You now have fully functional modules, but you can still improve them.
In this chapter, we will work on the security of the modules of the previous chapters (you'll notice that there are some security problems with them), check other people's modules for security issues, and improve the performance of your own modules.
You will see how to:
In this section, we will work on the mymodcarrier module.
Directory listing is enabled on a lot of web servers, and sometimes you can't disable it (it depends on your hosting provider). In our case, if someone wants to see the content of our module, he just has to write the path of the module in his browser.
In my case, the URL will be http://localhost/prestashop/modules/mymodcarrier/. If I enter this URL, the browser will display the following screen:
To avoid this behavior, just add an index.php file in all the directories. In our case, it will be in:
/modules/mymodcarrier/
/modules/mymodcarrier/classes/
/modules/mymodcarrier/controllers/
/modules/mymodcarrier/controllers/front/
/modules/mymodcarrier/controllers/hook/
/modules/mymodcarrier/install/
/modules/mymodcarrier/views/
/modules/mymodcarrier/views/img/
/modules/mymodcarrier/views/js/
/modules/mymodcarrier/views/templates/
/modules/mymodcarrier/views/templates...
When you install, configure, or improve a PrestaShop webshop, you won't code all your modules. You will probably buy modules or download free ones. In all cases, it's always good to read the code of these modules. In this section, I will show you some of the common tricks I encountered while I was working on PrestaShop modules. However, keep in mind that this list is not exhaustive.
Just one last thing before starting: do not worry!
I will make a summary of all the malicious code I encountered on PrestaShop modules, but it concerns only a very small percent of all the modules I worked on.
Some modules use the mail function to track which shop is using it. So, you may find this kind of code:
$message = "A new shop is using my module!\n";
$message .= $_SERVER["HTTP_HOST"]."\n";
mail("sheldon.cooper@fabulous-world.com", "New Shop", $message);This is not very harmful. However, if the module also contains a backdoor (or any...
The following sections are only recommendations.
In your administration panel, you can enable an option named Combine, Compress, and Cache (CCC) by navigating to Advanced Parameters | Performance:
If you set all parameters to YES, this option will perform five actions:
It will group all CSS files in one file, remove all useless spaces and return lines, and cache it (this will only perfectly work if you used the Tools::addCss method in your module to include the CSS files)
It will group all JS files in one file, rename variables and functions with shorter names, remove all useless spaces and return lines, and cache it (this will only perfectly work if you used the Tools::addJs method in your module to include the JS files)
Minify the HTML code by removing useless spaces and return lines
Compress inline JavaScript in HTML
Optimize Apache with .htaccess directives (enable mod_expires and deflate Apache extensions)
In this chapter, we saw how to secure our module, check for malicious code, and improve the performance of our modules.
In the next pages, you will find the Appendix, Native Hooks, containing interesting points such as an almost exhaustive list of the available hooks.
© 2014 Packt Publishing Limited All Rights Reserved
