Magento 2.x Feature Requests and Improvements

When using the bulk product update there should be a warning for how many products are selected - "Are you sure you want to update [X amount/selected] of products?"   ... View more

I believe the customer group allows about 50 characters. But now only show 10 or 12 characters.   Please assist to lengthen the combo box (At least 25 characters, from my point of view)     ... View more

We are using the magento 2.3.3 version with multiwebsite setup also we are using the MSI concept for inventory management. We came to following scenario where both websites are using same SKUs and handling for backorder is different on each website. Ex: website1 - Allow backorder website 2 - Not allow backorder Since by using MSI concept  the inventory can be handled at website level, it would be good to provide an option in core magento that backorder feature also can be handled at website level instead of global level.  Appreciate if you can pick this idea and provide a path or implement in future releases. Thank you. ... View more

Command injection vulnerabilities take two forms: - An attacker can change the command that the program executes: the attacker explicitly controls what the command is. - An attacker can change the environment in which the command executes: the attacker implicitly controls what the command means. In this case we are primarily concerned with the second scenario, the possibility that an attacker may be able to change the meaning of the command by changing an environment variable or by putting a malicious executable early in the search path. 1.Applications should avoid incorporating user-controllable data into operating system commands. 2.Use library calls rather than external processes to recreate the desired functionality. 3.Ensure that all external commands called from the program are statically created For more information refer : https://www.owasp.org/index.php/Testing_for_Command_Injection_(OTG-INPVAL-013)   ex : $output = shell_exec($cmd); shell_exec() function used in multiple places. Example code path : vendor/laminas/laminas-console/src/Adapter/Virtual.php (Line: 171) protected function switchToUtf8() { shell_exec('mode con cp select=65001'); } and few other vendor files.   CWE Code : CWE-77 ... View more

Per Google's documentation: "reCAPTCHA v3 introduces a new concept: actions. When you specify an action name in each place you execute reCAPTCHA, you enable the following new features: A detailed break-down of data for your top ten actions in the admin console Adaptive risk analysis based on the context of the action, because abusive behavior can vary. Importantly, when you verify the reCAPTCHA response, you should verify that the action name is the name you expect." From: https://developers.google.com/recaptcha/docs/v3#actions   Associating an action name with each reCAPTCHA implementation location will allow us to have a more granular view of where bots are interacting with our forms/actions and react based on what we see in the reporting. Additionally, Google indicates that reCAPTCHA v3 will perform better with actions specified. ... View more

Hi Team,   We are showing out of stock products,  and in the case of configurable products price is not displayed if all children are out of stock even if Display Out of Stock Products is set to "yes".    Can we have an option to display price for these type of products?   Thanks SJ ... View more

Feature request from mzeis, posted on GitHub Feb 12, 2015 Some extensions log useless stuff that pollutes the logs. The problem could be avoided if Magento as well as the extension vendors would pay more attention to the log levels already provided and use them accordingly (e.g. differentiate between debug output and real information / notices / warnings / errors). As it may not be possible to force using the correct log levels it would be nice to have an option in the System Configuration to disable logging. One of many possible ways to solve this in the UI would be to have a multi-select listing all modules in the installation. ... View more

Feature request from ffrodoe, posted on GitHub Sep 29, 2015 For example try to translate "Meta Keywords" attribute label. ... View more

Feature request from markoshust, posted on GitHub Dec 09, 2015 After sending tracking number information for a shipment to a customer, it should log that the tracking information was emailed to the customer below the Submit Comment button just like a standard shipping history record. ... View more

