OCT 14 2016

How to install SUPEE-8788 without SSH

October 12, 2016: Community Edition 1.9.3 and SUPEE-8788 Provide Critical Security & Functional Updates – 10/12/2016 Community Edition 1.9.3 and SUPEE-8788 resolve multiple security issues, including critical vulnerabilities with certain payment methods and Zend Framework libraries. Community Edition 1.9.3 also includes over 120 product quality enhancements and support for PHP 5.6.
If you have SSH access, it would be more simple to apply the patch via SSH. If you have no SSH access to apply the patch, you can simply upgrade your installation to Magento 1.9.3 version which includes all the latest security patches (SUPEE-5344, SUPEE-5994, SUPEE-6285, SUPEE-6482, SUPEE-6788, SUPEE-7405, SUPEE-8788). If Magento upgrade is not possible in the moment due to some reason you still can apply the patch via FTP/sFTP upload as shown in this article. Before applying this patch, make sure to apply all previous patches. If you wish to save time and have us to install these patches for you, simply click here to order installation.


    Applying Magento patches via FTP/sFTP or FileManager / File Upload

    To apply patches in this way we simply replace changed files. This way can not be used blindly if you or your developers have changed any core Magento files (which is a big no-no, by the way). Such changes should be re-applied to patched files, or you loose these changes. The following files are changed by SUPEE-8788 (v2 relased on October 15, 2016):
    To install the patch via FTP/File Upload
    • select patch bundle archive corresponding to your Magento version from the table below and unpack it
    • upload all files and folders to Magento root directory of your store, replacing all files
    • delete the following files in skin/adminhtml/default/default/media/:
    Downloads for other versions added to table on demand when we patch certain version via file upload for the first time. Note, all links are updated to v2 version, updated on October 15, 2016.
    Magento versionSUPEE-8788 v2

    Verification and flush of PHP opcode cache

    Test that your store is working. If you use PHP opcode caches (APC/XCache/eAccelerator) make sure to flush it after patching (or restart webserver), otherwise code will continue to run from caches.

    Known issues

    Product image upload is broken by CreareSEO extension
    Product image upload is broken by CreareSEO extension
    Edit product page is broken in backend
    Edit product page is broken at Catalog > Manage Products > Edit product page
    Fatal error if PHP version is 5.2 or older
    Fatal error: Call to undefined function lcfirst() in Mage/Uploader/Model/Config/Abstract.php If you have any difficulties with applying the patches please let us know in comments, so we can find the solution together.

    Posted in: Magento Maintenance

    How to install SUPEE-8788 without SSH
    53 votes, 4.75 avg. rating (94% score)
    • Bowen Han


      How can I verify whether I have successfully installed the Supee-8788 patch please?

      I think I have done all the steps in this instruction, but I still cannot pass the security scan on MageReport (www.magereport.com).
      Is there any why I can check the installation?


      • magentary

        Please make sure that you have deleted skin/adminhtml/default/default/media/flex.swf file and it is not cached by your web frontend. Magereport looks for “404 Not found” for that file to list SUPEE-8788 as installed

    • Ivan


      my magento version is

      Did you release the patch also for that version?

      Thank you very much

      • magentary

        Version for was added to the table, you can use the following direct link just in case:

        • Jason Rembert

          Thx for the link. I will download it. But I think in table it is missing.

        • Ivan

          Thank you very much!!!
          PS: I think too in the table the link is missing

        • Ashish Sharma

          Also there was no suffix v2, so is this a V1 version. Can i install this.

    • Mark

      I would preciate if you could release the patchfiles for

      Thank you so much!

    • Omar

      Please upload for

    • Declan

      Yes please post


    • Marco

      Hello my version is will you release the patch files for my version too?

      Thanks in advance!

    • Ruben Bujorean

      Hello. For version

    • bc mageteam

      Hello our version is Could you please release patch for that version?

      Thanks in advance!!

    • Cristian Antolini

      Hello, our version is
      Please upload patch for this version.
      thank you very much

    • Omar

      Please upload for please.

    • manish

      after installing patch 8788 in magento i am unable to upload product image by admin :(

      • sanjan

        Maximum width and height dimension for upload image is 5000.

        • rruki

          after patching with 8788, image upload doesn’t work. the new uploader doesn’t attach the image to the listing.

