Magento 2.x Feature Requests and Improvements

At the moment, if you are trying to add an image to a product, you can only upload one from your computer and that gets uploaded directly to the server. You cannot upload an image from the media gallery. This should be an OOB feature.   The same happens with list and post images for posts. You cannot upload/access these from the media gallery. This should be an OOB feature.  ... View more

We submitted a ticket saying we synchronize orders in Magento to NetSuite. We bring them over using the Magento ID as the sales order ID in NetSuite (itemid, not internalid). Incrementing by 3 is very confusing for our staff, making it hard to notice if an order has been overlooked in processing. This can lead to frustrated customers and lost revenue. The idea that this is a restriction of Adobe Cloud's database clusters and cannot be fixed is frustrating. ... View more

Currently PWA Studio supports Braintree payments out of the box in its Venia storefront implementation. It will be great if it can support all the payment methods which comes by default with luma theme.    Here I am requesting to have Purchase order payment method compatible with PWA studio in native magento.   Thank you! ... View more

We need to use the Quick Order functionality for the Venia theme but this is not available for Venia theme. This functionality is only compatible with luma theme.   As this is a core feature available for Adobe commerce, hence the expectation is we should be able to use if we are going with pwa (venia).   Ref - https://experienceleague.adobe.com/docs/commerce-admin/b2b/quick-order.html?lang=en ... View more

Command injection vulnerabilities take two forms: - An attacker can change the command that the program executes: the attacker explicitly controls what the command is. - An attacker can change the environment in which the command executes: the attacker implicitly controls what the command means. In this case we are primarily concerned with the second scenario, the possibility that an attacker may be able to change the meaning of the command by changing an environment variable or by putting a malicious executable early in the search path. 1.Applications should avoid incorporating user-controllable data into operating system commands. 2.Use library calls rather than external processes to recreate the desired functionality. 3.Ensure that all external commands called from the program are statically created For more information refer : https://www.owasp.org/index.php/Testing_for_Command_Injection_(OTG-INPVAL-013)   ex : $output = shell_exec($cmd); shell_exec() function used in multiple places. Example code path : vendor/laminas/laminas-console/src/Adapter/Virtual.php (Line: 171) protected function switchToUtf8() { shell_exec('mode con cp select=65001'); } and few other vendor files.   CWE Code : CWE-77 ... View more

Per Google's documentation: "reCAPTCHA v3 introduces a new concept: actions. When you specify an action name in each place you execute reCAPTCHA, you enable the following new features: A detailed break-down of data for your top ten actions in the admin console Adaptive risk analysis based on the context of the action, because abusive behavior can vary. Importantly, when you verify the reCAPTCHA response, you should verify that the action name is the name you expect." From: https://developers.google.com/recaptcha/docs/v3#actions   Associating an action name with each reCAPTCHA implementation location will allow us to have a more granular view of where bots are interacting with our forms/actions and react based on what we see in the reporting. Additionally, Google indicates that reCAPTCHA v3 will perform better with actions specified. ... View more

Sometimes it's useful to get detect type of device on backend to be able use appropriate logic in code (blocks, templates) for different views (desktop, mobile). There is Mobile_Detect (https://github.com/serbanghita/Mobile-Detect) a lightweight PHP class for detecting devices. Would it be possible include this library in some next releases providing relevant methods of calling it? ... View more

Hi, For all developers In magento when setting a new store up, there is too many configuration that we do according to each developer requirement. For example, i always enable imagick compressen, set flat category to yes, set asynchronous to sales, set product to decrease from stock in pending state, set to show how many items left when reaches 5, set admin lifetime session ......etc There is too many configuration that you cant count we always tune our magento system accordingly. So why every time i need to setup a fresh copy i need to reconfigure the system again and again this takes time and time is money :). My Feature request is that to make an option where we can export magento configuration categories from Sales, General, Catalog, system .... and all there sub categories, and export them to a single file. While in import, i select the file i exported earlier and import the whole configuration or selective configuration, for example i only want to import the Sales category configuration. But you must take into consideration that a configuration file must be compatible with all versions of magento old and future. This is basicly my idea, Also if this idea can be applied to export third party extensions configuration. Because Advanced extensions requires many configuration especially seo tool kits. Using the import with a single click i can configure the whole extension. Also the extension developers can create a configuration settings files to give for extension buyers to configure there extension easily. ... View more

Is there a way to change the customer name order (as in Lastname Firstname) globally in forms and display as well? It's ok, that the user registration form can be changed easily, but I could not yet find out how to do it on the checkout page, for example. If you don't get the reason: I'm in Hungary, where we use this "reversed name order", like the Japanese. ... View more

