Patches

Installing patches

  • https://magento.com/tech-resources/download Download the patch you want to install
  • cd to your project directory
  • copy the patch to your project directory cp ~/Downloads/{patchname}
  • chmod +x {patchname} to add executable flag
  • execute the patch by typping bash ./{patchname}.sh
  • done

Note

If you get the error Error! Some required system tools, that are utilized in this sh script, are not installed: Tool(s) "patch" is(are) missed, please install it(them). you need to execute sudo yum install patch

Creating pre-patch backup

Before deploying a SUPEE patch you can take a backup of the changed files using the following snippet:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
#! /usr/bin/env bash

# - Merge your changes into LIVE branch
# - Run this in the project root (so above /public)

readonly DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )";
cd $DIR;
set -e
set -u
set -o pipefail
standardIFS="$IFS"
IFS=$'\n\t'
echo "
===========================================
$(hostname) $0 $@
===========================================
"

readonly supee='<SUPEE id>';
readonly backupDirName="backup_SUPEE-$supee";
readonly zipFileName="$backupDirName.zip";

echo "Setting up backup dir.";

if [ -d $backupDirName ]
then
    rm -Rf "$backupDirName/*";
else
    mkdir $backupDirName;
fi

if [ -f $zipFileName ]
then
    rm -f $zipFileName;
fi

echo "Checking out previous commit.";

git checkout --quiet HEAD~1;

echo "Backing up files.";

for f in $(git diff --name-only HEAD~1 HEAD); do
    if [ -f $f ]
    then
        cp --parents $f $backupDirName;
    fi
done

echo "Checking out LIVE branch.";

git checkout --quiet LIVE;

echo "Creating zip archive.";

zip -q -r $zipFileName $backupDirName;

echo "

    FINISHED

";

Patch-specific notes

SUPEE-6788

Pages and tools worth knowing when installing this patch.

  • Tool which analyzes and fixes modules supee-6788-toolbox
  • Technical details for the patch
  • After installing the patch, and fixing issues with the tool above, make sure that all admin routes are still working
  • If it doesn't go and fix it manually using this page as a reference.

SUPEE-8788

Helpful tool for installing this patch, you can download it from here

Remove downloader entries

If you no longer have a downloader folder then you'll need to remove these items from the patch:

Note

The one liner below will most likely only work with this version of the patch file.

1
sed -i.bak -e '4884,4896d' PATCH_SUPEE-8788_CE_1.9.2.1_v2-2016-10-14-09-40-36.sh

SUPEE-9767

The patch removes the config field in System > Configuration > Advanced > Developer > Template Settings > Allow Symlinks.

Ensure the value is set to "No" before applying the patch. If it's set to "Yes", it'll need to be set to "No" on Live. Obviously make sure this doesn't break anything.

Remove downloader entries

You probably don't have a downloader folder, or it's not called downloader.

The patch contains 3 references to files within the downloader folder. These should be removed in the patch file.

Note

The one liner below will most likely only work with this version of the patch file.

1
sed -i.bak -e '1198,1342d' PATCH_SUPEE-9767_CE_1.9.3.0_v1-2017-05-25-09-09-56.sh

Adding form keys to custom themes

The patch adds form key elements to templates within the checkout, but obviously only in core Magento themes.

To apply these changes to your theme, run the following bash snippets within the Magento root:

1
2
3
4
5
find -L app/design/frontend -regex '.*\(shipping\|billing\|shipping_method\|payment\).phtml' -exec grep -L formkey {} \; \
  | xargs sed -i 's/<\/form>/<?php echo $this->getBlockHtml("formkey") ?><\/form>/g'

find -L skin/frontend -name 'opcheckout.js' -exec grep -L form_key {} \; \
  | xargs sed -i 's/if (elements\[i\].name=='\''payment\[method\]'\'') {/if (elements[i].name=='\''payment[method]'\'' || elements[i].name == '\''form_key'\'') {/g'

Github gist source

Enabling the form key validation

Until the setting is enabled, the patches to add Form Keys have no effect.

It's located at System > Configuration > Admin > Security > Enable Form Key Validation On Checkout

You'll see a warning at the top of the Magento admin to enable the setting.

Ensure the payment step works

If you find that you can't proceed past the Payment step, it might be because the opcheckout.js file is cached by the browser.

One of the changes to opcheckout.js is to not add a disabled attribute to the form_key input. If this is being browser cached then you'll see this attribute within the payment step's <input name="form_key" disabled... /> element. This prevents the form_key being sent to the server, and it then fails the form key validation.

SUPEE-10415

After applying the patch, one client faced problems, that when trying to resave product in the Magento admin, error would be thrown "Unsupported data type N". That appeared to be because SUPEE-8788 patch was v1, while upgrading it to v2. Sorted the problem.

SUPEE-10570

Patch providing protection against several types of security-related issues, more info here. Known issues of the patch can be read here

SUPEE-10888

  • Error message File skin/adminhtml/default/enterprise/images/placeholder/thumbnail.jpg: git binary diffs are not supported.. Others have had this issue: More info.

  • This patch updates a file in the downloader file, as we have moved this out of the magento root this will need handling appropriately.

  • They are changes to some email templates in app/local/en_US/template/email, I have encountered problems with the templates not as the patch expects.