          • sanjan

            How to upload product image by admin(show error : Undefined class constant ‘XML_NODE_PRODUCT_MAX_DIMENSION’ in /app/design/adminhtml/default/default/template/catalog/product/helper/gallery.phtml on line 111)

            • Viktor D.

              Hi, I have magento and product upload does not work for me too. There isn’t solution out there except clear cache and reindex which does not do much to help.

            • magentary

              Is there any chance that Mage/Catalog/Helper/Image.php is overridden in app/code/local/Mage/Catalog/Helper/Image.php file? If it exists it should be updated with new changes from core (app/code/core/Mage/Catalog/Helper/Image.php) or deleted otherwise.

            • Viktor D.

              Hi, its not overridden. There is nothing at location: app/code/local/Mage/Catalog/Helper/
              There isnt anything in the logs too.
              Also no java script error.

            • magentary

              XML_NODE_PRODUCT_MAX_DIMENSION is defined in app/code/core/Mage/Catalog/Helper/Image.php (right after class definition at the top of this file). According to your error message either app/code/core/Mage/Catalog/Helper/Image.php is still unpatched or PHP opcode cache is not flushed or it is overridden somewhere.

            • rruki

              Viktor, this post here solved the problem for me:

              Basically, clear ALL caches: Magento, Your Browser, CDN & server. Use a fresh browser/private tab/incognito. This will help.

            • rruki

              You need to clear your browser cache too (especially the cached images & files) and if you use a CDN, clear its cache too.
              Clearing Magento caches alone doesn’t help me too.

    • Tom

      Hello. Will patch 8788 be available to version Thank you.

    • Eric Ha

      After I install this patch without ssh, I got following error.
      Invalid method Mage_Review_Block_Form::_isSecure(Array
      Do anyone have any solution?

      • magentary

        What is your Magento version and which patch was installed?

    • bc mageteam

      It seems Magento community has released V2 version of SUPEE-8788 patch. Could you please let us know if these zip files are of V1 vesrion or latest version V2?

      • magentary

        As mentioned in download table all links are now v2 version of SUPEE-8788, also v2 files have v2 suffix in the filename, i.e. “SUPEE-8788v2-″.

    • Having Difficulties

      Can you provide files for

    • bc mageteam

      Below is the recommendations mentioned by Magento community before installing SUPEE-8788 v2 patch.

      Revert SUPEE-8788 v1 (if installed)
      Revert SUPEE-1533 (if installed)
      Install SUPEE-3941 (if not installed yet)
      Install SUPEE-8788 v2

      Do we need to follow all above steps if we use the zip files provided by you? Or we can directly install it without following these things?

      • magentary

        SUPEE-8788v2 zip files can be installed directly on top of SUPEE-8788v1 or without it

        • Alexander Kurz

          how can I install SUPEE-3941 without SSH before installing SUPEE-8788v2? Or is this included in the v2 zip files?
          I’m on Magento 1.8.0. so I think installing SUPEE-3941 first is necessary. But I don’t find any source to do that without SSH.
          Thank you in advance for your help!

          • magentary

            SUPEE-3941 is not required for direct upload of SUPEE-8788v2. You can upload SUPEE-8788v2 directly without any relation to SUPEE-3941, it would not break it and will work without it.


      Is there any version for

      Thank you!

    • Mark

      Thanks guys.

    • SamOrii

      Please upload for Magento !! Thank you!!

      • magentary

        Magento have this patch included already.

    • Ivan


      can you also provide the link for Magento of SUPEE-8788v2?

      Thank you very much for your support.

      • H.E patch work pretty well with

        You just have to change the unserializeArray by unserialize i think (that’s the only error i encountered when i applied on a Magento)

        • Ivan

          Thank you i will try

    • Marek Lesisz

      Can you provide files for

      • magentary

        I’d suggest to upgrade to and patch it after that. The only difference between and are two security patches for much more serious issues than ones closed in SUPEE-8788. Therefor it is unlikely we will prepare special files for, we upgrade all up to at least.

        • Marek Lesisz

          Thank you!

    • Didine

      Can you provide files for 1.5.1 ?

