Symlinks cause ‘Not valid template file’ in Magento

Keeping Magento shops up to date is important to reduce their vulnerability. Sometimes, security updates introduce breaking changes. The recent Magento update, version, includes such a breaking change that can cause blank pages on the front-end and back-end. This is caused by the way in which Magento handles symlinks. 

When blank pages occur, take a look at Magento’s system.log file. You might find entries like the following:

Continue reading Symlinks cause ‘Not valid template file’ in Magento

Random values from PHP array one-liner

PHP provides the array_rand( $arr, $num )  function which returns an integer or array containing the keys of the array.

To obtain an array of values the following one-liner can be used:

This picks $num random keys from $arr (array_rand), flips keys with values (array_flip), intersects the picked keys with those of $arr (array_intersect_keys) and returns the corresponding elements of $arr.

Getting random values from an array.

Continue reading Random values from PHP array one-liner

Laravel 5 Cron expression validation

A Cron expression validator is created in Laravel 5.3. Laravel provides a versatile and extendable Validation class. Introducing new validations is done by registering a validation function with the extend method on the Validation facade. A Cron expression validator is created by utilising a cron-expression parser.

The cron-expression parser used here is the fantastic cron-expression Composer package by Michael Dowling.

Continue reading Laravel 5 Cron expression validation

Fix Magento 1.9.3 ‘Notice: Undefined index: session_expire_timestamp in … on line 461’

Some days ago the Magento security update SUPEE-8788 was released. This update fixes a number of critical vulnerabilities. To fix an existing shop one could either apply the SUPEE-patch or upgrade the shop to Magento 1.9.3. However, after updating I experienced a little issue when trying to reach the shop again. 

A PHP Exception popped up:

Even after flushing the cache this problem appears. The undefined index and path of the file that raises the exception gives away that this problem might have to with Magento’s session handling. I started with deleting any existing session cookies in my browser. This made the error message disappear. Be aware that this is not an appropriate solution to this error!

Continue reading Fix Magento 1.9.3 ‘Notice: Undefined index: session_expire_timestamp in … on line 461’

Form submission CSRF issues in Magento

Magento now includes CSRF (Cross-Site Request Forgery) protection on publicly available forms such as the new user registration form. The goal of this is to make it impossible for anyone to POST to an URL without first visiting the corresponding form page. A token is supplied on this page that is sent along with the rest of the form to the server. The server validates the correctness of the token and responds in a sensible way if the token is correct. If the token is not however, the server ignores the POST request.

Continue reading Form submission CSRF issues in Magento

Overwrite Magento Core using a Module

The layout of Magento’s information, warning and error messages cannot be easily changed using layout and template files. The HTML generation is done from a Block PHP class (Mage_Core_Block_Messages). It is a very bad idea to overwrite any core element of Magento. Instead we are going to extend this core-block by creating a separate module.

Bootstrap Alerts in Magento
Messages are now Bootstrap compatible

My goal was to make the messages compliant with Twitter Bootstrap alerts but the following technique can be used for about anything.

Continue reading Overwrite Magento Core using a Module

RADIUS Authentication driver for Kohana 3.3

Lately I was in need for an authentication driver that supports RADIUS servers. Happily the Kohana Auth module supports easy development of custom authentication drivers by extending the Auth class holding abstract specifications of the required methods. I implemented these methods making use of the PHP Radius extension (which therefore is required). The driver is publicly available at GitHub.

I am planning on implementing a pure PHP Radius client to get rid of the requirement of the PHP Radius extension.

MySQLi Database Driver for Kohana 3.3

A couple of months ago I published my Kohana MySQLi database driver on GitHub. As the development of the framework came to a halt for the last few months the PHP team deprecated the support for the PHP MySQL extension on which Kohana’s default Database driver relies. This module is based on Kohana’s native implementation but uses the MySQLi extension.

A composer description is available in the repository so it can be easily installed using the package manager.