In this post, I will be guiding you on how to install Magento SUPEE 11086 patch.

The security patch SUPEE-11086 contains multiple security enhancements that help close remote code execution (RCE), cross-site scripting (XSS), cross-site request forgery (CSRF) and other vulnerabilities.

You can find more details from Magento Release notes for SUPEE 11086.

Follow below steps to install Magento SUPEE-11086 patch on your store.

Step-1: Download the patch file

Download the Magento SUPEE-11086 Patch files for your Magento Version from https://magento.com/tech-resources/download#download2287.

Step-2: Install the patch

Upload the patch into your Magento root directory and run the appropriate SSH command.

Connect to your SSH console and go to your root directory and run the below command.

For patch file with .sh file extension:

<pre><code class="bash">sh patch_file_name.sh</code></pre>

You have to replace patch_file_name with your patch file name.

For example:

<pre><code class="bash">sh PATCH_SUPEE-11086_CE_1.9.4.0_v1-2019-03-26-03-05-04.sh</code></pre>

For patch file with .patch file extension:

patch -p0 < patch_file_name.patch

How to revert a patch?

If you are facing some issue after applying the patch and now you want to revert back the changes. Then run bellow SSH command to revert your patch.

<pre><code class="bash">sh patch-file-name.sh -R</code></pre>

Thanks for reading!  🙂

Vishal Gelani (VG) by person is a generous, friendly and most important he is level down to earth always. On another hand, VG has a dynamic professional experience with Magento and he is holding an active profile as Top Solution Author in Magento Forum and Top Contributor in Magento Communities.

His vision is completely clear about Magento & it’s logical development. He is among the youngest Magento Master Mentor in the world and that matters like a true inspiration and personality to follow.

Journey in his own words

Vishal: I started working with Magento during my college days and I’m truly dedicated to codes – that’s my passion. I had learned Magento by myself at the beginning. In early Magento community or forum was not that open or advanced it was like a narrow pipe to pass the elephant. But I even took that as a challenge to make it easy to understand for other Magento members. It’s been a decade now that I’m involved with Magento and its core logic.

Fortunately, I had a circle who were all Magento learners and this also made my interest and I started indulging more with Magento. It always said you need gurus, those who guide you to move in the right direction and luckily I followed some and took their words, which includes some of my mentors who were like the fellow, they helped me a lot in learning and my achievements are due to their support too. I always believe in tackling the difficulties during the development stage and sometimes it drives me more curious to get it done. So either hard or easy my love for Magento remains the same.

Meet Magento India 2018 – A Marvelous Throwback

Vishal: I used to follow many Magento events across the world but in 2018 my stars shined with Meet Magento event which was going to held in India for the first time that too just 259kms from my city Surat and I definitely got the groove to attend this opportunity.

My words to express the experience would short-fall, as I was visioning a wholesome dream in reality. Great personalities on stage and their stories that have motivated me a lot and can say my dedication took one more step. I personally met many big Magento names and some creative guys while networking. I personally thank Piyush Lathiya for considering me eligible for that experience and it’s been a great pleasure to be a part of such working family.

Thoughts on Magento Community

Vishal said that the Magento community, firstly started as part of sharing but later it became serious interest as day by day his involvement was increasing. It changed the manner in which he used to see innovation when all is said in done. It used to pull demands and introduction everywhere throughout the world and the various exercise from the Magento community. According to him, everyone can see the genuine improvement that all made together and the things that were achieved when all cooperate as a gathering.

Vishal added: I’m amped up for what is coming straightaway, what we can design, and what we can achieve together with the Magento community.

PHP is the most favourite programming language at present for building websites on the internet. Majority of the websites and e-commerce solutions are in love with the PHP technology and why not? After all, it is the most secure programming language that is utilized to build trustworthy web applications.

And when it comes to developing e-commerce websites, Magento is the most successful framework. Magento extends many excellent features like Inventory management, Payment Gateway integration, SEO management, mobile-friendly interface, and product management etc., which makes it the preferred framework for designing e-commerce sites. If you want to operate Magento, then it is important for you to know how to formulate codes in the PHP language.

