How to install SUPEE 7405 with or without SSH

How to install SUPEE 7405 with or without SSH

Magento recently released 2 new patches SUPEE 7405 and SUPEE 7616. In this article I will give you information why you should install SUPEE 7405 and help you install SUPEE 7405 on your Magento 1.x with or without SSH.

Index:

SUPEE 7405 (Bundle Security Patch)

SUPEE 7405 is for certain vulnerabilities that can potentially be exploited to steal your customer information or take over administrator sessions. As per the Magento there are no confirmed attacks because of this vulnerability. Please check administrator accounts, unfamiliar files on the server, etc. if your store already been attacked.

Install SUPEE-7405 with SSH

  1. Download SUPEE 7405 from the Magento official website. Please download the Patch file corresponding to your Magento version.
    https://experienceleague.adobe.com/docs/commerce-operations/installation-guide/overview.html
  2. You must have SSH access of your server to install the patch using patch files, if you don’t have you can follow Install SUPEE 7405 without SSH (below method)
  3. Please disable compiler before installing the patch if enabled, check system > configuration > Tools > Magento Compiler and clear compiled cache.
  4. Upload the patch in the root directory of your Magento files and Run the patch file by running this command.
    sh patch_file_name.sh

    Example: sh PATCH_SUPEE-7405_CE_1.9.2.2_v1-2016-01-20-04-35-33.sh

  5. Verify the Magento store functionality and flush the cache. You might need to flush the php opcode cache as well If you use PHP opcode caches (APC/XCache/eAccelerator).

MageReport.com should soon add these patches to check.

Install SUPEE-7405 without SSH

If you don’t have SSH access of your server, this method you can use to install the latest security patches however, it is highly recommended to upgrade your Magento version to 1.9.2.3 which includes all the security patches but in case you are not able to upgrade and you don’t have SSH follow this method.

  1. Make sure you have installed all the previous patches before installing this one (SUPEE-1533, SUPEE-5344, SUPEE-5994, SUPEE-6285, SUPEE-6482, SUPEE-6788)
  2. Disable Magento Compiler from system > configuration > Tools > Magento Compiler if enabled.
  3. Download the Pre Patched files from Github or from down below and simply upload in the root of Magento.
  4. Please make sure you keep backup of the files you are replacing.
  5. Clear the cache and run compiler (if it was enabled before). You might need to flush the php opcode cache as well If you use PHP opcode caches (APC/XCache/eAccelerator).
  6. Verify your Magento store functionality. MageReport.com should soon add these patches to check.

FAQs

[expand title=”1) Unable to login to the backend after the patch: Invalid form key error.“]
Try to Flush your browser cookies and cache and delete the var/session files from Magento files.
[/expand]

[expand title=”2) Admin order view page showing blank / broken screen“]

a) You can try this solution, hope it should help.
go to app/code/core/Mage/Adminhtml/Helper/Sales.php,

In the class Mage_Adminhtml_Helper_Sales around line number 124. The code is:

$links = [];

Change it to

$links = array();

b) One possible reason we came to know is lower then 5.4 PHP version. Ask your host to upgrade your PHP version and check.
[/expand]

[expand title=”3) SOAP API URL /index.php/api/v2_soap/index/?wsdl=1 throws a 500 error“]

Bug Report has been created, we will have to wait for the response from Magento.
[/expand]

[expand title=”4) Patch is not compatible with lower version then PHP 5.4“]

You can try this solution, hope it should help.
In the class Mage_Adminhtml_Helper_Sales around line number 124. The code is:

$links = [];

Change it to

$links = array();
[/expand]

Do leave a comment if you are facing any issue. We would love to help you out.

You can use our extension Applied Patches to check whether the patch has been installed or not. Magento Applied Patches
If you need help installing any other security patches, checkout our Ultimate Guide for Installing Magento Security Patches.

Happy Patching :))

Security-patch-installation-service

Previous Article

How to Use Built-In jQuery Library in Magento 2

Next Article

How to install SUPEE 7616 with or without SSH

View Comments (78)
  1. Installed SUPEE-7405 and everything worked find but the order view page. Guessing as you said they will come out with a fix… so until then and to do restore from a backup and will just wait till I see a fix for it. Also thanks for doing this. Makes my life a whole lot easier! Cheers.

