定制 taurus-media/module-polyshell-fix 二次开发

按需修改功能、优化性能、对接业务系统,提供一站式技术支持

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

taurus-media/module-polyshell-fix

Composer 安装命令:

composer require taurus-media/module-polyshell-fix

包简介

Fix for potential exploitation in custom options called Polyshell, where a user might try to pass a 'file' value to an option that is not designed to handle files.

README 文档

README

A Magento 2 module designed to address a potential security concern related to custom options. It ensures that custom option values are correctly validated before processing, preventing unauthorized 'file' type injections.

Description

This module introduces a before plugin for Magento\Catalog\Model\CustomOptions\CustomOption::getOptionValue().

The plugin performs the following checks:

  1. Option Existence: Verifies that the option_id associated with the request exists in the database. If the option does not exist, a LocalizedException is thrown.
  2. Type Validation: If the provided option_value is set to 'file', it confirms that the actual custom option type in Magento is indeed 'file'. If there is a mismatch (e.g., trying to pass 'file' to a text or drop_down option), a LocalizedException is thrown.

This prevents potential exploitation where an attacker might try to force Magento to process a file upload for an option that was not intended to handle files.

Installation

Via Composer (if available in repository)

composer require taurus-media/module-polyshell-fix

Manual Installation

  1. Copy the module files to app/code/Taurus/PolyshellFix.
  2. Run the following Magento commands:
bin/magento module:enable Taurus_PolyshellFix
bin/magento setup:upgrade
bin/magento cache:flush

Features

  • Security Hardening: Adds a layer of validation to product custom options.
  • Strict Type Checking: Ensures data integrity for file-based custom options.
  • Easy Integration: Hooks into existing Magento logic via plugins without modifying core files.

统计信息

  • 总下载量: 1.25k
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 3
  • 点击次数: 1
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 3
  • Watchers: 0
  • Forks: 0
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2026-03-24

承接程序开发

PHP开发

VUE

Vue开发

前端开发

小程序开发

公众号开发

系统定制

数据库设计

云部署

网站建设

安全加固