We all are enthusiastic about Magento 2 and all its new announcements. With each new update, the platform brings in innovative features that overhaul the default e-commerce experience completely. Today we will be talking about the latest major update, yes you guessed it right, get set to leverage the new update of PHP version! With PHP 7.2, you can execute new advancement features while operating on your Magento 2 projects. And this development will influence performance and security in a positive way!

Why You Should Be Using PHP 7.2

PHP lately released the next update in their PHP 7 series. The all-new PHP 7.2 delivers crisp updates which include significant security measures, advanced cryptography, enhancements to the core and faster loading of websites. To ease it for you, our Magento web development experts have broken down the newest attributes and benefits of PHP 7.2 below.

Libsodium is Part of the Core

Who doesn’t know about the application-layer cryptography library, Libsodium? It is now a part of the core in PHP 7.2. Earlier, the library was made accessible from PECL, an abbreviation of “PHP Extension Community Library.” With the addition of Libsodium, PHP becomes the first-ever programming language that adds advanced cryptography to its conventional library. With this, it assures the cross-platform and cross-language library, enables signatures, encryption, decryption, password hashing, and many more.

Argon 2 in Password Hash

Argon 2 is well-known for winning the 2015 Password Hashing Competition and also for introducing a reliable alternative to the Bcrypt algorithm used on the earlier version of PHP. Despite having the highest memory filling rate and effective use of various computing units, it provides defence against tradeoff attacks. When compared to Bcrypt which allows for one cost factor, Argon 2 exercises three cost factors: memory cost, time cost, and parallelism factor. The memory cost factor plays an important role in defining the amount of KiB that should be utilized during hashing. Whereas the time cost is crucial in defining the number of iterations of the hashtag algorithm. Lastly, the parallelism factor estimates the number of parallel threads that will be utilized during the hashtag.

Performance

According to a paper from Phoronix, PHP 7.2 works 13% faster than 7.1 and 20% faster than 7.0. This makes it the fastest as compared to PHP 5.6, which is still being used by a majority of the WordPress users. There are many other tests that warrant the above findings. As per the benchmarks set by the Official PHP, the PHP 7 is twice as fast as its 5.6 version with half the latency, while there are other benchmarks that prove it to be three times faster.

Deprecations

As we all know that with each new update, there is a depreciation of several features and functions. The same goes for this new update, you can find the complete list of the deprecated functions over here. All these features will run in PHP 7.2, except an error message will appear while use in log files. Developers should make it a point to inspect the code and update any deprecated functions before it becomes impossible for them to revert back.

Support

If we talk about the support, we know that PHP 7.0 brought an end to its security support on December 3rd, 2017. Well don’t panic, the critical support will still be open till the end of 2018, but the PHP association will no longer be rendering help for bugs or minor concerns.
PHP 7.1 will implement the above resolution from December 1st, 2018 thus go and upgrade to PHP 7.2 and rest assured, the latest security updates will be sustained by the community.

Summary

With important security updates, Libsodium in the core, and immensely enhanced performance features moving on from older versions of PHP to PHP 7.2 is a useful and valuable update. To finish with, we cannot thank Magento enough for making the patches available for everyone!  You can find the patches for Magento 1 here.

It’s PHP 7.2 that is trending these days and we will make sure that you are always up to the trend mark and never behind! In this article, you will be learning ways in which you can check if your custom Magento code is compatible with PHP version 7.2 or not.

Step 1 : Set up PHP_CodeSniffer and PHPCompatibility

To start with, you need to set up PHP_CodeSniffer on the system. You can set it up using the link given below:
https://github.com/squizlabs/PHP_CodeSniffer

After successful installation of PHP_CodeSniffer starts installing PHPCompatibility on the system using the following link.
https://github.com/PHPCompatibility/PHPCompatibility

Note: PHPCompatibility with version > 8.0 will only work with PHP version 7.1. Do make sure you have installed PHP version 7.1 on your system.

