A new Magento 1 security patch SUPEE-10266 was released on September 14th of 2017. It closes the ability of an admin user remote code execution, protects from data leaks and fixes some minor issues. Let’s check the main code changes that are included in the patch.
One of the things that Magento first version lacked was an ability to clean up module data from the database upon its removal. This is a common situation when you uninstall an extension but all the related data remains in the database. You can only get rid of it manually. It is inconvenient especially if the module has created a bunch of new tables, custom attributes, system configurations etc. In this case, an automatic removal tool of such data would be very useful.
In Magento 2 there is a great feature, which allows to create an uninstall script for your module. Let’s find out how it works.
You already know how to create a simple CLI script. The CLI scripts are initialized with a different area – basically, with a separate CLI area\aplication, which lacks the standard frontend\admin localizations functionality. We faced that when developing a script for sending order emails via CLI – the emails were missing translations of the origin of the order. Let’s try to figure out “why?” and “how to fix?”.
After the decision to move to the cloud and determining a cloud strategy, the next step is to carry out a demand analysis, create a system design, and finally set up and test the cloud infrastructure. This all sounds very trivial and is very similar to a dedicated hosting approach, but there are some special points to consider in a cloud environment.
Atwix is a distributed company. But once a year we break all our rules… Well, almost all :). For the whole year Atwix heroes work hard and from anywhere they want, except during one summer weekend when we all take a break together at the annual offsite meeting. This is an informal event that brings all our teammates, no matter where they are located, together for a long weekend – to spend time together and communicate face-to-face. Last year we had a pilot offsite, and since then we are committed to doing it annually.
This year, we wanted to improve our experience, and came up with some basic principles for holding a successful offsite.
Can you be really sure that all visitors of your site see it the same way as you do – design and content? In the era, when content matters more and more, one type of hacker attacks became particularly popular – content spoofing. You will find out the algorithms and tools that hackers use to perform such attacks, specifically replacing website’s content for particular visitors.
In one of our previous posts we described what a dashboard widget is and how to add a custom widget to an OroCRM dashboard. OroCRM has many native widgets with different useful functions, and one of the favorite ones is a Quick Launchpad.
Recently we have shared a tutorial on how to add custom Admin system messages in Magento 2. Today we will cover another type of notifications that uses Default Admin Notifier – Notifications.
Having a particular version of the software easily discoverable makes hacker’s job easier and allows automated scrapers to gather a database of URLs with particular software versions that can be used at an event of security vulnerability discovery for attacks. Of course, hiding the Magento version won’t be enough to secure your store, but it is just a simple step to take, just like changing your admin URL that makes store a little bit more secure.