    • raymon de gast

      When i upload it i got this error:
      Fatal error: Class ‘Mage_Uploader_Helper_Data’ not found in /home/domain/domains/domainurl/public_html/app/Mage.php on line 547 do you know what’s the problem? using magento

      • Abdul Kadir

        Did you get Any Solution for This Problem i am facing same problem

        • raymon de gast

          Yes, you have to compress the patch file and than unzip it on the ftp server and than try again, if that’s not working you have to patch first 3941.

          • Abdul Kadir

            so you mean i have to upload zip file to server and then i have to unzip it?

    • Ashwani

      Can you provide files for

    • emanuele

      after installing SUPEE-8788 for v1.8.1.0 , my CMS page from backend get 404 page not found!

      • Emanuele

        I’m sorry i resolve, the problem was about store deleted , no about SUPEE-8788

    • ali

      My version is How to install my version.

    • Dian Reytan

      +1 for

    • Sam

      We need urgently 1.6.2. I hope for your support!

    • http://www.bitwaretechnologies.com wasim

      1. Go to Cache Management, Refresh all caches, Flush all other caches. Logout admin.

      2. Clear browser caches, especially browser data and cached images & files. Close browser.

      3. Clear your CDN Cache!

      4. Reload Apache or restart your server

      5. Open your fresh browser, and login to admin. Test your image upload. If still not working, use private browsing or incognito or another machine

    • Michel Post

      Thanks for the great work. Is the patch for and also coming?

    • Daniel Vince

      Awsome work! Any chace of :)

    • Ryan

      After applying the SUPEE-8788v2- patch the Product page is broken in admin
      Admin > Catalog > Manage Products > Edit, Page is broken, I see only white background with images radio buttons and all. Even the css is not loading for admin. This is happening when I click edit.

    • Anurag Khandelwal

      Any updates on the changes done with the Patch SUPEE 8788. I am trying to ask related to second version of this path.

    • David

      After applying the SUPEE-8788v2- patch the Product page is broken in admin

      Admin > Catalog > Manage Products > Edit, Page is broken, I see only white background with this error:
      Fatal error: Call to undefined function lcfirst() in {server}/app/code/core/Mage/Uploader/Model/Config/Abstract.php on line 50

      • magentary

        It seems like your PHP version is 5.2 or earlier, lcfirst() exists since PHP 5.3. I’d suggest to ask your host to upgrade PHP version to 5.3 at least.

    • Cristian Antolini

      We are under attack!!!

    • Soul Sin


      Tested this patch on a Localhost magento Website and identified that, despite the edit products working properly, the page got some CSS glitches. Like Top menu letters are now white instead of black and there is a red outline in all buttons (Like Save, Duplicate, etc).

      My Xamp is version 3.2.1 with Php 5.6.3. Magento

      Anyone with the same issue?

      • Soul Sin

        Well. Confirmed.

        If “Merge CSS Files” is set to “Yes”, Edit Product and Edit Category layouts get style errors. Cleaning caches doesn’t seens to solve the issue.
        Guess I will need to hunt the source of the trouble and make a custom CSS for admin =/

        EDIT: Seens that 8 lines from boxes.css in skinadminhtmldefaultdefault got changed for no real reason. Save two lines that remove “float” behavior on Search and Upload image buttons the rest is purely unwanted changes on aesthetics.

    • GNic


      Our system used Magento We updated OK now, But we have a problem:

      On Admin > Manage products > Edit product: We are missing button upload image for product. It’s only show message “Maximum width and height dimension for upload image is 5000.”

      I tried refresh, flush,.. on system. clear cache browser, restart apache,.. but have not any luck.

      Thank you very much for your support.

      • mumbhai

        We are also having exact same issue were you able to resolve.

    • Anurag Khandelwal

      Should we wait here for Magento

    • GBB

      Hello, I followed the above instructions and installed SUPEE-8788v2- on my Magento which is version

      Since then, none of my customers have been able to place an order. I’m able to get through the checkout to the final page, then when I click Place Order, the text “Submitting order information” appears for a second but nothing happens and it goes back to the Place Order button.

      Any idea what the problem might be or how to fix it?

      • Andres

        Same problem here. I also tried to undo the patch by replacing the files listed above with my backup and still the same. What can I do?

        • GBB

          I was able to get my store working again by installing the previous patch SUPEE-7405 again.

