Author Archives For Tim Reynolds

A certified Magento developer, Tim expertly architects eCommerce sites for Envalo customers. Tim also has experience in PHP, Java, jQuery, Linux, MySQL and Varnish. Tim is a founding partner and the Chief Technology Officer at Envalo.

Envalo magento security vulnerability

Magento Arbitrary File Upload Vulnerability: What You Need to Know

Recently the fine folks over at DefenseCode published a security advisory regarding a severe Magento arbitrary file upload vulnerability. You can find that advisory here:

High Risk 0-day Vulnerability Found in Magento eCommerce

I wanted to take a moment to address this vulnerability, clarify some things they stated, and clear up any confusion for the community. This will be a quick article, I won’t go into the nitty-gritty technical details as they are covered in the advisory. Instead we will break it down for the average merchant.

Question 1: Are you vulnerable?

The answer to this is simple: Almost certainly not. What is not clearly stated in the advisory is that this ONLY affects Magento 2. Which is to say, if you are running any version of Magento 1, which most of you at this time would be, you are not affected by this in any way and can carry on. Of course, if you run Magento 1 and don’t apply your patches, you are probably at risk of any number of other more serious vulnerabilities! If you have any questions about whether your Magento site is up to date, please reach out to us. We would love to help.  Continue reading…


Magento

Loading Static Blocks in Magento PHTML file – the Right Way!

Everyone is currently doing it wrong…

If at some point you decide to make the wacky decision to develop front-end templates for Magento, you will invariably find yourself asking the question: How do I load a static block inside of a PHTML file? When asking yourself this, you will probably do the most natural thing of typing your question into Google and accepting the results it provides you. However, you would be mistaken!

What if I told you that every single result on that subject that I have found is critically WRONG! In a very serious, very silly way. Read on to find out why.

Recently a client reached out to me to report they had suddenly started seeing the strangest thing on one of their sites. In their footer, random static blocks were appearing, breaking the layout. Stranger still, this only seemed to happen on ‘secure’ pages (Login, Checkout, anywhere you would see the Lock icon in the URL). They asked me to explain what was causing this and to prescribe some remedy.

These issues are always interesting to me as they let me flex my knowledge of Magento’s internals. So I set to work. Continue reading…


Authorize.Net Technical update and Magento

Magento and the Authorize.net Technical Update of 2016

UPDATE: We were wrong on one point! Read again to find out…

2016 seems to be a year of much change. My previous article was written about the incoming changes to PayPal and how they conduct business. Today I will be discussing a similar situation with Authorize.net.

If you use Authorize.net for processing your credit cards, you have likely already encountered the Authorize.Net Technical Update email or micro-site detailing the changes and perhaps you have wondered and questioned how these will affect your business. Answers to those questions and more can be found here! Well… not more. Just that one question really. Onward!

As with my previous article we will address each point one-by-one as listed on their informational micro-site found here: http://app.payment.authorize.net/e/es.aspx?s=986383348&e=1086337 Continue reading…


Magento and the PayPal 2016 Changes

This year PayPal is making a number of improvements to their encryption and security technology that could result in service disruption for many Magento merchants who aren’t prepared. Several of our clients have received ominous emails from PayPal forewarning the coming disaster if they don’t ensure they are up-to-date. As always, we want to do everything we can to avoid disaster for our clients, so we investigated and came up with a few things that may be issues. As a template for this discussion, we will use this PayPal Blog Post that covers the various changes coming. Continue reading…


Introducing Envalo Enhanced Search for Magento

Magento does many things quite well, however our experience has been that search is not one of them. Since we started working with Magento all those years ago, a consistent complaint we heard from our clients was around search results and their lack of relevance. Often, the answer we would find from any sources online was to use Solr or some other 3rd party indexing system. Those are great options, but not necessarily the best option for everyone.

Adding an additional service such as Solr is not a silver bullet to getting relevant search results and it carries with it the technical overhead of needing someone to configure and maintain the service. For larger companies this is not a problem, but for the small-to-mid market it can be an undue burden. We thought we might be able to do something better.

Thus we introduce our latest extension into the Magento landscape, “Envalo Enhanced Search.” This module is a drop-in solution that requires no additional external tools or services. You can immediately see a tangible improvement to the relevancy of your search results, while not experiencing any decrease in server performance. Honestly, I feel like an infomercial, but I am quite excited about this. This module won’t fix a dent in your car, it won’t cover up unsightly blemishes, it will just do the one thing it was designed to do: Fix your search.

And to help you see the impact, we created a tool in the Admin portal that allows you to test searches and see the results across each algorithm. Here is a screenshot of the testing tool in action.

Screenshot_1

In this search query test I chose one of the default search terms that comes with the Magento Sample Data package. To explain what you’re looking at, each column is a “Search Algorithm” available to you. The first two come with Magento out-of-the box. The next four come with the Envalo Enhanced Search module. The cell that is highlighted pink is the cell my mouse pointer is currently pointing at, while the goldenrod cells are the same SKU in each other algorithm. Using this you can quickly see how each algorithm performs for your search terms. Finally, the cells that are green-ish are results within the same algorithm that have the same relevance score (The number within the parenthesis in the upper left of the cell). Any items with the same relevance can technically be in any order. So the pink and green-ish products are all in ‘2nd’ place.

You may be wondering why the “Full Text” column only has one product. “Full Text” searches are very powerful in that they do come back with a relevance score, however they lack the ability to do partial-word matching. This query is an extreme example that helps illustrate how that can affect things. Often times “Full Text” will have just as many results as the other search algorithms, but then sometimes it doesn’t. Because our search enhancements build off of the standard “Like” search bundled in Magento we support partial matches.

You may be wondering how our module works? I won’t bore you with all the technical details here, but essentially it develops a relevance score from 0.0 to 1.0 based on which words match, which match consecutively and which terms are featured at the start of your indexed attributes. All the mathematical details are included in our documentation as well. If you are interested we would be happy to demo our technology to you! Just drop us a line.