTarget( - Mage::getModel('adminhtml/url')->addSessionParam()->getUrl('*/*/upload', array('type' => $type)) + Mage::getModel('adminhtml/url')->addSessionParam()->getUrl( + '*/*/upload', + array('type' => $type, '_query' => false) + ) ); $this->getButtonConfig() ->setAttributes(array( diff --git app/code/core/Mage/Core/Model/Input/Filter/MaliciousCode.php app/code/core/Mage/Core/Model/Input/Filter/MaliciousCode.php index b3cadd0136e..1d6c97a0d5c 100644 --- app/code/core/Mage/Core/Model/Input/Filter/MaliciousCode.php +++ app/code/core/Mage/Core/Model/Input/Filter/MaliciousCode.php @@ -50,9 +50,9 @@ class Mage_Core_Model_Input_Filter_MaliciousCode implements Zend_Filter_Interfac //js in the style attribute '/style=[^<]*((expression\s*?\([^<]*?\))|(behavior\s*:))[^<]*(?=\>)/Uis', //js attributes - '/(ondblclick|onclick|onkeydown|onkeypress|onkeyup|onmousedown|onmousemove|onmouseout|onmouseover|onmouseup|onload|onunload|onerror|onanimationstart)\s*=[^>]*(?=\>)/Uis', + '/(ondblclick|onclick|onkeydown|onkeypress|onkeyup|onmousedown|onmousemove|onmouseout|onmouseover|onmouseup|onload|onunload|onerror|onanimationstart|onfocus|onloadstart|ontoggle)\s*=[^>]*(?=\>)/Uis', //tags - '/<\/?(script|meta|link|frame|iframe).*>/Uis', + '/<\/?(script|meta|link|frame|iframe|object).*>/Uis', //base64 usage '/src\s*=[^<]*base64[^<]*(?=\>)/Uis', //data attribute diff --git app/design/adminhtml/default/default/template/forgotpassword.phtml app/design/adminhtml/default/default/template/forgotpassword.phtml index d4728379944..6f67b165666 100644 --- app/design/adminhtml/default/default/template/forgotpassword.phtml +++ app/design/adminhtml/default/default/template/forgotpassword.phtml @@ -28,6 +28,7 @@ <html lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> + <meta name="robots" content="noindex, nofollow" /> <title><?php echo Mage::helper('adminhtml')->__('Log into Magento Admin Page'); ?></title> <link type="text/css" rel="stylesheet" href="<?php echo $this->getSkinUrl('reset.css'); ?>" media="all" /> <link type="text/css" rel="stylesheet" href="<?php echo $this->getSkinUrl('boxes.css'); ?>" media="all" /> diff --git app/design/adminhtml/default/default/template/login.phtml app/design/adminhtml/default/default/template/login.phtml index 49c2b81a674..463230b984e 100644 --- app/design/adminhtml/default/default/template/login.phtml +++ app/design/adminhtml/default/default/template/login.phtml @@ -28,6 +28,7 @@ <html xmlns="http://www.w3.org/1999/xhtml" lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> + <meta name="robots" content="noindex, nofollow" /> <title><?php echo Mage::helper('adminhtml')->__('Log into Magento Admin Page') ?></title> <link type="text/css" rel="stylesheet" href="<?php echo $this->getSkinUrl('reset.css') ?>" media="all" /> <link type="text/css" rel="stylesheet" href="<?php echo $this->getSkinUrl('boxes.css') ?>" media="all" /> diff --git app/design/adminhtml/default/default/template/page/head.phtml app/design/adminhtml/default/default/template/page/head.phtml index 3d3304428c7..e067095fae9 100644 --- app/design/adminhtml/default/default/template/page/head.phtml +++ app/design/adminhtml/default/default/template/page/head.phtml @@ -25,6 +25,7 @@ */ ?> <meta http-equiv="Content-Type" content="<?php echo $this->getContentType() ?>"/> +<meta name="robots" content="noindex, nofollow"/> <title><?php echo htmlspecialchars(html_entity_decode($this->getTitle())) ?></title> <link rel="icon" href="<?php echo $this->getSkinUrl('favicon.ico') ?>" type="image/x-icon"/> <link rel="shortcut icon" href="<?php echo $this->getSkinUrl('favicon.ico') ?>" type="image/x-icon"/> diff --git app/design/adminhtml/default/default/template/resetforgottenpassword.phtml app/design/adminhtml/default/default/template/resetforgottenpassword.phtml index 508ae90a822..dad1828a5cf 100644 --- app/design/adminhtml/default/default/template/resetforgottenpassword.phtml +++ app/design/adminhtml/default/default/template/resetforgottenpassword.phtml @@ -28,6 +28,7 @@ <html lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> + <meta name="robots" content="noindex, nofollow" /> <title><?php echo Mage::helper('adminhtml')->__('Reset a Password'); ?></title> <link type="text/css" rel="stylesheet" href="<?php echo $this->getSkinUrl('reset.css'); ?>" media="all" /> <link type="text/css" rel="stylesheet" href="<?php echo $this->getSkinUrl('boxes.css'); ?>" media="all" />