Home How To How to install SUPEE 7405 with or without SSH
Categories: How ToMagento Security

How to install SUPEE 7405 with or without SSH

How to install SUPEE 7405 with or without SSH

Magento recently released 2 new patches SUPEE 7405 and SUPEE 7616. In this article I will give you information why you should install SUPEE 7405 and help you install SUPEE 7405 on your Magento 1.x with or without SSH.

Index:

SUPEE 7405 (Bundle Security Patch)

SUPEE 7405 is for certain vulnerabilities that can potentially be exploited to steal your customer information or take over administrator sessions. As per the Magento there are no confirmed attacks because of this vulnerability. Please check administrator accounts, unfamiliar files on the server, etc. if your store already been attacked.

Install SUPEE-7405 with SSH

  1. Download SUPEE 7405 from the Magento official website. Please download the Patch file corresponding to your Magento version.
    https://experienceleague.adobe.com/docs/commerce-operations/installation-guide/overview.html
  2. You must have SSH access of your server to install the patch using patch files, if you don’t have you can follow Install SUPEE 7405 without SSH (below method)
  3. Please disable compiler before installing the patch if enabled, check system > configuration > Tools > Magento Compiler and clear compiled cache.
  4. Upload the patch in the root directory of your Magento files and Run the patch file by running this command. 
    sh patch_file_name.sh

    Example: sh PATCH_SUPEE-7405_CE_1.9.2.2_v1-2016-01-20-04-35-33.sh

  5. Verify the Magento store functionality and flush the cache. You might need to flush the php opcode cache as well If you use PHP opcode caches (APC/XCache/eAccelerator).

MageReport.com should soon add these patches to check.

 

Install SUPEE-7405 without SSH

If you don’t have SSH access of your server, this method you can use to install the latest security patches however, it is highly recommended to upgrade your Magento version to 1.9.2.3 which includes all the security patches but in case you are not able to upgrade and you don’t have SSH follow this method.

  1. Make sure you have installed all the previous patches before installing this one (SUPEE-1533, SUPEE-5344, SUPEE-5994, SUPEE-6285, SUPEE-6482, SUPEE-6788)
  2. Disable Magento Compiler from system > configuration > Tools > Magento Compiler if enabled.
  3. Download the Pre Patched files from Github or from down below and simply upload in the root of Magento.
  4. Please make sure you keep backup of the files you are replacing.
    Magento version SUPEE-7405
    Magento 1.9.2.2 SUPEE_7405_Magento_1.9.2.2
    Magento 1.9.2.0-1.9.2.1 SUPEE_7405_Magento_1.9.2.1
    Magento 1.9.1.0-1.9.1.1 SUPEE_7405_Magento_1.9.1.1
    Magento 1.8.1.0 SUPEE_7405_Magento_1.8.1.0
    Magento 1.7.0.0-1.7.0.2 SUPEE_7405_Magento_1.7.0.2

    ==================================================================================

    Magento version SUPEE-7405 v 1.1
    Magento 1.9.2.3 SUPEE_7405_v1.1_Magento_1.9.2.3
    Magento 1.9.2.2 SUPEE_7405_v1.1_Magento_1.9.2.2
    Magento 1.9.2.1 SUPEE_7405_v1.1_Magento_1.9.2.1
    Magento 1.9.1.1 SUPEE_7405_v1.1_Magento_1.9.1.1
    Magento 1.8.1.0 SUPEE_7405_v1.1_Magento_1.8.1.0
    Magento 1.7.0.2 SUPEE_7405_v1.1_Magento_1.7.0.2
    Magento 1.6.2.0 SUPEE_7405_v1.1_Magento_1.6.2.0

    ==================================================================================

  5. Clear the cache and run compiler (if it was enabled before). You might need to flush the php opcode cache as well If you use PHP opcode caches (APC/XCache/eAccelerator).
  6. Verify your Magento store functionality. MageReport.com should soon add these patches to check.

 

FAQs

[expand title=”1) Unable to login to the backend after the patch: Invalid form key error.“] Try to Flush your browser cookies and cache and delete the var/session files from Magento files.
[/expand] [expand title=”2) Admin order view page showing blank / broken screen“]

a) You can try this solution, hope it should help.
go to app/code/core/Mage/Adminhtml/Helper/Sales.php,

In the class Mage_Adminhtml_Helper_Sales around line number 124. The code is:

$links = [];

Change it to

$links = array();

b) One possible reason we came to know is lower then 5.4 PHP version. Ask your host to upgrade your PHP version and check.
[/expand] [expand title=”3) SOAP API URL /index.php/api/v2_soap/index/?wsdl=1 throws a 500 error“]

Bug Report has been created, we will have to wait for the response from Magento.
[/expand] [expand title=”4) Patch is not compatible with lower version then PHP 5.4“]

You can try this solution, hope it should help.
In the class Mage_Adminhtml_Helper_Sales around line number 124. The code is:

$links = [];

Change it to

$links = array();
[/expand]

Do leave a comment if you are facing any issue. We would love to help you out.

