Skip to content

Instantly share code, notes, and snippets.

View jellesiderius's full-sized avatar

Jelle Siderius jellesiderius

View GitHub Profile
@jellesiderius
jellesiderius / removeFishpigVulnerability.php
Last active September 14, 2022 09:37
Remove Fishpig Vulnerability through CLI script. Put this file in you Magento root "root/scripts" and remove this file after running.
<?php
// Based on commit: https://github.com/bentideswell/magento2-wordpress-integration/commit/b277b35697ff2c1e9e5dd48c6642a761ddb73a2b
if (php_sapi_name() == 'cli' && empty($_SERVER['REMOTE_ADDR'])) {
require dirname(__FILE__) . '/../app/bootstrap.php';
$cacheDir = BP . '/var/cache';
$infectedFiles = [];
$it = 1;
$messages = [];
@jellesiderius
jellesiderius / TrojanOrders-exploit.patch
Last active December 9, 2022 15:15
Quick fix for trojan order exploit in 2.4.5-p1 and below
--- a/vendor/magento/module-sales/Model/Order/Email/Sender.php
+++ b/vendor/magento/module-sales/Model/Order/Email/Sender.php
@@ -73,6 +73,20 @@
*/
protected function checkAndSend(Order $order)
{
+ $possibleExploitTags = ['{{', '}}', '()', '.()', 'base64_', 'this.', 'addAfterFilterCallback', '.filter', '.Filter', 'getTemplateFilter'];
+ $addressArray = $order->getAddressesCollection()->toArray()['items'];
+ $addressStringCombined = "";
+ foreach ($addressArray as $addressArrayItem) {
@jellesiderius
jellesiderius / findAndReplaceEmailVariables.php
Last active March 1, 2023 12:27
Magento 2: Replace old email variable with new ones (Files and Database) 2.4.3 to higher. https://developer.adobe.com/commerce/frontend-core/guide/templates/email-migration/. Place this file in MAGENTO_ROOT/scripts.
<?php
$time_start = microtime(true);
// MAGENTO START
require dirname(__FILE__) . '/../app/bootstrap.php';
use Magento\Framework\App\Bootstrap;
$bootstrap = Bootstrap::create(BP, $_SERVER);
@jellesiderius
jellesiderius / pull-all.sh
Created February 27, 2023 12:02
Bash script to reset + pull all latest git versions of underlying folders
#!/bin/bash
# Loop through all directories in the current directory
for dir in */; do
# Enter the directory
cd "$dir"
# Check if the directory is a git repository
if [ -d ".git" ]; then
# Reset the repository to the latest version and pull the latest changes