Security Updates: Shopware stellt neues Konzept vor

Moin,

@Shopware Mir ist gerade aufgefallen, dass euer neues Plugin die Bestellübersicht im Backend unter 5.3.2 zerschießt…

Habe das Plugin deaktiviert und alles geht wieder…

Beste Grüße

Marc

503 -

Ups! Ein Fehler ist aufgetreten! Die nachfolgenden Hinweise sollten Ihnen weiterhelfen. An exception occurred while executing 'SELECT s0_.id AS id_0, s0_.ordernumber AS ordernumber_1, s0_.userID AS userID_2, s0_.status AS status_3, s0_.cleared AS cleared_4, s0_.paymentID AS paymentID_5, s0_.dispatchID AS dispatchID_6, s0_.partnerID AS partnerID_7, s0_.subshopID AS subshopID_8, s0_.invoice_amount AS invoice_amount_9, s0_.invoice_amount_net AS invoice_amount_net_10, s0_.invoice_shipping AS invoice_shipping_11, s0_.invoice_shipping_net AS invoice_shipping_net_12, s0_.ordertime AS ordertime_13, s0_.transactionID AS transactionID_14, s0_.comment AS comment_15, s0_.customercomment AS customercomment_16, s0_.internalcomment AS internalcomment_17, s0_.net AS net_18, s0_.taxfree AS taxfree_19, s0_.temporaryID AS temporaryID_20, s0_.referer AS referer_21, s0_.cleareddate AS cleareddate_22, s0_.trackingcode AS trackingcode_23, s0_.language AS language_24, s0_.currency AS currency_25, s0_.currencyfactor AS currencyfactor_26, s0_.remote_addr AS remote_addr_27, s0_.deviceType AS deviceType_28, s1_.customernumber AS customernumber_29, s1_.id AS id_30, s1_.paymentID AS paymentID_31, s1_.customergroup AS customergroup_32, s1_.subshopID AS subshopID_33, s1_.pricegroupID AS pricegroupID_34, s1_.encoder AS encoder_35, s1_.password AS password_36, s1_.active AS active_37, s1_.email AS email_38, s1_.firstlogin AS firstlogin_39, s1_.lastlogin AS lastlogin_40, s1_.accountmode AS accountmode_41, s1_.confirmationkey AS confirmationkey_42, s1_.sessionID AS sessionID_43, s1_.newsletter AS newsletter_44, s1_.validation AS validation_45, s1_.affiliate AS affiliate_46, s1_.paymentpreset AS paymentpreset_47, s1_.language AS language_48, s1_.referer AS referer_49, s1_.internalcomment AS internalcomment_50, s1_.failedlogins AS failedlogins_51, s1_.lockedUntil AS lockedUntil_52, s1_.salutation AS 


[...gekürzt]

