January 20, 2016: New Magento Security Patch (SUPEE-7405) – Install ImmediatelyIf you have SSH access, it would be more simple to apply the patch via SSH. If you have no SSH access to apply the patch, you can simply upgrade your installation to Magento 1.9.2.3 version which includes all the latest security patches (SUPEE-5344, SUPEE-5994, SUPEE-6285, SUPEE-6482, SUPEE-6788, SUPEE-7405). If Magento upgrade is not possible in the moment due to some reason you still can apply the patch via FTP/sFTP upload as shown in this article. Before applying this patch, make sure to apply all previous patches. If you wish to save time and have us to install these patches for you, simply click here to order installation.
Preparations
- Disable Magento Compiler and clear compiler cache
- Install all previous patches (namely, SUPEE-1533, SUPEE-5344, SUPEE-5994, SUPEE-6285, SUPEE-6482, SUPEE-6788)
Applying Magento patches via FTP/sFTP or FileManager / File Upload
To apply patches in this way we simply replace changed files. This way can not be used blindly if you or your developers have changed any core Magento files (which is a big no-no, by the way). Such changes should be re-applied to patched files, or you loose these changes. The following files are changed by SUPEE-7405:app/code/core/Mage/Admin/Model/Observer.php app/code/core/Mage/Admin/Model/Redirectpolicy.php app/code/core/Mage/Admin/Model/Resource/User.php app/code/core/Mage/Admin/Model/User.php app/code/core/Mage/Adminhtml/Block/Sales/Order/View/Tab/History.php app/code/core/Mage/Adminhtml/Block/Widget/Grid.php app/code/core/Mage/Adminhtml/Helper/Catalog/Product/Edit/Action/Attribute.php app/code/core/Mage/Adminhtml/Helper/Sales.php app/code/core/Mage/Adminhtml/Model/System/Config/Backend/File.php app/code/core/Mage/Adminhtml/Model/System/Config/Backend/Image.php app/code/core/Mage/Adminhtml/Model/System/Config/Backend/Image/Favicon.php app/code/core/Mage/Adminhtml/controllers/IndexController.php app/code/core/Mage/Authorizenet/Helper/Admin.php app/code/core/Mage/Authorizenet/Helper/Data.php app/code/core/Mage/Authorizenet/controllers/Adminhtml/Authorizenet/Directpost/PaymentController.php app/code/core/Mage/Captcha/etc/config.xml app/code/core/Mage/Catalog/Block/Product/View/Options/Type/Select.php app/code/core/Mage/Catalog/Model/Category/Attribute/Backend/Image.php app/code/core/Mage/Catalog/Model/Resource/Product/Attribute/Backend/Image.php app/code/core/Mage/CatalogIndex/etc/config.xml app/code/core/Mage/CatalogInventory/Helper/Minsaleqty.php app/code/core/Mage/Checkout/Block/Cart/Item/Renderer.php app/code/core/Mage/Checkout/controllers/CartController.php app/code/core/Mage/Checkout/controllers/OnepageController.php app/code/core/Mage/Core/Helper/Data.php app/code/core/Mage/Core/Model/App.php app/code/core/Mage/Core/Model/Config.php app/code/core/Mage/Core/Model/Email/Queue.php app/code/core/Mage/Core/Model/Email/Template/Filter.php app/code/core/Mage/Core/Model/File/Validator/Image.php app/code/core/Mage/Core/Model/Input/Filter/MaliciousCode.php app/code/core/Mage/Core/Model/Session.php app/code/core/Mage/Customer/controllers/AccountController.php app/code/core/Mage/Dataflow/Model/Convert/Parser/Csv.php app/code/core/Mage/Downloadable/controllers/CustomerController.php app/code/core/Mage/ImportExport/Model/Export/Adapter/Abstract.php app/code/core/Mage/ImportExport/Model/Export/Adapter/Csv.php app/code/core/Mage/ImportExport/Model/Import/Entity/Abstract.php app/code/core/Mage/ImportExport/etc/config.xml app/code/core/Mage/ImportExport/etc/system.xml app/code/core/Mage/Newsletter/Model/Observer.php app/code/core/Mage/Newsletter/Model/Queue.php app/code/core/Mage/Page/etc/system.xml app/code/core/Mage/Paypal/controllers/PayflowController.php app/code/core/Mage/Paypal/controllers/PayflowadvancedController.php app/code/core/Mage/Paypal/etc/config.xml app/code/core/Mage/Persistent/etc/config.xml app/code/core/Mage/Review/controllers/ProductController.php app/code/core/Mage/Rss/Block/Catalog/Salesrule.php app/code/core/Mage/Rss/Helper/Order.php app/code/core/Mage/Sales/Helper/Guest.php app/code/core/Mage/Sales/Model/Quote/Address.php app/code/core/Mage/Sales/Model/Quote/Item.php app/code/core/Zend/Xml/Security.php app/design/adminhtml/default/default/template/authorizenet/directpost/iframe.phtml app/design/adminhtml/default/default/template/bundle/sales/creditmemo/create/items/renderer.phtml app/design/adminhtml/default/default/template/bundle/sales/creditmemo/view/items/renderer.phtml app/design/adminhtml/default/default/template/bundle/sales/invoice/create/items/renderer.phtml app/design/adminhtml/default/default/template/bundle/sales/invoice/view/items/renderer.phtml app/design/adminhtml/default/default/template/bundle/sales/order/view/items/renderer.phtml app/design/adminhtml/default/default/template/bundle/sales/shipment/create/items/renderer.phtml app/design/adminhtml/default/default/template/bundle/sales/shipment/view/items/renderer.phtml app/design/adminhtml/default/default/template/catalog/product/composite/fieldset/options/type/file.phtml app/design/adminhtml/default/default/template/downloadable/sales/items/column/downloadable/creditmemo/name.phtml app/design/adminhtml/default/default/template/downloadable/sales/items/column/downloadable/invoice/name.phtml app/design/adminhtml/default/default/template/downloadable/sales/items/column/downloadable/name.phtml app/design/adminhtml/default/default/template/sales/items/column/name.phtml app/design/adminhtml/default/default/template/sales/items/renderer/default.phtml app/design/adminhtml/default/default/template/sales/order/totals/discount.phtml app/design/adminhtml/default/default/template/sales/order/view/info.phtml app/design/frontend/base/default/template/catalog/product/view/options/type/file.phtml app/design/frontend/base/default/template/rss/order/details.phtml lib/Varien/File/Uploader.php lib/Varien/Io/File.phpTo install the patch via FTP/File Upload
- select patch bundle archive corresponding to your Magento version from the table below and unpack it
- upload all files and folders to Magento root directory of your store, replacing all files
| Magento version | SUPEE-7405 |
|---|---|
| Magento 1.9.2.2 | SUPEE-7405-1.9.2.2 |
| Magento 1.9.2.0-1.9.2.1 | SUPEE-7405-1.9.2.1 |
| Magento 1.9.1.0-1.9.1.1 | SUPEE-7405-1.9.1.1 |
| Magento 1.9.0.1 | SUPEE-7405-1.9.0.1 |
| Magento 1.8.1.0 | SUPEE-7405-1.8.1.0 |
| Magento 1.7.0.2 | SUPEE-7405-1.7.0.2 |
Verification and flush of PHP opcode cache
Test that your store is working. If you use PHP opcode caches (APC/XCache/eAccelerator) make sure to flush it after patching (or restart webserver), otherwise code will continue to run from caches.Known issues
If you have any difficulties with applying the patches please let us know in comments, so we can find the solution together.Posted in: Magento Maintenance