Apply patches with composers post-install-cmd

magento2_teaser_patch

I just want to introduce another approach that will apply Magento patches, in case your Magento instance isn’t hosted on Adobe’s Cloud infrastructure or can’t be applied as explained in How to apply a composer patch provided by Adobe for some reason.

1. Update your composer.json file

Add a new section scripts” at the end of your composer.json file and validate your file with composer validate.

If you see ./composer.json is valid you are good to move on. Btw. your composer.lock file doesn’t need to be updated.

2. Create a folder ./patches/

Create a folder ./patches/ or something similar and copy your *.patch file in there.

3. Test it

Run composer install and wait. Your script and patch should be executed after Generating autoload files just like in the below output.

4. Deploy it

Commit your changes ( composer.json and ./patches/ ) folder and run your deployment procedure.

That’s it!

Adobe APSB22-12 – Don’t panic!

magento2_teaser_patch

Adobe has released a critical security patch early this week on https://support.magento.com/hc/en-us/articles/4426353041293-Security-updates-available-for-Adobe-Commerce-APSB22-12– and https://helpx.adobe.com/security/products/magento/apsb22-12.html.

Of course, Adobe Commerce merchants and agencies are nervous and want to apply the security patch as soon as possible. However, I believe as long as your admin passwords are strong enough and you have control about your admin accounts, you shouldn’t be worried too much.

Here is why.

Let’s have a look at the content of the security patch.

The patch will update two files only that are responsible to process template variables such as email variables {{var logo_url}} or {{config path=”general/store_information/name”}} or variables within CMS pages or Static Blocks. The change is trivial and will wipe out unwanted content by using the pattern $pattern = ‘/{{.*?}}/’.

It basically means, in order to be able to exploit this issue, you must:

1. Know the admin url of a store
2. Have access to the Magento backend ( ideally admin privileges )
3. Know how to exploit the issue

So, as long as you maintain admin accounts regularly and know who is actively working in your backend, you should be fine.

However, if you have modules installed that add custom variables by injecting Magento\Email\Model\Template\Filter in combination with 3rd party services, you should probably go and install the patch with your next release.

Update: 2022/02/16

Code could possibly injected by using the customers billing or shipping address ( e.g {{trans “%name,” name=$order.getBillingAddress().getName()}} ) depending on how strong form validation is in the front-end ( My Account > Addresses or Checkout ).

Missing required argument $name of Xtento\ProductExport\Logger\Logger.

If you are using Xtento in combination with an automated product importer, you may have seen the following error before.

The error message appears right after saving a product. The reason is that, at least one of your products in Products > Catalog has no Name. To fix this, you can update the name manually via MySQL queries or simply delete the products and import again correctly.

Captcha Test For Your Contact Form

The following PHP script allows you to test your contact form captcha integration in Magento. If you receive any email after executing this script, you have to review your captcha integration.

You may need to add, remove or rename fields in the $field array. Don’t forget to replace {base_url} with your actual URL.

Broken Admin Panel after SUPEE-8788

After the installation of patch SUPEE-8788 in Magento 1.9.0.1 I have experienced a broken product edit form in Catalog > Manage Products > { select any product } > Edit Product. Every time when I tried to edit a product it was logging the following error message.

I have found a community extension in my project which was causing the problem by rewriting the complete class Mage_Catalog_Helper_Image. With diff I was able to identify all changes which I needed to copy from core to the community extension.

I just added the missing constant

and updated the method validateUploadFile().

Find Missing Or Not Readable Product Image Files

With the following script you can detect missing or not readable image files, based on your product collection. Good before project launch or after product imports.

Find the Gist here.

Automatically Update The Year In The Footer

Magento Footer Copyright

In most of the projects that I am working on, it is still common practice to have the current year of the copyright text stored in System > Configuration > General > Design > Footer.

That means, every year somebody has to change the year manually. This is very time consuming, especially if you have to manage ten, twenty or more clients. Here is a quick example of how you can make it dynamic.

1. Set a custom string such as {YEAR}

Edit your footer in System > Configuration > General > Design > Footer and place the {YEAR} somewhere.

2. Replace the {YEAR}

Edit your footer.phtml in your package and replace getCopyright as shown below. For the year I am using Mage::getModel(‘core/date’) to have the correct timezone included.

File: ./app/design/frontend/{package}/default/template/page/html/footer.phtml

 

Algolia 1.6.1 or higher automatically update the product index

Algolia Indexing Operation

Algolia 1.6.1 or higher comes with a new feature that automatically updates your product index, every time you save a category. The disadvantage is that it will also update the product index, even if you just change an attribute which has nothing to do with URL rewrites or something else that can break search results. This can increase your indexing operations rapidly, therefore your monthly bills from Algolia as well.

Algolia System Configuration

To prevent unnecessary indexing, you should disable the new feature in System > Configuration > Algolia Search 1.x > Advanced > Update product on category products update and manage indexing manually with System > Index Management or simply with cron jobs.

Programmatically Create a Gift Card for Magestore Gift Card Module

This is a quick example of how you can programmatically create a code for Magestore’s Gift Card module.

1. Create the Gift Card

2. Link the Gift Card to a Customer

In order to be able to see the Gift Card in My Account > Gift Card you need to create a reference between Gift Card and a customer id. This is something you can do right after the Gift Voucher was successfully created.

Nginx and Cached CSS / JS files

Yesterday I had a pretty hard time with cached CSS / JS files on my developer environment. I supposed to review layout changes, but I always got the old CSS files. I have spent about 2 hours to find the reason. At the end the solution was to turn off the syscall sendfile in my virtual host configuration.

If you use Nginx as a reverse proxy to serve pages from an application server, you can leave sendfile turned off.