OCT 14 2016

How to install SUPEE-8788 without SSH

October 12, 2016: Community Edition 1.9.3 and SUPEE-8788 Provide Critical Security & Functional Updates – 10/12/2016
Community Edition 1.9.3 and SUPEE-8788 resolve multiple security issues, including critical vulnerabilities with certain payment methods and Zend Framework libraries. Community Edition 1.9.3 also includes over 120 product quality enhancements and support for PHP 5.6.

If you have SSH access, it would be more simple to apply the patch via SSH.
If you have no SSH access to apply the patch, you can simply upgrade your installation to Magento 1.9.3 version which includes all the latest security patches (SUPEE-5344, SUPEE-5994, SUPEE-6285, SUPEE-6482, SUPEE-6788, SUPEE-7405, SUPEE-8788). If Magento upgrade is not possible in the moment due to some reason you still can apply the patch via FTP/sFTP upload as shown in this article.

Before applying this patch, make sure to apply all previous patches.

If you wish to save time and have us to install these patches for you, simply click here to order installation.

Preparations

    Applying Magento patches via FTP/sFTP or FileManager / File Upload

    To apply patches in this way we simply replace changed files. This way can not be used blindly if you or your developers have changed any core Magento files (which is a big no-no, by the way). Such changes should be re-applied to patched files, or you loose these changes.

    The following files are changed by SUPEE-8788 (v2 relased on October 15, 2016):

    app/code/core/Mage/Adminhtml/Block/Catalog/Product/Helper/Form/Gallery/Content.php
    app/code/core/Mage/Adminhtml/Block/Cms/Wysiwyg/Images/Content/Uploader.php
    app/code/core/Mage/Adminhtml/Block/Media/Uploader.php
    app/code/core/Mage/Adminhtml/Block/Urlrewrite/Category/Tree.php
    app/code/core/Mage/Adminhtml/Model/System/Config/Backend/Serialized.php
    app/code/core/Mage/Adminhtml/controllers/DashboardController.php
    app/code/core/Mage/Adminhtml/controllers/IndexController.php
    app/code/core/Mage/Adminhtml/controllers/Media/UploaderController.php
    app/code/core/Mage/Catalog/Helper/Image.php
    app/code/core/Mage/Catalog/etc/config.xml
    app/code/core/Mage/Catalog/etc/system.xml
    app/code/core/Mage/Centinel/Model/Api.php
    app/code/core/Mage/Centinel/Model/Api/Client.php
    app/code/core/Mage/Core/Block/Abstract.php
    app/code/core/Mage/Core/Helper/Url.php
    app/code/core/Mage/Core/Model/Encryption.php
    app/code/core/Mage/Core/Model/Input/Filter/MaliciousCode.php
    app/code/core/Mage/Core/functions.php
    app/code/core/Mage/Customer/Block/Address/Book.php
    app/code/core/Mage/Customer/controllers/AddressController.php
    app/code/core/Mage/Dataflow/Model/Profile.php
    app/code/core/Mage/Downloadable/Block/Adminhtml/Catalog/Product/Edit/Tab/Downloadable/Links.php
    app/code/core/Mage/Downloadable/Block/Adminhtml/Catalog/Product/Edit/Tab/Downloadable/Samples.php
    app/code/core/Mage/Downloadable/Helper/File.php
    app/code/core/Mage/Oauth/Model/Server.php
    app/code/core/Mage/Paygate/Model/Authorizenet.php
    app/code/core/Mage/Payment/Block/Info/Checkmo.php
    app/code/core/Mage/Paypal/Model/Express/Checkout.php
    app/code/core/Mage/Paypal/Model/Resource/Payment/Transaction.php
    app/code/core/Mage/Sales/Model/Resource/Order/Payment.php
    app/code/core/Mage/Sales/Model/Resource/Order/Payment/Transaction.php
    app/code/core/Mage/Sales/Model/Resource/Quote/Payment.php
    app/code/core/Mage/Sales/Model/Resource/Recurring/Profile.php
    app/code/core/Mage/Uploader/Block/Abstract.php
    app/code/core/Mage/Uploader/Block/Multiple.php
    app/code/core/Mage/Uploader/Block/Single.php
    app/code/core/Mage/Uploader/Helper/Data.php
    app/code/core/Mage/Uploader/Helper/File.php
    app/code/core/Mage/Uploader/Model/Config/Abstract.php
    app/code/core/Mage/Uploader/Model/Config/Browsebutton.php
    app/code/core/Mage/Uploader/Model/Config/Misc.php
    app/code/core/Mage/Uploader/Model/Config/Uploader.php
    app/code/core/Mage/Uploader/etc/config.xml
    app/code/core/Mage/Uploader/etc/jstranslator.xml
    app/code/core/Mage/Usa/Model/Shipping/Carrier/Dhl.php
    app/code/core/Mage/Usa/Model/Shipping/Carrier/Dhl/International.php
    app/code/core/Mage/Usa/Model/Shipping/Carrier/Fedex.php
    app/code/core/Mage/Usa/Model/Shipping/Carrier/Ups.php
    app/code/core/Mage/Usa/etc/config.xml
    app/code/core/Mage/Usa/etc/system.xml
    app/code/core/Mage/Wishlist/Helper/Data.php
    app/code/core/Mage/Wishlist/controllers/IndexController.php
    app/code/core/Mage/XmlConnect/Block/Adminhtml/Mobile/Edit/Tab/Design.php
    app/code/core/Mage/XmlConnect/Block/Adminhtml/Mobile/Edit/Tab/Design/Images.php
    app/code/core/Mage/XmlConnect/controllers/Adminhtml/MobileController.php
    app/design/adminhtml/default/default/layout/cms.xml
    app/design/adminhtml/default/default/layout/main.xml
    app/design/adminhtml/default/default/layout/xmlconnect.xml
    app/design/adminhtml/default/default/template/catalog/product/helper/gallery.phtml
    app/design/adminhtml/default/default/template/cms/browser/content/uploader.phtml
    app/design/adminhtml/default/default/template/downloadable/product/edit/downloadable.phtml
    app/design/adminhtml/default/default/template/downloadable/product/edit/downloadable/links.phtml
    app/design/adminhtml/default/default/template/downloadable/product/edit/downloadable/samples.phtml
    app/design/adminhtml/default/default/template/media/uploader.phtml
    app/design/adminhtml/default/default/template/xmlconnect/edit/tab/design.phtml
    app/etc/modules/Mage_All.xml
    app/locale/en_US/Mage_Media.csv
    app/locale/en_US/Mage_Uploader.csv
    downloader/lib/Mage/HTTP/Client/Curl.php
    js/lib/uploader/flow.min.js
    js/lib/uploader/fusty-flow-factory.js
    js/lib/uploader/fusty-flow.js
    js/mage/adminhtml/product.js
    js/mage/adminhtml/uploader/instance.js
    lib/Unserialize/Parser.php
    lib/Unserialize/Reader/Arr.php
    lib/Unserialize/Reader/ArrValue.php
    lib/Unserialize/Reader/Null.php
    skin/adminhtml/default/default/boxes.css
    skin/adminhtml/default/default/media/flex.swf
    skin/adminhtml/default/default/media/uploader.swf
    skin/adminhtml/default/default/media/uploaderSingle.swf
    skin/adminhtml/default/default/xmlconnect/boxes.css
    