Step 2 : Execute commands to check compatibility

Now, to proceed further you need to execute commands to check the compatibility.

Go the desired folder (which needs to checked) using the command line and execute the command given below:

phpcs -p . --standard=PHPCompatibility --runtime-set testVersion 7.2

Note: In the above command you can change testversion if you want to check with a different version of PHP.

Above command will give its result as an output in the console itself. If you want to save the result in a specific result file you can do it with the following command:

phpcs -p . --standard=PHPCompatibility --runtime-set testVersion 7.2 --report-full=<Full path of result file>

FAQs

It’s tough when you’re dealing with Magento 1 custom grid view and you have to display EAV attribute data in grid. Right?

After tweaking the minds for hours, we at Aureate Labs would like to present a best and easy go solution that can work without a single error.

Let’s make it happen in a couple of minutes,

In a very short journey before we jump on actual code, make sure you’ve needed table structure same as displayed below:

First, create two tables related to the testimonial.
1.  testimonial table (parent table): stores All testimonial data.
2.  testimonial_product_customer (child table): stores Testimonial_id (FK), Product_id(FK), Customer_ID(FK) relational data.

Here is the detailed table structure with the required columns:

testimonial

• Id (Primary key)
• company_name
• name
• message
• post
• profile_pic
• status
• created_at
• Updated_at

testimonial_product_customer

• Id (Primary key)
• testimonial_id (Foreign key – testimonial)
• product_id (Foreign key – product)
• customer_id (Foreign key – customer)

Now, all we need is to display these products and customers related data in testimonial grid without breaking any functionality of searching or sorting the data. And that can be easily done with the help of LEFT JOIN (EAV TABLES).

Coming to code, we have to update _prepareCollection() the method of testimonial grid block class (Grid.php) placed at  app/code/local/{Namespace}/Testimonials/Block/Adminhtml/Testimonials/

protected function _prepareCollection()
{
    $collection = Mage::getModel('testimonials/testimonial')
                 ->getCollection();
    $productsTableName = Mage::getSingleton('core/resource')
                 ->getTableName('catalog/product');
    $productCustomerTableName = Mage::getSingleton('core/resource')
                 ->getTableName('testimonials/testimonial_product_customer');
    $entityTypeId = Mage::getModel('eav/entity')
        ->setType('catalog_product')
        ->getTypeId();
    $entityCustTypeId = Mage::getModel('eav/entity')
        ->setType('customer')
        ->getTypeId();
    $prodNameAttrId = Mage::getModel('eav/entity_attribute')
        ->loadByCode($entityTypeId, 'name')
        ->getAttributeId();
    $custNameAttrId = Mage::getModel('eav/entity_attribute')
        ->loadByCode($entityCustTypeId, 'firstname')
        ->getAttributeId();
    $collection->getSelect()
        ->joinLeft(
            array('testproduct' => $productCustomerTableName),
            'main_table.id = testproduct.testimonial_id',
            array('product_id','testimonial_id','customer_id')
        )
        ->joinLeft(
            array('prod' => 'catalog_product_entity'),
            'prod.entity_id = testproduct.product_id',
            array('sku')
        )
        ->joinLeft(
            array('cpev' => 'catalog_product_entity_varchar'),
            'cpev.entity_id=prod.entity_id AND cpev.attribute_id='.$prodNameAttrId.'',
            array('cpev.value' => 'value')
        )
        ->joinLeft(
            array('ccev' => 'customer_entity_varchar'),
            'ccev.entity_id=testprodcust.customer_id AND ccev.attribute_id='.$custNameAttrId.'',
            array('ccev.value' => 'value')
        );
    $this->setCollection($collection);
    return parent::_prepareCollection();
}

Next, to display product and customer-related columns in grid view,  add them to the method_prepareColumns as defined below.

protected function _prepareColumns()
{
    $this->addColumn('pro_name', array(
        'header'    => Mage::helper('testimonials')->__('Product'),
        'align'     =>'right',
        'index'     => 'cpev.value',
        'width'     => '50px',
    ));
    $this->addColumn('cust_name', array(
        'header'    =>Mage::helper('testimonials')->__('Customer'),
        'align'     =>'right',
        'index'     => 'ccev.value',
        'width'     => '50px',
    ));
    return parent::_prepareColumns();
}

That is all! Now you can check for the EAV attributes data displayed successfully in the custom grid. If you encountered any error, don’t hesitate to connect us by leaving the comment below. We will be glad to help you.

