Dienstag, 26. April 2016
securty warning from magento
security Announcement
Third-Party Themes and Extensions Are at Risk
We recently learned that an SQL injection vulnerability has been found in several third-party themes and extensions. Extensions with the vulnerability include:
EM (Extreme Magento) Ajaxcart
EM (Extreme Magento) Quickshop
MD Quickview
SmartWave QuickView
These extensions are used in several different themes, including Porto, Trego, and Kallyas from SmartWave. Other SmartWave themes may also be at risk. Vulnerable EM modules are used in some EM themes. The core Magento application is not impacted in any way by this vulnerability.
We’ve received reports that the SQL injection vulnerability is potentially being exploited. If you currently use these extensions or themes, you should immediately contact the company from which you purchased the extensions or themes to request updated code. We understand that Themeforest, part of Envato Market, has already removed the vulnerability from the Porto theme, but the status of other themes and extensions is unknown.
It is also important for you to evaluate all your Magento administrator accounts to make sure there are no unknown users and to reset all your administrator passwords. Please review the Magento Security Best Practices for more information on how to secure your site and use magereport.com to scan your site for missing patches or known issues.
This update is part of our ongoing commitment to advise our merchants on security issues as we become aware of them. We thank you for your attention to this matter.
Best regards,
The Magento Team
Samstag, 16. April 2016
Magento 1. Add custom Textfield with dynamic content in system.xml
If you want to add a custom textfield with dynamic content instead of static content from config.xml you can simply add your own data form element like this
place following class under
app\code\local\Varien\Data\Form\Element\YourCustomTextElement.php
At next you can use your custom form element in system.xml of your module like this. Place your new configvariable in your target field group
place following class under
app\code\local\Varien\Data\Form\Element\YourCustomTextElement.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * Magento | |
| * | |
| * NOTICE OF LICENSE | |
| * | |
| * This source file is subject to the Open Software License (OSL 3.0) | |
| * that is bundled with this package in the file LICENSE.txt. | |
| * It is also available through the world-wide-web at this URL: | |
| * http://opensource.org/licenses/osl-3.0.php | |
| * If you did not receive a copy of the license and are unable to | |
| * obtain it through the world-wide-web, please send an email | |
| * to license@magento.com so we can send you a copy immediately. | |
| * | |
| * DISCLAIMER | |
| * | |
| * Do not edit or add to this file if you wish to upgrade Magento to newer | |
| * versions in the future. If you wish to customize Magento for your | |
| * needs please refer to http://www.magento.com for more information. | |
| * | |
| * @category Varien | |
| * @package Varien_Data | |
| * @copyright Copyright (c) 2006-2015 X.commerce, Inc. (http://www.magento.com) | |
| * @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0) | |
| */ | |
| /** | |
| * Form text element | |
| * | |
| * @category Varien | |
| * @package Varien_Data | |
| * @author Magento Core Team <core@magentocommerce.com> | |
| */ | |
| class Varien_Data_Form_Element_YourCustomFormElement extends Varien_Data_Form_Element_Text | |
| { | |
| public function __construct($attributes=array()) | |
| { | |
| parent::__construct($attributes); | |
| $this->setType('text'); | |
| $this->setExtType('textfield'); | |
| } | |
| public function getHtml() | |
| { | |
| $this->addClass('input-text'); | |
| $value = $this->getEscapedValue(); | |
| if (empty($value)) | |
| { | |
| $value="your custom dynamic content"; | |
| $this->setData('value', $value); | |
| $html = parent::getHtml(); | |
| } | |
| return $html; | |
| } | |
| public function getHtmlAttributes() | |
| { | |
| return array('type', 'title', 'class', 'style', 'onclick', 'onchange', 'onkeyup', 'disabled', 'readonly', 'maxlength', 'tabindex'); | |
| } | |
| } |
At next you can use your custom form element in system.xml of your module like this. Place your new configvariable in your target field group
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <applicationid translate="label"> | |
| <label>Unique Id of the application</label> | |
| <frontend_type>yourCustomFormElement</frontend_type> | |
| <sort_order>5</sort_order> | |
| <show_in_default>1</show_in_default> | |
| <show_in_website>1</show_in_website> | |
| <show_in_store>1</show_in_store> | |
| <comment>default value is the default encryptionkey from /app/etc/local.xml</comment> | |
| </applicationid> |
Abonnieren
Posts (Atom)