PHPackages taurus-media/module-polyshell-fix - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. taurus-media/module-polyshell-fix ActiveMagento2-module[Security](/categories/security) taurus-media/module-polyshell-fix ================================= Fix for potential exploitation in custom options called Polyshell, where a user might try to pass a 'file' value to an option that is not designed to handle files. 1.0.1(2mo ago)3900↓48.8%1[1 issues](https://github.com/taurus-media/module-polyshell-fix/issues)MITPHP Since Mar 24Pushed 2mo agoCompare [ Source](https://github.com/taurus-media/module-polyshell-fix)[ Packagist](https://packagist.org/packages/taurus-media/module-polyshell-fix)[ RSS](/packages/taurus-media-module-polyshell-fix/feed)WikiDiscussions master Synced 3w ago READMEChangelog (1)Dependencies (2)Versions (3)Used By (0) Magento 2 Polyshell Vulernability Fix ===================================== [](#magento-2-polyshell-vulernability-fix) A Magento 2 module designed to address a potential security concern related to custom options. It ensures that custom option values are correctly validated before processing, preventing unauthorized 'file' type injections. Description ----------- [](#description) This module introduces a `before` plugin for `Magento\Catalog\Model\CustomOptions\CustomOption::getOptionValue()`. The plugin performs the following checks: 1. **Option Existence**: Verifies that the `option_id` associated with the request exists in the database. If the option does not exist, a `LocalizedException` is thrown. 2. **Type Validation**: If the provided `option_value` is set to `'file'`, it confirms that the actual custom option type in Magento is indeed `'file'`. If there is a mismatch (e.g., trying to pass `'file'` to a `text` or `drop_down` option), a `LocalizedException` is thrown. This prevents potential exploitation where an attacker might try to force Magento to process a file upload for an option that was not intended to handle files. Installation ------------ [](#installation) ### Via Composer (if available in repository) [](#via-composer-if-available-in-repository) ``` composer require taurus-media/module-polyshell-fix ``` ### Manual Installation [](#manual-installation) 1. Copy the module files to `app/code/Taurus/PolyshellFix`. 2. Run the following Magento commands: ``` bin/magento module:enable Taurus_PolyshellFix bin/magento setup:upgrade bin/magento cache:flush ``` Features -------- [](#features) - **Security Hardening**: Adds a layer of validation to product custom options. - **Strict Type Checking**: Ensures data integrity for file-based custom options. - **Easy Integration**: Hooks into existing Magento logic via plugins without modifying core files. ### Health Score 38 — LowBetter than 83% of packages Maintenance77 Regular maintenance activity Popularity24 Limited adoption so far Community4 Small or concentrated contributor base Maturity35 Early-stage or recently created project How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~6 days Total 2 Last Release 85d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/9a63921d7d7fd387db50f9e01c25123205ad89de7a50c0c95ea2ba4061cc4b26?d=identicon)[taurus-media](/maintainers/taurus-media) ### Embed Badge ![Health badge](/badges/taurus-media-module-polyshell-fix/health.svg) ``` [![Health](https://phpackages.com/badges/taurus-media-module-polyshell-fix/health.svg)](https://phpackages.com/packages/taurus-media-module-polyshell-fix) ``` ### Alternatives [mews/purifier Laravel 5/6/7/8/9/10 HtmlPurifier Package 2.0k18.0M134](/packages/mews-purifier)[gene/module-encryption-key-manager Gene encryption key manager 81462.0k](/packages/gene-module-encryption-key-manager)[mollie/magento2 Mollie Payment Module for Magento 2 1121.8M12](/packages/mollie-magento2)[run-as-root/magento2-prometheus-exporter Magento2 Prometheus Exporter 68353.9k](/packages/run-as-root-magento2-prometheus-exporter)[emico/m2-attributelanding Attribute landing pages for Magento 2 17257.6k10](/packages/emico-m2-attributelanding)[mage-os/module-automatic-translation Automatic AI content translation for Mage-OS. 2913.9k](/packages/mage-os-module-automatic-translation) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)