Magento 1.x Knowledge Base » Magento Maintenance » How to install SUPEE-6285 without SSH
Published: July 7, 2015
Last updated:

How to install SUPEE-6285 without SSH

Tags: ,

According to announce sent on July 7, 2015 to all Magento installations new security patch SUPEE-6285 should be installed in addition to the previous Magento security patch (SUPEE-5994).

July 7, 2015: New Magento Security Patch (SUPEE-6285) – Install Immediately Today we are providing a new security patch (SUPEE-6285) that addresses critical security vulnerabilities. The patch is available for Community Edition 1.4.1 to 1.9.1.1 and is part of the core code of our latest release, Community Edition 1.9.2, available for download today. PLEASE NOTE: You must first implement SUPEE-5994 to ensure SUPEE-6285 works properly. Download Community Edition 1.9.2 or the patch from the Community Edition download page: https://magento.com/tech-resources/download
If you have no SSH access to apply the patch, you can simply upgrade your installation to Magento 1.9.2.1 version which includes all the latest security patches (SUPEE-5344, SUPEE-5994, SUPEE-6285, SUPEE-6482). If Magento upgrade is not possible in the moment due to some reason you still can apply the patch via FTP/sFTP upload as shown in this article. Please note, that the patch (SUPEE-6285) should be applied over SUPEE-5994, therefor all filesets prepared in this article provide both patches (SUPEE-5994 & SUPEE-6285) simultaneously. The fileset also will update one file from SUPEE-5344 (app/code/core/Mage/Oauth/controllers/Adminhtml/Oauth/AuthorizeController.php), therefor make sure to apply SUPEE-5344 before this patch. If you have any difficulties with applying the patches please let us know in comments, so we can find the solution together. If you wish to save time and have us to install these patches for you, simply click here to order installation. Before patching make sure to Disable Magento Compiler if you use it at System > Configuration > Tools > Compilation and clear compiled cache.

