Serializing PHP Entities to JSON
Problem So, as I fetch object from the database by using ORM and I might sometimes return results via REST. This means usually I end up mapping getters to array. This seems boring, time consuming,
Read more
BSS Multiwishlist XSS Injection
This time I have been moving to weird and good Magento 2 world. How is it good? I have noticed (at least on those modules I’ve gone trough) there is a lot less issues in
Read more
Magento 1: BL/CustomGrid Security Flaw
As most of people can notice, I have been going trough Magento modules lately hunting for possible security flaws. This time I decided to review BL/CustomGrid, why? This module is not maintained for long time
Read more
Magento 1: Netreviews/Avisverifies Security Flaw
After browsing again Magevulndb repository I encountered issue and PR open due original reporter have went 404. So I decided to give some help for these guys! Anyways, everybody wins when issues are reported. Discovering
Read more
Magento 1: Raveinfosys/DeleteOrders Security flaw
I have discovered possible SQL injection (CWE-89) on Raveinfosys/DeleteOrders extensions. This is extension to provide possibility delete orders. Like they describe it Currently, Magento® doesn’t allow you to delete an order from the store. You
Read more
PHP 7.4 is coming!
So, finally. They made it. One of my favorite PHP releases ever. Expecting new PHP 7.4 to be released late 2019. Let’s go trough all features we are going to get in PHP 7.4. I
Read more