    

    To install the patch via FTP/File Upload

    • select patch bundle archive corresponding to your Magento version from the table below and unpack it
    • upload all files and folders to Magento root directory of your store, replacing all files
    • delete the following files in skin/adminhtml/default/default/media/:
      skin/adminhtml/default/default/media/flex.swf 
      skin/adminhtml/default/default/media/uploader.swf
      skin/adminhtml/default/default/media/uploaderSingle.swf
      

    Downloads for other versions added to table on demand when we patch certain version via file upload for the first time.
    Note, all links are updated to v2 version, updated on October 15, 2016.

    Magento versionSUPEE-8788 v2
    Magento 1.9.2.4SUPEE-8788v2-1.9.2.4
    Magento 1.9.2.3SUPEE-8788v2-1.9.2.3
    Magento 1.9.2.2-1.9.2.1SUPEE-8788v2-1.9.2.1
    Magento 1.9.1.1SUPEE-8788v2-1.9.1.1
    Magento 1.9.0.1SUPEE-8788v2-1.9.0.1
    Magento 1.8.1.0SUPEE-8788v2-1.8.1.0
    Magento 1.7.0.2SUPEE-8788v2-1.7.0.2

    Verification and flush of PHP opcode cache

    Test that your store is working. If you use PHP opcode caches (APC/XCache/eAccelerator) make sure to flush it after patching (or restart webserver), otherwise code will continue to run from caches.

    Known issues

    Product image upload is broken by CreareSEO extension

    Product image upload is broken by CreareSEO extension

    Edit product page is broken in backend

    Edit product page is broken at Catalog > Manage Products > Edit product page

    If you have any difficulties with applying the patches please let us know in comments, so we can find the solution together.

