21 October 2015

SUPEE-6788 patch

Magento recently announced the release of yet another security patch for EE and CE, SUPEE-6788.  Security patches to this point have generally not needed many/any extension changes to make them work, but this one is different and seems to be making some waves in the Magento community.  We only learned of the release of the patch late last night when Magento emailed out a security announcement - and the patch is documented to be released today.

Well it's looking like you may want to swap 'may affect' to 'probably will affect' if this list compiled by the community is anything to go by (and the list will also be far from complete considering the number of extensions available).

So take heed and make sure your stores extensions are compatible with the SUPEE-6788 patch before you install it or a lot of your custom admin functionality could stop working.

That's the bad news, the good news is that the changes are actually very much restricted to the backend, and it's unlikely that the customer will see any issues, or find the store to break on the frontend.

Basically the main change which everyone is talking about is a change in the way you declare a custom router in admin.  There are 2 ways in which you can do this:
  1. Declare your own router entirely and set a frontname used to route requests to your module.  The frontname will appear in place of where you normally see 'admin' (or your custom admin url) near the start of the URL.
  2. Base your modules requests off the admin controller and add in logic to tell Magento to also check your module for a routing match.
Both are valid and widely used methods, but the second method is considered best development practice.  What the SUPEE-6788 patch does is essentially deprecate the first method making it non functional and forcing extension developers who are using it to switch to the second method instead.

This document linked to in the security announcement email tells you what changes you need to make to ensure your extensions will work with the new patch, but a quick and easy test for store owners is to just browse admin viewing pages related to any extensions you have installed.  If you see anything at the start of the URL which is not the normal admin URL string you see on standard pages, i.e. instead of:

https://somestore.com/admin/some/url/............

you see:

https://somestore.com/custom/some/url/............

where 'custom' can be anything, then that extension will need to be patched to work with the new SUPEE-6788 patch.  Note that this is not a complete test as extensions could easily accept requests outside of viewing an actual page in admin, but it should be a good indication even so.

Hopefully not too much information will be discovered about what vulnerabilities this patch fixes before developers and store owners can get all of the affected extensions updated.

UPDATE: So Magento have sent out an update - they have delayed release of the patch until early next week.

They are also altering it so that the code which breaks the admin routing method described above is disabled by default and can be enabled after the patch is installed and all affected extensions have been updated.  A sensible move considering the large number of extensions requiring changes - one day really wasn't long enough considering they will undoubtedly release the patch as a critical update to be installed immediately.

With the patch changes you should be free to install the extension straight away on your store, just remember to enable the admin routing section of the patch once all of the your extensions are up to date.

16 October 2015

Grab your free Magento extensions

Over the past few months we've been gradually making all of our paid extensions free.  Well all apart from our flagship advanced full page caching extension Evolved Caching (which by the way we feel is the best full page caching option out there).

Everyone loves free (good) stuff and all of the extensions we are giving away are well developed, capable solutions with a couple of years development behind each one - so we haven't just knocked out a load of speedily developed, poor quality pieces of software, these extensions have been developed and improved over a long period of time by highly experienced Magento developers.


Here's what we are offering:

Cookies For Comments

Adds contact form spam protection based on the popular WordPress plugin.

Infinite Scroll

Adds SEO friendly infinite scroll functionality to category pages.
Adds dispatch estimate notifications to products, cart page, frontend/backend order view and order emails.
Manage all of your Sirportly ticketing from Magento admin.
Disable third party admin notifications but still be notified by Magento with Spam Filter.
Increase the social profile of your Magento site by easily adding store specific tweets.
Adds tab style content switching to Magento CMS pages
Sort and filter the sales order grid by many different columns.
Get both ajax add/remove cart functionality and a mini cart popup.

You can get hold of all of these on GitHub, Connect (linked above), or via the Composer package manager.

It's also well worth taking at look at our flagship extension Evolved Caching.  This is a highly advanced, mature, full page caching extension we believe truly outstrips the competition both in terms of performance and functionality.  In constant development since early 2013 this extension is running on some of the largest, most demanding and highly developed Magento stores online.

Use our performance profiler to test your stores current performance, and sign up for a free 30 day trial of Evolved Caching before you commit to buy.

2 October 2015

Get huge data savings on your cache with Evolved Caching

If you run a store with a lot of products, or have a multi store setup then you are likely to have a pretty large full page cache.  Well from version 1.9.6 of Evolved Caching you can slash the size of your cache by 85% by compressing your cached data.  Here's the savings we saw during testing while introducing an overhead of just 2-3 milliseconds:
  • Uncompressed cached page data size - 44KB
  • Compressed cached page data size - 6.6KB
  • Saving - 85%
If you want to significantly reduce the size of your full page cache then grab your copy today!