M
PackageMaven Submit

The Home for Magento 2 Excellence

Quality-tested Magento 2 modules. Explore. Evaluate. Elevate. #magento2

748 Modules
508 Ready
237 Need Help
🏆 Leaderboard
Actively Maintained v1.0.1

PolyShell Vulnerability Fix

taurus-media/module-polyshell-fix

Validates custom option values before processing to prevent unauthorized file type injections via the PolyShell vulnerability. Checks option existence and enforces strict type matching for file-type custom options.

Security & Compliance
579
Downloads
Below average
3
GitHub Stars
Below average
1mo ago
Last Release
1
Open Issues
Build Passing
Ready to install

Build Tests

Composer Install
DI Compile
Templates

Code Quality

Coding Standard
PHPStan Failed

Tested on Magento 2.4.8-p4

Recent Test History

Each release is tested against the latest Magento version at that time.

v1.0.1 on Magento 2.4.8-p4
Mar 30, 2026
v1.0.0 on Magento 2.4.8-p4
Mar 26, 2026
GitHub Repository
Source code & docs
Packagist
Version history
Issues & Support
Get help or report bugs

Top Contributors

View Leaderboard
taurus-media
taurus-media
3 contributions
thomas-kl1
thomas-kl1
1 contribution

Share This Module's Status

PolyShell Vulnerability Fix Magento compatibility status badge

README

Loaded from GitHub

Magento 2 Polyshell Vulernability Fix

A Magento 2 module designed to address a potential security concern related to custom options. It ensures that custom option values are correctly validated before processing, preventing unauthorized 'file' type injections.

Description

This module introduces a before plugin for Magento\Catalog\Model\CustomOptions\CustomOption::getOptionValue().

The plugin performs the following checks:

  1. Option Existence: Verifies that the option_id associated with the request exists in the database. If the option does not exist, a LocalizedException is thrown.
  2. Type Validation: If the provided option_value is set to 'file', it confirms that the actual custom option type in Magento is indeed 'file'. If there is a mismatch (e.g., trying to pass 'file' to a text or drop_down option), a LocalizedException is thrown.

This prevents potential exploitation where an attacker might try to force Magento to process a file upload for an option that was not intended to handle files.

Installation

Via Composer (if available in repository)

composer require taurus-media/module-polyshell-fix

Manual Installation

  1. Copy the module files to app/code/Taurus/PolyshellFix.
  2. Run the following Magento commands:
bin/magento module:enable Taurus_PolyshellFix
bin/magento setup:upgrade
bin/magento cache:flush

Features

  • Security Hardening: Adds a layer of validation to product custom options.
  • Strict Type Checking: Ensures data integrity for file-based custom options.
  • Easy Integration: Hooks into existing Magento logic via plugins without modifying core files.

This content is fetched directly from the module's GitHub repository. We are not the authors of this content and take no responsibility for its accuracy, completeness, or any consequences arising from its use.

Back to All Modules