Shoaib Rehman, Author at Shoaib Rehman

How to install Magento patch APSB22-12 to fix the RCE Vulnerability

by Shoaib Rehman | Feb 20, 2022 | Magento 2

Earlier this week, Adobe identified RCE vulnerability in both commerce and open source editions and released a security patch APSB22-12 marked as Critical Priority to be installed immediately.

#Security updates available for Adobe Commerce (APSB22-12) – details @ https://t.co/UAOoWbyLGE
— AdobeSecurity (@AdobeSecurity) February 13, 2022

What this means is if you are running your website on Adobe Commerce (2.3.3-p1-2.3.7-p2) or Magento Open Source (2.4.0-2.4.3-p1), then your website is at high risk and needs to be patched immediately.

There are two security patches to fix the potential vulnerability and you can download them from https://support.magento.com/hc/en-us/articles/4426353041293-Security-updates-available-for-Adobe-Commerce-APSB22-12- for your respective Magento versions.

Use the following attached patches, depending on your Adobe Commerce version:

2.4.3 – 2.4.3-p1:

2.3.4-p2 – 2.4.2-p2:

2.3.3-p1 – 2.3.4:

In order to stay up to date with the latest protections, you will need to apply two patches: MDVA-43395 patch first, and then MDVA-43443 on top of it.

The patches affect the following files:

./vendor/magento/framework/Filter/DirectiveProcessor/VarDirective.php
./vendor/magento/module-email/Model/Template/Filter.php
./vendor/magento/framework/Filter/DirectiveProcessor/DependDirective.php
./vendor/magento/framework/Filter/DirectiveProcessor/ForDirective.php
./vendor/magento/framework/Filter/DirectiveProcessor/IfDirective.php
./vendor/magento/framework/Filter/DirectiveProcessor/SimpleDirective.php
./vendor/magento/framework/Filter/DirectiveProcessor/VarDirective.php

How to apply a Magento Patch?

Once you have downloaded the appropriate patches, you can create a new directory called i.e. ./patches in your Magento root, upload patch files and run the following commands:

patch -p1 < patches/MDVA-43395_EE_2.4.3-p1_COMPOSER_v1.patch

patch -p1 < patches/MDVA-43443_EE_2.4.3-p1_COMPOSER_v1.patch

Solved: How to add custom script just after the opening head tag in Magento 2

by Shoaib Rehman | Feb 20, 2022 | Magento 2

There are many times when you would want to add a custom <script> just before the opening head tag in Magento but no matter what you do, the script will always get added after Magento loads its requireJS which isn’t much helpful, but in this article, I will share the steps you can take to ensure that your script gets added right after the opening <head> tag – yes, even before Magento injects its requireJS.

By default Magento 2 uses the root.phtml file to setup head content accordingly, which is located in vendor/magento/module-theme/view/base/templates/root.phtml (unless it has been overridden in your custom theme). The content of the root.phtml is as follows:

<?php
<script>
    var BASE_URL = '<?= $block->escapeUrl($block->getBaseUrl()) ?>';
    var require = {
        "baseUrl": "<?= /* @escapeNotVerified */ $block->getViewFileUrl('/') ?>"
    };
</script>

This file contains the $requireJs variable and block and the require.js block is defined in vendor/Magento/module-theme/view/frontend/layout/default.xml content of which is as follows:

<block name="require.js" class="Magento\Framework\View\Element\Template" template="Magento_Theme::page/js/require_js.phtml" />

Now, there are two possible solutions to override the file:

By overriding the file in your custom theme
By creating a simple module (preferred)

Override require_js.phtml in your custom theme

To override the the file in your custom theme, copy require_js.phtml from vendor/magento/module-theme/view/frontend/templates/page/js to your theme app/design/frontend/{VENDOR}/{THEME_NAME}/Magento_Theme/templates/page/js/ and finally, put your custom JS code just above the requireJS block i.e.

<script>
    console.log("Hello World!"); 
    var require = {
        "baseUrl": "<?php /* @escapeNotVerified */ echo $block->getViewFileUrl('/') ?>"
    };
</script>

Override require_js.phtml in a custom module

Create default.xml in view/frontend/layout/ and add the following code:

<?xml version="1.0" ?>
<page xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:noNamespaceSchemaLocation="urn:magento:framework:View/Layout/etc/page_configuration.xsd">
    <body>
        <referenceBlock name="require.js">
            <action method="setTemplate">
                <argument name="template" xsi:type="string">Shoman_CustomScript::code.phtml</argument>
            </action>
        </referenceBlock>
    </body>
</page>

As you can see, in the code above, we are setting a new template file code.phtml for the require.js block.

