Skip to content

Instantly share code, notes, and snippets.

View LouisdeLooze's full-sized avatar

Louis de Looze LouisdeLooze

5 followers · 4 following
View GitHub Profile
@LouisdeLooze
LouisdeLooze / README.md
Last active January 13, 2026 17:47
Magento2 devenv/NixOS development environment

Getting started

  1. Follow the installation guide for nix: https://devenv.sh/getting-started
  2. Add devenv.nix to your project root
  3. Add devenv.yaml to your project root. Note: I did this because I had issues with the 'unstable' dist and for ES you need to allow unfree packages

To start the processes:

devenv up

To go into the shell, but I would suggest using direnv: https://devenv.sh/automatic-shell-activation

@LouisdeLooze
LouisdeLooze / 10_block_sessionreaper_malicious_file_upload.conf
Last active October 30, 2025 08:22
# deployed by ewings-tools
# The known malware SessionReaper (CVE-2025-54236) places a malicious file to the upload endpoints of address_file_upload and customer_file_upload.
# To prevent exploitation of this behavior, we block access to these endpoints.
location ~* /(address/)?(address|customer)_file(/|_)upload/? {
return 403;
}
location ~* /customer(_custom_attributes)?/(address|customer)_file(/|_)upload/? {
@LouisdeLooze
LouisdeLooze / geissweb_broken_api.patch
Created October 16, 2025 13:05
Patch for Geissweb issue
diff --git a/vendor/geissweb/module-euvat/Model/Setup/RatesCollector.php b/vendor/geissweb/module-euvat/Model/Setup/RatesCollector.php
--- a/vendor/geissweb/module-euvat/Model/Setup/RatesCollector.php
+++ b/vendor/geissweb/module-euvat/Model/Setup/RatesCollector.php (date 1737557804000)
@@ -78,8 +78,12 @@
{
$response = $this->doRequest('standard');
$responseContent = $response->getBody()->getContents();
-
- $rates = $this->serializer->unserialize($responseContent);
+
@LouisdeLooze
LouisdeLooze / composer.json
Last active September 30, 2025 15:00
{
"name": "ewings/ewings-mage2",
"description": "MonoWing generated Magento 2 project for FDL",
"type": "project",
"license": [
"OSL-3.0",
"AFL-3.0"
],
"require": {
"php": "8.1.* || 8.2.*",
@LouisdeLooze
LouisdeLooze / VULN-32437_2.4.X.patch
Last active September 9, 2025 14:43
Hotfix for CVE-2025-54236
diff --git a/vendor/magento/framework/Webapi/ServiceInputProcessor.php b/vendor/magento/framework/Webapi/ServiceInputProcessor.php
index ba58dc2bc7acf..06919af36d2eb 100644
--- a/vendor/magento/framework/Webapi/ServiceInputProcessor.php
+++ b/vendor/magento/framework/Webapi/ServiceInputProcessor.php
@@ -246,6 +246,13 @@ private function getConstructorData(string $className, array $data): array
if (isset($data[$parameter->getName()])) {
$parameterType = $this->typeProcessor->getParamType($parameter);
+ // Allow only simple types or Api Data Objects
+ if (!($this->typeProcessor->isTypeSimple($parameterType)