search

doofinder / doofinder-magento2

Open Software License 3.0
11 stars 9 forks source link

ALL SITES DOWN After last update #191

Closed kwabounga closed 2 years ago

kwabounga commented 2 years ago

Magento 2.3.5 p2 update doofinder-magento2 0.5.0 > 0.5.6 ( cf screen ) Capture d’écran de 2022-07-27 14-49-30

1: causes a code injection in the middle of the snippet in the call function of doofinder: currency and language. When the tokens are populated :

var dfUrl = '//cdn.doofinder.com/media/js/doofinder-classic.7.latest.min.js';
  (function(c,o,k,e){
    **currency: 'EUR',
    language: 'fr',** var r,t,i=setInterval(function(){t+=c;r=typeof(require)==='function';
  if(t>=o||r)clearInterval(i);if(r)require([k],e)},c)})(100, 10000, dfUrl, function(doofinder){
    doofinder.classic.setLayers([{
      "queryInput": "#search",
      "hashid": 'xxxxxxxxxxxxxxxxxxxxxxxxx',
      "zone": "eu1",
      "display": {
        "lang": "fr",
        "width": "70%",
        "align": "center"
      },
      "mobile": {
    "maxWidth": 1024
  }
    }]);
  });

2 : causes the complete crash of the site if the information is not found: Capture d’écran de 2022-07-27 14-57-39

Got error 'PHP message: PHP Fatal error: Uncaught TypeError: strpos() expects parameter 1 to be string, null given in /home/deploy-prod/www/releases/20220727120455/vendor/doofinder/doofinder-magento2/Helper/StoreConfig.php:813\nStack trace:\n#0 /home/deploy-prod/www/releases/20220727120455/vendor/doofinder/doofinder-magento2/Helper/StoreConfig.php(813): strpos(NULL, 'language:')\n#1 /home/deploy-prod/www/releases/20220727120455/vendor/doofinder/doofinder-magento2/Helper/StoreConfig.php(420): Doofinder\\Feed\\Helper\\StoreConfig->include_locale_and_currency(NULL, 'fr', 'EUR')\n#2 /home/deploy-prod/www/releases/20220727120455/vendor/doofinder/doofinder-magento2/Block/Display/Layer.php(31): Doofinder\\Feed\\Helper\\StoreConfig->getDisplayLayer()\n#3 /home/deploy-prod/www/releases/20220727120455/var/view_preprocessed/pub/static/vendor/doofinder/doofinder-magento2/view/frontend/templates/display/layer.phtml(1): Doofinder\\Feed\\Block\\Display\\Layer->getDisplayLayer()\n#4 /home/deploy-prod/www/releases/20220727120455/vendor/mag...

nb: We have 3 sites present under the same back office, 2 using doofinder, the last not using it. except the activation of the module is done in global config. We had to revert to version 0.5.0 after 2 hours of research, so we can't update to the latest version

can you do something ? please

sofia-doofinder commented 2 years ago

A new version with the fix has been released. v0.5.7