  2. Installed the patch without SSH Access. Now when I click view cart I get “There has been an error processing your request” and the same thing when I am in checkout. If I click on “Ship to this address” and choose an address from my address book in the checkout process I get the same error as before, if I click on “Ship to different address” I do not get the error.

    I have cleared all cache in the backend. Please help. Thank you.

    1. So I did some more poking around and it seems like it is more of an issue with the USPS update. If I disable USPS from my shipping options, I no longer have the issue.

      Do I need to contact USPS about this?

        1. Yes I did.

          The site started working fine after I disabled then enabled USPS, it worked for 2 days, and now it is giving me the error on Checkout and Cart again. I tried disabling USPS, and then I could get through everything fine. Cart worked, Checkout works. Enabled USPS again and I get the errors.

  3. Hi

    After installation of patch 7405 , I have an error . that is
    ERROR: Patch can’t be applied/reverted successfully.

    Help me to solve this.

    Thanks

  4. Hey guys,

    thanks for the update on what PHP version we need to be running on. Looks like we are sitting at 5.3.xx so its off to talk to our host. Cheers!

    1. Please check FAQ,
      Will you please check your PHP version if it is lower then 5.4, ask hosting guys to upgrade.
      Try this one as well
      Change line 124 in app/code/core/Mage/Adminhtml/Helper/Sales.php from $links = []; to $links = array();:

