Published: October 14, 2016
Last updated:

How to install SUPEE-8788 without SSH

SUPEE-8788 resolve multiple security issues, including critical vulnerabilities with certain payment methods and Zend Framework libraries, support for HTML5 image upload (no flash).


If you have SSH access, it would be more safe to apply the patch via SSH or upgrade to Magento 1.9.4.5 or OpenMage. If upgrade is not an option due to some reason you still can apply the patch via FTP/sFTP upload as shown in this article.

Before applying this patch, make sure to apply all previous patches.

If you wish to save time and have us to apply the slightest set of changes with minimal impact to your store, simply order our Magento Security Patching service.

Preparations



    Applying Magento patches via FTP/sFTP or FileManager / File Upload

    To apply patches in this way we simply replace changed files. This way can not be used blindly if you or your developers have changed any core Magento files (which is a big no-no, by the way). Such changes should be re-applied to patched files, or you loose these changes.

    The following files are changed by SUPEE-8788 (v2 released on October 15, 2016):
    app/code/core/Mage/Adminhtml/Block/Catalog/Product/Helper/Form/Gallery/Content.php
    app/code/core/Mage/Adminhtml/Block/Cms/Wysiwyg/Images/Content/Uploader.php
    app/code/core/Mage/Adminhtml/Block/Media/Uploader.php
    app/code/core/Mage/Adminhtml/Block/Urlrewrite/Category/Tree.php
    app/code/core/Mage/Adminhtml/Model/System/Config/Backend/Serialized.php
    app/code/core/Mage/Adminhtml/controllers/DashboardController.php
    app/code/core/Mage/Adminhtml/controllers/IndexController.php
    app/code/core/Mage/Adminhtml/controllers/Media/UploaderController.php
    app/code/core/Mage/Catalog/Helper/Image.php
    app/code/core/Mage/Catalog/etc/config.xml
    app/code/core/Mage/Catalog/etc/system.xml
    app/code/core/Mage/Centinel/Model/Api.php
    app/code/core/Mage/Centinel/Model/Api/Client.php
    app/code/core/Mage/Core/Block/Abstract.php
    app/code/core/Mage/Core/Helper/Url.php
    app/code/core/Mage/Core/Model/Encryption.php
    app/code/core/Mage/Core/Model/Input/Filter/MaliciousCode.php
    app/code/core/Mage/Core/functions.php
    app/code/core/Mage/Customer/Block/Address/Book.php
    app/code/core/Mage/Customer/controllers/AddressController.php
    app/code/core/Mage/Dataflow/Model/Profile.php
    app/code/core/Mage/Downloadable/Block/Adminhtml/Catalog/Product/Edit/Tab/Downloadable/Links.php
    app/code/core/Mage/Downloadable/Block/Adminhtml/Catalog/Product/Edit/Tab/Downloadable/Samples.php
    app/code/core/Mage/Downloadable/Helper/File.php
    app/code/core/Mage/Oauth/Model/Server.php
    app/code/core/Mage/Paygate/Model/Authorizenet.php
    app/code/core/Mage/Payment/Block/Info/Checkmo.php
    app/code/core/Mage/Paypal/Model/Express/Checkout.php
    app/code/core/Mage/Paypal/Model/Resource/Payment/Transaction.php
    app/code/core/Mage/Sales/Model/Resource/Order/Payment.php
    app/code/core/Mage/Sales/Model/Resource/Order/Payment/Transaction.php
    app/code/core/Mage/Sales/Model/Resource/Quote/Payment.php
    app/code/core/Mage/Sales/Model/Resource/Recurring/Profile.php
    app/code/core/Mage/Uploader/Block/Abstract.php
    app/code/core/Mage/Uploader/Block/Multiple.php
    app/code/core/Mage/Uploader/Block/Single.php
    app/code/core/Mage/Uploader/Helper/Data.php
    app/code/core/Mage/Uploader/Helper/File.php
    app/code/core/Mage/Uploader/Model/Config/Abstract.php
    app/code/core/Mage/Uploader/Model/Config/Browsebutton.php
    app/code/core/Mage/Uploader/Model/Config/Misc.php
    app/code/core/Mage/Uploader/Model/Config/Uploader.php
    app/code/core/Mage/Uploader/etc/config.xml
    app/code/core/Mage/Uploader/etc/jstranslator.xml
    app/code/core/Mage/Usa/Model/Shipping/Carrier/Dhl.php
    app/code/core/Mage/Usa/Model/Shipping/Carrier/Dhl/International.php
    app/code/core/Mage/Usa/Model/Shipping/Carrier/Fedex.php
    app/code/core/Mage/Usa/Model/Shipping/Carrier/Ups.php
    app/code/core/Mage/Usa/etc/config.xml
    app/code/core/Mage/Usa/etc/system.xml
    app/code/core/Mage/Wishlist/Helper/Data.php
    app/code/core/Mage/Wishlist/controllers/IndexController.php
    app/code/core/Mage/XmlConnect/Block/Adminhtml/Mobile/Edit/Tab/Design.php
    app/code/core/Mage/XmlConnect/Block/Adminhtml/Mobile/Edit/Tab/Design/Images.php
    app/code/core/Mage/XmlConnect/controllers/Adminhtml/MobileController.php
    app/design/adminhtml/default/default/layout/cms.xml
    app/design/adminhtml/default/default/layout/main.xml
    app/design/adminhtml/default/default/layout/xmlconnect.xml
    app/design/adminhtml/default/default/template/catalog/product/helper/gallery.phtml
    app/design/adminhtml/default/default/template/cms/browser/content/uploader.phtml
    app/design/adminhtml/default/default/template/downloadable/product/edit/downloadable.phtml
    app/design/adminhtml/default/default/template/downloadable/product/edit/downloadable/links.phtml
    app/design/adminhtml/default/default/template/downloadable/product/edit/downloadable/samples.phtml
    app/design/adminhtml/default/default/template/media/uploader.phtml
    app/design/adminhtml/default/default/template/xmlconnect/edit/tab/design.phtml
    app/etc/modules/Mage_All.xml
    app/locale/en_US/Mage_Media.csv
    app/locale/en_US/Mage_Uploader.csv
    downloader/lib/Mage/HTTP/Client/Curl.php
    js/lib/uploader/flow.min.js
    js/lib/uploader/fusty-flow-factory.js
    js/lib/uploader/fusty-flow.js
    js/mage/adminhtml/product.js
    js/mage/adminhtml/uploader/instance.js
    lib/Unserialize/Parser.php
    lib/Unserialize/Reader/Arr.php
    lib/Unserialize/Reader/ArrValue.php
    lib/Unserialize/Reader/Null.php
    skin/adminhtml/default/default/boxes.css
    skin/adminhtml/default/default/media/flex.swf
    skin/adminhtml/default/default/media/uploader.swf
    skin/adminhtml/default/default/media/uploaderSingle.swf
    skin/adminhtml/default/default/xmlconnect/boxes.css
    