Feature request from mttjohnson, posted on GitHub Dec 14, 2015 I've been digging into how logging works in Magento in order to accommodate adding logging into a module I'm working on. It looks like there is a little bit of discussion on #2641 regarding how to improve the usability of logging in Magento. I logged an issue #2529 that identifies a problem with Magento's use of Monolog with multiple handlers specified in di.xml. I provided a workaround to utilize multiple handlers with Monolog 1.16.0 to make it possible to specify multiple handlers in the di.xml so that Monolog recognizes them correctly. I also noted that the fix to Monolog that allows it to handle associative arrays properly would cause some duplicate logging the way that Magento has implemented the use of logging. A few other people like #2058 have run into some of the difficulty in figuring out how to utilize logging in Magento or work around it. I had the need for some logging in a module I'm working on, and I implemented a custom Logger that extends Monolog\Logger and then I inject an instance my logger using DI into any class that I want to utilize the custom logger, in a similar way to how Magento injects Psr\Log\LoggerInterface for any class that needs access to log information. The custom logger extends Monolog\Logger but doesn't add anything to the implementation, I basically utilize the class so I can specify it's type in di.xml with an array of handlers and processors to instantiate the object with similar to how Magento is using Monolog. I wanted to have some control to turn off logging, or specify in the Magento Admin Configuration what level of detail to log. I added some code to the handler constructor to conditionally add a custom processor to my handler that includes the store_id in the log record if I have configuration settings set to log a lot of additional details to the log records. I implemented a custom handler that extends the Magento\Framework\Logger\Handler\System hander and I overwrote the isHandling() method to check config settings and determine if it should be logging information or not. I also overwrote the write() method to check config settings and conditionally alter the amount of additional context details to include in the log record that is written. I also had certain log messages that I was wanting to log to both a database table and to a log file. I wrote a separate custom handler for writing log records to a database table using a simple custom Model in my module. This way I can have structured information logged to a table when an event occurs and have other pieces of code interact with that event information rather than the information getting burried into a log file. The way I implemented the use of my custom logger, I pass additional details across via the context array and my handlers will either include or exclude certain context keys into the log records depending on the level of detail the configuration settings specify. $this->myCustomLogger->info( 'response from external web api call', [ /* context */ 'request' => var_export($request, true), 'response' => var_export($response, true), 'processing_time' = var_export($processingTime, true), ] ); $this->myCustomLogger->info( 'decision was programmatically determined', [ /* context */ 'input' => var_export($input, true), 'event_circumstances' => var_export($whatHappened, true), 'action_taken' = var_export($howItWasResolved, true), 'manual_adjustment_needed' = var_export($detailsOfManualAdjustmentToBeMadeLater, true), ] ); I figure that during development and testing of my module, the logging details will be useful, but during production we would want to keep logging to a minimum of necessary details. The additional context data gives me relevant information to try and diagnose a situation when the module is deployed somewhere, and there is the ability to control if it is logging, where, and how much detail it logs based on configuration settings in the admin. In the event that some issue is occurring with the module in production, additional details could be logged temporarily to collect more details to better diagnose and analyze an issue to isolate it. Having two custom handlers for my custom logger allows me to have one log entry anywhere my code needs to log something, and I can control how I want the handlers to process the log records via configuration settings in the admin. If for some reason I wanted to add a third handler for something like Loggly to aggregate log details somewhere else it would be pretty simple to add to my custom logger. Being able to use Monolog and implement additional logic in the handlers allows me to control the logging more specifically and seems to work well, but I'm basically doing almost all of this outside of anything built into Magento for logging. I don't see anything in Magento that allows me to control logging much, if it writes logs, where it writes, or how much it logs. It looks like out of the box it is set to always log everything to files whenever the logger is called to write a record. It seems like there should be some kind of allowance for managing different loggers in Magento, and each logger have it's own set of handlers and processors. I wouldn't want my custom handlers trying to process or filter out logging events throughout the rest of Magento, or even some other custom 3rd party module. Monolog has the ability to identify different loggers by the logger's name which is also referred to as a channel. Symfony appears to use channels to organize multiple loggers and provide a relationship to the part of the application being logged. The separate loggers can share the same handler that writes to a file, but each logger has the option to specify their own file path. Some loggers may write to the same file, but other could write to a separate file. Organizing and managing multiple loggers would allow a lot more flexibility in Magento so that as a module developer I could add my own logger to some manager and specify a few things in my custom logger to have it control if, when, and what it should be logging, and where. Instead of having separate handlers for writing System, Debug, Exception logs, you could have separate loggers each with their own channel/name for System, Debug, and Exception logs. Each logger could manage what handlers it uses to write the log files, and pass into each handler details like where it is supposed to write. If you wanted to aggregate logs centrally, you can just add an additional handler to each logger that will write/forward log records to the aggregator. Treating a handler more like a generic type of how things are getting written would probably be more flexible than having separate handlers for each file getting logged. Monolog is expecting to iterate through all handlers in the logger's list until a handler specifies that it shouldn't bubble the record onto the next handler in the list. I'm still struggling with wrapping my head around how to deal with adhering to the simplicity and common implementation of PSR-3 and having a bit more control organizing logs together in related groups (channel) so that each group can have additional control or processing based on the group. If Magento was managing multiple loggers for us, how would we specify which logger gets instantiated and passed into a class as an implementation of Psr\Log\LoggerInterface or should something else be passed in that gives us the ability to specify which logger/channel we want, and that object delivers us the Psr\Log\LoggerInterface implementation that we log against? Is it important that we inject Psr\Log\LoggerInterface into our class for PSR-3, or is it merely important that any log activity be against an implementation of Psr\Log\LoggerInterface allowing for the use of multiple implementations of Psr\Log\LoggerInterface to manage the organization and grouping of various log activity? ... View more

