Magento 1.x Knowledge Base » Magento Maintenance » How to install SUPEE-9767 without SSH
Published: June 1, 2017
Last updated:

How to install SUPEE-9767 without SSH

Tags: ,
July 12, 2017: Community Edition 1.9.3.4 and SUPEE-9767 version 2 patch address customer registration and other issues encountered by some merchants when using the original release or patch.

If you have SSH access, please refer to how to apply the patch via SSH.
If you have no SSH access to apply the patch, you can simply upgrade to the latest Magento 1 version or OpenMage LTS with all the latest security patches up to date (it is about ~30 patches up to 2021). If Magento upgrade or migration to Openmage is not possible due to some reason, you can still can apply the patch via FTP/sFTP upload as shown in this article.

If you wish to save time and have us to install these patches for you, simply click here to order installation.

 

Preparations

  • Disable Magento Compiler and clear compiler cache
  • Disable Symlinks setting
    In Magento backend navigate to System > Configuration > Advanced > Developer > Template Settings > Enable Symlinks and set it to No, if it is not set already: template-symlinks-setting-in-magento
 

Applying Magento patches via FTP/sFTP or FileManager / File Upload

To apply patches in this way we simply replace changed files. This way can not be used blindly if you or your developers have changed any core Magento files (which is a big no-no, by the way). Such changes should be re-applied to patched files, or you loose these changes.
Note: Make sure, that all previous patches including SUPEE-5344, SUPEE-5994, SUPEE-6285, SUPEE-6788, SUPEE-7405 and SUPEE-8788 are applied as this patch should be applied on top of all previous patches.
Note: If you previously applied SUPEE-9767v1 (first version of this patch released on May 31, 2017) to apply new SUPEE-9767v2 version you can simply upload SUPEE-9767v2 files on top of it, it will replace all files from version 1
The following files are changed by SUPEE-9767 (version 2 for 1.9.3.2 released on July 12, 2017): 
app/code/core/Mage/Admin/Model/Session.php
app/code/core/Mage/Adminhtml/Block/Checkout/Formkey.php
app/code/core/Mage/Adminhtml/Block/Notification/Symlink.php
app/code/core/Mage/Adminhtml/Block/Widget/Grid/Column/Filter/Date.php
app/code/core/Mage/Adminhtml/Model/Config/Data.php
app/code/core/Mage/Adminhtml/Model/System/Config/Backend/Symlink.php
app/code/core/Mage/Adminhtml/controllers/Catalog/Product/GalleryController.php
app/code/core/Mage/Checkout/controllers/MultishippingController.php
app/code/core/Mage/Checkout/controllers/OnepageController.php
app/code/core/Mage/Checkout/etc/system.xml
app/code/core/Mage/Cms/Model/Wysiwyg/Images/Storage.php
app/code/core/Mage/Core/Controller/Front/Action.php
app/code/core/Mage/Core/Controller/Request/Http.php
app/code/core/Mage/Core/Model/File/Validator/Image.php
app/code/core/Mage/Core/etc/config.xml
app/code/core/Mage/Core/etc/system.xml
app/code/core/Mage/Core/sql/core_setup/upgrade-1.6.0.6.1.1-1.6.0.6.1.2.php
app/code/core/Mage/Dataflow/Model/Convert/Adapter/Zend/Cache.php
app/code/core/Mage/Dataflow/Model/Convert/Container/Abstract.php
app/code/core/Mage/Dataflow/Model/Convert/Parser/Csv.php
app/code/core/Mage/Dataflow/Model/Convert/Parser/Xml/Excel.php
app/code/core/Mage/ImportExport/Model/Import/Uploader.php
app/code/core/Mage/Sales/Model/Quote/Item.php
app/code/core/Mage/Widget/Model/Widget/Instance.php
app/code/core/Mage/XmlConnect/Helper/Image.php
app/code/core/Mage/XmlConnect/controllers/Adminhtml/MobileController.php
app/design/adminhtml/default/default/layout/main.xml
app/design/adminhtml/default/default/template/notification/formkey.phtml
app/design/adminhtml/default/default/template/notification/symlink.phtml
app/design/adminhtml/default/default/template/oauth/authorize/head-simple.phtml
app/design/adminhtml/default/default/template/page/head.phtml
app/design/frontend/base/default/template/checkout/cart/shipping.phtml
app/design/frontend/base/default/template/checkout/multishipping/addresses.phtml
app/design/frontend/base/default/template/checkout/multishipping/billing.phtml
app/design/frontend/base/default/template/checkout/multishipping/shipping.phtml
app/design/frontend/base/default/template/checkout/onepage/billing.phtml
app/design/frontend/base/default/template/checkout/onepage/payment.phtml
app/design/frontend/base/default/template/checkout/onepage/shipping.phtml
app/design/frontend/base/default/template/checkout/onepage/shipping_method.phtml
app/design/frontend/base/default/template/persistent/checkout/onepage/billing.phtml
app/design/frontend/rwd/default/layout/page.xml
app/design/frontend/rwd/default/template/checkout/cart/shipping.phtml
app/design/frontend/rwd/default/template/checkout/multishipping/addresses.phtml
app/design/frontend/rwd/default/template/checkout/multishipping/billing.phtml
app/design/frontend/rwd/default/template/checkout/onepage/payment.phtml
app/design/frontend/rwd/default/template/checkout/onepage/shipping.phtml
app/design/frontend/rwd/default/template/persistent/checkout/onepage/billing.phtml
app/etc/config.xml
app/locale/en_US/Mage_Adminhtml.csv
app/locale/en_US/Mage_Core.csv
app/locale/en_US/Mage_Dataflow.csv
app/locale/en_US/Mage_XmlConnect.csv
downloader/Maged/Connect.php
downloader/Maged/Controller.php
downloader/Maged/Model/Session.php
js/lib/jquery/jquery-1.12.0.js
js/lib/jquery/jquery-1.12.0.min.js
js/lib/jquery/jquery-1.12.0.min.map
js/varien/payment.js
skin/frontend/base/default/js/opcheckout.js
  To install the patch via FTP/File Upload
  • select patch bundle archive corresponding to your Magento version from the table below and unpack it
  • upload all files and folders to Magento root directory of your store, replacing all files
Magento versionSUPEE-9767v2
1.9.3.3SUPEE-9767v2-1.9.3.3
1.9.3.2SUPEE-9767v2-1.9.3.2
1.9.3.1SUPEE-9767v2-1.9.3.1
1.9.3.0SUPEE-9767v2-1.9.3.0
1.9.2.4SUPEE-9767v2-1.9.2.4
1.9.2.3SUPEE-9767v2-1.9.2.3
1.9.2.2SUPEE-9767v2-1.9.2.2
1.9.2.1SUPEE-9767v2-1.9.2.1
1.9.2.0SUPEE-9767v2-1.9.2.0
1.9.1.1SUPEE-9767v2-1.9.1.1
1.9.1.0SUPEE-9767v2-1.9.1.0
1.8.1.0SUPEE-9767v2-1.8.1.0
1.7.0.2SUPEE-9767v2-1.7.0.2
Downloads for other versions added to table on demand when we patch certain version via file upload for the first time.  

