Browsing articles in "Magento"
Nov 17, 2016
kalpesh

Magento: Multiple security vulnerabilities in Aheadworks Follow up Email extension

IMPORTANT: If you are using this extension in any of the Magento store, please patch or upgrade it immediately if you have not done it yet. You can find more details on the affected versions and patches here:
https://blog.aheadworks.com/2016/10/security-issue-follow-up-email-vulnerability/
https://blog.aheadworks.com/2016/10/follow-email-security-patch/

While modifying Aheadworks follow up extension on our store to meet our specific requirements, I discovered multiple security vulnerabilities in the extension. As the vulnerabilities were pretty serious, I immediately sent my discoveries to Magento team which they promptly sent to Aheadworks team. Aheadworks was quick enough to fix the vulnerabilities and rolled out the patches.

Link of the extension in Magento Marketplace:
https://marketplace.magento.com/aheadworks-follow-up-email.html
It allows store owners to send automated emails to customers who had abandoned their cart.
Aheadworks follow up email extension

All the below vulnerabilities were found in the extension.

1. SQL injection
2. Directory Traversal vulnerability
Attacker can traverse to any directory on the server. In earlier PHP versions (prior to 5.3.4), attacker can read any file on server including /etc/passwd
3. Unrestricted Directories creation
Attacker can create any number of directories and subdirectories with their desired name wherever web server has permissions

I will not disclose any technical details and PoC of the vulnerabilties here to prevent wild exploits on Magento websites having this extension installed.

Timeline:
Oct 6, 2016 – Discovered the SQL injection vulnerability
Oct 6, 2016 – Emailed the vulnerability to Magento security and marketplace team
Oct 7, 2016 – Emailed the vulnerability to Magento team
Oct 7, 2016 – Magento forwarded my discoveries to Aheadworks team
Oct 11, 2016 – Aheadworks released new version 3.6.6 and patch for older versions of the extension
Oct 25, 2016 – Found further vulnerabilities on the same controller action, this time Directory Traversal and Unrestricted Directories creation vulnerabilities
Oct 25, 2016 – Emailed the details to Magento team, they promptly notified to Aheadworks team
Oct 27, 2016 – Fixed the vulnerabilities in new version 3.6.7 and released the patch for older versions

Oct 13, 2015
kalpesh

Magento get all items in cart

Magento get all the items currently in cart programatically using below code. You can place it anywhere you wish to get information, phtml or php file. Instead of Mage::getSingleton(‘checkout/session’)->getQuote() you can also use Mage::getSingleton(‘checkout/cart’)->getQuote() to get same results. If you want to see what all product information is retrieved you can use $product->getData() inside the foreach loop to display in array format.

1
2
3
4
5
6
7
$cart = Mage::getSingleton('checkout/session')->getQuote();
//$cart->getAllItems() to get ALL items, parent as well as child, configurable as well as it's simple associated item
foreach ($cart->getAllVisibleItems() as $item) {
        $product = $item->getProduct();
    $name = $product->getName();
    $sku = $product->getSku();
}

If you want all the items in collection format, you can call below code instead:

1
$itemsCollection = Mage::getSingleton('checkout/cart')->getQuote()->getItemsCollection();
Oct 13, 2015
kalpesh

Magento add static block to cms page

You can add static block to CMS page in Magento in following 2 ways:

1.) By adding code in Layout Update XML of CMS page:

1
2
3
4
5
6
7
<reference name="left">
    <block type="cms/block" name="block_name_anything">
        <action method="setBlockId">
            <block_id>STATIC_BLOCK_ID_HERE</block_id>
        </action>
    </block>
</reference>

2.) By putting below code directly into CMS Page content area:

1
{{block type="cms/block" block_id="STATIC_BLOCK_ID_HERE"}}

Make sure you flush Blocks HTML Output cache if your changes do not reflect on website.