Happy coding 🙂

For any Magento project, the most exciting time is when you launch the Magento project live. But what I have noticed most of the times is that there are some unnecessary links present in my account section.

This is because Magento brings in some default links under my account on the right-hand section as you can see in the screenshot below.

Usually, some of the projects that I build doesn’t make use of any downloadable products, recurring profiles or any applications yet links like this are present in my account under this section.

Sometimes add a product to the wishlist option is not present at the front end but like you can see in the above screenshot “My Wishlist” link is still present in my account section.

Therefore I believe this may confuse the customer to a certain extent about the feature that is not present on the site.

The best practice is to verify and remove all these unnecessary links that are not required in my account section.

Here are the code snippets which will help you to remove Billing Agreements, Recurring Profiles and My Downloadable Products links from the account.

Billing Agreements: Copy this file app/design/frontend/base/default/layout/sales/billing_agreement.xml in your current theme and remove or comment out the following lines

<reference name="customer_account_navigation">
     <action method="addLink" translate="label">
          <name>billing_agreements</name>
          <path>sales/billing_agreement/</path>
          <label>Billing Agreements</label>
     </action>
</reference>

Recurring Profiles: Copy this file app/design/frontend/base/default/layout/sales/recurring_profile.xml in your current theme and remove or comment out the following lines

<reference name="customer_account_navigation">
     <action method="addLink" translate="label">
          <name>recurring_profiles</name>
          <path>sales/recurring_profile/</path>
          <label>Recurring Profiles</label>
     </action>
</reference>

My Downloadable Products: Copy this file app/design/frontend/base/default/layout/downloadable.xml in your current theme and remove or comment out the following lines

<reference name="customer_account_navigation">
     <action method="addLink" translate="label" module="downloadable"
          <name>downloadable_products</name
          <path>downloadable/customer/products</path>
          <label>My Downloadable Products</label>
     </action>
</reference>

In the end, it’s a good practice to remove all the unnecessary links from your account section and keep it nice and clean.

Cheers!

Magento forbids calling the Cron manually from the browser by default from htaccess if you are using Apache webserver.

## Deny access to cron.php
<Files cron.php>
############################################
## uncomment the lines below to enable cron access with base HTTP authorization
## http://httpd.apache.org/docs/2.2/howto/auth.html
##
## Warning: .htpasswd file should be placed somewhere not accessible from the web.
## This is so that folks cannot download the password file.
## For example, if your documents are served out of /usr/local/apache/htdocs
## you might want to put the password file(s) in /usr/local/apache/.
        #AuthName "Cron auth"
        #AuthUserFile ../.htpasswd
        #AuthType basic
        #Require valid-user
############################################
        Order allow,deny
        Deny from all
</Files>

To run Cron directly from the browser, we would have to update .htaccess file before calling the “yoursite.com/cron.php” URL from the browser.
For that, you need to comment out these two lines below:

#Order allow,deny
#Deny from all

What is important here is that if you don’t secure cron.php file using HTTP authorization, any user could potentially run Cron by requesting the “http://example.com/cron.php” URL to attack your Magento application.
From the security perspective, it’s very important to uncomment these lines after generating the .htpasswd file:

AuthName "Cron auth"
AuthUserFile ../.htpasswd
AuthType basic
Require valid-user

There are many online tools available to easily generate .htpasswd.

Just be sure about the path of the .htpasswd file. We can easily find the path of the .htpasswd file using the pwd command from the directory where the .htpasswd file is placed using the console.

It’s important to place the .htpasswd file somewhere that is not accessible from the web. This is so that folks cannot download the .htpasswd file.

