taurus-media/module-polyshell-fix
Composer 安装命令:
composer require taurus-media/module-polyshell-fix
包简介
Fix for potential exploitation in custom options called Polyshell, where a user might try to pass a 'file' value to an option that is not designed to handle files.
README 文档
README
A Magento 2 module designed to address a potential security concern related to custom options. It ensures that custom option values are correctly validated before processing, preventing unauthorized 'file' type injections.
Description
This module introduces a before plugin for Magento\Catalog\Model\CustomOptions\CustomOption::getOptionValue().
The plugin performs the following checks:
- Option Existence: Verifies that the
option_idassociated with the request exists in the database. If the option does not exist, aLocalizedExceptionis thrown. - Type Validation: If the provided
option_valueis set to'file', it confirms that the actual custom option type in Magento is indeed'file'. If there is a mismatch (e.g., trying to pass'file'to atextordrop_downoption), aLocalizedExceptionis thrown.
This prevents potential exploitation where an attacker might try to force Magento to process a file upload for an option that was not intended to handle files.
Installation
Via Composer (if available in repository)
composer require taurus-media/module-polyshell-fix
Manual Installation
- Copy the module files to
app/code/Taurus/PolyshellFix. - Run the following Magento commands:
bin/magento module:enable Taurus_PolyshellFix bin/magento setup:upgrade bin/magento cache:flush
Features
- Security Hardening: Adds a layer of validation to product custom options.
- Strict Type Checking: Ensures data integrity for file-based custom options.
- Easy Integration: Hooks into existing Magento logic via plugins without modifying core files.
统计信息
- 总下载量: 1.25k
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 3
- 点击次数: 1
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2026-03-24