Blog
Add the Current Date to a Filename from the Command Line
Published: February 14, 2018
Something I do very often is add the current date to a filename from the command line.
Historically, I’ve always done something like this…
$ mv foo.txt 2018_02_14_18_07_foo.txt
It always felt dirty though…why should I manually type out the current date when I’m sitting in front of a computer which is equally if not more capable of doing that exact thing?
While I long put off researching this, today, I finally turned to Google in hopes of finding a more sane approach.
How Magento Generates Form Keys
Published: February 12, 2018
As a follow up to my recent article “How Magento Generates Admin Secret URL Keys” I’ve decided to take a look at yet another mechanism Magento uses to protect against CSRF attacks…form keys. In this post we’ll dig into Magento’s core code to understand how exactly, they are generated in both Magento 1 and Magento 2.
How Magento Generates Admin Secret URL Keys
Published: February 11, 2018
Recently, while looking into a vulnerability for the Magento Bug Bounty I needed to generate the secret key for an admin URL. While I’d long known that Magento adds these keys for security purposes (specifically to prevent against CSRF attacks) I never understood how exactly these keys are generated. In this post, I’ll document my findings.
Checking SSL / TLS Version Support of a Remote Host from the Command Line
Published: February 1, 2018
A few days back I received an alert from New Relic that a site was down.
I checked the New Relic UI for more details and saw the following…
“fatal alert: protocol_version” 
I did a little bit of research and arrived at the New Relic forums where I found a question titled “Availability report - connection error (Received fatal alert: protocol_version)”. There I found the following answer…
The legacy Availability Monitor in APM only supports TLS 1.0 which is why it began throwing errors once you disabled older TLS protocols.
My next course of action was to check whether or not the site in question supported TLS 1.0. In post, let’s review our options for checking SSL / TLS version support from the command line.
Setting a php_value in PHP‑FPM
Published: January 29, 2018
NOTE: The example used in this post is setting PHP's error_reporting level, which is no longer supported as of PHP 7.0. Regardless approaches documented in this post are still applicable for setting other php_values
Recently I needed to adjust PHP’s error_reporting level.
The goal was to set it to E_ALL & ~E_NOTICE which would silences notices.
The project in question was a Magento deployment, where it’s never advisable to modify core files (e.g. index.php). As such, I Googled “htaccess error_reporting E_ALL & ~E_NOTICE”, with hopes of making the change in the .htaccess file.
Magento 1 Enterprise Random 404s on the Product Detail Page (/catalog/product/view)
Published: January 26, 2018
Recently, I received the following email from a client…
Help! My best selling product is 404-ing! We need this resolved ASAP!!!
Ruh-roh 
My first step, of course, was to visit the URL for myself. Indeed, I got a 404.
Next up I added ?no_cache=1 at the end of the URL. This trick will bypass the full page cache in Magento 1 Enterprise, which the site in question was using. I refreshed the page and lo and behold the 404 was gone.
Digging in (after flushing page cache), I ultimately found a bug that can cause cache poisoning with a 404 response on any product details page if session is considered “invalid”.
In this post, let’s look at the issue, and how it can be solved.