Enable Form Key Validation On Checkout (optional)

To take all advantages of SUPEE-9767 patch it is recommended to enable form key verification for checkout at System > Configuration > Advanced > Admin > Security > Enable Form Key Validation On Checkout.
Note: Check with your theme developer if your theme is compatible before enabling that option as it can break checkout process. Make sure that corresponding checkout template phtml files in your custom theme have form key fields included and custom opcheckout.js is updated.
These fields were added in this patch into default themes, so if you use default theme (base / rwd) or your theme does not override checkout pages, then you can enable Form Key Validation On Checkout right away. Otherwise, check with your theme developer if your theme is compatible before enabling that option as it can break checkout process. The following template files in your custom theme should be checked: 
template/checkout/cart/shipping.phtml
template/checkout/multishipping/billing.phtml
template/checkout/multishipping/shipping.phtml
template/checkout/multishipping/addresses.phtml
template/checkout/onepage/billing.phtml
template/checkout/onepage/payment.phtml
template/checkout/onepage/shipping.phtml
template/checkout/onepage/shipping_method.phtml
template/persistent/checkout/onepage/billing.phtml
These files should include formkey line and you can add it just like in default template files: 
--- app/design/frontend/base/default/template/checkout/onepage/payment.phtml
+++ app/design/frontend/base/default/template/checkout/onepage/payment.phtml
@@ -35,6 +35,7 @@
 <form action="" id="co-payment-form">
     <fieldset>
         <?php echo $this->getChildHtml('methods') ?>
+        <?php echo $this->getBlockHtml('formkey') ?>
     </fieldset>
 </form>
 <div class="tool-tip" id="payment-tool-tip" style="display:none;">
Other set of files to update are custom javascript files that override js/varien/payment.js and skin/frontend/base/default/js/opcheckout.js. These javascript files should be updated with the following: 
@@ -711,7 +711,7 @@ Payment.prototype = {
         }
         var method = null;
         for (var i=0; i<elements.length; i++) {
-            if (elements[i].name=='payment[method]') {
+            if (elements[i].name=='payment[method]' || elements[i].name == 'form_key') {
                 if (elements[i].checked) {
                     method = elements[i].value;
                 }
 

Verification and flush of Magento PHP opcode cache

Flush Magento caches: Navigate in Magento backend to System > Cache Management and flush Magento cache and CSS/JS caches. If you use PHP opcode caches (OPCache/APC/XCache/eAccelerator) make sure to flush it after patching (or restart webserver), otherwise code will continue to run from caches. Test that your store is working. Test Checkout process. If you have any difficulties with applying the patches please let us know in comments, so we can find the solution together.  

Posted in: Magento Maintenance

Related Posts

61 votes, 4.39 avg. rating (87% score)