    Posted in: Magento Maintenance

    How to install SUPEE-8788 without SSH
    8 votes, 4.75 avg. rating (93% score)
    • Bowen Han

      Hi,

      How can I verify whether I have successfully installed the Supee-8788 patch please?

      I think I have done all the steps in this instruction, but I still cannot pass the security scan on MageReport (www.magereport.com).
      Is there any why I can check the installation?

      Thanks.

      • magentary

        Please make sure that you have deleted skin/adminhtml/default/default/media/flex.swf file and it is not cached by your web frontend. Magereport looks for “404 Not found” for that file to list SUPEE-8788 as installed

    • Ivan

      Hi,

      my magento version is 1.9.1.0.

      Did you release the patch also for that version?

      Thank you very much

      • magentary

        Version for 1.9.1.0 was added to the table, you can use the following direct link just in case:
        https://magentary.com/wph/contentary/uploads/SUPEE-8788-1.9.1.0.zip

        • Jason Rembert

          Thx for the link. I will download it. But I think in table it is missing.

        • Ivan

          Thank you very much!!!
          PS: I think too in the table the link is missing

        • Ashish Sharma

          Also there was no suffix v2, so is this a V1 version. Can i install this.

    • Mark

      I would preciate if you could release the patchfiles for 1.9.2.0.

      Thank you so much!

    • Omar

      Please upload for 1.9.2.0

    • Declan

      Yes please post 1.9.2.0

      Thanks

    • Marco

      Hello my version is 1.9.0.1 will you release the patch files for my version too?

      Thanks in advance!

    • Ruben Bujorean

      Hello. For version 1.8.1.0?
      Thanks!

    • bc mageteam

      Hello our version is 1.9.2.3. Could you please release patch for that version?

      Thanks in advance!!

    • Cristian Antolini

      Hello, our version is 1.9.2.2
      Please upload patch for this version.
      thank you very much

    • Omar

      Please upload for 1.9.2.0 please.

    • manish

      after installing patch 8788 in magento 1.9.2.4. i am unable to upload product image by admin :(

      • sanjan

        Maximum width and height dimension for upload image is 5000.

        • rruki

          after patching with 8788, image upload doesn’t work. the new uploader doesn’t attach the image to the listing.

          • sanjan

            How to upload product image by admin(show error : Undefined class constant ‘XML_NODE_PRODUCT_MAX_DIMENSION’ in /app/design/adminhtml/default/default/template/catalog/product/helper/gallery.phtml on line 111)

            • Viktor D.

              Hi, I have 1.7.0.2 magento and product upload does not work for me too. There isn’t solution out there except clear cache and reindex which does not do much to help.

            • magentary

              Is there any chance that Mage/Catalog/Helper/Image.php is overridden in app/code/local/Mage/Catalog/Helper/Image.php file? If it exists it should be updated with new changes from core (app/code/core/Mage/Catalog/Helper/Image.php) or deleted otherwise.

            • Viktor D.

              Hi, its not overridden. There is nothing at location: app/code/local/Mage/Catalog/Helper/
              There isnt anything in the logs too.
              Also no java script error.

            • magentary

              XML_NODE_PRODUCT_MAX_DIMENSION is defined in app/code/core/Mage/Catalog/Helper/Image.php (right after class definition at the top of this file). According to your error message either app/code/core/Mage/Catalog/Helper/Image.php is still unpatched or PHP opcode cache is not flushed or it is overridden somewhere.

            • rruki

              Viktor, this post here solved the problem for me:
              https://community.magento.com/t5/Security-Patches/SUPEE-8788-Can-t-upload-images-in-product-after-patch-has-been/td-p/50463/highlight/false/page/3

              Basically, clear ALL caches: Magento, Your Browser, CDN & server. Use a fresh browser/private tab/incognito. This will help.

            • rruki

              You need to clear your browser cache too (especially the cached images & files) and if you use a CDN, clear its cache too.
              Clearing Magento caches alone doesn’t help me too.

    • Tom

      Hello. Will patch 8788 be available to version 1.8.1.0? Thank you.

    • Eric Ha

      After I install this patch without ssh, I got following error.
      Invalid method Mage_Review_Block_Form::_isSecure(Array
      (
      )
      )
      Do anyone have any solution?

      • magentary

        What is your Magento version and which patch was installed?

    • bc mageteam

      It seems Magento community has released V2 version of SUPEE-8788 patch. Could you please let us know if these zip files are of V1 vesrion or latest version V2?

