Magento Bug

我在Magento 1.1.8里发现一个可能的Bug: Category Design的值只有All store views的值起作用,针对各个store view分别做的不同的值均被忽略。

不过这暂时对我没什么影响,因为我的一个Root Category只对应一个store view。

思维定势

Tesco经常给我寄各种各样的Coupon,我很喜欢。

Cow & Gate婴儿奶粉罐里有时也会开出一张Coupon,通常是买下一罐奶粉Save £1。我中到一张,Valid to 30/11/08,今天最后一天。

今天礼拜天,Hove Tesco 下午4点就关门,而我有事,4点之前不想专门为用掉一张Coupon跑一趟Hove Tesco。眼看着让这张Coupon作废,我突然想到:Cow & Gate给的Coupon,指明各大零售店均可使用,Cow & Gate负责兑现,我偏偏只想着去Tesco买。Tesco Coupon用惯了,以致见了Coupon就想着去Tesco买。

这种思维定势真的很可怕。幸好我及时跳出定势,就近在Waitrose花掉了这张即将作废的Coupon。

httpd.conf Can Override php.ini

httpd.conf and php.ini, which has priority? I have done some experiments, and the conclusions are –

  • php settings in php.ini can be overrided by httpd.conf (or some other Apache configuration files) with php_admin_value, php_admin_flag, php_value, and php_flag.
  • However, I find on Linux, if php_admin_value, php_admin_flag, php_value, or php_flag can not be put inside of VirtualHost block. They can be put inside of Directory block, but if Directory is inside of VirtualHost, they won’t work. I assume it is a php bug because on Windows php_admin_value, php_admin_flag, php_value, or php_flag can be inside of VirtualHost or Directory blocks.
  • Some of php directives can only be set by php_admin_value or php_admin_flag, for example, safe_mode. Others can be set by php_admin or php_(non_admin), for example, display_errors. But if display_errors is set by php_admin, it is not overridable by .htaccess; if display_errors is set by php_(non_admin), .htaccess can override it.

关于Magento一次安装,多处使用的构想

WordPress可以一次安装,多处使用,Magento当然更有理由这么做了。

Magento强大的功能之一就是run multi websites,Magento内置了多站点运行的功能。我援引从WordPress安装管理探索出的经验,觉得即使Magento内置multi websites功能,各站点还是不要使用同一个document root为好,还是以一主多副软连接的方式为宜。

只是,我还是没有找到在后台隔离各站点的办法(假设它们由不同的web manager来经营)。我也无法控制上传目录,所有上传得文件都是存放在主域名的document root/{magento installatin path}/media下。

好在magento子目录安装,根目录显示还是做得到的。如将magento放置在document root/magento下,但前台url不出现magento,具体的做法是

1. 把index.php和.htaccess移到document root,其他文件都放置在document root/magento子目录

2. 把index.php修改成

<?php
/**
* Magento
*
* NOTICE OF LICENSE
*
* This source file is subject to the Open Software License (OSL 3.0)
* that is bundled with this package in the file LICENSE.txt.
* It is also available through the world-wide-web at this URL:
* http://opensource.org/licenses/osl-3.0.php
* If you did not receive a copy of the license and are unable to
* obtain it through the world-wide-web, please send an email
* to license@magentocommerce.com so we can send you a copy immediately.
*
* DISCLAIMER
*
* Do not edit or add to this file if you wish to upgrade Magento to newer
* versions in the future. If you wish to customize Magento for your
* needs please refer to http://www.magentocommerce.com for more information.
*
* @category   Mage
* @package    Mage
* @copyright  Copyright (c) 2008 Irubin Consulting Inc. DBA Varien (http://www.varien.com)
* @license    http://opensource.org/licenses/osl-3.0.php  Open Software License (OSL 3.0)
*/

if (version_compare(phpversion(), ‘5.2.0’, ‘<‘)===true) {
echo  ‘<div style=”font:12px/1.35em arial, helvetica, sans-serif;”><div style=”margin:0 0 25px 0; border-bottom:1px solid #ccc;”><h3 style=”margin:0; font-size:1.7em; font-weight:normal; text-transform:none; text-align:left; color:#2f2f2f;”>Whoops, it looks like you have an invalid PHP version.</h3></div><p>Magento supports PHP 5.2.0 or newer. <a href=”http://www.magentocommerce.com/install” target=””>Find out</a> how to install</a> Magento using PHP-CGI as a work-around.</p></div>’;
exit;
}

$mageFilename = ‘magento/app/Mage.php’;

if (!file_exists($mageFilename)) {
if (is_dir(‘downloader’)) {
header(“Location: downloader”);
} else {
echo $mageFilename.” was not found”;
}
exit;
}

require_once $mageFilename;