  5. Checking if patch can be applied/reverted successfully…
    ERROR: Patch can’t be applied/reverted successfully.

    patching file app/code/core/Mage/Admin/Model/Observer.php
    patching file app/code/core/Mage/Admin/Model/Redirectpolicy.php
    patching file app/code/core/Mage/Admin/Model/Resource/User.php
    patching file app/code/core/Mage/Admin/Model/User.php
    patching file app/code/core/Mage/Adminhtml/Block/Sales/Order/View/Tab/History.php
    patching file app/code/core/Mage/Adminhtml/Block/Widget/Grid.php
    patching file app/code/core/Mage/Adminhtml/Helper/Catalog/Product/Edit/Action/Attribute.php
    patching file app/code/core/Mage/Adminhtml/Helper/Sales.php
    patching file app/code/core/Mage/Adminhtml/Model/System/Config/Backend/File.php
    patching file app/code/core/Mage/Adminhtml/Model/System/Config/Backend/Image.php
    patching file app/code/core/Mage/Adminhtml/Model/System/Config/Backend/Image/Favicon.php
    patching file app/code/core/Mage/Adminhtml/controllers/IndexController.php
    patching file app/code/core/Mage/Authorizenet/Helper/Admin.php
    patching file app/code/core/Mage/Authorizenet/Helper/Data.php
    patching file app/code/core/Mage/Authorizenet/controllers/Adminhtml/Authorizenet/Directpost/PaymentController.php
    patching file app/code/core/Mage/Captcha/etc/config.xml
    patching file app/code/core/Mage/Catalog/Block/Product/View/Options/Type/Select.php
    patching file app/code/core/Mage/Catalog/Model/Category/Attribute/Backend/Image.php
    patching file app/code/core/Mage/Catalog/Model/Resource/Product/Attribute/Backend/Image.php
    patching file app/code/core/Mage/CatalogIndex/etc/config.xml
    patching file app/code/core/Mage/CatalogInventory/Helper/Minsaleqty.php
    patching file app/code/core/Mage/Checkout/Block/Cart/Item/Renderer.php
    patching file app/code/core/Mage/Checkout/controllers/CartController.php
    patching file app/code/core/Mage/Checkout/controllers/OnepageController.php
    patching file app/code/core/Mage/Core/Helper/Data.php
    patching file app/code/core/Mage/Core/Model/App.php
    patching file app/code/core/Mage/Core/Model/Config.php
    patching file app/code/core/Mage/Core/Model/Email/Queue.php
    Hunk #1 succeeded at 234 (offset -5 lines).
    patching file app/code/core/Mage/Core/Model/Email/Template/Filter.php
    Hunk #1 FAILED at 171.
    Hunk #2 succeeded at 182 (offset -10 lines).
    1 out of 2 hunks FAILED — saving rejects to file app/code/core/Mage/Core/Model/Email/Template/Filter.php.rej
    patching file app/code/core/Mage/Core/Model/File/Validator/Image.php
    patching file app/code/core/Mage/Core/Model/Input/Filter/MaliciousCode.php
    patching file app/code/core/Mage/Core/Model/Session.php
    patching file app/code/core/Mage/Customer/controllers/AccountController.php
    Hunk #1 succeeded at 65 (offset -3 lines).
    patching file app/code/core/Mage/Dataflow/Model/Convert/Parser/Csv.php
    patching file app/code/core/Mage/Downloadable/controllers/CustomerController.php
    patching file app/code/core/Mage/ImportExport/Model/Export/Adapter/Abstract.php
    patching file app/code/core/Mage/ImportExport/Model/Export/Adapter/Csv.php
    patching file app/code/core/Mage/ImportExport/Model/Import/Entity/Abstract.php
    patching file app/code/core/Mage/ImportExport/etc/config.xml
    patching file app/code/core/Mage/ImportExport/etc/system.xml
    patching file app/code/core/Mage/Newsletter/Model/Observer.php
    patching file app/code/core/Mage/Newsletter/Model/Queue.php
    patching file app/code/core/Mage/Page/etc/system.xml
    patching file app/code/core/Mage/Paypal/controllers/PayflowController.php
    patching file app/code/core/Mage/Paypal/controllers/PayflowadvancedController.php
    patching file app/code/core/Mage/Paypal/etc/config.xml
    patching file app/code/core/Mage/Persistent/etc/config.xml
    patching file app/code/core/Mage/Review/controllers/ProductController.php
    patching file app/code/core/Mage/Rss/Block/Catalog/Salesrule.php
    patching file app/code/core/Mage/Rss/Helper/Order.php
    patching file app/code/core/Mage/Sales/Helper/Guest.php
    patching file app/code/core/Mage/Sales/Model/Quote/Address.php
    patching file app/code/core/Mage/Sales/Model/Quote/Item.php
    patching file app/code/core/Zend/Xml/Security.php
    patching file app/design/adminhtml/default/default/template/authorizenet/directpost/iframe.phtml
    patching file app/design/adminhtml/default/default/template/bundle/sales/creditmemo/create/items/renderer.phtml
    patching file app/design/adminhtml/default/default/template/bundle/sales/creditmemo/view/items/renderer.phtml
    patching file app/design/adminhtml/default/default/template/bundle/sales/invoice/create/items/renderer.phtml
    patching file app/design/adminhtml/default/default/template/bundle/sales/invoice/view/items/renderer.phtml
    patching file app/design/adminhtml/default/default/template/bundle/sales/order/view/items/renderer.phtml
    patching file app/design/adminhtml/default/default/template/bundle/sales/shipment/create/items/renderer.phtml
    patching file app/design/adminhtml/default/default/template/bundle/sales/shipment/view/items/renderer.phtml
    patching file app/design/adminhtml/default/default/template/catalog/product/composite/fieldset/options/type/file.phtml
    patching file app/design/adminhtml/default/default/template/downloadable/sales/items/column/downloadable/creditmemo/name.phtml
    patching file app/design/adminhtml/default/default/template/downloadable/sales/items/column/downloadable/invoice/name.phtml
    patching file app/design/adminhtml/default/default/template/downloadable/sales/items/column/downloadable/name.phtml
    patching file app/design/adminhtml/default/default/template/sales/items/column/name.phtml
    patching file app/design/adminhtml/default/default/template/sales/items/renderer/default.phtml
    patching file app/design/adminhtml/default/default/template/sales/order/totals/discount.phtml
    patching file app/design/adminhtml/default/default/template/sales/order/view/info.phtml
    patching file app/design/frontend/base/default/template/catalog/product/view/options/type/file.phtml
    patching file app/design/frontend/base/default/template/rss/order/details.phtml
    patching file lib/Varien/File/Uploader.php
    patching file lib/Varien/Io/File.php
    Done

    1. There are 2 files which you should download and upload from the github as per your Magento version.
      app/code/core/Mage/Core/Model/Email/Queue.php
      app/code/core/Mage/Core/Model/Email/Template/Filter.php

      1. I get this exact error. I replaced the two files mentioned with the files from github, and then get a fatal error:
        “Fatal error: Call to a member function isPathAllowed() on a non-object in …/app/code/core/Mage/Core/Model/Email/Template/Filter.php on line 481”

        Line 481 content is: “if (isset($params[‘path’]) && $this->_permissionVariable->isPathAllowed($params[‘path’])) {”

        any thoughts?

