JAN 20 2016

How to install SUPEE-7405 without SSH

January 20, 2016: New Magento Security Patch (SUPEE-7405) – Install Immediately

If you have SSH access, it would be more simple to apply the patch via SSH.
If you have no SSH access to apply the patch, you can simply upgrade your installation to Magento 1.9.2.3 version which includes all the latest security patches (SUPEE-5344, SUPEE-5994, SUPEE-6285, SUPEE-6482, SUPEE-6788, SUPEE-7405). If Magento upgrade is not possible in the moment due to some reason you still can apply the patch via FTP/sFTP upload as shown in this article.

Before applying this patch, make sure to apply all previous patches.

If you wish to save time and have us to install these patches for you, simply click here to order installation.

Preparations

    Applying Magento patches via FTP/sFTP or FileManager / File Upload

    To apply patches in this way we simply replace changed files. This way can not be used blindly if you or your developers have changed any core Magento files (which is a big no-no, by the way). Such changes should be re-applied to patched files, or you loose these changes.

    The following files are changed by SUPEE-7405:

    app/code/core/Mage/Admin/Model/Observer.php
    app/code/core/Mage/Admin/Model/Redirectpolicy.php
    app/code/core/Mage/Admin/Model/Resource/User.php
    app/code/core/Mage/Admin/Model/User.php
    app/code/core/Mage/Adminhtml/Block/Sales/Order/View/Tab/History.php
    app/code/core/Mage/Adminhtml/Block/Widget/Grid.php
    app/code/core/Mage/Adminhtml/Helper/Catalog/Product/Edit/Action/Attribute.php
    app/code/core/Mage/Adminhtml/Helper/Sales.php
    app/code/core/Mage/Adminhtml/Model/System/Config/Backend/File.php
    app/code/core/Mage/Adminhtml/Model/System/Config/Backend/Image.php
    app/code/core/Mage/Adminhtml/Model/System/Config/Backend/Image/Favicon.php
    app/code/core/Mage/Adminhtml/controllers/IndexController.php
    app/code/core/Mage/Authorizenet/Helper/Admin.php
    app/code/core/Mage/Authorizenet/Helper/Data.php
    app/code/core/Mage/Authorizenet/controllers/Adminhtml/Authorizenet/Directpost/PaymentController.php
    app/code/core/Mage/Captcha/etc/config.xml
    app/code/core/Mage/Catalog/Block/Product/View/Options/Type/Select.php
    app/code/core/Mage/Catalog/Model/Category/Attribute/Backend/Image.php
    app/code/core/Mage/Catalog/Model/Resource/Product/Attribute/Backend/Image.php
    app/code/core/Mage/CatalogIndex/etc/config.xml
    app/code/core/Mage/CatalogInventory/Helper/Minsaleqty.php
    app/code/core/Mage/Checkout/Block/Cart/Item/Renderer.php
    app/code/core/Mage/Checkout/controllers/CartController.php
    app/code/core/Mage/Checkout/controllers/OnepageController.php
    app/code/core/Mage/Core/Helper/Data.php
    app/code/core/Mage/Core/Model/App.php
    app/code/core/Mage/Core/Model/Config.php
    app/code/core/Mage/Core/Model/Email/Queue.php
    app/code/core/Mage/Core/Model/Email/Template/Filter.php
    app/code/core/Mage/Core/Model/File/Validator/Image.php
    app/code/core/Mage/Core/Model/Input/Filter/MaliciousCode.php
    app/code/core/Mage/Core/Model/Session.php
    app/code/core/Mage/Customer/controllers/AccountController.php
    app/code/core/Mage/Dataflow/Model/Convert/Parser/Csv.php
    app/code/core/Mage/Downloadable/controllers/CustomerController.php
    app/code/core/Mage/ImportExport/Model/Export/Adapter/Abstract.php
    app/code/core/Mage/ImportExport/Model/Export/Adapter/Csv.php
    app/code/core/Mage/ImportExport/Model/Import/Entity/Abstract.php
    app/code/core/Mage/ImportExport/etc/config.xml
    app/code/core/Mage/ImportExport/etc/system.xml
    app/code/core/Mage/Newsletter/Model/Observer.php
    app/code/core/Mage/Newsletter/Model/Queue.php
    app/code/core/Mage/Page/etc/system.xml
    app/code/core/Mage/Paypal/controllers/PayflowController.php
    app/code/core/Mage/Paypal/controllers/PayflowadvancedController.php
    app/code/core/Mage/Paypal/etc/config.xml
    app/code/core/Mage/Persistent/etc/config.xml
    app/code/core/Mage/Review/controllers/ProductController.php
    app/code/core/Mage/Rss/Block/Catalog/Salesrule.php
    app/code/core/Mage/Rss/Helper/Order.php
    app/code/core/Mage/Sales/Helper/Guest.php
    app/code/core/Mage/Sales/Model/Quote/Address.php
    app/code/core/Mage/Sales/Model/Quote/Item.php
    app/code/core/Zend/Xml/Security.php
    app/design/adminhtml/default/default/template/authorizenet/directpost/iframe.phtml
    app/design/adminhtml/default/default/template/bundle/sales/creditmemo/create/items/renderer.phtml
    app/design/adminhtml/default/default/template/bundle/sales/creditmemo/view/items/renderer.phtml
    app/design/adminhtml/default/default/template/bundle/sales/invoice/create/items/renderer.phtml
    app/design/adminhtml/default/default/template/bundle/sales/invoice/view/items/renderer.phtml
    app/design/adminhtml/default/default/template/bundle/sales/order/view/items/renderer.phtml
    app/design/adminhtml/default/default/template/bundle/sales/shipment/create/items/renderer.phtml
    app/design/adminhtml/default/default/template/bundle/sales/shipment/view/items/renderer.phtml
    app/design/adminhtml/default/default/template/catalog/product/composite/fieldset/options/type/file.phtml
    app/design/adminhtml/default/default/template/downloadable/sales/items/column/downloadable/creditmemo/name.phtml
    app/design/adminhtml/default/default/template/downloadable/sales/items/column/downloadable/invoice/name.phtml
    app/design/adminhtml/default/default/template/downloadable/sales/items/column/downloadable/name.phtml
    app/design/adminhtml/default/default/template/sales/items/column/name.phtml
    app/design/adminhtml/default/default/template/sales/items/renderer/default.phtml
    app/design/adminhtml/default/default/template/sales/order/totals/discount.phtml
    app/design/adminhtml/default/default/template/sales/order/view/info.phtml
    app/design/frontend/base/default/template/catalog/product/view/options/type/file.phtml
    app/design/frontend/base/default/template/rss/order/details.phtml
    lib/Varien/File/Uploader.php
    lib/Varien/Io/File.php
    

