DEC 03 2018

How to install SUPEE-10975 without SSH

November 28, 2018: SUPEE-10975 version released with fixes that help close cross-site request forgery (CSRF) and other vulnerabilities.
If you have SSH access, it would be more simple to apply the patch via SSH. If you have no SSH access to apply the patch you still can apply the patch via FTP/sFTP upload as shown in this article.

If you wish to save time and have us to install these patches for you, simply click here to order patch installation.

Preparations

Applying Magento patches via FTP/sFTP or FileManager / File Upload

To apply patches in this way we simply replace changed files. This way can not be used blindly if you or your developers have changed any core Magento files (which is a big no-no, by the way). Such changes should be re-applied to patched files, or you loose these changes.

The following files are changed by SUPEE-10975 (v1 for 1.9.3.4-1.9.3.10 released on November 28, 2018):

app/code/core/Mage/Adminhtml/Block/Customer/Group/Edit.php
app/code/core/Mage/Adminhtml/Block/Newsletter/Template/Edit.php
app/code/core/Mage/Adminhtml/controllers/Cms/BlockController.php
app/code/core/Mage/Adminhtml/controllers/Customer/GroupController.php
app/code/core/Mage/Adminhtml/controllers/SitemapController.php
app/code/core/Mage/Adminhtml/controllers/System/BackupController.php
app/code/core/Mage/Captcha/Model/Observer.php
app/code/core/Mage/Captcha/Model/Zend.php
app/code/core/Mage/Captcha/etc/config.xml
app/code/core/Mage/Catalog/Model/Api2/Product/Image/Rest/Admin/V1.php
app/code/core/Mage/Catalog/Model/Product/Attribute/Media/Api.php
app/code/core/Mage/Cms/Model/Wysiwyg/Images/Storage.php
app/code/core/Mage/Core/etc/config.xml
app/code/core/Mage/Core/sql/core_setup/upgrade-1.6.0.7.1.1-1.6.0.7.1.2.php
app/code/core/Mage/Dataflow/Model/Convert/Container/Abstract.php
app/code/core/Mage/ImportExport/Model/Import/Entity/Customer.php
app/code/core/Mage/ImportExport/Model/Import/Entity/Customer/Address.php
app/code/core/Mage/Payment/etc/config.xml
app/code/core/Mage/Payment/etc/system.xml
app/code/core/Mage/Payment/sql/payment_setup/upgrade-1.6.0.0.1.1-1.6.0.0.1.2.php
app/code/core/Mage/Sendfriend/Block/Send.php
app/code/core/Mage/Wishlist/controllers/IndexController.php
app/code/core/Zend/Controller/Request/Http.php
app/design/adminhtml/default/default/template/cms/browser/content/files.phtml
app/design/frontend/base/default/layout/captcha.xml
app/design/frontend/base/default/template/wishlist/sharing.phtml
app/design/frontend/rwd/default/layout/page.xml
app/design/frontend/rwd/default/template/sendfriend/send.phtml
app/etc/modules/Mage_All.xml
app/etc/modules/Mage_Captcha.xml
app/locale/en_US/Mage_Wishlist.csv
js/lib/jquery/jquery-1.12.0.js
js/lib/jquery/jquery-1.12.0.min.js
js/lib/jquery/jquery-1.12.0.min.map
js/lib/jquery/jquery-1.12.1.js
js/lib/jquery/jquery-1.12.1.min.js
js/lib/jquery/jquery-1.12.1.min.map
To install the patch via FTP/File Upload
  • select patch bundle archive corresponding to your Magento version from the table below and unpack it
  • upload all files and folders to Magento root directory of your store, replacing all files
  • if you use custom design theme, edit your app/design/frontend/yourpackage/yourtheme/layout/page.xml replacing jquery-1.12.0 with jquery-1.12.1
  • navigate to js/lib/jquery/ folder and delete the following files:
    js/lib/jquery/jquery-1.12.0.js
    js/lib/jquery/jquery-1.12.0.min.js
    js/lib/jquery/jquery-1.12.0.min.map
    
Magento versionSUPEE-10975
Magento 1.9.3.10SUPEE-10975-1.9.3.10
Magento 1.9.3.8SUPEE-10975-1.9.3.8
Magento 1.9.3.7SUPEE-10975-1.9.3.7
Magento 1.9.3.6SUPEE-10975-1.9.3.6
Magento 1.9.3.4SUPEE-10975-1.9.3.4
Magento 1.9.3.3SUPEE-10975-1.9.3.3
Magento 1.9.3.2SUPEE-10975-1.9.3.2
Magento 1.9.3.1SUPEE-10975-1.9.3.1
Magento 1.9.3.0SUPEE-10975-1.9.3.0
Magento 1.9.2.4SUPEE-10975-1.9.2.4
Magento 1.9.2.3SUPEE-10975-1.9.2.3
Magento 1.9.2.2SUPEE-10975-1.9.2.2
Magento 1.9.2.1SUPEE-10975-1.9.2.1
Magento 1.9.2.0SUPEE-10975-1.9.2.0
Magento 1.9.1.1SUPEE-10975-1.9.1.1
Magento 1.9.1.0SUPEE-10975-1.9.1.0
Magento 1.8.1.0SUPEE-10975-1.8.1.0
Magento 1.7.0.2SUPEE-10975-1.7.0.2

Downloads for other versions added to table on demand when we patch certain version via file upload for the first time.

Verification and flush of PHP opcode cache

Test that your store is working. If you use PHP opcode caches (APC/XCache/eAccelerator) make sure to flush it after patching (or restart webserver), otherwise code will continue to run from caches.

Known issues



If you have any difficulties with applying the patches please let us know in comments, so we can find the solution together.

Posted in: Magento Maintenance

How to install SUPEE-10975 without SSH
2 votes, 5.00 avg. rating (94% score)
  • David O’Connor

    I’m getting a 404 for the patch links above.

    • magentary

      Please could you confirm which link returned 404?

      • David O’Connor

        It was for v1.9.1.0 but is working now thanks

  • Leonel Nunes

    Hello, and thank again for the great and quick solutions you give us.
    I’ve
    mually installed the lateste suppee for my magento version (1.8.1.0),
    cleared all caches, but when I scan my store to see if everything is ok,
    I still get “SUPEE-10975: Vulnerable, immediate attention required. How
    to patch.”.

    Is it normal because of my magento version?

    Best Regards,
    Leonel Nunes