    • Harsh NextBits


      We installed the patch SUPEE-8788 in magento

      after applying the patch We have same issue , when we try to upload image in product , CMS page/block any where else using wysiwyg.

      when we browse the image , browser got hang and it gives different errors in chrome and firefox, IE

      In firefox : uncaught exception: out of memory
      in Chrome : Failed to clear temp storage: It was determined that certain files are unsafe for access within a Web application, or that too many calls are being made on file resources. SecurityError

      also some time it gives error in flow.min.js.

      fortunatly it working properly in safari.

      we tried so many solution but stll its not working.

      Can any one help on this please ?


      • Jacob Cole

        I am having the same issue. If you find a solutions let me know, I would greatly appreciate it!! I’ll do the same for you.

      • magentary

        Solution is to flush caches as described in the article, including Magento cache, CDN cache, web-server cache, depending on your setup. According to the description some files were not updated properly or are served from caches.

    • bc mageteam

      Hello, Could you please release patch for version?

      • Denis


    • Micah Toop

      Has anyone solved the “images not showing in product edit screen/can’t upload images” issue for 1.9.2.x?

    • buaton

      hello Witch paches for magento


    • Dev

      Will patch 8788 be available to version Thanks

    • Sanni mistry

      Hello, I followed the above instructions and installed SUPEE-8788 on my Magento which is version

      but not any changes on my magento, also not remove SUPEE-8788 error in Messages Inbox.

      Any idea what the problem might be or how to fix it?

    • Kirkos Gent

      Hi, I installed SUPEE 8788 for Magento with simple copy of the files in the root. It is not clear to me if I have also to remove flex.swf, uploader.swf and uploaderSingle.swf from skin/adminhtml/default/default/media/. Should I remove them? So far I do not see any problem. Are they going to cause any problems in due course? Thanks.

      • magentary

        Yes, these files should be removed, the patch is prepared specially to get rid of these flash uploaders with vulnerabilities.

    • Php tester

      I have just installed SUPEE-8788v2 in magento but got below error while editing product:

      Fatal error: Call to a member function getUploaderConfig() on boolean in app/code/core/Mage/Adminhtml/Block/Catalog/Product/Helper/Form/Gallery/Content.php on line 56

    • Paul Chaundy

      anyone know what version i need for CE1.9.3 as it is not listed above table. will SUPEE-8788v2- work?

    • Pradip

      When I installed Supee-8788 patch in then in Admin the product and category pages are white and I can’t do anything in it.
      Please help me to resolve this error.
      Thank you!

    • Otto

      Hello, is there a download for

    • Sampathi Ramakrishna

      After Installed the 8788 patch in magento ce- but product images upaload and browse buttons are not showing.Deleted file from skin/adminhtml/default/default/media/flex.swf
      but,no use browse and upload buttons are not showing…Please help on this issue


      • magentary

        Solution is to flush caches as described in the article, including Magento cache, CDN cache, web-server cache, depending on your setup. According to the description some files were not updated properly or are served from caches..

    • Sara

      Missing Files for Magento version

    • sandy

      Hi i installed for my magento version
      but now am not able to login to my backend
      help plz

    • sandy

      am not able to login to the backend

    • Murad Khan

      Please upload for ..

    • Alia

      After installed patch for magento below error come on after redirect on paypal.

      Fatal error: Class ‘Mage_Core_Helper_UnserializeArray’ not found in /chroot/home/twoerosc/2eros.com/html/app/Mage.php on line 547

    • alia

      After installed 8788 patch for custom option image is broken.

      in cosole below error found.

      Failed to load resource: the server responded with a status of 403 (Forbidden)

      But we check folder permission is 777.

      Can you please some body help

    • Praveen Kumar

      Hello Gys, I have an issue with product image. I install the SUPEE-8788, But now its break the product image, Image uploading process is complete but image not update on table. Please help me. Thank you

    • BRST DEV

      Hello I have upgraded to and my product edit page is broken.It is showing a text ‘Images’ only.
      Please let me know how to fix this.

    • Chirag Rathod

      Why aren’t you accept my post may i know???? what is problem with this???

    • Chirag Rathod

      I have issue with PATCH-8788-v2 for magento

    • tbr

      Any chance of a version of this for

    • Toyin Etiko

      Did you manage to get a response to this?

    • http://about.me/neilbradley Neil Bradley

      No I didn’t and for some reason my comment was deleted. :/