The recently released SUPEE-10415 patch introduced some changes relating to validation of the log file paths before writing to them (APPSEC-1913). There is one side affect of these changes that I’ve not seen anybody talking about so I thought I’d write this post. The consequence I’m refering to is caused by this change, in Mage.php:
For those of you that don’t know, the Magento routeing system is largely based on classes provided by Zend Framework 1. Whilst browsing through the code I came across something interesting in the method Zend_Controller_Request_Http::setRequestUri. What was interesting to me, was that it prioritises two headers (HTTP_X_ORIGINAL_URL and HTTP_X_REWRITE_URL) over REQUEST_URI. Why is that interesting?
With the recent simultaneous release of both Magento 1.9.3.0 and SUPEE-8788, I decided to take some time and review the differences between an upgrade to 1.9.3.0 and patching an existing 1.9.2.4 installation. I did a similar thing when SUPEE-7405 came out alongside 1.9.2.4 and found that the differences were minimal. In this instance, however, the
I recently spent some time investigating some strange, seemingly random issues with caches not being cleared when expected. This behaviour could not be replicated locally in my vagrant based development environment. The Magento site in question was running on multiple servers and using Redis as the caching mechanism. Whilst the development environment also used Redis,
I recently became aware of a vulnerability that appears to be present in a relatively high percentage of Magento stores, including stores that have applied all security patches released by Magento. The vulnerability is caused by 3 flash files being compiled with a vulnerable version of flex, the underlying issue with flex was assigned the
Anybody that has sat through an initial composer install of Magento 2 will know it’s slow. Very slow. Unbelievably slow in fact. The main reason for this is the sheer number of dependencies which it pulls in. I decided to do some profiling and see if I could improve performance.
Magento recently released their latest security patch (SUPEE-7405) and point release (1.9.2.3). This release fixes a variety of security issues. In addition to the security updates an additional patch SUPEE-7616 was released. This patch updates the USPS integration to be compatible with recent changes in the USPS API.
I recently ran into a problem whilst moving one of my extensions from it’s local environment to a remote staging site. It was a problem that took me an embarrassing amount of time to get to the bottom of. After fruitlessly checking for more complex issues I eventually realised that Mage::getModel was failing to load the model. After