Magento's Problematic (lack of) Release Line Strategy

Published: July 12, 2018


Magento currently maintains and accepts pull requests to 3 separate branches on GitHub.

  1. 2.1-develop - Code targeting this branch will go into a 2.1.X release
  2. 2.2-develop - Code targeting this branch will go into a 2.2.X release
  3. 2.3-develop - Code targeting this branch will go into a 2.3.X release

While the notion of allowing the community to contribute to each release line sounds good on paper, in practice it doesn’t work out so well in my experience.

In this post I’ll outline the issues with this process as I see them.

Magento's Not Sane AdminNotification Module

Published: July 5, 2018


For my past 4 and a half years working with Magento, I’ve gotten very used to seeing messages like this when I log into the Magento admin panel.

Example admin notification

I typically close them out and proceed about my business. I had never quite understood how these notifications work until recently. Here I’ll document the not quite sane mechanics behind Magento’s admin notification system.

Export Magento Attribute Options to CSV with the Table Capture Chrome Extension

Published: June 20, 2018


Recently, I received the following request from a client…

How can I get an export of all the options for a given attribute in Magento?

There are several attributes I need to do this for…

Looking at the Magento admin panel, it quickly became evident that there was no self-serve way for the client to export the data.

The attribute option edit screen in Magento 1

Here I’ll document my approach, which ultimately led me to the Table Capture Chrome extension.

The Case of the Vanishing uRapidFlow License Key

Published: June 14, 2018


Recently, I received an email from a client that read something like this…

Subject: URGENT: Feeds not running

Feeds did not run this morning. Pricing is wrong on the website.


The website was using a uRapidFlow profile that was run on a cron to regularly import product pricing. Navigating to the profile in the Magento admin panel I got the following error…

A screenshot of the error experienced

Error message: Module record not found: Unirgy_RapidFlow

Here, I’ll document my findings…

Luhn Validation From the Command Line

Published: June 12, 2018


Today I received an alert that a credit card scanning tool had detected data that looked like a credit card number (PAN) on the file system of a client’s server.

Reviewing the details I found that the tool was reporting it had found what appeared to be a credit card number in an image file on the server. This gave me quite the scare as I knew that there’s a common strain of malware for Magento (the platform this site was running) which steals credit card numbers and stores them in images files to be harvested by the attacker.

The tool was reporting the credit card number started with “304428”. I was able to find the match in the reported file using exiftool

$ exiftool -m 00080878182947_2.jpg | grep -o '.\{20\}304428.\{20\}'
8cca4b4231, xmp.did:304428740720681188C6DBD8EA

xmp.did:? I wasn’t sure what this was, but from some quick research I learned that it was metadata added for Adobe’s Extensible Metadata Platform (“XMP”).

As a quick check I did want to see if the number passed Luhn validation. I didn’t want to copy / paste the data into an online tool for obvious reasons, so I decided to do some further research on how to run Luhn validation from the command line. Here I’ll document my findings.

Simulating an Elasticsearch Timeout

Published: May 31, 2018

Recently I submitted a contribution to the Magento 2 project to terminate requests to Elasticsearch if they exceed the configured “timeout” setting. This was done in response to a production issue experienced on a client’s site where Elasticsearch slowdowns (due to a misconfigured maximum heap size) would take an entire website down.

Basically, what was happening is that the PHP processes that were waiting for Elasticsearch responses would continue to build up until the server resources were exhausted. This would block workflows on the site that didn’t require Elasticsearch such as placing orders, wishlist / shopping cart management or administrative workflows.

In order to test this feature out, I wanted to simulate an Elasticsearch timeout. Turns out this is a lot harder than one would think. Here I’ll document my findings…