Added: dispatchEvent to deleteAction(). Only existed in massDeleteAction().#9
Closed
Bogardo wants to merge 1 commit into
Closed
Added: dispatchEvent to deleteAction(). Only existed in massDeleteAction().#9Bogardo wants to merge 1 commit into
Bogardo wants to merge 1 commit into
Conversation
Contributor
|
Thank you for the request. |
Closed
Closed
Closed
Closed
This was referenced Jan 24, 2015
Closed
5 tasks
5 tasks
5 tasks
5 tasks
5 tasks
5 tasks
5 tasks
5 tasks
5 tasks
5 tasks
5 tasks
5 tasks
5 tasks
5 tasks
5 tasks
5 tasks
5 tasks
5 tasks
5 tasks
Closed
5 tasks
5 tasks
5 tasks
Closed
5 tasks
5 tasks
5 tasks
alin-vlad
added a commit
to alin-vlad/magento2
that referenced
this pull request
Jun 8, 2026
Records the perf sprint: 7 shipped fixes (U-B135…U-B141), the two third-party DI-preference mechanisms (TimeoutService / CachedTokenOrsData swap/override the vendors' PROTECTED members — never editing source), the magento#2 carrier-mis-target correction (Carriergo → Carrier), and the 3 declined candidates with evidence: magento#5 (cityOptions is client-$wire on the shared autocomplete primitive; page weight already banked by magento#3), magento#9 (conflicts U-B67's instant PF/PJ toggle), magento#10 (the documented Hyva out-of-sync resync; targeted emits risk staleness). AGENTS.md ADR index updated. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
alin-vlad
added a commit
to alin-vlad/magento2
that referenced
this pull request
Jun 8, 2026
…enum oracle) Three confirmed findings from the gated security review, all in Otter-owned code: magento#2 (PII-leak, medium) — Otter_CustomerPasswordReset concatenated the raw account email into logger->error() on the send/mark-done error paths (the one Otter violation of the AGENTS.md OMIT-not-mask invariant). Dropped the email; $e still carries the cause. (The otter_log_pass_reset audit TABLE is the deliberate, parameterized trail — left as-is.) magento#8 (XSS defense-in-depth, low) — toast.phtml rendered message text via Alpine x-html (innerHTML sink, the only one in Otter). No attacker-controlled markup reaches it today, but switched to x-text (toasts are plain-text status copy). magento#9 (enumeration oracle, low) — BillingAddressBookForm::openEdit logged the rejected address_id and lacked the NoSuchEntityException suppression that AddressBookForm has (H9). A logged-in attacker scripting openEdit(1..N) could tell existing ids from missing ones via the log. Added the dedicated suppress catch + dropped address_id from the Throwable log. (No DATA IDOR — ownership is enforced at use-time; this closes the log-side parity gap.) Verified: BillingAddressBookForm 6/6 (+ a mutation-sensitive test asserting a missing id logs no warning); lint clean. The big review finding (the Mokka unauthenticated IDOR) + the other third-party items follow in separate commits. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
alin-vlad
added a commit
to alin-vlad/magento2
that referenced
this pull request
Jun 8, 2026
Records the second performance pass: shipped U-B153 (courier rate cache 12→1, the drastic lever), U-B154 (autocomplete TTL 60s→7d), U-B155 (emit coalesce), U-B156 (localities endpoint, −57 KB gzip/load); plus the deferred low-impact items (per-county save coalesce, ANAF negative cache, script defer) with their analysis, and the re-declined ADR 0005 magento#5/magento#9/magento#10 variants. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Mage::dispatchEvent('catalog_controller_product_delete', array('product' => $product));
To the deleteAction().
Currently only exists in massDeleteAction()