          1. I got same issue even we replaced both files (below), which you mentioned.

            app/code/core/Mage/Core/Model/Email/Queue.php
            app/code/core/Mage/Core/Model/Email/Template/Filter.php

            Could you please let me know what else I missed to fix the issue and get success with with this patch applied into our site?

            Thanks in advance!

            Best,
            Subbu.

          2. Did you download the files according to your Magento version because if you have downloaded from Github Magento 1.9 then it would come of 1.9.2.3 which is already patched files. So using SSH you won’t be able to patch those files and will show error.

  6. Hi,

    after uploading SUPEE 7405 without ssh, I go to admin url and see this error.

    Fatal error: Call to a member function getUsername() on a non-object in /app/design/adminhtml/default/default/template/page/header.phtml on line 33

    Please can you help me?

  7. Having issues with image permissions now – when uploading images, they are being defaulted to 640 permissions – any thoughts?

  8. Hello,

    I have applied security patch up 7405 and now admin panel not working it show me blank page after enter credential.
    Please can you tell me that what i need to do .

    Thanks

    1. Please check your PHP version, we have added FAQ already for other possible solution you can go with it.
      If you still face issue, you can contact us anytime and our technical support team will be happy to assist you,. 🙂

      1. Hello Magecomp,

        Thanks for your fast reply,

        I checked already and my php version is 5.4.28
        Please tell me what can be another issue.

        Thanks

        1. You can try this solution, hope it should help.
          go to app/code/core/Mage/Adminhtml/Helper/Sales.php,
          In the class Mage_Adminhtml_Helper_Sales around line number 124. The code is:
          $links = [];
          Change it to
          $links = array();

          If this also don’t solve your issue, please enable developer mode from index.php and look for the error or contact us.

  9. Hello Magecomp,

    I have done change in Sales.php according to you and checked developer mode in index.php that is already true.
    What else i can do.

    Thanks

  10. Magecomp,

    It seems that there is a new version of SUPEE 7405 out. Looks like it is supposed to address the issues with upload file permissions, merging carts and SOAP APIs that we all have experienced with the original release. Have you heard anything about this yet?

    https://community.magento.com/t5/Security-Patches/after-installing-SUPEE-7405-can-no-longer-add-or-change-images/td-p/26785/page/4

    I saw it from the community manager Sherrie at the link above. Thought I would just ask and also inform if you haven’t heard about it yet.

  11. I installed it by doing without ssh(ftp), but cant check if it installed successfully…
    I test it with some extensions like appliedpatches or the same with philwinkle but it shows only 1.9.2.3…
    no patch informations.
    How can I be sure that is all ok ?

    1. Hello Schmidt,

      If you install the patch, that doesn’t mean Magento version will be changed. If you have installed Patch using FTP, you won’t be able to verify it with any extension like you mentioned. Did you check in https://www.magereport.com/?
      Please install SUPEE 7405 v 1.1 after older SUPEE 7405.

  12. Ok guys I have a question. I Installed SUPEE-7405 V 1.1 and when I logged into my admin all of my orders where gone but one. Why that one was there I have no clue. NOW…. when I installed the first version of this security patch I edited the Uploader.php file in the lib/Varien/File path. (This was the only file I messed with from the earlier version of patch 7405.)

    I changed this code on line 219 from:
    chmod($destinationFile, 0640);

    to this
    chmod($destinationFile, 0666);

    Before installing this new version I didn’t add the original file back. Should I do that first and make it say 640 again? Just don’t know why that would make a difference in my orders showing or not showing since this file deals with images and the uploading of them. Any ways I thought I would pick your brains first before trying other methods. As all ways you guys do a killer job here and thanks fore everything. Cheers!

    Shawn

    1. Hello Shawn,

      Make sure you have installed the SUPEE 7405 correctly and then it’s 1.1 version.
      Order blank page issue and image uploading issue sorted out in 1.1 version of 7405.
      Your issue seems little odd, you are able to see one order as much as i can understand from your comment,
      There shouldn’t be such issue with the patch installation.

