Browsing articles tagged with "magento Archives - Kalpesh Mehta"
Apr 28, 2019
kalpesh

Magento Imagine Dev Exchange 2019

Magento Imagine 2019 is just 2 weeks away, I cannot wait any longer now! This year would be crazy for me, as I am participating in Contribution Days as a Maintainer that happens on Saturday and Sunday before the conference, and also hosting a Dev Exchange table after the conference on Wednesday. Also, this would be my first Imagine from agency side, so things would be different.

As many of you know, I have advocated Magento Security for quite a while now. From submitting core security bugs to adding an entire Security topic in the Magento 2 Professional Developer Plus certification, I realized there is many more things to do. This year I am going to host Dev Exchange where I will share my security ideas and also get ideas and feedback from the community. One very important thing that we would address this year is third-party extensions security. Pablo Benitez, CTO at eBizmarts, will join me bringing in business perspective when talking about third-party extension security. Talesh Seeparsan will bring his past Dev Exchange experiences on security and help us in guiding and noting down all the ideas and feedback that we would discuss with all the participants.

If you are coming to Magento Imagine and would stay little late on Wednesday, please stop by our Dev Exchange table and join the conversation. Here is the topic and details we submitted for Magento Imagine Dev Exchange 2019:

 

 

Make Magento more secure

It’s 2019 and security is a top priority of Magento/Adobe. Every participant in the ecosystem has their part to play to keep merchant stores secure. Let us discuss current low hanging fruits in the ecosystem and share strategies/tools for managing them effectively. For each item we will outline the topic and it’s security shortcomings then begin a deeper investigation into solutions with knowledge and idea sharing before moving to the next one. This is a co-hosted panel: Kalpesh Mehta leading with deep technical security experience and Pablo Benitez bringing the experience and technical/business concerns from an extension developer for a fully rounded conversation. Special thanks to Talesh Seeparsan and Kristof Ringleff for bringing their past Dev Exchange experience around extension security.

1.) Extension Developers write secure code.

With the proactive and nimble approach Magento has taken to core security, many time agencies and merchants find external 3rd party extensions makers have not put in as much effort. How can we encourage their developers to take a more secure coding approach? Can Magento community maintain secure coding practices document like technical guidelines, security? Validate code using a tool like PHP CodeSniffer ? What solutions already exist that we can rely on? What processes already exist that we can implement?

 

2.) Better ways to report vulnerabilities on a merchant’s site

Magento has a bug bounty program to report vulnerabilities in their code and websites. If a user or security researcher finds vulnerabilities in some Magento powered web store, not owned by Magento – an Adobe company, how can they reach out to the right person on the merchant’s team? How to pass the information given the sensitive nature of the issue? Should Magento accept security.txt standard?

 

3.) Code review in community submitted Pull Requests

Is Magento doing security code review when someone submits a PR to core code? What to check for when doing code reviews to identify security risks?

 

4.) Add Security topics in Developer certifications

Magento has already included Security topic in Magento 2 Professional Developer Plus exam. Can we ask Magento to include Security in Associate as well as Developer exam? Can it help developers learn security best practices?

 

All recommendations and suggestions will be documented and shared with the Magento security team and the community afterwards. Remember to keep the privacy of your client intact while discussing vulnerabilities and attacks.

Oct 13, 2015
kalpesh

Magento get all items in cart

Magento get all the items currently in cart programatically using below code. You can place it anywhere you wish to get information, phtml or php file. Instead of Mage::getSingleton(‘checkout/session’)->getQuote() you can also use Mage::getSingleton(‘checkout/cart’)->getQuote() to get same results. If you want to see what all product information is retrieved you can use $product->getData() inside the foreach loop to display in array format.

1
2
3
4
5
6
7
$cart = Mage::getSingleton('checkout/session')->getQuote();
//$cart->getAllItems() to get ALL items, parent as well as child, configurable as well as it's simple associated item
foreach ($cart->getAllVisibleItems() as $item) {
        $product = $item->getProduct();
    $name = $product->getName();
    $sku = $product->getSku();
}

If you want all the items in collection format, you can call below code instead:

1
$itemsCollection = Mage::getSingleton('checkout/cart')->getQuote()->getItemsCollection();
Sep 4, 2015
kalpesh

Magento: Zipcode + 4 tax calculation bug fix

Magento bug fix for zipcode + 4 in tax calculation

Tax Calculation in Magento has a bug where customer can escape paying tax if they enter zipcode + 4 digit in USA. This is because you import 5 digit zipcodes with their tax rates in Magento admin, so if customer inputs their zipcode in zipcode+4 format their zipcode will not match with the imported one. Importing 5-digit zipcode ending in wildcard (*) does not solve this issue either.

Before this fix: If zipcode 90036 collects tax, 90036-1234 does NOT collect tax.

You can fix this bug by adding below code in your custom module:

config.xml

1
2
3
4
5
6
7
8
9
10
11
...
<global>
        <models>
            <tax_resource>
                <rewrite>
                        <calculation>Namespace_Module_Model_Tax_Resource_Calculation</calculation>
                </rewrite>
            </tax_resource>
        </models>
</global>
...