We need to be able to see what customers purchased what products.  Currently there is no way to see that.     Would be ideal to be able to show the customer, the order and the products in that order.   ... View more

This is more of a demand than a suggestion, because it's total madness that this is not standard. How has this simple thing, that is so important, been overlooked by Magento?   I'm creating a multivendor marketplace using Magento2 for fashion retailers.    In the world of fashion (and many other retail avenues) have all kinds of odd names for their colours, to make them sound more exciting for buyers.    However in Magento2, when creating a configurable product using attributes, when choosing colours you can only see the colour name, not the swatch of the colour. Why the hell would Magento leave such a simple thing out?!   How on earth are vendors supposed to know the variant shades between the colour names, if they cannot see the colours?!     Just look at that! ...It's pathetic.   I'm not sure this should even be a suggestion, if the Magento team see this post, you should just get this sorted because it's total madness.   I've sunk a lot of money into building this with Magento2 so far, but to have this simple thing have such a detrimental effect at this stage ...Just shame on Magento for having overlooked this.   I've seen posts for this dating back to 2016, it's now November 2017. GET IT DONE. ... View more

Given we have to jump through so many hoops regarding caching systems such as Varnish etc to get any kind of decent performance, the least a default installation could do would be to make it automatically optimise with mod_pagespeed. Magento installations are the only sites I run where I have to turn it off completely. The problem seems to be knockout.js. Can only imagine how fast a site with both caching and optimised html would be. More info: https://groups.google.com/forum/#!topic/mod-pagespeed-discuss/FtdyLTVPRLc ... View more

Similar to #9582 - we should eliminate the complicated necessary inheritance for creating Imports and Exports that plug-in to DataFlow ... View more

Bumped into this one yesterday. At our company we like to use semantic correct names for our attribute codes. With middle- to larger sized shops these names tend te be somewhat longer. Attribute codes in Magento 2 are not allowed to be longer than 30 characters.   Can anyone explain to me what's the reason behind this? Is there a technical one? Or is it just that someone thought at some time "30 characters ought to be enough for anyone"?   I'd really like to know. ... View more

Hi,   I've see as of April 7, 2017 that Magento is rolling out a B2B Cloud for the Enterprise edition. I wonder if this is being considered, or some iteration, for the Community edition? I think this would be a great addition. ... View more

While there are multiple threats a modern Magento application faces, one of the weakest from a security standpoint is the ability to run arbitrary commands without application level authentication via the command line. It seems to me the bin/magento command should require a user to be authenticated with the Magento application prior to execution of a command for a fully installed system. Whether that is achieved via user/pass or other method is up for discussion, just as long as the CLI was treated similarly to the web from an authentication point of view.   I understand that there are many ways to discount the need for such a feature, but given the power of the bin/magento command (and n98-magerun2) it seems prudent to authenticate (and log) actions.   This might be enforced at the framework / API level in order to help shell / CLI commands and n98-magerun inherit the same security stance.   Adding additional devdocs / publishing best practices on security hardening a Magento installation would also be nice to see.   Thank you for listening, Hardy Johnson   Technical Lead Copious, Inc.   hardyj@copiousinc.com ... View more

For Example, we have below SKU's. DZ5321, DZ5321-EC, DZ5321-60, DZ5321-SC When I search keyword 5321 in the search box I need above all SKUs in the result. If we search the DZ then also I need above all SKUs in the result. For another example, "simpleproduct" if we search with simple or product for every situation, we need simpleproduct as search result. In the below search graphQl. { products( search : "5321" sort : { position : ASC } pageSize : 100, currentPage : 1 ) { total_count items { sku name } } }   ... View more

Adobe Commerce DateTime attribute type is not implemented for customer attributes.  They are date only. This causes an issue with being able to provide a customer with a full omnichannel experience of accurately viewing activity on how they interact with an organization outside of just their ecommerce purchases.  With Date only and not DateTime for customer attributes, the activity of the customers interaction last interaction/transaction outside of Adobe Commerce - for example presentation of the last purchase in a brick and mortar location will be presented twice to the customer when other updates have occurred to the customer profile in Adobe Commerce.  ... View more

For example, if we search for "fiter" it shows us results for "filter" in the response as expected but there's no messaging for "Did you mean?" or "showing results for filter"   Currently, there is nothing in the live search response indicating what it's showing results for when the customer mis-types or it is showing results due to a fuzzy match.  Because of this, we can't show that it Didn't find results for "fiter" but it's showing you results for "filter" instead. ... View more