      Still try to remember, if you have done any other changes or contact us, our technical support team can help you to debug the issue.

      Thank you

      1. Magecomp,

        Well I tried it again this morning and everything worked fine after installing the patch. Not sure what it was before hand but all is good. So once again thanks for everything! Cheers

  13. Cristy Shiella Salva

    My magento version was 1.9.1.0 can I use 1.9.1.1 for SUPEE-7405 v1.1 ?

  14. about SUPEE-7405 Security Patch …
    do i have to upgrade my magento CE 1.9.2.2 to 1.9.2.3 or not ?
    if yes? how can i upgrade that. i hting because of that i cant patch SUPEE 7405 security patch…..

    can you help me

    1. Hello Kurt,

      It is not advisable to upgrade the Magento version by yourself because there are 60-80% chances of getting error which needs to be solved.
      Contact us and our technical support team will be happy to help you with you it,

  15. Hi, please, it is possible that you give me SUPEE-7405 without SSH for Magento 1.6.0.
    Thanks

  16. [Mon Apr 18 12:26:35.798979 2016] [:error] [pid 27208] [client 207.46.13.143:15409] PHP Warning: include_once(): Failed opening ‘/var/www/store/includes/src/Varien_Autoload.php’ for inclusion (include_path=’/var/www/store/includes/src:.:/usr/share/php:/usr/share/pear’) in /var/www/outlet/app/Mage.php on line 37
    [Mon Apr 18 12:26:35.798996 2016] [:error] [pid 27208] [client 207.46.13.143:15409] PHP Fatal error: Class ‘Varien_Autoload’ not found in /var/www/store/app/Mage.php on line 54

    Solution:
    via the console/ssh you can use
    $ php -f shell/compiler.php — disable
    $ php -f shell/compiler.php — clear
    $ php -f shell/compiler.php — compile
    $ php -f shell/compiler.php — enable
    might need the fourth line…not sure.

    Credits

    http://magento.stackexchange.com/questions/68010/error-after-successfull-patch-supee-5994-class-mage-install-controller-router

  17. I’m having crazy issues on checkout page – it kicks the client out of the checkout:

    500 Server error on /checkout/onepage/progress/?toStep=shipping_method

    sometimes on billing too.

    The issue is intermittent, sometimes it shows up, sometimes not.

    SUPEE 7405 I have applied both 1.0 and 1.1 via FTP(direct file upload), but the issue with checkout still persists!

    Please help!

    PS: Both MCRYPT,MBSTRING and SOAP are enabled on the server. I’m running PHP 5.4.45 with APC 3.1.13 on 1230 Intel CPU, 16GB of RAM, 2TB Drives

    Update:

    Chrome Console spits this out:

    prototype.js:1530 POST /checkout/onepage/saveBilling/ 500 (Internal Server Error)

    Ajax.Request.Class.create.request @ prototype.js:1530 Ajax.Request.Class.create.initialize @ prototype.js:1495 (anonymous function) @ prototype.js:429 klass @ prototype.js:101Billing.save @ /skin/frontend/base/default/js/opcheckout.js:313 onclick @ /checkout/onepage/:679

    UPDATE: Apache Logs have these types of errors:

    24.87.30.186 – – [21/Apr/2016:16:13:43 -0700] “POST /checkout/onepage/saveBilling/ HTTP/1.1” 500 – “https://www.example.com/checkout/onepage/” “Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36”

    216.129.65.170 – – [21/Apr/2016:16:08:00 -0700] “GET /checkout/onepage/progress/?toStep=payment HTTP/1.1” 500 461 “https://www.example.com/checkout/onepage/” “Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36”

    216.129.65.170 – – [21/Apr/2016:16:08:00 -0700] “GET /checkout/onepage/progress/?toStep=payment HTTP/1.1” 500 461 “https://www.example.com/checkout/onepage/” “Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36”

  18. After installing the patch I am not able to see products in home page. I can see header and footer though! Also all the other pages are working just fine. Any suggestions?

Leave a Comment

Your email address will not be published. Required fields are marked *

Get Connect With Us

Subscribe to our email newsletter to get the latest posts delivered right to your email.
Pure inspiration, zero spam ✨