    
    To install the patch via FTP/File Upload
    • select patch bundle archive corresponding to your Magento version from the table below and unpack it
    • upload all files and folders to Magento root directory of your store, replacing all files
    • delete the following files in skin/adminhtml/default/default/media/:
      skin/adminhtml/default/default/media/flex.swf 
      skin/adminhtml/default/default/media/uploader.swf
      skin/adminhtml/default/default/media/uploaderSingle.swf
      


    Downloads for other versions added to table on demand when we patch certain version via file upload for the first time.
    Note, all links are updated to v2 version, updated on October 15, 2016.
    Magento versionSUPEE-8788 v2
    Magento 1.9.2.4SUPEE-8788v2-1.9.2.4
    Magento 1.9.2.3SUPEE-8788v2-1.9.2.3
    Magento 1.9.2.2-1.9.2.1SUPEE-8788v2-1.9.2.1
    Magento 1.9.1.1SUPEE-8788v2-1.9.1.1
    Magento 1.9.0.1SUPEE-8788v2-1.9.0.1
    Magento 1.8.1.0SUPEE-8788v2-1.8.1.0
    Magento 1.7.0.2SUPEE-8788v2-1.7.0.2


    Verification and flush of PHP opcode cache

    Test that your store is working. If you use PHP opcode caches (APC/XCache/eAccelerator) make sure to flush it after patching (or restart webserver), otherwise code will continue to run from caches.

    Known issues

    There are several known issues with SUPEE-8788 reported, please check this list for details.



    If you have any difficulties with applying the patches please let us know in comments, so we can find the solution together.

    Posted in: Magento Maintenance

    58 votes, 4.70 avg. rating (93% score)