Feature request from mage2pro, posted on GitHub Dec 25, 2015 https://github.com/oyejorge/less.php#source-maps ... View more

Feature request from seansan, posted on GitHub Mar 17, 2015 Change the setting Add Store Code to Urls from global setting to Store Name setting Currrently the setting Add Store Code to Urls is a global setting. This should be changed to one level down: Store Name level. One should be able to run 2 brands like this Brand A Add Store Code to Urls = YES nl site = brandA.com/nl en site = brandA.com/en Brand B Add Store Code to Urls = NO And different Base URL's nl site = brandB.nl en site = brandB.co.uk Curerntly when Add Store Code to Urls = YES the /en, /de, /fr, /nl are added to all stores in a multistore setting. In this example brand A follows this model, but Brand B does not and has unique domains Please change Add Store Code to Urls to Store Name level (instead of global setting). Some more explanation here: http://magento.stackexchange.com/questions/60686/multi-multistore-multiple-brands-multiple-languages-setting-store-view-code ... View more

Feature request from HirokazuNishi, posted on GitHub May 06, 2015 Magento1.x only uses "round" for tax and decimal number method, but sometimes it causes wrong result. Also some merchants use "floor" and "ceil" for discarding decimal numbers. Is it possible to choose decimal discarding method via admin panel for M2? If we do simply discard decimal numbers, converting currencies causes serious trouble. For example, 99.99USD is 11,961.15JPY ( 1USD is 119.6235JPY ), but JPY does not use under decimal number. Then correct result is 11,961 JPY. If "round" is used for discarding method, sometimes converting result is not correct. ... View more

Feature request from markoshust, posted on GitHub Aug 10, 2015 I understand this may be kept for legacy purposes, but this section lacks meaning. The Advanced>Advanced section should really be renamed "Module Output" or similar. ... View more

Feature request from Flyingmana, posted on GitHub Oct 12, 2015 To make debugging cronjobs a lot easier, it would be great if I can execute them directly via CLI ... View more

Feature request from kassner, posted on GitHub Nov 16, 2015 Hi, On the new Credit Memo form, the field Grand total is not updated when you change any value in the Refund totals block. In the image above, please note that the Grand total is $20.00, even though the Subtotal is $10.00 and the fields below are $0.00. When you change any of those fields, the Grand total is not updated. Thanks! ... View more

Feature request from tkn98, posted on GitHub Jul 06, 2016 Steps to reproduce Install Magento from develop branch. After all Modules are installed, a message is shown in green letters on the last line. Read that message. The message says: Please re-run Magento compile command It can be greatly improved by removing the inaccuracy as there is no such command named " compile ". The command name is " setup:di:compile ". This should be trivial to fix. ... View more

