Magento Patch SUPEE-5994

Today Magento released a new patch (SUPEE-5994) with multiple critical security fixes. The patch addresses a range of issues, including scenarios where attackers can gain access to customer information. All versions of Magento Community Edition software are impacted and Magento strongly recommends to immediately deploy this critical patch.

Please get the patch from magento download page & Install it by following instruction set.

1. Download patch from magento download page.
2. Connect your shell & run following command after navigate to the magento root directory of your magneto installation, sh PATCH_SUPEE-5994_CE_1.6.0.0_v1-2015-05-15-04-34-46.sh
3. Clear your cache & you are done.

Verify Patched Applied
Execute following command ‘find . -mtime 0′ to check the new changes right after patched applied in ssh.
OR
Check the newly file created under ‘app/etc/applied.patches.list’

Errors Might be
1. [error] [client x] PHP Fatal error: Class ‘Mage_Install_Controller_Router_Install’ not found in

Run below following command to disable compiler first , then clear & compile it again.

$ php -f shell/compiler.php -- disable

$ php -f shell/compiler.php -- clear

$ php -f shell/compiler.php -- compile

 

Magento Security Checks

Magento Security

  1. HTTPS used (all over the shop, only for checkout)?
    2. Custom Admin Path?0
    3. Access to admin path restricted?
    4. How many Admins? Any unneeded users active?
    5. Account protection & passwort encryption (for customers and admins): Standard or customization?
    6. 2-factor auth?
    7. (Latest) Magento version used?
    8. Magento Security Patches applied?
    9. Custom root level folders/scripts which are necessary to be accessed from remote?
    10. Access to test/staging system (if available) restricted?
    11. Webservices, import/export functionality used?
    12. How many Webservice roles? Any unneeded roles active?
    13. List of installed extensions
    14. Installed extensions up to date?
    15. PCI-DSS, trusted shops, any other label?
    16. Session/Cookie liftetime?
    17. Only run Magento. (No WordPress or any other third party software)
    18. Data stored: What kind of customer and order data (as well as data from 3rd party and customized extensions), is stored? Bank data, credit card data (see PCI-DSS)?

    System Security
  2. PHP version: recent version or old one?
    2. File permissions: Running as www-data/apache user or root?
    3. Proper file permissions set?
    4. Shop specific database-credentials vs. database running as root?
    5. SSH/SFTP access? Key-based authentication?
    6. SLA with hosting provider about (regular) OS, PHP + module updates and security updates?

Organization

  1. Who is responsible for system (security) updates?
    2. Who has access to the live-server?
    3. Who has access to the live-shop?
    4. Where is the code hosted? Who has access to the bare repo and push access?
    5. What does the current software development process look like? Are there code reviews and automatic checks done before deploying code to staging/test/live?
    6. Is there any security testing or security audit done (regularly)?
    7. Is there a regular backup? If so, is it external?
    8. Depending on the shop/company size: Are there business continuity and/or Recovery plans?

 

Magento check if cms page, category page & product page

Detect Home Page – Magento
Method 1 (For All Version of Magento):

if($this->getUrl('') == $this->getUrl('*/*/*', array('_current'=>true, '_use_rewrite'=>true)))
{
  // Home page
}

Method 2 (For Magento 1.5 and Above):

if($this->getIsHomePage())
{
  // Home page
}

Detect Category Page – Magento

if (Mage::registry('current_category')) 
{
  // category page
}

Now see how we can get ID and Name of the category if current page is category page.

if (Mage::registry('current_category')) 
{
  // Category Name
  echo Mage::registry('current_category')->getName();

  // Category ID
  echo Mage::registry('current_category')->getId();
}

Detect CMS Page – Magento

if(Mage::app()->getFrontController()->getRequest()->getRouteName() == 'cms')
{
  // CMS page
}

Get CMS page name if current one is the CMS page.

if(Mage::app()->getFrontController()->getRequest()->getRouteName() == 'cms')
{
  echo Mage::getSingleton('cms/page')->getIdentifier();
}

Detect Product Detail Page – Magento

if(Mage::registry('current_product')) 
{
  // Product detail page
}

Detect Configure Product Page – Magento

if(Mage::app()->getFrontController()->getRequest()->getRequestedActionName() == 'configure')
{
  // Product Configuration page
}
Detect Cart Page – Magento
 $request = $this->getRequest();
 $module = $request->getModuleName();
 $controller = $request->getControllerName();
 $action = $request->getActionName();
 if($module == 'checkout' && $controller == 'cart' && $action == 'index')
 {
   //Cart Page
 }

I have found above code snippets very useful when I used to work with the Magento. What about you? Consider sharing this article if you find this useful. Let me know your reaction by commenting here.

WordPress Custom Post Type Search

Follow these 3 steps to achieve custom post search.

Lets say your custom post type name is employee_member.

1. Add Below code into function.php

function template_chooser($template)   
{    
  global $wp_query;   
  $post_type = get_query_var('post_type');   
  if( $wp_query->is_search && $post_type == 'employee_member' )   
  {
    return locate_template('employee-search.php');  //  redirect to archive-search.php
  }   
  return $template;   
}
add_filter('template_include', 'template_chooser');    

2. Create file `employee-search.php`

 

    <?php
        /* Template Name: Custom Search */        
        get_header(); ?>             
        <div class="contentarea">
            <div id="content" class="content_right">  
                     <h3>Search Result for : <?php echo "$s"; ?> </h3>       
                     <?php if ( have_posts() ) : while ( have_posts() ) : the_post(); ?>    
                <div id="post-<?php the_ID(); ?>" class="posts">        
                     <article>        
                    <h4><a href="<?php the_permalink(); title="<?php the_title();     ?>"><?php the_title(); ?></a><h4>        
                    <p><?php the_exerpt(); ?></p>        
                    <p align="right"><a href="<?php the_permalink(); ?>">Read     More</a></p>    
                    <span class="post-meta"> Post By <?php the_author(); ?>    
                     | Date : <?php echo date('j F Y'); ?></span>    
    
                    </article><!-- #post -->    
                </div>    
    
           </div><!-- content -->    
        </div><!-- contentarea -->   
        <?php get_sidebar(); ?>
        <?php get_footer(); ?>

3. Finally create a search form for your custom post type

     <div>   
            <h3>Search Employee Member</h3>
            <form role="search" action="<?php echo site_url('/'); ?>" method="get" id="searchform">
            <input type="text" name="s" placeholder="Search Products"/>
            <input type="hidden" name="post_type" value="employee_member" /> 
            <input type="submit" alt="Search" value="Search" />
          </form>
         </div>