position_146, s9_.`group` AS group_147, s9_.mail AS mail_148, s10_.title AS title_149, s10_.additional_address_line1 AS additional_address_line1_150, s10_.additional_address_line2 AS additional_address_line2_151, s10_.id AS id_152, s10_.orderID AS orderID_153, s10_.userID AS userID_154, s10_.countryID AS countryID_155, s10_.stateID AS stateID_156, s10_.company AS company_157, s10_.department AS department_158, s10_.salutation AS salutation_159, s10_.customernumber AS customernumber_160, s10_.firstname AS firstname_161, s10_.lastname AS lastname_162, s10_.street AS street_163, s10_.zipcode AS zipcode_164, s10_.city AS city_165, s10_.phone AS phone_166, s10_.ustid AS ustid_167, s11_.id AS id_168, s11_.countryname AS countryname_169, s11_.countryiso AS countryiso_170, s11_.countryen AS countryen_171, s11_.position AS position_172, s11_.notice AS notice_173, s11_.taxfree AS taxfree_174, s11_.taxfree_ustid AS taxfree_ustid_175, s11_.taxfree_ustid_checked AS taxfree_ustid_checked_176, s11_.active AS active_177, s11_.iso3 AS iso3_178, s11_.display_state_in_registration AS display_state_in_registration_179, s11_.force_state_in_registration AS force_state_in_registration_180, s11_.areaID AS areaID_181, s12_.id AS id_182, s12_.countryID AS countryID_183, s12_.position AS position_184, s12_.name AS name_185, s12_.shortcode AS shortcode_186, s12_.active AS active_187, s13_.id AS id_188, s13_.main_id AS main_id_189, s13_.category_id AS category_id_190, s13_.name AS name_191, s13_.title AS title_192, s13_.position AS position_193, s13_.host AS host_194, s13_.base_path AS base_path_195, s13_.base_url AS base_url_196, s13_.hosts AS hosts_197, s13_.secure AS secure_198, s13_.always_secure AS always_secure_199, s13_.secure_host AS secure_host_200, s13_.secure_base_path AS secure_base_path_201, s13_.template_id AS template_id_202, s13_.`default` AS default_203, s13_.active AS active_204, s13_.customer_scope AS customer_scope_205, s14_.id AS id_206, s14_.name AS name_207, s14_.type AS type_208, s14_.description AS description_209, s14_.comment AS comment_210, s14_.active AS active_211, s14_.position AS position_212, s14_.calculation AS calculation_213, s14_.surcharge_calculation AS surcharge_calculation_214, s14_.tax_calculation AS tax_calculation_215, s14_.shippingfree AS shippingfree_216, s14_.multishopID AS multishopID_217, s14_.customergroupID AS customergroupID_218, s14_.bind_shippingFree AS bind_shippingFree_219, s14_.bind_time_from AS bind_time_from_220, s14_.bind_time_to AS bind_time_to_221, s14_.bind_instock AS bind_instock_222, s14_.bind_laststock AS bind_laststock_223, s14_.bind_weekday_from AS bind_weekday_from_224, s14_.bind_weekday_to AS bind_weekday_to_225, s14_.bind_weight_from AS bind_weight_from_226, s14_.bind_weight_to AS bind_weight_to_227, s14_.bind_price_from AS bind_price_from_228, s14_.bind_price_to AS bind_price_to_229, s14_.bind_sql AS bind_sql_230, s14_.status_link AS status_link_231, s14_.calculation_sql AS calculation_sql_232 FROM s_order s0_ LEFT JOIN s_user s1_ ON s0_.userID = s1_.id LEFT JOIN s_order_shippingaddress s2_ ON s0_.id = s2_.orderID LEFT JOIN s_core_countries_states s3_ ON s2_.stateID = s3_.id LEFT JOIN s_core_countries s4_ ON s2_.countryID = s4_.id LEFT JOIN s_core_shops s5_ ON s0_.language = s5_.id LEFT JOIN s_core_locales s6_ ON s5_.locale_id = s6_.id LEFT JOIN s_core_paymentmeans s7_ ON s0_.paymentID = s7_.id LEFT JOIN s_core_states s8_ ON s0_.cleared = s8_.id LEFT JOIN s_core_states s9_ ON s0_.status = s9_.id LEFT JOIN s_order_billingaddress s10_ ON s0_.id = s10_.orderID LEFT JOIN s_core_countries s11_ ON s10_.countryID = s11_.id LEFT JOIN s_core_countries_states s12_ ON s10_.stateID = s12_.id