    To install the patch via FTP/File Upload

    • select patch bundle archive corresponding to your Magento version from the table below and unpack it
    • upload all files and folders to Magento root directory of your store, replacing all files

    Downloads for other versions added to table on demand when we patch certain version via file upload for the first time.

    Magento versionSUPEE-7405
    Magento 1.9.2.2SUPEE-7405-1.9.2.2
    Magento 1.9.2.0-1.9.2.1SUPEE-7405-1.9.2.1
    Magento 1.9.1.0-1.9.1.1SUPEE-7405-1.9.1.1
    Magento 1.9.0.1SUPEE-7405-1.9.0.1
    Magento 1.8.1.0SUPEE-7405-1.8.1.0
    Magento 1.7.0.2SUPEE-7405-1.7.0.2

    Verification and flush of PHP opcode cache

    Test that your store is working. If you use PHP opcode caches (APC/XCache/eAccelerator) make sure to flush it after patching (or restart webserver), otherwise code will continue to run from caches.

    Known issues

    If you have any difficulties with applying the patches please let us know in comments, so we can find the solution together.

    Posted in: Magento Maintenance

    How to install SUPEE-7405 without SSH
    5 votes, 4.20 avg. rating (84% score)
    • Elite Gear

      hello,
      Can you please add the patch for magento 1.7.0.2
      Thanks

      • http://www.marquinhusgoncalves.com Marquinhus Goncalves

        I wanting too…

    • John Mocnik

      Which version do I need to download for Magento 1.9.1.0 ? All previous patches are installed till 6788.

      • Lukas

        need to know too

      • Tom Calpin

        I used the 1.9.1.1 version on a 1.9.1.0 store with all patches and it seems to be fine so far *fingers crossed*

    • er

      magento 1.7.0.2?

      • http://www.marquinhusgoncalves.com Marquinhus Goncalves

        I want too!!!

    • David G

      1.9.0.1 version??

      • Zoran

        I second that, or can we use 1.9.1.1 patch for version 1.9.0.1?

    • Daniel

      Could also do with 1.9.0.1 version please!

    • Tim

      Please provide Version 1.9.0.1. THANKS IN ADVANCE!

    • kav

      File for magento version 1.7.0.2 please.

      • http://www.marquinhusgoncalves.com Marquinhus Goncalves

        I want too

    • Jackie

      Can you add the Patch for Magento 2.0.0 thank you!

    • Wagner Nicolak

      I installed a patch FOR 1.9.2.2 , and now I no longer have access to detail the applications for my clients. Clicking the application opens only ” information,” and nothing else. How do I reverse the installation of this patch. I’m losing sales. Caught entire sales system. I’m not getting the upgrade to Magento 1.9.2.3 due to Mysql response time . What to do now ?
      =========
      The problem is on the line 124 of file: app / code / core / Mage / Adminhtml / Helper / Sales.php

      • magentary

        Most likely your store is on PHP 5.3, please check https://magentary.com/kb/php-syntax-error-after-supee-7405-unexpected/

        • Wagner Nicolak

          Had the php 5.5 installed . But now it is already solved , magento updated to 1.9.2.3 . Thanks for the answer.