Note that we are rewriting core logic of Tax Calculation. Now create folder structure in your custom module: app/code/local/Namespace/Module/Model/Tax/Resource/Calculation.php and copy below code:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
<?php
class Namespace_Module_Model_Tax_Resource_Calculation extends Mage_Tax_Model_Resource_Calculation
{
    protected function _getRates($request)
    {
        $countryId = $request->getCountryId();
        $regionId = $request->getRegionId();
        $postcode = $request->getPostcode();

        //12 = california, 25 = iowa
        if($countryId == 'US' && in_array($regionId,array(12,25))) {
                $postcode = substr(trim($request->getPostcode()),0,5);
                $request->setPostcode($postcode);
        }
        return parent::_getRates($request);

    }

}

Above code will only take first 5 digits from the zipcode if the country is USA and state selected is either California or Iowa. You can change the states as per your requirement, to know what ID relates to different states you can look at the State/Province dropdown source code in checkout page.

Mar 28, 2015
kalpesh

Magento bug – Checkout cart 500 error – Redirect loops

Magento checkout cart gives 500 error and redirect loops when there is a shopping cart rule with Category condition.

I found a bug in Magento which redirects shopping cart indefinitely causing it 500 internal server error. This can be a serious bug as customer will not able to shop if this happens. I noticed this happens when there is a shopping cart rule which have Category in conditions of the rule.

If total quantity equals or greater than 1 for a subselection of items in cart matching ALL of these conditions:
Category is 125

So for example you have a shopping cart rule where you want to give some discount or free product if at least one product is chosen from specific Category, this triggers the error in frontend shopping cart. Main reason here is Category condition. If you remove category condition then the error should go away. But if you want to keep the category condition and still want Magento to handle the shopping cart promotion rule, check the code changes below:

To solve this I copied below file to my local
app/code/core/Mage/SalesRule/Model/Rule/Condition/Product/Combine.php

and edited the function validate:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
/**
     * Validate a condition with the checking of the child value
     * @param Varien_Object $object
     *
     * @return bool
     */
    public function validate(Varien_Object $object)
    {
        /** @var Mage_Catalog_Model_Product $product */
        $product = $object->getProduct();
        if (!($product instanceof Mage_Catalog_Model_Product)) {
            $product = Mage::getModel('catalog/product')->load($object->getProductId());
        }

        $valid = parent::validate($object);

        /* Kalpesh commented whole block, as it causes redirect loop and Segmentation fault in apache
        if (!$valid && $product->getTypeId() == Mage_Catalog_Model_Product_Type_Configurable::TYPE_CODE) {
            $children = $object->getChildren();
            //$valid = $children && $this->validate($children[0]); //Kalpesh commented, issue....
        }*/


        return $valid;
    }

Hope this helps to some troubled souls!

Mar 28, 2015
kalpesh

Magento EE 1.14 – Broken category & product sitemap URLs

Magento EE 1.14 introduces a bug fix which apparently becomes a bug in our website. Magento EE 1.14.0.0 Release Notes and Magento CE 1.9.0.0 Release Notes lists this in it’s Bug Fixes:
Google Sitemap files now include the .html suffix for category and product URLs.

We don’t have .html suffix in our category and product URLs, so we were good before this fix. But after upgrading it to latest version all the category and product URLs were having “.” (dot) at the end in XML sitemap. This is because Magento allows admin to give a custom suffix for category and product URLs for sitemap, but hardcodes “.” regardless of there are values in the above config fields or not. This allows unnecessary dots in all the URLs which can lead to 404 pages.

Magento Category Product URL config

Magento team have used observer to observe the events sitemap_categories_generating_before and sitemap_products_generating_before to add the suffix in the following file and functions (Notice I have commented all lines in the functions):
app/code/core/Enterprise/Catalog/Model/Observer.php
(copy this file to app/code/local/Enterprise/Catalog/Model/Observer.php, you may have to create directories)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
/**
     * Add Seo suffix to category's URL if doesn't exists.
     *
     * @param Varien_Event_Observer $observer
     */
    public function addSeoSuffixToCategoryUrl(Varien_Event_Observer $observer)
    {
        /*$seoSuffix = (string) Mage::app()->getStore()->getConfig(
            Mage_Catalog_Helper_Category::XML_PATH_CATEGORY_URL_SUFFIX
        );
        $this->_addSuffixToUrl($observer->getCollection()->getItems(), $seoSuffix);*/
    }

    /**
     * Add Seo suffix to product's URL if doesn't exists.
     *
     * @param Varien_Event_Observer $observer
     */
    public function addSeoSuffixToProductUrl(Varien_Event_Observer $observer)
    {
        /*$seoSuffix = (string) Mage::app()->getStore()->getConfig(
            Mage_Catalog_Helper_Product::XML_PATH_PRODUCT_URL_SUFFIX
        );
        $this->_addSuffixToUrl($observer->getCollection()->getItems(), $seoSuffix);*/
    }

After commenting above function’s logic and generating the Google Sitemap again (Admin > Catalog > Google Sitemap) everything was normal (no dot and suffix in URLs)

Pages:1234567...21»

Welcome to my Blog

Kalpesh MehtaHelping Magento developers in their day-to-day development problems since 2011. Most of the problems and solutions here are my own experiences while working on different projects. Enjoy the blog and don't forget to throw comments and likes/+1's/tweets on posts you like. Thanks for visiting!

Certifications

Recognition

Magento top 50 contributors

Honor

Contributions