LEFT JOIN s_core_shops s13_ ON s0_.subshopID = s13_.id LEFT JOIN s_premium_dispatch s14_ ON s0_.dispatchID = s14_.id WHERE s0_.id IN (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)' with params [11718, 11713, 11710, 11705, 11703, 11700, 11698, 11695, 11693, 11688, 11686, 11684, 11682, 11680, 11678, 11674, 11669, 11667, 11665, 11662]: SQLSTATE[42S22]: Column not found: 1054 Unknown column 's2_.phone' in 'field list' in vendor/doctrine/dbal/lib/Doctrine/DBAL/DBALException.php on line 119 Stack trace: #0 vendor/doctrine/dbal/lib/Doctrine/DBAL/Connection.php(836): Doctrine\DBAL\DBALException::driverExceptionDuringQuery(Object(Doctrine\DBAL\Driver\PDOMySql\Driver), Object(PDOException), 'SELECT s0_.id A...', Array) #1 vendor/doctrine/orm/lib/Doctrine/ORM/Query/Exec/SingleSelectExecutor.php(50): Doctrine\DBAL\Connection->executeQuery('SELECT s0_.id A...', Array, Array, NULL) #2 vendor/doctrine/orm/lib/Doctrine/ORM/Query.php(321): Doctrine\ORM\Query\Exec\SingleSelectExecutor->execute(Object(Doctrine\DBAL\Connection), Array, Array) #3 vendor/doctrine/orm/lib/Doctrine/ORM/AbstractQuery.php(969): Doctrine\ORM\Query->_doExecute() #4 vendor/doctrine/orm/lib/Doctrine/ORM/AbstractQuery.php(924): Doctrine\ORM\AbstractQuery->executeIgnoreQueryCache(NULL, 2) #5 vendor/doctrine/orm/lib/Doctrine/ORM/AbstractQuery.php(739): Doctrine\ORM\AbstractQuery->execute(NULL, 2) #6 engine/Shopware/Models/Order/Repository.php(445): Doctrine\ORM\AbstractQuery->getArrayResult() #7 engine/Shopware/Controllers/Backend/Order.php(1104): Shopware\Models\Order\Repository->getList(Array) #8 engine/Shopware/Controllers/Backend/Order.php(286): Shopware_Controllers_Backend_Order->getList(Array, Array, '0', '20') #9 engine/Library/Enlight/Controller/Action.php(159): Shopware_Controllers_Backend_Order->getListAction() #10 engine/Library/Enlight/Controller/Dispatcher/Default.php(530): Enlight_Controller_Action->dispatch('getListAction') #11 engine/Library/Enlight/Controller/Front.php(223): Enlight_Controller_Dispatcher_Default->dispatch(Object(Enlight_Controller_Request_RequestHttp), Object(Enlight_Controller_Response_ResponseHttp)) #12 engine/Shopware/Kernel.php(184): Enlight_Controller_Front->dispatch() #13 vendor/symfony/http-kernel/HttpCache/HttpCache.php(491): Shopware\Kernel->handle(Object(Symfony\Component\HttpFoundation\Request), 1, true) #14 engine/Shopware/Components/HttpCache/AppCache.php(268): Symfony\Component\HttpKernel\HttpCache\HttpCache->forward(Object(Symfony\Component\HttpFoundation\Request), true, NULL) #15 vendor/symfony/http-kernel/HttpCache/HttpCache.php(258): Shopware\Components\HttpCache\AppCache->forward(Object(Symfony\Component\HttpFoundation\Request), true) #16 engine/Shopware/Components/HttpCache/AppCache.php(105): Symfony\Component\HttpKernel\HttpCache\HttpCache->pass(Object(Symfony\Component\HttpFoundation\Request), true) #17 shopware.php(118): Shopware\Components\HttpCache\AppCache->handle(Object(Symfony\Component\HttpFoundation\Request)) #18 {main}  
OK

 

Das Plugin hat einen Shop von mir komplett lahm gelegt, weil die Klassen ReflectionHelper und ProductAttributeConditionHandler doppelt deklariert wurden. Nachdem ich die Includes in der Bootstrap auskommentiert hatte, konnte man wieder ins Backend. Dort hatte ich dann das gleiche Problem mit der Bestellübersicht.

Also Achtung bei der Installation vom Security Plugin und auf jeden Fall vorher ein Backup anlegen oder in einer Testumgebung testen…

Gruß
Marco


100% Shopware Freelancer - https://www.shopfreelancer.de

Hab ein Ticket aufgemacht: Shopware Issuetracker

1 Like

Nun ja, wenn das Security Plugin den Shop lahm legt, dann hat es doch den Zweck erfüllt  Sticking-out-tongue