#Varien_Profiler::enable();

#Mage::setIsDeveloperMode(true);

#ini_set(‘display_errors’, 1);

umask(0);
Mage::run(‘default’);

3. 把.htaccess修改成:


############################################
## uncomment these lines for CGI mode
## make sure to specify the correct cgi php binary file name
## it might be /cgi-bin/php-cgi

#    Action php5-cgi /cgi-bin/php5-cgi
#    AddHandler php5-cgi .php

############################################
## GoDaddy specific options

#   Options -MultiViews

## you might also need to add this line to php.ini
##     cgi.fix_pathinfo = 1
## if it still doesn’t work, rename php.ini to php5.ini

############################################
## this line is specific for 1and1 hosting

#AddType x-mapp-php5 .php
#AddHandler x-mapp-php5 .php

############################################
## default index file

DirectoryIndex index.php

<IfModule mod_php5.c>

############################################
## adjust memory limit

#    php_value memory_limit 64M
php_value memory_limit 128M
php_value max_execution_time 18000

############################################
## disable magic quotes for php request vars

php_flag magic_quotes_gpc off

############################################
## disable automatic session start
## before autoload was initialized

php_flag session.auto_start off

############################################
## enable resulting html compression

#php_flag zlib.output_compression on

###########################################
# disable user agent verification to not break multiple image upload

php_flag suhosin.session.cryptua off

###########################################
# turn off compatibility with PHP4 when dealing with objects

php_flag zend.ze1_compatibility_mode Off

</IfModule>

<IfModule mod_security.c>
###########################################
# disable POST processing to not break multiple image upload

SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>

<IfModule mod_deflate.c>

############################################
## enable apache served files compression
## http://developer.yahoo.com/performance/rules.html#gzip

# Insert filter
#SetOutputFilter DEFLATE

# Netscape 4.x has some problems…
#BrowserMatch ^Mozilla/4 gzip-only-text/html

# Netscape 4.06-4.08 have some more problems
#BrowserMatch ^Mozilla/4\.0[678] no-gzip

# MSIE masquerades as Netscape, but it is fine
#BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
# Don’t compress images
#SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary

# Make sure proxies don’t deliver the wrong content
#Header append Vary User-Agent env=!dont-vary

</IfModule>

<IfModule mod_ssl.c>

############################################
## make HTTPS env vars available for CGI mode

SSLOptions StdEnvVars

</IfModule>

<IfModule mod_rewrite.c>

############################################
## enable rewrites

Options +FollowSymLinks
RewriteEngine on

############################################
## you can put here your magento root folder
## path relative to web root

#RewriteBase /magento/

############################################
## workaround for HTTP authorization
## in CGI environment

RewriteRule .* – [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

############################################

#This is my creation for installing magento under a subfolder.

############################################

RewriteCond %{REQUEST_URI} ^/(media|skin|js)/

RewriteRule (.*) magento/$1 [l]

############################################
## always send 404 on missing files in these folders

RewriteCond %{REQUEST_URI} !^/(media|skin|js)/

############################################
## never rewrite for existing files, directories and links

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-l

############################################
## rewrite everything else to index.php

RewriteRule .* index.php [L]

</IfModule>

############################################
## Prevent character encoding issues from server overrides
## If you still have problems, use the second line instead

AddDefaultCharset Off
#AddDefaultCharset UTF-8

<IfModule mod_expires.c>

############################################
## Add default Expires header
## http://developer.yahoo.com/performance/rules.html#expires

ExpiresDefault “access plus 1 year”

</IfModule>

############################################
## By default allow all access

Order allow,deny
Allow from all

############################################
## If running in cluster environment, uncomment this
## http://developer.yahoo.com/performance/rules.html#etags

#FileETag none

Magento SID

如果magento base url 为 goods-pro.com,那么用www.goods-pro.com 访问时,页面中的链接会带有SID,这是为了跨域名访问时,会话不丢失。

为了SEO,就得避免SID,为此goods-pro.com和www.goods-pro.com只能选择一个做base url,把另外一个301跳转到base url。这里我个人比较爱好no-www的方案:

RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]

safe_mode

我想用script.php访问文件系统,但又想把script.php能访问权限限制在script.php owner 的权限内(而不是apache的权限)。今天才知道把safe_mode turn on就可以,真是又高兴又痛苦,因为很久以前我就想限制script.php的访问权限了,不知道怎么,当时我得出的结论是php 以cgi模式安装才能做到权限检查,sapi模式是做不到的。可能fastcgi过分宣传它的安全特性给我造成一种错觉,其实就文件访问权限来说,sapi一样安全。

同样也是很久以前,见论坛上有个好学的人想要一个免费的空间体验一下xoops,对于好学的人我总想热心帮忙的,况且我又不用额外支出,何乐而不为。无奈我的服务器的designer做的初始设置不是针对share hosting的,safe_mode default off。这样把服务器分给别人用我总归不放心,所以最终没有划空间给好学之士。

safe_mode=on,真就这么简单!

What Makes A Good Web Program

我看问题可能有局限性,但我现在判断程序好坏的必要非充分条件之一是:这套程序能否充分利用Apache Url Rewrite。换句话说,如果是php程序,这套程序的前台页面是否由一个index.php来产生。

以这个条件来看,Zen Cart算好,Magento当然更好,osCommerce就不算好;Drupal / Joomla 都算好,WordPress 当然算是典范,Xoops 就不怎么样了。

也是因为这个原因,我放弃关注Xoops——痛苦地放弃,尽管曾经它是我的最爱,尽管它有某些功能很独到。

Why Google Analytics Dashboard Not Printing Out

About a month ago, I found I could not print Analytics Dashboard from IE (my version is 7 already). Every time I tried to print Dashboard, the browser freezed. I have tried different computers and different printers. The symptom is the same.

Analytics Dashboard is the only report I can not print from IE, but other reports are fine.

I can print Analytics Dashboard from Firefox, but the print layout is not as well formatted as it is in IE. So I have to use IE to print this report.

After I realise Flash 10 is causing problem of uploading images in magento, I think it might be same Flash causing another problem. However, this time Flash 10 is fine, but Flash 9 is not. As my test result shows, Analytics Dashboard can be printed in IE with Flash 10 installed. I assume the symptom is affecting IE with Flash version lower than 10.

I do not like Flash, but between Flash 9 and Flash 10, I prefer the former for now. I think a good program should work both on Flash 9 and 10. So I reported this problem to Google for them to improve Analytics. It must be some recent changes that prevent Analytics Dashboard from being printed.

It’s all Flash’s Fault

不经意中,电脑被装上了Flash 10。等我发现magento后台不能浏览和上传文件时,我怎么也没把原因和Flash 10联系起来。

首先我以为是magento 1.1.5升级到1.1.6造成的,因为我在1.1.5还成功上传过文件。当我专门为此搞了个试验,全新安装了一个magento 1.1.5来上传图片,还是无功而返。

浏览器提示javascript出错,可是我实在想不明白为什么以前可以,现在不可以。为此浪费了无数个晚上,终于让我找到了答案,Flash 10!

Flash 对此的解释冠冕堂皇:为了安全,Flash 10不再允许间接调用文件浏览对话框,文件浏览对话框只能由鼠标动作触发。很不幸,作为magento的上传部件,SWFUpload采用的是间接调用的方式,落入了Flash 10的打击范围。

我本来就不喜欢Flash,这次Flash 10又浪费了我这么多时间,magento至少被我拆装了3次!尽管它有千万个安全理由,我还是对它敬而远之。

异地汇款的窍门

我曾经对各银行异地汇款手续费摸得很熟,但几年不在中国生活,行情肯定过时了。今天凑巧读到一篇调查,摘录如下。

目前,每家商业银行都有不同的异地汇划手续费用设计。2007年中国人民银行在《关于改进个人支付结算服务的通知》中规定,个人客户依托其银行账户办理个人汇兑时,汇划金额在1万元以下(含1万元)每笔收取5元,1万元以上至10万元每笔收取10元,10万元以上至50万元每笔收取15元,50万元以上至100万元每笔收取20元,100万元以上每笔按汇划金额的万分之零点二收取,最高不超过200元。未在银行开户的个人可用现金直接汇款,5000元以下的按汇款金额的1%收取,5000元以上(含5000元)的,均按50元收取;挂失手续费按票面金额的1%收取,不足5元的按5元收取。

招行和农行等是按照央行的规定执行的。工行、建行、邮政储蓄银行等则是以现金汇兑的标准收取手续费用。其中,工行异地电汇的收费标准是:按汇款金额的1%收取,最低1元,50元封顶;建行与工行的标准基本相同,但最低收费为2元;邮政储蓄银行则将费率标准由1%降为0.5%,最低收费为2元,50元封顶。因此,1万元以下的异地汇款通过邮政储蓄银行汇款最划算。1 万以上的异地汇款可以选择招行、农行等。

看来,异地汇款还是首选农行,因为它手续费最便宜,而且网点比较多。但现在多了个新概念“汇划”,汇款人要在银行开户才能汇划,嘿嘿,银行花样经真多。