Skip to content

Instantly share code, notes, and snippets.

View Vinai's full-sized avatar

Vinai Kopp Vinai

895 followers · 17 following
View GitHub Profile
@jellesiderius
jellesiderius / TrojanOrders-exploit.patch
Last active December 9, 2022 15:15
Quick fix for trojan order exploit in 2.4.5-p1 and below
--- a/vendor/magento/module-sales/Model/Order/Email/Sender.php
+++ b/vendor/magento/module-sales/Model/Order/Email/Sender.php
@@ -73,6 +73,20 @@
*/
protected function checkAndSend(Order $order)
{
+ $possibleExploitTags = ['{{', '}}', '()', '.()', 'base64_', 'this.', 'addAfterFilterCallback', '.filter', '.Filter', 'getTemplateFilter'];
+ $addressArray = $order->getAddressesCollection()->toArray()['items'];
+ $addressStringCombined = "";
+ foreach ($addressArray as $addressArrayItem) {
@jrosell
jrosell / tasks.json
Last active August 28, 2020 18:13
Visual Studio Code startup task for cache-clean.js on Magento 2. Please, Ctrl+shift+P to select Tasks: Manage Automatic Tasks in Folder and choose "Allow Automatic Tasks in folder
{
"version": "2.0.0",
"tasks": [
{
"label": "cache-clean.js",
"type": "shell",
"command": "~/.config/composer/vendor/bin/cache-clean.js --watch",
"presentation": {
"reveal": "always",
"panel": "dedicated"
@ProcessEight
ProcessEight / Testing in Magento 2.md
Last active February 7, 2024 14:42
M2: Notes on setting up PHPUnit and writing/troubleshooting tests in Magento 2
@IvanChepurnyi
IvanChepurnyi / optimize-composer.sh
Created September 30, 2016 16:00
Optimizes autoloader for the best performance on production system
#!/bin/bash
magentodir=$1
cd $magentodir
read -d '' script << PHP
<?php
\$composer = json_decode(file_get_contents('composer.json'), true);
if (!is_array(\$composer['autoload']['psr-0'][''])) {
@turanct
turanct / functional-tests.php
Created February 11, 2015 14:50
Simple test framework, functional programming style
<?php
function within($topic, ...$features)
{
return function($do = 'getFailedAssertions') use ($topic, $features) {
if ($do === 'getName') {
return $topic;
} elseif ($do === 'getFailedAssertions') {
return array_reduce(
$features,
@bastianccm
bastianccm / persistent.php
Created July 2, 2014 12:29
Persistent Magento
<?php
// put in magento root folder
// run via
// rm /tmp/magento; php persistent.php
// output is in /tmp/magento.log
function plog($msg) {
file_put_contents('/tmp/magento.log', date('H:i:s') . ': ' . $msg . PHP_EOL, FILE_APPEND);
}
@SchumacherFM
SchumacherFM / Stats.md
Last active October 9, 2018 05:47
Comparing different storage systems for Magento

Magento Caching Test

Testing three type of caches: persistent, non-persistent and two-level.

Prerequisites

  • MacBook Air
  • 13-inch, Mid 2012
  • Processor 1.8 GHz Intel Core i5
  • Memory 8 GB 1600 MHz DDR3
@tmbritton
tmbritton / casper.js test test
Created January 30, 2014 04:57
casper.js testing test
/**
* Casper.js testing test
*/
var testSuite = {
config: {
baseUrl: 'http://www.wholefoodsmarket.com',
},
googleTest: function(){
@edannenberg
edannenberg / magentrolol.md
Last active January 26, 2017 17:41
Magento 1.8.x tax calculation when using prices including tax.

We upgraded to 1.8 a couple of weeks ago, today i had to investigate this little gem:

trolol

The issue was reproducable by adding 3 of the above items to the cart, checking the db confirmed that the 2nd quote item already had the wrong tax value.

Digging down the culprit turned out to be in Mage_Tax_Model_Sales_Total_Quote_Subtotal and Mage_Tax_Model_Sales_Total_Quote_Tax:

collect() will call for each quote item:

@drewdhunter
drewdhunter / Magento - core code pre commit hook
Last active December 31, 2015 20:08
Pre commit hook useful for Magento projects
#!/usr/bin/env bash
set -eu
declare -a file_patterns=('app/code/core' 'app/Mage.php$' '^index.php$')
exit_status=0
while read x file; do
for file_pattern in ${file_patterns[@]}; do
if [[ $file =~ $file_pattern ]]; then