Category: Magento

WebForms by VladimirPopov is very popular free module that allow you to create a custom contact forms and embed them on your Magento site easily. Recently a security issue is discovered in module that allow attacker to inject a script that will allow him to upload any file to server through URL and browser. Updating module to latest version is highly recommended however if your site is already hacked that will not resolve a issue. To make things worst some Magento administrators reported that hack can send a email with server data to specified email address, extending vulnerability of  hacked Magento.

After updating module to latest version I strongly suggest complete scan of your file system using MageFence tool that will run through server and search for suspicious files and malware code in files. Once scan is completed you can see results and remove injected and infected files, if infected files are located in app/code/core/Mage folder you can use Magento installation package to overwrite those files and upload clean one.

MageFence comes with built in file scanner that will create a starting point on installation and after that any changes in files will be recorded and reported. So you will be able to see and track any changes that are made, this is key feature in early detection of hack attempts. ExtensionsMall update their security module on regular base and all confirmed security issues are included in vulnerability checklist and malware definition base.

 

 

 

 

 

 

 

 

Magento has quite good flow when order is places and in most cases Order statuses and states would be properly assigned. There are cases where that is not enough and store owner would like to assign/change order status at will without following flow rules.

When you open order view in Magento admin, under ‘Information’ tab there is ‘Comments History’ section in which you can add order comment and change order status. Order status is changed by selecting value from ‘Status’ drop-down, however values that are displayed are determined by settings under System->Order Statuses.

This can be modified with one little change allowing store admin to see all order statuses and set them at will.

All changes that will be made in one single file , but as always it is good to create a backup file just in case that you want to restore things to default.

Open in editor file:

app\design\adminhtml\default\default\template\sales\order\view\history.phtml

and find line #34 and code:
<?php foreach ($this->getStatuses() as $_code=>$_label): ?>

change it to:

<?php foreach (Mage::getSingleton(‘sales/order_config’)->getStatuses() as $_code=>$_label): ?>

save file and that is it.

Now when you view order in Magento admin, all order statuses will be available in ‘Status’ drop-down and you can set them as you like.

 

 

While Magento provide method to set page title and description in block file using commands, in some cases that is not enough and additional meta tags need to be defined for particular page to improve site usability and SEO.

$this->getLayout()->getBlock('head')->setTitle('page title');
$this->getLayout()->getBlock('head')->setDescription('page description');

 

Additional meta tags are needed in case that module has it’s own page and customers want to shear some information from that page. Without properly set meta tags generic content will be used and sheared link will be displayed with desired data, most common issue is wrong image, page title and description.

There are several possible methods to add meta tags to custom module page, we will use one that require minimal skills and can be quickly implemented into any module. With this method you will not edit any file outside of your custom module and you can easily set tags for various social media using code provided in demo examples. On top of that you can set separate file for every module section and with some additional programming it is possible to add multi-language support.

Find your custom module template folder and create a new PHTML file, we will name it ‘metatags.phtml‘ to be easily recognized when you return later to your module. Open file in editor and simply copy example code from social media for which you want to set tags. To name few common OG tag examples that are:

<meta property="og:title" content="Custom page title"/>
<meta property="og:image" content="http://www.domain.com/skin/base/default/images/logo.png"/>
<meta property="og:site_name" content="Custom site name"/>
<meta property="og:description" content="Custom page description" />
<meta property="og:url" content="http://www.domain.com/custom-module.html" />

 

Replace content values with one that you want and save file.

To include meta tags to appear on front end we will need to edit module layout file, Open XML file in editor and add line that will include meta-tags template into page head section.

<block type="core/template" name="custom_module_meta" template="custom_module/metatags.phtml" />

Complete code should look like this:
<reference name="head">
<block type="core/template" name="custom_module_meta" template="custom_module/metatags.phtml" />
</reference>

After saving file, refresh Magento cache and reload page of your custom module. To check are tags displayed properly open page in ‘View Source’ mode, search for head section and you should see all meta tags that you defined for your custom module. If you want to additionally check results you can use social media tools that will fetch page for you and render all information that are recognized, also in case that there are errors they will be marked (Facebook has nice tool here). Now when you shear content from page of your custom module proper data will be used.