You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm currently patching some M1 shops with the security patch SUPEE-11086.
I always write some custom script to see if any of the fixes done in a security patch should be applied to the custom code we added to a shop, and my script detected this module.
SUPEE-11086 changes the following lines in the file lib/Varien/Filter/Template.php:
And since this module inherits from that class and rewrites the _getVariable method, the same changes might be needed here as well?
I don't really understand yet what security issue this is fixing and if this can be exploited using an import, but who knows ...
Thanks!
The text was updated successfully, but these errors were encountered:
hostep
changed the title
Should changes from SUPEE-11086 be applied to Ho_Import_Model_Template_Filter::_getVariable
Should changes from SUPEE-11086 be applied to Ho_Import_Model_Template_Filter::_getVariable ?
Apr 29, 2019
This might not be very important, since I don't think this method is called anywhere?
It was added in bb70580, but I don't see where that templateEngine method gets called? It doesn't seem to be called in this module and also nowhere in core Magento as far as I can tell...
Hi guys
I'm currently patching some M1 shops with the security patch SUPEE-11086.
I always write some custom script to see if any of the fixes done in a security patch should be applied to the custom code we added to a shop, and my script detected this module.
SUPEE-11086 changes the following lines in the file
lib/Varien/Filter/Template.php
:And since this module inherits from that class and rewrites the
_getVariable
method, the same changes might be needed here as well?I don't really understand yet what security issue this is fixing and if this can be exploited using an import, but who knows ...
Thanks!
The text was updated successfully, but these errors were encountered: