Published: May 15, 2015
Last updated:

How to install SUPEE-5994 without SSH

UPDATE: July 7, 2015: New Magento Security Patch (SUPEE-6285), save time on installing both SUPEE-5994 and SUPEE-6285 at once as shown in SUPEE-6285 & SUPEE-5994 installation without SSH.
According to announce sent on May 15, 2015 to all Magento installations new security patch SUPEE-5994 should be installed in addition to two recent shoplift patches (SUPEE-5344 and SUPEE-1533).
Important: New Magento Security Patch – Install it Now It is important for you to download and install a new security patch (SUPEE-5994) from the Magento Community Edition download page https://magento.com/tech-resources/download. Please apply this critical update immediately to help protect your site from exposure to multiple security vulnerabilities impacting all versions of the Magento Community Edition software. Please note that this patch should be installed in addition to the recent Shoplift patch (SUPEE-5344).
The only problem with these patches is SSH requirement, which some hosts do not provide. If you have SSH access, you can install patches as shown in How to install SUPEE-5994. It is still possible to apply the patch even without SSH via FTP/sFTP or direct execution via PHP as shown below in this article. If you wish to save time and have us to install all these patches for you, simply click here to order installation. If you have any difficulties with applying the patches please let us know in comments, so we can find the solution together. Before patching make sure to Disable Magento Compiler if you use it at System > Configuration > Tools > Compilation and clear compiled cache.

Applying Magento patches via FTP/sFTP or FileManager / File Upload

To apply patches in this way we simply replace changed files. This way can not be used blindly if you or your developers have changed any core Magento files (which is a big no-no, by the way). Such changes should be re-applied to patched files, or you loose these changes. Patch SUPEE-5994 (Magento 1.6.x.x-1.9.1.1) applied to the following files:
  • app/code/core/Mage/Authorizenet/controllers/Directpost/PaymentController.php
  • app/code/core/Mage/Core/Controller/Varien/Router/Admin.php
  • app/code/core/Mage/Core/Controller/Varien/Router/Standard.php
  • app/code/core/Mage/Customer/Model/Customer.php
  • app/code/core/Mage/Dataflow/Model/Convert/Parser/Csv.php
  • app/code/core/Mage/ImportExport/Model/Export/Adapter/Csv.php
  • app/code/core/Mage/Install/Controller/Router/Install.php
  • app/code/core/Mage/Install/etc/config.xml
  • app/code/core/Mage/Sales/controllers/Recurring/ProfileController.php
  • downloader/Maged/Model/Connect.php
  • downloader/Maged/View.php
  • downloader/template/connect/packages_prepare.phtml
  • downloader/template/messages.phtml
  • get.php
  • lib/PEAR/PEAR/PEAR.php
  • lib/PEAR/PEAR/PEAR5.php
  • lib/Varien/Io/File.php
Patched version of these files for Magento 1.9.1.0-1.9.1.1 packed into single ZIP archive: SUPEE-5994-1.9.1. Simply unpack it and replace files on your store by uploading all folders and get.php file into your Magento root directory.

Patch for other versions

Older versions are patched in the same way, I am adding downloads for other versions into a single table on demand when I need to patch certain version:
Magento versionSUPEE-5994
Magento 1.9.1.0-1.9.1.1SUPEE-5994-1.9.1
Magento 1.9.0.1SUPEE-5994-1.9.0.1
Magento 1.8.1.0SUPEE-5994-1.8.1
Magento 1.7.0.2SUPEE-5994-1.7.0.2
Magento 1.6.1.0-1.6.2.0SUPEE-5994-1.6
Magento 1.5.1.0SUPEE-5994-1.5.1
Magento 1.4.2.0SUPEE-5994-1.4.2
Magento 1.4.1.0-1.4.1.1SUPEE-5994-1.4.1

Verification

Verify patch status at our patch tester page. If you use PHP opcode caches (APC/XCache/eAccelerator) make sure to flush it after patching, otherwise code will continue to run from caches. Additionally, if your store still using default /admin/ path, you may consider securing your Magento /admin/ by admin path change and restrict access to /downloader/. Done. If you have any difficulties with applying the patches please let us know in comments, so we can find the solution together.

Posted in: Magento Maintenance

83 votes, 4.53 avg. rating (90% score)