Apply patches with composers post-install-cmd

magento2_teaser_patch

I just want to introduce another approach that will apply Magento patches, in case your Magento instance isn’t hosted on Adobe’s Cloud infrastructure or can’t be applied as explained in How to apply a composer patch provided by Adobe for some reason.

1. Update your composer.json file

Add a new section scripts” at the end of your composer.json file and validate your file with composer validate.

If you see ./composer.json is valid you are good to move on. Btw. your composer.lock file doesn’t need to be updated.

2. Create a folder ./patches/

Create a folder ./patches/ or something similar and copy your *.patch file in there.

3. Test it

Run composer install and wait. Your script and patch should be executed after Generating autoload files just like in the below output.

4. Deploy it

Commit your changes ( composer.json and ./patches/ ) folder and run your deployment procedure.

That’s it!

Adobe APSB22-12 – Don’t panic!

magento2_teaser_patch

Adobe has released a critical security patch early this week on https://support.magento.com/hc/en-us/articles/4426353041293-Security-updates-available-for-Adobe-Commerce-APSB22-12– and https://helpx.adobe.com/security/products/magento/apsb22-12.html.

Of course, Adobe Commerce merchants and agencies are nervous and want to apply the security patch as soon as possible. However, I believe as long as your admin passwords are strong enough and you have control about your admin accounts, you shouldn’t be worried too much.

Here is why.

Let’s have a look at the content of the security patch.

The patch will update two files only that are responsible to process template variables such as email variables {{var logo_url}} or {{config path=”general/store_information/name”}} or variables within CMS pages or Static Blocks. The change is trivial and will wipe out unwanted content by using the pattern $pattern = ‘/{{.*?}}/’.

It basically means, in order to be able to exploit this issue, you must:

1. Know the admin url of a store
2. Have access to the Magento backend ( ideally admin privileges )
3. Know how to exploit the issue

So, as long as you maintain admin accounts regularly and know who is actively working in your backend, you should be fine.

However, if you have modules installed that add custom variables by injecting Magento\Email\Model\Template\Filter in combination with 3rd party services, you should probably go and install the patch with your next release.

Update: 2022/02/16

Code could possibly injected by using the customers billing or shipping address ( e.g {{trans “%name,” name=$order.getBillingAddress().getName()}} ) depending on how strong form validation is in the front-end ( My Account > Addresses or Checkout ).

Magento Cloud – sendmail: /etc/msmtprc: line 6: command host needs an argument

Magento2 Teaser

This morning I ran a deployment on a fresh Magento Cloud environment and suddenly got the below SMTP error right after setup:upgrade, which was very unusual.

I had a look at the recent changes and found a mail() function in the modules InstallSchema.php script.

In this particular case, a 3rd party module developer has implemented a tracking system to notify his agency about new module installations. It may work on some hosting platforms, but obviously not on Magento Cloud during the build process.

October CMS – Widget OC Media Manager

October CMS Logo

If you work with the form elements fileupload or mediafinder in combination with user admin roles ( Settings > Administrators ) you may end up with the following error while saving a model.

In order to fix that, you must review the permissions of your admin user account for Upload and manage media contents – images, videos, sounds, documents. and select Allow or Inherit, depending on how you setup your roles.

October CMS - Admin User Roles Media

After saving the permissions, you should be able to upload or select an image and save the model.

October CMS – How To Fix Broken Thumbnails

October CMS Logo

I recently started setting up a dockerized October CMS environment based on Alpine Linux, MariaDB and PHP-FPM which was actually a very straightforward process. However, for some reason the integrated image resizer didn’t create thumbnails of uploaded images.

October CMS - Broken Thumbnail Image

Unfortunately there was nothing in the log files which could help me to identify the cause of the problem. After checking the file permissions, I decided to trace back the issue and found the reason in file vendor/october/rain/src/Database/Attach/Resizer.php.

The method getMimeType() returned always null, which broke the entire image manipulation process.

After a quick research I found out that getMimeType requires php_fileinfo which I simply forgot to set in my Dockerfile. After adding php7-fileinfo and rebuilding the container, the issue was finally fixed.

 

Notice: Use of undefined constant T_CURLY_OPEN – assumed ‘T_CURLY_OPEN’ in /var/www/src/setup/src/ Magento/Setup/Module/ Di/Code/Reader/FileClassScanner.php on line 72

Today I finally had some time to cleaned up my Dockerfile for Magento 2. I am using Alpine Linux for most of my Magento 2 projects which usually includes NGINX, PHP-FPM and MariaDB.

While testing my updated Dockerfile I came across the following PHP notice which prevented the deployment scripts from finishing the Magento 2 setup.

The problem was simply a missing PHP extension php7.1-tokenizer which has resolved the issue after re-creating the container with –build.

 

PHP message: PHP Fatal error: Interface ‘SessionHandlerInterface’ not found in /var/www/src/vendor/ laravel/framework/src/Illuminate/Session/FileSessionHandler.php on line 10

Today I successfully installed my first October CMS project locally via composer / command line. The installation was pretty straightforward and worked surprisingly well on my Alpine Linux docker container which includes NGINXPHP-FPM and MariaDB.

However, when I tried to open the front-end I got the following error.

After a quick research I found the solution on Stackoverflow. I basically forgot to install the PHP extension php7-session inside my docker container. I manually installed the missing extension, but also updated my Dockerfile in case I have to rebuild my container.

After that I manually killed all PHP processes to make sure php-fpm loads the new extension with the next page reload.

 

UI Components and searchResultToOutput in Magento2

Today I had to fix the following issue in a custom module. The error appeared on the UI Component list view.

I found the reason of the problem in the di.xml file. All what was missing was the following virtualType node. After adding this and re-compiling the code, the list view was fixed.

UI Component Listing And Not registered handle in Magento2

Today I created a new listing for a custom module, but unfortunately all what I got was the error message below.

After digging around for few minutes I noticed the above handler was actually missing in the di.xml file. I simply added the following collections argument and re-compiled the code.

All good!

Missing required argument $name of Xtento\ProductExport\Logger\Logger.

If you are using Xtento in combination with an automated product importer, you may have seen the following error before.

The error message appears right after saving a product. The reason is that, at least one of your products in Products > Catalog has no Name. To fix this, you can update the name manually via MySQL queries or simply delete the products and import again correctly.