Sep 4, 2015
kalpesh

Magento: Zipcode + 4 tax calculation bug fix

Magento bug fix for zipcode + 4 in tax calculation

Tax Calculation in Magento has a bug where customer can escape paying tax if they enter zipcode + 4 digit in USA. This is because you import 5 digit zipcodes with their tax rates in Magento admin, so if customer inputs their zipcode in zipcode+4 format their zipcode will not match with the imported one. Importing 5-digit zipcode ending in wildcard (*) does not solve this issue either.

Before this fix: If zipcode 90036 collects tax, 90036-1234 does NOT collect tax.

You can fix this bug by adding below code in your custom module:

config.xml

1
2
3
4
5
6
7
8
9
10
11
...
<global>
        <models>
            <tax_resource>
                <rewrite>
                        <calculation>Namespace_Module_Model_Tax_Resource_Calculation</calculation>
                </rewrite>
            </tax_resource>
        </models>
</global>
...

Note that we are rewriting core logic of Tax Calculation. Now create folder structure in your custom module: app/code/local/Namespace/Module/Model/Tax/Resource/Calculation.php and copy below code:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
<?php
class Namespace_Module_Model_Tax_Resource_Calculation extends Mage_Tax_Model_Resource_Calculation
{
    protected function _getRates($request)
    {
        $countryId = $request->getCountryId();
        $regionId = $request->getRegionId();
        $postcode = $request->getPostcode();

        //12 = california, 25 = iowa
        if($countryId == 'US' && in_array($regionId,array(12,25))) {
                $postcode = substr(trim($request->getPostcode()),0,5);
                $request->setPostcode($postcode);
        }
        return parent::_getRates($request);

    }

}

Above code will only take first 5 digits from the zipcode if the country is USA and state selected is either California or Iowa. You can change the states as per your requirement, to know what ID relates to different states you can look at the State/Province dropdown source code in checkout page.

Mar 28, 2015
kalpesh

Magento bug – Checkout cart 500 error – Redirect loops

Magento checkout cart gives 500 error and redirect loops when there is a shopping cart rule with Category condition.

I found a bug in Magento which redirects shopping cart indefinitely causing it 500 internal server error. This can be a serious bug as customer will not able to shop if this happens. I noticed this happens when there is a shopping cart rule which have Category in conditions of the rule.

If total quantity equals or greater than 1 for a subselection of items in cart matching ALL of these conditions:
Category is 125

So for example you have a shopping cart rule where you want to give some discount or free product if at least one product is chosen from specific Category, this triggers the error in frontend shopping cart. Main reason here is Category condition. If you remove category condition then the error should go away. But if you want to keep the category condition and still want Magento to handle the shopping cart promotion rule, check the code changes below:

To solve this I copied below file to my local
app/code/core/Mage/SalesRule/Model/Rule/Condition/Product/Combine.php

and edited the function validate:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
/**
     * Validate a condition with the checking of the child value
     * @param Varien_Object $object
     *
     * @return bool
     */
    public function validate(Varien_Object $object)
    {
        /** @var Mage_Catalog_Model_Product $product */
        $product = $object->getProduct();
        if (!($product instanceof Mage_Catalog_Model_Product)) {
            $product = Mage::getModel('catalog/product')->load($object->getProductId());
        }

        $valid = parent::validate($object);

        /* Kalpesh commented whole block, as it causes redirect loop and Segmentation fault in apache
        if (!$valid && $product->getTypeId() == Mage_Catalog_Model_Product_Type_Configurable::TYPE_CODE) {
            $children = $object->getChildren();
            //$valid = $children && $this->validate($children[0]); //Kalpesh commented, issue....
        }*/


        return $valid;
    }

Hope this helps to some troubled souls!

Pages:1234567...28»

Welcome to my Blog

Kalpesh MehtaHelping Magento developers in their day-to-day development problems since 2011. Most of the problems and solutions here are my own experiences while working on different projects. Enjoy the blog and don't forget to throw comments and likes/+1's/tweets on posts you like. Thanks for visiting!

Certifications