Sometimes developer skips this HTTP authorization step which allows any third party to access the cron.php file directly from the URL.

Cheers!

In Magento, sometimes you may want to export specific tables for which you need to make use of command line.

To export full database, we make use of:
mysqldump --user=root --password= --host=localhost --compress --disable-keys --quick [db_name] > export.sql

In case you need to export specific tables, use the following command:
mysqldump --user=root --password= --host=localhost --compress --disable-keys --quick [db_name] [Space separated Table Names] > export.sql

salesrule
salesrule_coupon
salesrule_coupon_usage
salesrule_customer
salesrule_customer_group
salesrule_label
salesrule_product_attribute
salesrule_website

Let’s say if we want to export the following table named “salesrule”:

Then run the command below:
mysqldump --user=root --password= --host=localhost --compress --disable-keys --quick magento1937 salesrule salesrule_coupon salesrule_coupon_usage salesrule_customer salesrule_customer_group salesrule_label salesrule_product_attribute salesrule_website > export_salesrule_tables.sql

Hope this helps!

After Magento 1.9 edition and so, the order confirmation emails aren’t sent quickly. Instead, they are queued up to be sent with the Cron job operation. And with that update, let me put a question in front of you,

Why are order emails send through the queue, while Invoice emails are sent directly?

Here, it is a list of reasons behind sending the orders email using the queue:

To make the checkout/post-checkout process error-free: Generally, sending orders and emails in bulk will certainly affect website performance and you don’t want that because eCommerce website performance matters a lot..
To avoid website slowdown: It is benefited by the re-send functionality in case of any failure or interruption.
To resend, if not delivered: Organised and queued flow of orders emails can avoid uncomfortably while processing for checkout or even after it.

However, Order’s email can also be sent immediately, without queueing up.

Send order email immediately:

If  you like to send order email immediately you can consider overriding the Mage_Sales_Model_Order::queueNewOrderEmail()  method by changing the following lines:

/** @var $emailQueue Mage_Core_Model_Email_Queue */

$emailQueue = Mage::getModel('core/email_queue'); 

$emailQueue->setEntityId($this->getId())
->setEntityType(self::ENTITY)
->setEventType(self::EMAIL_EVENT_NAME_NEW_ORDER)
->setIsForceCheck(!$forceMode); 

$mailer->setQueue($emailQueue)->send();

To:

/** @var $emailQueue Mage_Core_Model_Email_Queue */

$mailer->send();

If you want to send invoices using a queue for smooth sending, then also it can be achieved by the solution presented below.

Send invoices using the queue:

The opposite solution is to let invoices use the queue:
You must override Mage_Sales_Model_Order_Invoice::sendEmail changing:

// Set all required params and send emails
$mailer->setSender(Mage::getStoreConfig(self::XML_PATH_EMAIL_IDENTITY, $storeId));
$mailer->setStoreId($storeId); $mailer->setTemplateId($templateId);
$mailer->setTemplateParams(array(
	'order' => $order,
	'invoice' => $this,
	'comment' => $comment,
	'billing' => $order->getBillingAddress(),
	'payment_html' => $paymentBlockHtml
	)
);
$mailer->send();

To:

// Set all required params and send emails
$mailer->setSender(Mage::getStoreConfig(self::XML_PATH_EMAIL_IDENTITY, $storeId));
$mailer->setStoreId($storeId);
$mailer->setTemplateId($templateId);
$mailer->setTemplateParams(array(
	'order' => $order,
	'invoice' => $this,
	'comment' => $comment,
	'billing' => $order->getBillingAddress(),
	'payment_html' => $paymentBlockHtml
	)
);
$emailQueue = Mage::getModel('core/email_queue');
$emailQueue->setEntityId($this->getId())
	->setEntityType('order_invoice')
	->setEventType('new_invoice');
$mailer->setQueue($emailQueue)->send();

Hence, these are some code manipulation by which you can send orders email quick or queue up invoice emails against immediate delivery.

Feel free to leave the comments below and contact us if you need any other help.