search

peterjaap / magerun-addons

Addon modules for n98-magerun
187 stars 41 forks source link

Add even more tables to search for block types and variables (APPSEC-1057) #15

Closed hostep closed 8 years ago

hostep commented 8 years ago

The guys at Atwix recommend to check these table too, since you are also able to add blocks and variables to product or category attributes:

Here is some sample code I put together this morning (sorry for not creating a pull request, feeling a little bit tired after patching Magento shops for 3 days in a row ...):

$catalogProductEntityTextTable     = $resource->getTableName('catalog_product_entity_text');
$catalogProductEntityVarcharTable  = $resource->getTableName('catalog_product_entity_varchar');
$catalogCategoryEntityTextTable    = $resource->getTableName('catalog_category_entity_text');
$catalogCategoryEntityVarcharTable = $resource->getTableName('catalog_category_entity_varchar');
$catalogTables                     = array($catalogProductEntityTextTable, $catalogProductEntityVarcharTable, $catalogCategoryEntityTextTable, $catalogCategoryEntityVarcharTable);

...

foreach ($catalogTables as $catalogTable)
{
    $catalogCheck = sprintf($sql, 'value', $catalogTable, 'value', 'value');
    $result = $db->fetchAll($catalogCheck);
    $this->check($result, 'value', $list);
}
hostep commented 8 years ago

Tnx @arosenhagen & @peterjaap !