ArchiveCategory: Magento Fixes

ExpandLab Client Notice: Significant Changes to USPS Shipping Options inside Magento

Starting on Sunday, July 28, the United States Postal Service will roll out changes to their API that will impact your ability to offer Priority and Express mail shipping options. USPS is changing the name of those two shipping methods and their Webtools API is being updated to match those changes.

To continue utilizing USPS Priority AND Express mail methods, merchants on Magento Enterprise Edition must install the patch we¹ve created to address the issue.

If your merchants are on Magento Enterprise Edition 1.12 or 1.13, download the patch here and use the installation instructions at the bottom of this email.

If your merchants are on earlier versions, patches and instructions will be available on Monday, July 29, and we will send out an email with download information.

Please note that you will need to wait to install this patch until July 28, after the USPS has made the change to their API.

For more information, here is the official statement from USPS:
https://www.usps.com/business/web-tools-apis/2013-july-webtools-release-notes.rtf

In Magento, How to redirect all non www pages to www pages

In .htaccess, after

#RewriteBase /magento/
After it I placed on their own lines:

RewriteCond %{HTTP_HOST} !^www.website.com$ [NC]
RewriteRule ^(.*)$ http://www.website.com/$1 [L,R=301]

Magento Fix when upgrade to 1.7 and State drop down does not appear in IE 8, IE 7, etc.

Replace the following code in form.js

if (this.regionSelectEl.options.add) {
this.regionSelectEl.options.add(option);
} else {
this.regionSelectEl.appendChild(option);
}

with:

if (this.regionSelectEl.options.length > 0 && option.value.length > 0 && option.text.length > 0 && this.regionSelectEl.options.add){
//~ this.regionSelectEl.options.add(option);
this.regionSelectEl.appendChild(option);
} else {
this.regionSelectEl.appendChild(option);
}

How to apply Magento Security Patch – Zend Platform Vulnerability

We have recently learned of a serious vulnerability in the Zend platform on which Magento is built. This note provides information on how customers can access and install a patch that addresses this issue.  If you need assistance with this, please let us know.

The Issue

The vulnerability potentially allows an attacker to read any file on the web server where the Zend XMLRPC functionality is enabled. This might include password files, configuration files, and possibly even databases if they are stored on the same machine as the Magento web server.

Solution

We recommend that all Magento implementations install the latest patch appropriate for your platform:

  • Magento Enterprise Edition and Professional Edition merchants:
  • You may access the Zend Security Upgrade patch from Patches & Support for your product in the Downloads section of your Magento account. Account log-in is required.
  • Download

Workaround

If the patch cannot be applied immediately, the following instructions can be followed to temporarily disable the RPC functionality that contains the vulnerability. Please be advised, any integrations that rely on the XMLRPC API functionality will no longer work after this workaround is implemented.

  • 1. On the Magento web server, navigate to the www-root where Magento app files are stored.
  • 2. In the wwwroot, navigate to /app/code/core/Mage/Api/controllers.
  • 3. Open XmlrpcController.php for editing.
  • 4. Comment out or delete the body of the method: public indexAction()
  • 5. Save the changes.

Additional Notes

Users with existing IDS capability may monitor the RPC interface to watch for attacks. As always, we recommend maintaining an up-to-date installation of the Magento platform as the best way stay secure.

The latest releases of Magento (Community Edition 1.7.02 and Enterprise Edition 1.12.02) incorporate the appropriate patches. please use correct versions of releases 1.7.0.2 and 1.12.0.2 .

Magento 1.6.2 Webservice Role Not Updating – Fix

If you are on Magento 1.6.2, you’ll notice that when you create a web service user, then try to create a role with access to certain resources, the resources do not save.

Luckily, it is an easy fix.

Below is the code edit. Inside app/code/core/Mage/AdminHtml/Block/Api/Tab/RolesEdit.php we will look inside the constructor for a function call to getPermission.

The old line of code should be
if (array_key_exists(strtolower($item->getResource_id()), $resources) && $item->getPermission() == 'allow')

The new line of code should be
if (array_key_exists(strtolower($item->getResource_id()), $resources) && $item->getApiPermission() == 'allow')

This was necessary for us to get our integration to Brightpearl working from Magento 1.6.2, though it seems this bug is fixed in 1.7 we are not comfortable upgrading to it quite yet.

 

 

Contact us today! Let's talk about how we can help grow your business.

Contact Us