PHPackages taurus-media/module-polyshell-fix - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. taurus-media/module-polyshell-fix ActiveMagento2-module taurus-media/module-polyshell-fix ================================= Fix for potential exploitation in custom options called Polyshell, where a user might try to pass a 'file' value to an option that is not designed to handle files. 1.0.0(1mo ago)032↑2900%MITPHP Since Mar 24Pushed 1mo agoCompare [ Source](https://github.com/taurus-media/module-polyshell-fix)[ Packagist](https://packagist.org/packages/taurus-media/module-polyshell-fix)[ RSS](/packages/taurus-media-module-polyshell-fix/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (1)Dependencies (1)Versions (2)Used By (0) Magento 2 Polyshell Vulernability Fix ===================================== [](#magento-2-polyshell-vulernability-fix) A Magento 2 module designed to address a potential security concern related to custom options. It ensures that custom option values are correctly validated before processing, preventing unauthorized 'file' type injections. Description ----------- [](#description) This module introduces a `before` plugin for `Magento\Catalog\Model\CustomOptions\CustomOption::getOptionValue()`. The plugin performs the following checks: 1. **Option Existence**: Verifies that the `option_id` associated with the request exists in the database. If the option does not exist, a `LocalizedException` is thrown. 2. **Type Validation**: If the provided `option_value` is set to `'file'`, it confirms that the actual custom option type in Magento is indeed `'file'`. If there is a mismatch (e.g., trying to pass `'file'` to a `text` or `drop_down` option), a `LocalizedException` is thrown. This prevents potential exploitation where an attacker might try to force Magento to process a file upload for an option that was not intended to handle files. Installation ------------ [](#installation) ### Via Composer (if available in repository) [](#via-composer-if-available-in-repository) ``` composer require taurus-media/module-polyshell-fix ``` ### Manual Installation [](#manual-installation) 1. Copy the module files to `app/code/Taurus/PolyshellFix`. 2. Run the following Magento commands: ``` bin/magento module:enable Taurus_PolyshellFix bin/magento setup:upgrade bin/magento cache:flush ``` Features -------- [](#features) - **Security Hardening**: Adds a layer of validation to product custom options. - **Strict Type Checking**: Ensures data integrity for file-based custom options. - **Easy Integration**: Hooks into existing Magento logic via plugins without modifying core files. ### Health Score 38 — LowBetter than 84% of packages Maintenance98 Actively maintained with recent releases Popularity10 Limited adoption so far Community2 Small or concentrated contributor base Maturity33 Early-stage or recently created project How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 46d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/9a63921d7d7fd387db50f9e01c25123205ad89de7a50c0c95ea2ba4061cc4b26?d=identicon)[taurus-media](/maintainers/taurus-media) ### Embed Badge ![Health badge](/badges/taurus-media-module-polyshell-fix/health.svg) ``` [![Health](https://phpackages.com/badges/taurus-media-module-polyshell-fix/health.svg)](https://phpackages.com/packages/taurus-media-module-polyshell-fix) ``` ### Alternatives [smile/elasticsuite Magento 2 merchandising and search engine built on ElasticSearch 8044.5M33](/packages/smile-elasticsuite)[mollie/magento2 Mollie Payment Module for Magento 2 1121.6M10](/packages/mollie-magento2)[hyva-themes/magento2-react-checkout Highly customizable Magento 2 Checkout, built with React 189169.8k1](/packages/hyva-themes-magento2-react-checkout)[dotdigital/dotdigital-magento2-extension Dotdigital for Magento 2 50374.2k18](/packages/dotdigital-dotdigital-magento2-extension)[swissup/module-search-mysql-legacy Legacy mysql search for magento 2.4 10483.0k](/packages/swissup-module-search-mysql-legacy)[lizardmedia/module-varnish-warmer Varnish Cache Warmer Magento2 module by Lizard Media 6276.8k](/packages/lizardmedia-module-varnish-warmer) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)