Next, go ahead and create the code.phtml file in ./view/frontend/templates and add the custom code as follows:

<?php
<!-- My Custom Script start -->
<script type="text/javascript">
console.log("Hello World!");
</script>
<!-- My Custom Script end -->

<script>
    var BASE_URL = '<?= $block->escapeUrl($block->getBaseUrl()) ?>';
    var require = {
        "baseUrl": "<?= /* @escapeNotVerified */ $block->getViewFileUrl('/') ?>"
    };
</script>

I have created a simple module that does the job already and you can download it from here: https://github.com/shoaibrehman/Magento2-OneTrust-Cookies – this module primarily focus on integrating OneTrust Cookie Policy script so feel free to replace the content of code.phtml file as per your needs or you can fork the module and modify it as per your needs!

Steps to integrate OneTrust Cookie Script with Magento 2

by Shoaib Rehman | Jan 25, 2022 | Magento 2

OneTrust is one of the popular user consent management systems out in the market which allows business to monitor Privacy, Security & Data Governance in their platform.

While it has integrations with many popular web platforms, it is missing a solid integration with Magento.

It’s a simple tracking script which one would easily copy/paste in Magento admin > Content > Design > Themes > Head > Misc script; but the catch is that this script needs to be put right after the opening <head> tag which is not possible if you copy/paste the script in Magento backend theme configuration area.

To achieve this, I have created a simple Magento module (compatible with 2.2.x, 2.3.x, 2.4.x) using which you can put the OneTrust Cookie Script in the right location.

You can download the module from the Github here: https://github.com/shoaibrehman/Magento2-OneTrust-Cookies

Learn How to Install Shopware 6 with NGINX

by Shoaib Rehman | Sep 28, 2021 | Shopware

Shopware is one of the best free and open-source platforms that helps you to start your own e-commerce website. It provides you useful tools to help you build and customize a fully responsive and functional online store in a matter of a few minutes. We have all heard about other ecommerce platforms such as Magento, BigCommerce and WooCommerce but like other platforms, Shopware is powerful, easy-to-use, and a flexible application with an ever growing open source community. It has an intuitive interface which makes it easier to create and manage content and products and on top of that, it is super quick.

While Shopware support is not officially available on Nginx but in this tutorial, we will show you how to install Shopware with Nginx and have it up and running in a matter of few mins.

Prerequisites:

A development server running PHP7.3 (or higher), MySQL and Nginx.
A valid domain name or a local host file override
Full root level access to your server.

Installation

Download Shopware

Let’s suppose you are using a local domain i.e. local.shopware.com and updated your OS hosts file with the domain name to point to your local server i.e. 127.0.0.1.

For us to install shopware, first we will create an installation directory on your local server:

mkdir /var/www/htdocs/local.shopware.com

Next, download the Shopware with the following command:

wget https://www.shopware.com/en/Download/redirect/version/sw6/file/install_v6.3.5.0_ba08dbfc07784b5cefe7837f2abbda69dbf5b8b7.zip -O shopware.zip

Once the download is complete, unzip shopware.zip to the shopware directory:

unzip shopware.zip -d /var/www/htdocs/local.shopware.com

Next, set proper permission and ownership with the following command:

chown -R root:root /var/www/htdocs/local.shopware.com
chmod -R 775 /var/www/htdocs/local.shopware.com

NOTE: We have set ROOT as the directory owner purely because it is a local installation. Please do not set ROOT as the file owner on your live production or development environment.

Create a Database for Shopware

You can either create a new database using the shopware installation wizard or do it beforehand using the following commands:

First, connect to the MySQL server using the following command:

mysql -uroot -p -hlocalhost

Once connected, create a database and user with the following command:

MySQL [(none)]> CREATE DATABASE shopware;
MySQL [(none)]> GRANT ALL ON shopware.* TO 'shopware' IDENTIFIED BY 'password';
MySQL [(none)]> FLUSH PRIVILEGES;
MySQL [(none)]> EXIT;

Once you are finished, you can proceed to the next step to configure Nginx.