Applying Magento patches via FTP/sFTP or FileManager / File Upload

To apply patches in this way we simply replace changed files. This way can not be used blindly if you or your developers have changed any core Magento files (which is a big no-no, by the way). Such changes should be re-applied to patched files, or you loose these changes. SUPEE-6285 patch (Magento 1.9.1.1) applied to the following files:
  • app/Mage.php
  • app/code/community/Phoenix/Moneybookers/controllers/MoneybookersController.php
  • app/code/core/Mage/Adminhtml/Controller/Action.php
  • app/code/core/Mage/Adminhtml/controllers/AjaxController.php
  • app/code/core/Mage/Adminhtml/controllers/Catalog/Category/WidgetController.php
  • app/code/core/Mage/Adminhtml/controllers/Catalog/Product/DatafeedsController.php
  • app/code/core/Mage/Adminhtml/controllers/Catalog/Product/ReviewController.php
  • app/code/core/Mage/Adminhtml/controllers/Catalog/Product/WidgetController.php
  • app/code/core/Mage/Adminhtml/controllers/Cms/Block/WidgetController.php
  • app/code/core/Mage/Adminhtml/controllers/Cms/Page/WidgetController.php
  • app/code/core/Mage/Adminhtml/controllers/Cms/PageController.php
  • app/code/core/Mage/Adminhtml/controllers/Cms/WysiwygController.php
  • app/code/core/Mage/Adminhtml/controllers/Customer/System/Config/ValidatevatController.php
  • app/code/core/Mage/Adminhtml/controllers/JsonController.php
  • app/code/core/Mage/Adminhtml/controllers/NotificationController.php
  • app/code/core/Mage/Adminhtml/controllers/Report/CustomerController.php
  • app/code/core/Mage/Adminhtml/controllers/Report/ProductController.php
  • app/code/core/Mage/Adminhtml/controllers/Report/ReviewController.php
  • app/code/core/Mage/Adminhtml/controllers/Report/SalesController.php
  • app/code/core/Mage/Adminhtml/controllers/Report/ShopcartController.php
  • app/code/core/Mage/Adminhtml/controllers/Report/TagController.php
  • app/code/core/Mage/Adminhtml/controllers/ReportController.php
  • app/code/core/Mage/Adminhtml/controllers/Rss/CatalogController.php
  • app/code/core/Mage/Adminhtml/controllers/Rss/OrderController.php
  • app/code/core/Mage/Adminhtml/controllers/Sales/Billing/AgreementController.php
  • app/code/core/Mage/Adminhtml/controllers/Sales/Order/View/GiftmessageController.php
  • app/code/core/Mage/Adminhtml/controllers/Sales/Recurring/ProfileController.php
  • app/code/core/Mage/Adminhtml/controllers/Sales/TransactionsController.php
  • app/code/core/Mage/Adminhtml/controllers/System/Config/System/StorageController.php
  • app/code/core/Mage/Adminhtml/controllers/TagController.php
  • app/code/core/Mage/Adminhtml/controllers/Tax/RateController.php
  • app/code/core/Mage/Adminhtml/controllers/TaxController.php
  • app/code/core/Mage/Api2/controllers/Adminhtml/Api2/AttributeController.php
  • app/code/core/Mage/Bundle/controllers/Adminhtml/Bundle/SelectionController.php
  • app/code/core/Mage/Captcha/controllers/Adminhtml/RefreshController.php
  • app/code/core/Mage/Centinel/controllers/Adminhtml/Centinel/IndexController.php
  • app/code/core/Mage/Checkout/controllers/MultishippingController.php
  • app/code/core/Mage/Connect/controllers/Adminhtml/Extension/LocalController.php
  • app/code/core/Mage/ImportExport/Model/Abstract.php
  • app/code/core/Mage/Oauth/controllers/Adminhtml/Oauth/AuthorizeController.php
  • app/code/core/Mage/Paygate/controllers/Adminhtml/Paygate/Authorizenet/PaymentController.php
  • app/code/core/Mage/Paypal/controllers/Adminhtml/Paypal/ReportsController.php
  • app/code/core/Mage/Rss/controllers/CatalogController.php
  • app/code/core/Mage/Rss/controllers/OrderController.php
  • app/code/core/Mage/Widget/Block/Adminhtml/Widget/Chooser.php
  • app/code/core/Mage/Widget/controllers/Adminhtml/WidgetController.php
  • app/design/frontend/base/default/template/checkout/cart.phtml
  • app/design/frontend/base/default/template/checkout/cart/noItems.phtml
  • app/design/frontend/base/default/template/checkout/onepage/failure.phtml
  • app/design/frontend/base/default/template/rss/order/details.phtml
  • app/design/frontend/base/default/template/wishlist/email/rss.phtml
  • app/design/frontend/default/modern/template/checkout/cart.phtml
  • downloader/Maged/.htaccess
  • downloader/Maged/Controller.php
  • downloader/Maged/Model/Session.php
  • downloader/lib/.htaccess
  • downloader/template/connect/packages.phtml
  • downloader/template/connect/packages_prepare.phtml
  • downloader/template/login.phtml
  • downloader/template/settings.phtml
  • errors/processor.php
UPDATE from July 10, 2015: added one more file to the list according to v2 patch update released by Magento:
  • app/design/frontend/rwd/default/template/checkout/cart.phtml
SUPEE-5994 patch adds the following files:
  • app/code/core/Mage/Authorizenet/controllers/Directpost/PaymentController.php
  • app/code/core/Mage/Core/Controller/Varien/Router/Admin.php
  • app/code/core/Mage/Core/Controller/Varien/Router/Standard.php
  • app/code/core/Mage/Customer/Model/Customer.php
  • app/code/core/Mage/Dataflow/Model/Convert/Parser/Csv.php
  • app/code/core/Mage/ImportExport/Model/Export/Adapter/Csv.php
  • app/code/core/Mage/Install/Controller/Router/Install.php
  • app/code/core/Mage/Install/etc/config.xml
  • app/code/core/Mage/Sales/controllers/Recurring/ProfileController.php
  • downloader/Maged/Model/Connect.php
  • downloader/Maged/View.php
  • downloader/template/connect/packages_prepare.phtml
  • downloader/template/messages.phtml
  • get.php
  • lib/PEAR/PEAR/PEAR.php
  • lib/PEAR/PEAR/PEAR5.php
  • lib/Varien/Io/File.php
Patched version of these files for Magento 1.9.1.1 packed into single ZIP archive: SUPEE-6285-1.9.1v2. Simply unpack it and replace files on your store by uploading all folders and get.php file into your Magento root directory.

Patch for other versions

Older versions are patched in the same way, I am adding downloads for other versions into a single table on demand when I need to patch certain version:
Magento versionSUPEE-6285 (+SUPEE-5994)
Magento 1.9.1.0-1.9.1.1SUPEE-6285-1.9.1v2*
Magento 1.9.0.1SUPEE-6285-1.9.0.1v2*
Magento 1.8.1.0SUPEE-6285-1.8.1
Magento 1.7.0.2SUPEE-6285-1.7.0.2
Magento 1.6.2.0SUPEE-6285-1.6.2
Magento 1.6.1.0SUPEE-6285-1.6.1.0
Magento 1.5.1.0SUPEE-6285-1.5.1
Magento 1.5.0.1SUPEE-6285-1.5.0.1
Magento 1.4.2.0SUPEE-6285-1.4.2
Magento 1.4.1.1SUPEE-6285-1.4.1.1
* – included v2 update from July 10, 2015 for cart.phtml file from RWD theme

Verification

Verify patch status at our patch tester page. If you use PHP opcode caches (APC/XCache/eAccelerator) make sure to flush it (or restart webserver) after patching, otherwise code will continue to run from caches. Additionally, if your store still using default /admin/ path, you may consider securing your Magento /admin/ by admin path change and restrict access to /downloader/. Done.
Update: Make sure also to apply the latest SUPEE-6482 released on August 4, 2015.
If you have any difficulties with applying the patches please let us know in comments, so we can find the solution together.

Posted in: Magento Maintenance

Related Posts

125 votes, 4.91 avg. rating (97% score)