Feature request from leoquijano, posted on GitHub May 18, 2016 While implementing a custom theme using Magento 2, I found out that there's currently no support for easy customization of Add to Cart message texts. In the Magento\Checkout\Controller\Cart\Add class, the following method is called to add a product to the cart: /** * Add product to shopping cart action * * @return \Magento\Framework\Controller\Result\Redirect * @SuppressWarnings(PHPMD.CyclomaticComplexity) */ public function execute() { if (!$this->_formKeyValidator->validate($this->getRequest())) { return $this->resultRedirectFactory->create()->setPath('*/*/'); } $params = $this->getRequest()->getParams(); try { if (isset($params['qty'])) { $filter = new \Zend_Filter_LocalizedToNormalized( ['locale' => $this->_objectManager->get('Magento\Framework\Locale\ResolverInterface')->getLocale()] ); $params['qty'] = $filter->filter($params['qty']); } $product = $this->_initProduct(); $related = $this->getRequest()->getParam('related_product'); /** * Check product availability */ if (!$product) { return $this->goBack(); } $this->cart->addProduct($product, $params); if (!empty($related)) { $this->cart->addProductsByIds(explode(',', $related)); } $this->cart->save(); /** * @todo remove wishlist observer \Magento\Wishlist\Observer\AddToCart */ $this->_eventManager->dispatch( 'checkout_cart_add_product_complete', ['product' => $product, 'request' => $this->getRequest(), 'response' => $this->getResponse()] ); if (!$this->_checkoutSession->getNoCartRedirect(true)) { if (!$this->cart->getQuote()->getHasError()) { $message = __( 'You added %1 to your shopping cart.', $product->getName() ); $this->messageManager->addSuccessMessage($message); } return $this->goBack(null, $product); } } catch (\Magento\Framework\Exception\LocalizedException $e) { if ($this->_checkoutSession->getUseNotice(true)) { $this->messageManager->addNotice( $this->_objectManager->get('Magento\Framework\Escaper')->escapeHtml($e->getMessage()) ); } else { $messages = array_unique(explode("\n", $e->getMessage())); foreach ($messages as $message) { $this->messageManager->addError( $this->_objectManager->get('Magento\Framework\Escaper')->escapeHtml($message) ); } } $url = $this->_checkoutSession->getRedirectUrl(true); if (!$url) { $cartUrl = $this->_objectManager->get('Magento\Checkout\Helper\Cart')->getCartUrl(); $url = $this->_redirect->getRedirectUrl($cartUrl); } return $this->goBack($url); } catch (\Exception $e) { $this->messageManager->addException($e, __('We can\'t add this item to your shopping cart right now.')); $this->_objectManager->get('Psr\Log\LoggerInterface')->critical($e); return $this->goBack(); } } It can be seen here two particular places where messages are hardwired. The first one is the success message: $message = __( 'You added %1 to your shopping cart.', $product->getName() ); $this->messageManager->addSuccessMessage($message); The second one is the error message: } catch (\Exception $e) { $this->messageManager->addException($e, __('We can\'t add this item to your shopping cart right now.')); $this->_objectManager->get('Psr\Log\LoggerInterface')->critical($e); return $this->goBack(); } Some websites require different copy for the Add to Cart behavior (both for success and error messages), so ideally theme developers should be able to customize that behavior. While the optimal approach would be to configure this in layout or template files, I think that a relatively simple solution is refactoring the Controller code, like this: if (!$this->cart->getQuote()->getHasError()) { $message = $this->getSuccessMessage($product); $this->messageManager->addSuccessMessage($message); } } catch (\Exception $e) { $this->messageManager->addException($e, $this->getErrorMessage()); $this->_objectManager->get('Psr\Log\LoggerInterface')->critical($e); return $this->goBack(); } /** * Gets the message used when a product is successfully added to the cart. * @param $product * @return \Magento\Framework\Phrase */ protected function getSuccessMessage($product) { return __( 'You added %1 to your shopping cart.', $product->getName() ); } /** * Gets the message used when there's a problem adding an item to the cart. * @return \Magento\Framework\Phrase */ protected function getErrorMessage() { return __('We can\'t add this item to your shopping cart right now.'); } This would allow theme developers to override this controller without overriding the main execute method, which can be risky and has a higher maintenance cost. ... View more

Feature request from maderlock, posted on GitHub Jul 22, 2016 Surprisingly, given the proliferation of files in the checkout's frontend interface, it's hard to insert new blocks. Taking the shipping step as an example, the only options are points already specified within the single shipping template that outputs the shipping address form, shipping method form and the next button. Therefore while you can insert content within the shipping method block (as that's where the insert points are), there's no way of adding an extra block before shipping, between shipping and shipping method or between the methods and the buttons. This is very limiting for anyone wanting to customise the checkout. My recommendation for improvement would be to split this current template into three - shipping address, shipping method, and buttons. Then layout can be used to insert extra content without having to override a single large template. ... View more