        • Gladdert

          I had the same problem in version 1.9.2.2 .as Wagner Nicolak.
          Your link solved my problem

    • gixxer01

      1.7 please, or will 1.7.0.2 work for 1.7?

    • Kris

      Can you add patch for 1.7.0.1 please

    • owenpiccirillo

      this broke my magneto admin… I am now getting several errors “Invalid method Mage_Core_Model_Session::validateFormKey”

    • Stanley Padillo

      I need non-ssh patch files for 1.9.0.1.

      Please let me know if you have it as zip.

      Thank you

    • Gerald

      After the patch, when I look up one of my customer’s order (click Sales –> Orders –> click one of the Order), the Order View on the backend is now showing blank page.
      Anyone know how to fix this?

    • demo

      this patch disable add to cart button

    • dev_core

      Hello,

      can you please add the patch for 1.6.0.2, too?

      Thanks in advance!

    • Sjoerd Draaisma

      ok. I installed this for 1.8.1 .
      the following file breaks my admin:
      appcodecoreMageAdminModelResourceUser.php
      Any clue why and how to fix it?

    • Lucy

      Any chance of getting 1.5.1.0?

      • Jayme Jayme

        Also i am after this.

    • Matt

      Could you please add the patch for version 1.5.0.1. I have all previous patches applied but when I try this one it complains about the file appcodecoreMageCoreModelEmailTemplateFilter.php
      Thanks,
      Matt

    • iKooon

      I get errors with the SSH installation of this patch: Hunk #1 FAILED at 30. I would be helped a lot with a 1.7.0.0 FTP version. Or can I use the 1.7.0.2 version?

    • test

      Hi..i install the suppe-7405 in magento 1.9.1.1.but patch was not installed sucessfully…what reason i try lot…please suggest me

    • Matthew Sikorski

      I installed the patch via file upload. The site works fine, but still says version 1.9.2.2 at the bottom of the admin pages. Is this a problem? How do I fix it?

    • http://www.brandtwitt.com/ Manager

      i update the patch files on root for version SUPEE-7405-1.9.0.1 the frontend of website is working fine but i am unable to open the magento dashboard as it is showing the error Mage_Core_Helper_UnserializeArray’ not found in app/Mage.php.

    • Keshav Khadka

      I installed a patch for 1.9.01 and got problem with onepage checkout, while placing order javascript error appears in popup and says undefined anyone have solution.. Thanks!

    • Rickster Dummy

      Can you please add the patch for 1.6.2, too? Thanks.

    • thilip

      After this plugin was installed, till now the popup showing me to install this patch and also my registration was not working fine. do any one know how to fix this. Help me please to get out this.

    • Tere

      Files for 1.5.1.0?? :p

      • Rahul Singh

        i dun think, you need to upgrade your magento

      • Rahul Singh

        if i want to update the security patches SUPEE-7405, for that i need to update the all security patches before SUPEE-7405 ???
        do you have any idea ??

    • Paul

      please provide 1.8.0

    • Tarun Patel

      can you please release patch for Magento ver. 1.6.2.0 ?

    • Tarun Patel

      can you please release patch for Magento ver. 1.6.2.0 ?

    • Rob Rasmussen

      Any chance of 1.6.0.0?

    • devdyna

      Please provide latest patch 7405 which is release in 2/23/2016

    • http://umairsultan.com Umair Sultan

      is there anyone whose patch is working fine in front and back end with no error? Please let me know. Thanks.

    • Lucy

      Could you please advise as to whether you will be providing the 7405 v1.1 patch that addresses issues with product image uploads? Thanks

    • Joshua

      Could you please re-release this with the recent update to the SUPEE-7405 patch (23/3/16)? 1.7.2 please.

    • Darren Hurley

      Hi there, i have the un patched version of 1.9.2.3 released in Jan, which patch file do i need i want to do this via http://FTP... cheers!

    • David Backam

      I have installed patch 7405 but where i can check is it installed or not i have installed it manually.

    • Robski808

      For the image issue not loading in backend

      Find – /lib/Varien/File/Uploader.php

      Open in text editor

      -Find this at Line 219:

      chmod($destinationFile, 0640);

      -Change to:

      chmod($destinationFile, 0755);

    • Pranav

      Can i install SUPEE-7405 without installing SUPEE 6788, as i have lot of 3 party plugins installed in my site and installing SUPEE 6788 will affect working of these plugins? Is it OK to bypass SUPEE 6788 and install SUPEE 7405 ? Please guide.

    • magentary

      Most likely custom theme is used and theme files are still unpatched, please try to update theme files as shown in https://magentary.com/kb/magento-registration-form-does-not-work-after-supee-6788/ and https://magentary.com/kb/reset-password-blank-page-after-supee-6788/

    • magentary

      According to the error Mail server is refusing connections. Please make sure that your local mailserver is running properly or if custom SMTP configuration is correct.