Configure Nginx for Shopware

Shopware entry point is in its public directory so you will need to create an Nginx virtual host file for Shopware with the following command:

nano /etc/nginx/conf.d/shopware.conf

And add the following block:

server {
    listen 80;

    # Handle / to index.php
    index index.php;

    # Our server name
    server_name local.shopware.com;

    # Where the code is located
    root /var/www/htdocs/local.shopware.com/public;

    # Needed for Shopware install / update
    location /recovery/install {
        index index.php;
        try_files $uri /recovery/install/index.php$is_args$args;
    }

    location /recovery/update/ {
        if (!-e $request_filename){
            rewrite . /recovery/update/index.php last;
        }
    }

    # Forward any not found file to index.php. Also allows to have beautiful urls like /homemade-products/
    location / {
        try_files $uri /index.php$is_args$args;
    }

    # Let php-fpm handle .php files
    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        include fastcgi.conf;
        fastcgi_param HTTP_PROXY "";
        fastcgi_buffers 8 16k;
        fastcgi_buffer_size 32k;
        fastcgi_read_timeout 300s;
        client_body_buffer_size 128k;
        fastcgi_pass unix:/run/php-fpm/www.sock;
        http2_push_preload on;
    }
}

Finally, save the file and restart Nginx.

Access Your Local Shopware Website

We will now complete final step of the installation using the web installation wizard.

So, open your web browser and type the URL http://local.shopware.com.

Select your language and click on the Next button. Make sure all the requirements have been met then click on the Next button. You should see the following page:

Agree to the GTC and click on the **Next** button to head to the Database configuration section:

Provide your database, username, password and click on the Start installation button and follow the steps to complete the configuration.

Once you have completed the installation wizard and shopware installed, you will be redirected to the dashboard. That’s all!

Learn how to install Magento 2.4.2 on a docker instance

by Shoaib Rehman | Aug 4, 2021 | Magento 2

We will be using MGT Commerce’s Docker container to install the latest version of Magento 2.4.2.

If you haven’t setup the MGT Commerce’s Docker image then you can simply run the following command to set one up on your local:

docker run -d --net=bridge -v /var/lib/mysql -v /home/cloudpanel --restart=always --privileged -h mgt-dev --name mgt-dev -it -p 80:80 -p 443:443 -p 8443:8443 -p 22:22 -p 3306:3306 -p 9200:9200 -p 15672:15672 mgtcommerce/mgt-dev:v2

Once the image is installed, you will need to go to https://127.0.0.1:8443/ as that’s where the docker image is installed.

Next, click on the Add Domain button to add a new local domain to install your Magento:

Important: Magento has removed the root index.php in Magento 2.4.2 and moved it to the ./pub directory so you will need to add ./pub to your document root as shown in the image above.

Once the domain is setup, you will need to create a database which you can create by clicking on the Databases link from the left hand menu.

Next, it is now time to download Magento on your local server but first you will need to login to the MGT Commerce’s Docker Image.

Open terminal and ssh using the following details:

FTP HOST: 127.0.0.1:22

USERNAME: root

PASSWORD: root

.. then navigate to the htdocs directory i.e.cd htdocs/playground.magento.com/

Finally, run the following to download Magento to the site root:

php7.4 /usr/local/bin/composer create-project –repository-url=https://repo.magento.com/ magento/project-community-edition playground.magento.com

This should download Magento and finally install it using the following command:

php7.4 bin/magento setup:install --backend-frontname='admin' --key='18Av6ITivOZG3gwY1DhMDWtlLfx1spLP' --session-save='files' --db-host='127.0.0.1' --db-name='playground' --db-user='root' --db-password='root' --base-url='https://playground.magento.com/' --base-url-secure='https://playground.magento.com/' --admin-user='admin' --admin-password='!admin123!' --admin-email='john@doe.com' --admin-firstname='John' --admin-lastname='Doe'

Once the installation is complete, you should be able to access Magento on https://playground.magento.com/ (but remember you will need to add this entry in your hosts file to access the site).

« Older Entries

Next Entries »

Who am I?

I am a Magento certified expert with a 100% success rate on UpWork (View Profile) and more than 2000 hrs.

I am an eCommerce Enthusiast and started using Magento back in 2014. I specialise in creating custom and bespoke modules for Magento including but not limited to third party integrations and bespoke business requirements.