Recent Activities

Initial commit ea91e7

Better compatibility with complex ui components (Amasty_MegaMenu) 7fe7ae

Version 2.28.1 96f2b3

Fixed not working clicks on configurable products options in slider 198f35

Version 1.1.12 6c729d

Version 1.1.12 b90099

Add configurable multi-word search logic (OR vs AND)

- Add admin configuration for search mode selection
- OR mode (default): original Magento 2.3 behavior
- AND mode (recommended): Elasticsearch-like relevance
- Fully backward compatible, no breaking changes
- Config path: catalog/search/lmysql_query_mode

Closes #24 be380f

Version 1.17.2 b92feb

Version 1.17.1 5d6b3a

Version 1.17.2 e22203

Fixed logger PHP8.4+ issue 1ef5a9

Version 1.17.1 518887

Include all HTML5 void (self-closing) elements in SELF_CLOSING_TAGS

Fixes tag closing issues for tags like <source>, <track>, and others.
Makes output HTML valid by preventing erroneous closing tags for void elements. (close #86) 0aeeab

fix: Handle corrupted CSP SRI data gracefully in PageSpeed plugin

Prevents site crashes when Subresource Integrity storage contains
invalid JSON by adding try-catch blocks and auto-clearing corrupted data. c52ed9

Version 1.1.36 4cd5c7

Version 1.1.35 5b7200

Version 1.1.36 a08cce

Fix validator consistency: reject empty strings and improve documentation

Changes:
- Empty string now returns false (more consistent behavior)
Previously: isValid('') returned true, expecting Router to handle it
Now: isValid('') returns false with error message "Identifier cannot be empty"
Router already checks !empty() before calling validator, so no behavior change

- Enhanced PHPDoc with real-world attack examples
Added Problem #1 and #2 references with actual scanner URLs:
* Basic SQL injection: /(select 198766*667891)/...
* Time-based blind SQLi: /DBMS_PIPE.RECEIVE_MESSAGE(CHR(98)||...)/...

Addresses code review feedback for better consistency and documentation. b6671d

Add input validation for FAQ/Category identifiers to prevent SQL injection attempts

Implemented IdentifierValidator to validate FAQ and Category identifiers from URLs before database lookup. This prevents false positive alerts in WAF/SIEM systems and reduces log spam from security scanners attempting SQL injection attacks.

Changes:
- Added Model/Validator/IdentifierValidator extending AbstractValidator
- Validates identifier format (a-z0-9-/) and length (max 100 chars)
- Blocks 25 SQL keywords including SELECT, UNION, SLEEP, DBMS_PIPE, CHR, etc.
- Integrated validator into Controller/Router for both getFaqIdentifier() and getFaqCategoryIdentifier()
- Returns 404 for invalid identifiers without DB query

Protects against:
- Basic SQL injection (SELECT, UNION, DROP, etc.)
- Time-based blind SQL injection (SLEEP, BENCHMARK, WAITFOR, DBMS_PIPE)
- String manipulation attacks (CHR, CHAR, CONCAT)

Note: System is not vulnerable to SQL injection due to PDO prepared statements. This is defense-in-depth to reduce false positives and log spam. a76a4e

Version 1.1.35 006c83

Fix HTML entity decoding order in FAQ schema cleaner

Decode HTML entities before stripping tags to prevent &lt;script&gt;
from becoming <script> after sanitization. Also add explicit script/style
removal and 5000 char limit per Google recommendations.

Fixes DOM breakage caused by encoded scripts in FAQ content. 8d443a

Version 2.28.1 14523e

Version 2.28.0 505b8c

Version 1.4.0 da1138

Version 1.3.14 d72e9b