      • magentary

        As mentioned in download table all links are now v2 version of SUPEE-8788, also v2 files have v2 suffix in the filename, i.e. “SUPEE-8788v2-1.9.2.4″.

    • Having Difficulties

      Can you provide files for 1.7.0.2?

    • bc mageteam

      Below is the recommendations mentioned by Magento community before installing SUPEE-8788 v2 patch.

      Revert SUPEE-8788 v1 (if installed)
      Revert SUPEE-1533 (if installed)
      Install SUPEE-3941 (if not installed yet)
      Install SUPEE-8788 v2

      Do we need to follow all above steps if we use the zip files provided by you? Or we can directly install it without following these things?

      • magentary

        SUPEE-8788v2 zip files can be installed directly on top of SUPEE-8788v1 or without it

        • Alexander Kurz

          Hello,
          how can I install SUPEE-3941 without SSH before installing SUPEE-8788v2? Or is this included in the v2 zip files?
          I’m on Magento 1.8.0. so I think installing SUPEE-3941 first is necessary. But I don’t find any source to do that without SSH.
          Thank you in advance for your help!

          • magentary

            SUPEE-3941 is not required for direct upload of SUPEE-8788v2. You can upload SUPEE-8788v2 directly without any relation to SUPEE-3941, it would not break it and will work without it.

    • 1.6.2.0

      Is there any version for 1.6.2.0?

      Thank you!

    • Mark

      Thanks guys.

    • SamOrii

      Please upload for Magento 1.9.3.0 !! Thank you!!

      • magentary

        Magento 1.9.3.0 have this patch included already.

    • Ivan

      Hello,

      can you also provide the link for Magento 1.9.1.0 of SUPEE-8788v2?

      Thank you very much for your support.

      • H.E

        1.9.1.1 patch work pretty well with 1.9.1.0.

        You just have to change the unserializeArray by unserialize i think (that’s the only error i encountered when i applied 1.9.1.1 on a 1.9.1.0 Magento)

        • Ivan

          Thank you i will try

    • Marek Lesisz

      Can you provide files for 1.7.0.0?

      • magentary

        I’d suggest to upgrade 1.7.0.0 to 1.7.0.2 and patch it after that. The only difference between 1.7.0.0 and 1.7.0.2 are two security patches for much more serious issues than ones closed in SUPEE-8788. Therefor it is unlikely we will prepare special files for 1.7.0.0, we upgrade all 1.7.0.0 up to 1.7.0.2 at least.

        • Marek Lesisz

          Thank you!

    • Didine

      Can you provide files for 1.5.1 ?

    • raymon de gast

      When i upload it i got this error:
      Fatal error: Class ‘Mage_Uploader_Helper_Data’ not found in /home/domain/domains/domainurl/public_html/app/Mage.php on line 547 do you know what’s the problem? using magento 1.9.2.1.

      • Abdul Kadir

        Did you get Any Solution for This Problem i am facing same problem

        • raymon de gast

          Yes, you have to compress the patch file and than unzip it on the ftp server and than try again, if that’s not working you have to patch first 3941.

          • Abdul Kadir

            so you mean i have to upload zip file to server and then i have to unzip it?

    • Ashwani

      Can you provide files for 1.6.2.0?

    • emanuele

      Hi,
      after installing SUPEE-8788 for v1.8.1.0 , my CMS page from backend get 404 page not found!

      • Emanuele

        I’m sorry i resolve, the problem was about store deleted , no about SUPEE-8788

    • ali

      Hello,
      My version is 1.9.2.2. How to install my version.

    • Dian Reytan

      +1 for 1.9.2.2

    • Sam

      We need urgently 1.6.2. I hope for your support!

    • http://www.bitwaretechnologies.com wasim

      1. Go to Cache Management, Refresh all caches, Flush all other caches. Logout admin.

      2. Clear browser caches, especially browser data and cached images & files. Close browser.

      3. Clear your CDN Cache!

      4. Reload Apache or restart your server

      5. Open your fresh browser, and login to admin. Test your image upload. If still not working, use private browsing or incognito or another machine

    • Michel Post

      Thanks for the great work. Is the patch for 1.9.2.2 and 1.6.2.0 also coming?

    • Daniel Vince

      Awsome work! Any chace of 1.9.2.2 :)

    • Ryan

      After applying the SUPEE-8788v2-1.8.1.0 patch the Product page is broken in admin
      Admin > Catalog > Manage Products > Edit, Page is broken, I see only white background with images radio buttons and all. Even the css is not loading for admin. This is happening when I click edit.

