There were no new M1 version released by Magento/Adobe for this update, so the latest Magento 1.9.4.5 should be patched with SUPEE-11346.
OpenMage LTS released v19.4.4 and v20.0.0 with this patch included.
Note: Install this and any other missing patches with our Magento patch installation service or upgrade to OpenMage LTS v19.4.15 (released on August 26, 2021).
Download SUPEE-11346
You can download SUPEE-11346 for your Magento version below, just right click and select “Save file as” from the table below.What is changed with SUPEE-11346
It is probably the smallest patch for M1. Known issues are not expected with SUPEE-11346 as it changes just a three lines of code in 3 files (filtered user input, sanitizedunserialize() call and protected `entity_type_id` on attribute save):
diff --git app/code/core/Mage/Adminhtml/Block/Widget/Form.php app/code/core/Mage/Adminhtml/Block/Widget/Form.php
index 2c4b3ffdc70..598c1eea8ba 100644
--- app/code/core/Mage/Adminhtml/Block/Widget/Form.php
+++ app/code/core/Mage/Adminhtml/Block/Widget/Form.php
@@ -190,7 +190,7 @@ class Mage_Adminhtml_Block_Widget_Form extends Mage_Adminhtml_Block_Widget
'label' => $attribute->getFrontend()->getLabel(),
'class' => $attribute->getFrontend()->getClass(),
'required' => $attribute->getIsRequired(),
- 'note' => $attribute->getNote(),
+ 'note' => $this->escapeHtml($attribute->getNote()),
)
)
->setEntityAttribute($attribute);
diff --git app/code/core/Mage/Adminhtml/controllers/Catalog/Product/AttributeController.php app/code/core/Mage/Adminhtml/controllers/Catalog/Product/AttributeController.php
index b39d034ed7d..8cb73a0ff8b 100644
--- app/code/core/Mage/Adminhtml/controllers/Catalog/Product/AttributeController.php
+++ app/code/core/Mage/Adminhtml/controllers/Catalog/Product/AttributeController.php
@@ -288,6 +288,10 @@ class Mage_Adminhtml_Catalog_Product_AttributeController extends Mage_Adminhtml_
$data['apply_to'] = array();
}
+ if ($model) {
+ $data['entity_type_id'] = $model->getEntityTypeId();
+ }
+
//filter
$data = $this->_filterPostData($data);
$model->addData($data);
diff --git app/code/core/Mage/Eav/Model/Attribute.php app/code/core/Mage/Eav/Model/Attribute.php
index 0d3db560fcf..f0dc25343e8 100644
--- app/code/core/Mage/Eav/Model/Attribute.php
+++ app/code/core/Mage/Eav/Model/Attribute.php
@@ -116,7 +116,7 @@ abstract class Mage_Eav_Model_Attribute extends Mage_Eav_Model_Entity_Attribute
if (is_array($rules)) {
return $rules;
} else if (!empty($rules)) {
- return unserialize($rules);
+ return Mage::helper('core/unserializeArray')->unserialize($rules);
}
return array();
}
Download SUPEE-11346
| Magento version | SUPEE-11346 | MD5 checksum |
|---|---|---|
| Magento CE 1.5.1.0 | SUPEE-11346 1.5.1.0 | 5dcb7b0fa3257b0dcf22b7051b86845c |
| Magento CE 1.6.2.0 | SUPEE-11346 1.6.2.0 | 9eaaee24db2789451644cc49b8b5e778 |
| Magento CE 1.7.0.2 | SUPEE-11346 1.7.0.2 | 49c7fae28bea8d3280f5e39482d92488 |
| Magento CE 1.8.0.0 | SUPEE-11346 1.8.0.0 | 6c4ed32de2a6ea5b01d6a906aa7a3932 |
| Magento CE 1.8.1.0 | SUPEE-11346 1.8.1.0 | 28a5f171668d4c818d4cdcf92d301db2 |
| Magento CE1.9.0.0- 1.9.0.1 | SUPEE-11346 1.9.0.1 | 11f620147e735a629db9d916ffce5948 |
| Magento CE 1.9.1.0 | SUPEE-11346 1.9.1.0 | 72ed54551f38ed4b8e41754f963f9151 |
| Magento CE 1.9.1.1 | SUPEE-11346 1.9.1.1 | 7cbaf3e9548e280d36b47b295945d56c |
| Magento CE 1.9.2.0-1.9.2.4 | SUPEE-11346 1.9.2.4 | 4862d55093f785429ce4479c2990466e |
| Magento CE 1.9.3.0-1.9.4.4 | SUPEE-11346 1.9.4.4 | f5fe5c35b2e7356f2e843a6ec314d371 |
| Magento CE 1.9.4.5 | SUPEE-11346 1.9.4.5 | 46d62cc1eda4a4adc86b048d66994b2b |
| OpenMage v19.4.3 | SUPEE-11346 1.9.4.5 | 46d62cc1eda4a4adc86b048d66994b2b |
| OpenMage v19.4.5 | the patch is already included |