When you get a new project from a partner/client (a maintenance project), how do you know the quality of the new project’s code? Has there been a core hack or not? Verifying whether the core code of Magento has changed or not is a part of the Audit code task. Here, I will write the steps which I do to check whether the code of Core Magento has been changed or not.
First of all, we need to know why we have to verify whether the core of Magento is changed or not.
As you know, Magento changes a lot, and Magento release new versions frequently to update functions, fix bugs, improve security, etc. So each time Magento releases a new version we have to update our projects to the latest version of Magento to get the latest features and improve the security of our web site.
Each update of the Magento core is likely to change the code, and changes will be overridden when we update Magento to a new version. This could cause the site to lose functions which we made by changing the previous code in Magento’s core.
To avoid this happening we have to make sure that the core is not changed before we start implementing new functions/features for a maintenance project.
To verify the core code we need to compare the core code of a fresh Magento version (an original version downloaded from Magento) and the core code of our maintenance project.
First, we have to check the Magento version of maintenance project. In this article, I will use Magento 2 as a demo to show verify steps.
- Step 1: Get a used version of Magento – To get a version of Magento 2 you just need to check composer.json in the web root of the project:
- Step 2: Get fresh Magento version from Magento site: Go to https://magento.com/tech-resources/download then select ‘Release Archive’ then choose used version. In my case, it’s version 2.2.3. I download then extract to /var/www/html/magento223
- Step 3: Get code of maintenance the project to your local: In my case, I place the code of maintenance project at /var/www/html/my-maintain-project
- Step 4: Compare the core code of fresh Magento 2.2.3 with my-maintain-project using Beyond Compare
- A note about Beyond Compare – this is comparing tool which helps you detects different points between two files or two directories
- Open Beyond Compare then select ‘Folder Compare’ function:
- Then select vendor/magento directory of two fresh Magento and your project as below:
It will show different things between the two directories vendor/magento.
- One thing we need to update for Beyond Compare to make it show more clearly what’s different between two directories as below
- Click on the Home icon of Beyond Compare then right click on your item in session as below:
- Then select Comparision tab and select some options as below:
- Now you will see a much better result in two directories:
With this result, we can see whether the core of the maintenance project is hacked or not so we will have to find a solution to fix it before we start adding new functions.
In my case, I see my project has some changes in Magento core files. So I have to check these changes then migrate them to a custom module to keep the changed functionality and then revert the core files to the original code.
You can apply the same for Magento 1 when you do an audit for a Magento 1 project.
Thanks for reading. Please leave a comment below if you have any question.