Skip to content

Added: dispatchEvent to deleteAction(). Only existed in massDeleteAction().#9

Closed
Bogardo wants to merge 1 commit into
magento:masterfrom
Bogardo:patch-1
Closed

Added: dispatchEvent to deleteAction(). Only existed in massDeleteAction().#9
Bogardo wants to merge 1 commit into
magento:masterfrom
Bogardo:patch-1

Conversation

@Bogardo

@Bogardo Bogardo commented Apr 2, 2012

Copy link
Copy Markdown

Mage::dispatchEvent('catalog_controller_product_delete', array('product' => $product));
To the deleteAction().
Currently only exists in massDeleteAction()

  Mage::dispatchEvent('catalog_controller_product_delete', array('product' => $product));
To the deleteAction().
Currently only exists in massDeleteAction()
@magento-team

Copy link
Copy Markdown
Contributor

Thank you for the request.
'catalog_controller_product_delete' event was used for refreshing Tags related to products. This logic was replaced by adding Tag indexer and as a result, 'catalog_controller_product_delete' event is not needed anymore and was removed (see nearest GitHub update).
Actually Bogardo, you are right, this event should be used both for delete() and massDelete() actions.
If you need some event on delete product action, you can use 'catalog_product_delete_before' event, which is dispatched in Mage_Core_Model_Abstract::_beforeDelete(). In this case you can be sure, that you catch product delete event not depending on a way the product is deleted.

@WouterSteen WouterSteen mentioned this pull request Oct 3, 2014
@askwhyweb askwhyweb mentioned this pull request Dec 18, 2014
@sivajik34 sivajik34 mentioned this pull request Jan 2, 2015
This was referenced Jan 24, 2015
@nabeelfocus nabeelfocus mentioned this pull request Jan 3, 2024
5 tasks
@FabXav FabXav mentioned this pull request Oct 11, 2024
5 tasks
@raccoonuk raccoonuk mentioned this pull request May 30, 2026
5 tasks
alin-vlad added a commit to alin-vlad/magento2 that referenced this pull request Jun 8, 2026
Records the perf sprint: 7 shipped fixes (U-B135…U-B141), the two third-party
DI-preference mechanisms (TimeoutService / CachedTokenOrsData swap/override the
vendors' PROTECTED members — never editing source), the magento#2 carrier-mis-target
correction (Carriergo → Carrier), and the 3 declined candidates with evidence:
magento#5 (cityOptions is client-$wire on the shared autocomplete primitive; page weight
already banked by magento#3), magento#9 (conflicts U-B67's instant PF/PJ toggle), magento#10 (the
documented Hyva out-of-sync resync; targeted emits risk staleness). AGENTS.md ADR
index updated.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
alin-vlad added a commit to alin-vlad/magento2 that referenced this pull request Jun 8, 2026
…enum oracle)

Three confirmed findings from the gated security review, all in Otter-owned code:

magento#2 (PII-leak, medium) — Otter_CustomerPasswordReset concatenated the raw account
   email into logger->error() on the send/mark-done error paths (the one Otter
   violation of the AGENTS.md OMIT-not-mask invariant). Dropped the email; $e
   still carries the cause. (The otter_log_pass_reset audit TABLE is the
   deliberate, parameterized trail — left as-is.)
magento#8 (XSS defense-in-depth, low) — toast.phtml rendered message text via Alpine
   x-html (innerHTML sink, the only one in Otter). No attacker-controlled markup
   reaches it today, but switched to x-text (toasts are plain-text status copy).
magento#9 (enumeration oracle, low) — BillingAddressBookForm::openEdit logged the
   rejected address_id and lacked the NoSuchEntityException suppression that
   AddressBookForm has (H9). A logged-in attacker scripting openEdit(1..N) could
   tell existing ids from missing ones via the log. Added the dedicated suppress
   catch + dropped address_id from the Throwable log. (No DATA IDOR — ownership
   is enforced at use-time; this closes the log-side parity gap.)

Verified: BillingAddressBookForm 6/6 (+ a mutation-sensitive test asserting a
missing id logs no warning); lint clean. The big review finding (the Mokka
unauthenticated IDOR) + the other third-party items follow in separate commits.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
alin-vlad added a commit to alin-vlad/magento2 that referenced this pull request Jun 8, 2026
Records the second performance pass: shipped U-B153 (courier rate cache 12→1,
the drastic lever), U-B154 (autocomplete TTL 60s→7d), U-B155 (emit coalesce),
U-B156 (localities endpoint, −57 KB gzip/load); plus the deferred low-impact
items (per-county save coalesce, ANAF negative cache, script defer) with their
analysis, and the re-declined ADR 0005 magento#5/magento#9/magento#10 variants.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants