👩‍💻 Magento security alert and product collection troubleshooting in M2

This hasn't been a quiet week by any means, even in Magento land.

Before we get to the guts of this issue, which is all about how to debug and troubleshoot product collection issues, I need to let you know about urgent security exploit that needs to be addressed.

But first, a word from our sponsor. If you are interested in order fulfillment, check out Portless:

Skip the ship, unlock cashflow and scale globally in less time

Discover the future of e-commerce logistics with Portless, your innovative 3PL partner. Portless revolutionizes order fulfillment with lightning-fast direct shipping from China—deliveries in as little as 6 days. Improve lead times by up to 10x and boost cash flow by up to 3x without logistical headaches. Enjoy local tracking and exceptional customer support for a fully American shopping experience. Start your global expansion now with 20% off pick-and-pack fees for your first three months. Elevate your e-commerce game with Portless!

Get 20% off!

🚨 Using the PHP 8.3 Override Attribute in Magento

Important security update for Magento users!

My longtime peer Peter Jaap Blaakmeer just shared some critical information about the recent Magento vulnerability (CVE-2024-34102), also known as CosmicSting.

While Adobe has released a patch and advised rotating the encryption key, there’s more you need to know.

Key points to note:

Simply generating a new encryption key isn’t enough. The old, potentially compromised key remains active.
Deactivating the old key is complex and requires manual work.
Luke Rodgers just put together a comprehensive guide on the necessary steps and precautions.

If you’re running Magento, I strongly recommend following Peter’s advice:

Install the helper extension in your store.
Generate a new key using the extension’s command.
Carefully follow the manual steps to re-encrypt values and invalidate the old key.

This is a serious issue that requires immediate attention, even if you’ve already upgraded to the latest version. Don’t wait around and leave your Magento site insecure.

More info about how CosmicSting from Sansec.

🕵️‍♂️ Troubleshooting Product Collections in Magento 2

Ever feel like you're on a wild goose chase trying to track down missing products in your Magento 2 collections? I think we’ve all been there before. It's frustrating when you're sure a product exists, but it's nowhere to be found in your foreach loop.

This issue crops up more often than you might think. I've seen countless developers scratch their heads, wondering if they've gone crazy… or if Magento is playing tricks on them.

Spoiler alert: you're not crazy, and Magento isn't out to get you (most of the time).

Let’s dig into why products sometimes play hide-and-seek in Magento 2 collections by going over some real-world examples that I've encountered, and we’ll walk through how to fix and troubleshoot them. I’m hoping that by the end of this article, you'll have a solid grasp on how products may go missing, with hopes that it keeps a little more hair on your head.

Identifying the Problem

Let's say you're working on a project where you need to pull a specific set of products based on their SKUs. You write what seems like perfectly good code, hit run, and... wait, where did half the products go?

Here's a real-world example that I ran into recently (though I changed the SKUs to use products from sample data so you can follow along if you wish):


use Magento\Catalog\Model\ResourceModel\Product\CollectionFactory as ProductCollectionFactory;
use Magento\Store\Model\Store;

public function __construct(
    private ProductCollectionFactory $productCollection,
) {}

public function someFunction()
{
     $skuArray = ['24-MB01', '24-MB02', '24-MB03'];
     $productCollection = $this->productCollection->create()
         ->setStoreId(Store::DEFAULT_STORE_ID)
         ->addFieldToFilter('sku', ['in' => $skuArray]);
     
     foreach ($productCollection as $product) {
         dump($product->getData('sku'));
     }
}

Simple enough, right? You'd expect to see all three products pop up in your collection. But nope. For some reason, only two show up. Or maybe just one. Or worse, none at all.

This is the kind of situation that makes you question everything you know about Magento. You check your database, and yep, all the products are there. So what gives?

The tricky part is that there's no obvious error. Magento isn't throwing exceptions at you or filling up your logs with warnings. It's just... silently excluding products from your collection. And that silence can be deafening when you're trying to debug.