Magento recently released 2 new patches SUPEE 7405 and SUPEE 7616. In this article I will give you information why you should install SUPEE 7405 and help you install SUPEE 7405 on your Magento 1.x with or without SSH.

Index:

SUPEE 7405 (Bundle Security Patch)

SUPEE 7405 is for certain vulnerabilities that can potentially be exploited to steal your customer information or take over administrator sessions. As per the Magento there are no confirmed attacks because of this vulnerability. Please check administrator accounts, unfamiliar files on the server, etc. if your store already been attacked.

Install SUPEE-7405 with SSH

  1. Download SUPEE 7405 from the Magento official website. Please download the Patch file corresponding to your Magento version.
    https://www.magentocommerce.com/download
  2. You must have SSH access of your server to install the patch using patch files, if you don’t have you can follow Install SUPEE 7405 without SSH (below method)
  3. Please disable compiler before installing the patch if enabled, check system > configuration > Tools > Magento Compiler and clear compiled cache.
  4. Upload the patch in the root directory of your Magento files and Run the patch file by running this command.
    Example: sh PATCH_SUPEE-7405_CE_1.9.2.2_v1-2016-01-20-04-35-33.sh
  5. Verify the Magento store functionality and flush the cache. You might need to flush the php opcode cache as well If you use PHP opcode caches (APC/XCache/eAccelerator).

MageReport.com should soon add these patches to check.

 

Install SUPEE-7405 without SSH

If you don’t have SSH access of your server, this method you can use to install the latest security patches however, it is highly recommended to upgrade your Magento version to 1.9.2.3 which includes all the security patches but in case you are not able to upgrade and you don’t have SSH follow this method.

  1. Make sure you have installed all the previous patches before installing this one (SUPEE-1533, SUPEE-5344, SUPEE-5994, SUPEE-6285, SUPEE-6482, SUPEE-6788)
  2. Disable Magento Compiler from system > configuration > Tools > Magento Compiler if enabled.
  3. Download the Pre Patched files from Github or from down below and simply upload in the root of Magento.
  4. Please make sure you keep backup of the files you are replacing.
    Magento versionSUPEE-7405
    Magento 1.9.2.2SUPEE_7405_Magento_1.9.2.2
    Magento 1.9.2.0-1.9.2.1SUPEE_7405_Magento_1.9.2.1
    Magento 1.9.1.0-1.9.1.1SUPEE_7405_Magento_1.9.1.1
    Magento 1.8.1.0SUPEE_7405_Magento_1.8.1.0
    Magento 1.7.0.0-1.7.0.2SUPEE_7405_Magento_1.7.0.2

    ==================================================================================

    Magento versionSUPEE-7405 v 1.1
    Magento 1.9.2.3SUPEE_7405_v1.1_Magento_1.9.2.3
    Magento 1.9.2.2SUPEE_7405_v1.1_Magento_1.9.2.2
    Magento 1.9.2.1SUPEE_7405_v1.1_Magento_1.9.2.1
    Magento 1.9.1.1SUPEE_7405_v1.1_Magento_1.9.1.1
    Magento 1.8.1.0SUPEE_7405_v1.1_Magento_1.8.1.0
    Magento 1.7.0.2SUPEE_7405_v1.1_Magento_1.7.0.2
    Magento 1.6.2.0SUPEE_7405_v1.1_Magento_1.6.2.0

    ==================================================================================

  5. Clear the cache and run compiler (if it was enabled before). You might need to flush the php opcode cache as well If you use PHP opcode caches (APC/XCache/eAccelerator).
  6. Verify your Magento store functionality. MageReport.com should soon add these patches to check.

 

FAQs

[expand title=”1) Unable to login to the backend after the patch: Invalid form key error.“] Try to Flush your browser cookies and cache and delete the var/session files from Magento files.
[/expand] [expand title=”2) Admin order view page showing blank / broken screen“]

a) You can try this solution, hope it should help.
go to app/code/core/Mage/Adminhtml/Helper/Sales.php,

In the class Mage_Adminhtml_Helper_Sales around line number 124. The code is:

$links = [];

Change it to

$links = array();

b) One possible reason we came to know is lower then 5.4 PHP version. Ask your host to upgrade your PHP version and check.
[/expand] [expand title=”3) SOAP API URL /index.php/api/v2_soap/index/?wsdl=1 throws a 500 error“]

Bug Report has been created, we will have to wait for the response from Magento.
[/expand] [expand title=”4) Patch is not compatible with lower version then PHP 5.4“]

You can try this solution, hope it should help.
In the class Mage_Adminhtml_Helper_Sales around line number 124. The code is:

$links = [];

Change it to

$links = array();
[/expand]

Do leave a comment if you are facing any issue. We would love to help you out.

You can use our extension Applied Patches to check whether the patch has been installed or not. Magento Applied Patches
If you need help installing any other security patches, checkout our Ultimate Guide for Installing Magento Security Patches.

Happy Patching :))

Security-patch-installation-service

Click to rate this post!
[Total: 11 Average: 4.5]