    • Anurag Khandelwal

      Any updates on the changes done with the Patch SUPEE 8788. I am trying to ask related to second version of this path.

    • David

      After applying the SUPEE-8788v2-1.8.1.0 patch the Product page is broken in admin

      Admin > Catalog > Manage Products > Edit, Page is broken, I see only white background with this error:
      Fatal error: Call to undefined function lcfirst() in {server}/app/code/core/Mage/Uploader/Model/Config/Abstract.php on line 50

      • magentary

        It seems like your PHP version is 5.2 or earlier, lcfirst() exists since PHP 5.3. I’d suggest to ask your host to upgrade PHP version to 5.3 at least.

    • Cristian Antolini

      We are under attack!!!
      Please 1.9.2.2
      :)

    • Soul Sin

      Hello.

      Tested this patch on a Localhost magento Website and identified that, despite the edit products working properly, the page got some CSS glitches. Like Top menu letters are now white instead of black and there is a red outline in all buttons (Like Save, Duplicate, etc).

      My Xamp is version 3.2.1 with Php 5.6.3. Magento 1.7.0.2

      Anyone with the same issue?

      • Soul Sin

        Well. Confirmed.

        If “Merge CSS Files” is set to “Yes”, Edit Product and Edit Category layouts get style errors. Cleaning caches doesn’t seens to solve the issue.
        Guess I will need to hunt the source of the trouble and make a custom CSS for admin =/

        EDIT: Seens that 8 lines from boxes.css in skinadminhtmldefaultdefault got changed for no real reason. Save two lines that remove “float” behavior on Search and Upload image buttons the rest is purely unwanted changes on aesthetics.

    • GNic

      Hello,

      Our system used Magento 1.9.2.1. We updated OK now, But we have a problem:

      On Admin > Manage products > Edit product: We are missing button upload image for product. It’s only show message “Maximum width and height dimension for upload image is 5000.”

      I tried refresh, flush,.. on system. clear cache browser, restart apache,.. but have not any luck.

      Thank you very much for your support.

      • mumbhai

        We are also having exact same issue were you able to resolve.

    • Anurag Khandelwal

      Should we wait here for Magento 1.9.2.2?

    • GBB

      Hello, I followed the above instructions and installed SUPEE-8788v2-1.7.0.2 on my Magento which is version 1.7.0.2.

      Since then, none of my customers have been able to place an order. I’m able to get through the checkout to the final page, then when I click Place Order, the text “Submitting order information” appears for a second but nothing happens and it goes back to the Place Order button.

      Any idea what the problem might be or how to fix it?

      • Andres

        Same problem here. I also tried to undo the patch by replacing the files listed above with my backup and still the same. What can I do?

        • GBB

          I was able to get my store working again by installing the previous patch SUPEE-7405 again.

    • Harsh NextBits

      Hi,

      We installed the patch SUPEE-8788 in magento 1.9.0.0

      after applying the patch We have same issue , when we try to upload image in product , CMS page/block any where else using wysiwyg.

      when we browse the image , browser got hang and it gives different errors in chrome and firefox, IE

      In firefox : uncaught exception: out of memory
      in Chrome : Failed to clear temp storage: It was determined that certain files are unsafe for access within a Web application, or that too many calls are being made on file resources. SecurityError

      also some time it gives error in flow.min.js.

      fortunatly it working properly in safari.

      we tried so many solution but stll its not working.

      Can any one help on this please ?

      thanks

      • Jacob Cole

        I am having the same issue. If you find a solutions let me know, I would greatly appreciate it!! I’ll do the same for you.

    • bc mageteam

      Hello, Could you please release patch for 1.5.1.0 version?
      Thanks.

      • Denis

        +1000

    • Micah Toop

      Has anyone solved the “images not showing in product edit screen/can’t upload images” issue for 1.9.2.x?

    • Dev

      Will patch 8788 be available to version 1.8.0.0? Thanks

    • Sanni mistry

      Hello, I followed the above instructions and installed SUPEE-8788 on my Magento which is version 1.9.2.4.

      but not any changes on my magento, also not remove SUPEE-8788 error in Messages Inbox.

      Any idea what the problem might be or how to fix it?

    • Kirkos Gent

      Hi, I installed SUPEE 8788 for Magento 1.9.2.4 with simple copy of the files in the root. It is not clear to me if I have also to remove flex.swf, uploader.swf and uploaderSingle.swf from skin/adminhtml/default/default/media/. Should I remove them? So far I do not see any problem. Are they going to cause any problems in due course? Thanks.