You can use our extension Applied Patches to check whether the patch has been installed or not. Magento Applied Patches
If you need help installing any other security patches, checkout our Ultimate Guide for Installing Magento Security Patches.

Happy Patching :))

Click to rate this post!
[Total: 11 Average: 4.5]
Dhiren Vasoya

Dhiren Vasoya is a Director and Co-founder at MageComp, Passionate ?️ Certified Magento Developer?‍?. He has more than 9 years of experience in Magento Development and completed 850+ projects to solve the most important E-commerce challenges. He is fond❤️ of coding and if he is not busy developing then you can find him at the cricket ground, hitting boundaries.?

View Comments

  • After installing the patch I am not able to see products in home page. I can see header and footer though! Also all the other pages are working just fine. Any suggestions?

  • I'm having crazy issues on checkout page - it kicks the client out of the checkout:

    500 Server error on /checkout/onepage/progress/?toStep=shipping_method

    sometimes on billing too.

    The issue is intermittent, sometimes it shows up, sometimes not.

    SUPEE 7405 I have applied both 1.0 and 1.1 via FTP(direct file upload), but the issue with checkout still persists!

    Please help!

    PS: Both MCRYPT,MBSTRING and SOAP are enabled on the server. I'm running PHP 5.4.45 with APC 3.1.13 on 1230 Intel CPU, 16GB of RAM, 2TB Drives

    Update:

    Chrome Console spits this out:

    prototype.js:1530 POST /checkout/onepage/saveBilling/ 500 (Internal Server Error)

    Ajax.Request.Class.create.request @ prototype.js:1530 Ajax.Request.Class.create.initialize @ prototype.js:1495 (anonymous function) @ prototype.js:429 klass @ prototype.js:101Billing.save @ /skin/frontend/base/default/js/opcheckout.js:313 onclick @ /checkout/onepage/:679

    UPDATE: Apache Logs have these types of errors:

    24.87.30.186 - - [21/Apr/2016:16:13:43 -0700] "POST /checkout/onepage/saveBilling/ HTTP/1.1" 500 - "https://www.example.com/checkout/onepage/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36"

    216.129.65.170 - - [21/Apr/2016:16:08:00 -0700] "GET /checkout/onepage/progress/?toStep=payment HTTP/1.1" 500 461 "https://www.example.com/checkout/onepage/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36"

    216.129.65.170 - - [21/Apr/2016:16:08:00 -0700] "GET /checkout/onepage/progress/?toStep=payment HTTP/1.1" 500 461 "https://www.example.com/checkout/onepage/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36"

  • [Mon Apr 18 12:26:35.798979 2016] [:error] [pid 27208] [client 207.46.13.143:15409] PHP Warning: include_once(): Failed opening '/var/www/store/includes/src/Varien_Autoload.php' for inclusion (include_path='/var/www/store/includes/src:.:/usr/share/php:/usr/share/pear') in /var/www/outlet/app/Mage.php on line 37
    [Mon Apr 18 12:26:35.798996 2016] [:error] [pid 27208] [client 207.46.13.143:15409] PHP Fatal error: Class 'Varien_Autoload' not found in /var/www/store/app/Mage.php on line 54

    Solution:
    via the console/ssh you can use
    $ php -f shell/compiler.php -- disable
    $ php -f shell/compiler.php -- clear
    $ php -f shell/compiler.php -- compile
    $ php -f shell/compiler.php -- enable
    might need the fourth line...not sure.

    Credits

    http://magento.stackexchange.com/questions/68010/error-after-successfull-patch-supee-5994-class-mage-install-controller-router

  • about SUPEE-7405 Security Patch ...
    do i have to upgrade my magento CE 1.9.2.2 to 1.9.2.3 or not ?
    if yes? how can i upgrade that. i hting because of that i cant patch SUPEE 7405 security patch.....

    can you help me

    • Hello Kurt,

      It is not advisable to upgrade the Magento version by yourself because there are 60-80% chances of getting error which needs to be solved.
      Contact us and our technical support team will be happy to help you with you it,

  • Ok guys I have a question. I Installed SUPEE-7405 V 1.1 and when I logged into my admin all of my orders where gone but one. Why that one was there I have no clue. NOW.... when I installed the first version of this security patch I edited the Uploader.php file in the lib/Varien/File path. (This was the only file I messed with from the earlier version of patch 7405.)

    I changed this code on line 219 from:
    chmod($destinationFile, 0640);

    to this
    chmod($destinationFile, 0666);

    Before installing this new version I didn't add the original file back. Should I do that first and make it say 640 again? Just don't know why that would make a difference in my orders showing or not showing since this file deals with images and the uploading of them. Any ways I thought I would pick your brains first before trying other methods. As all ways you guys do a killer job here and thanks fore everything. Cheers!

    Shawn

    • Hello Shawn,

      Make sure you have installed the SUPEE 7405 correctly and then it's 1.1 version.
      Order blank page issue and image uploading issue sorted out in 1.1 version of 7405.
      Your issue seems little odd, you are able to see one order as much as i can understand from your comment,
      There shouldn't be such issue with the patch installation.

      Still try to remember, if you have done any other changes or contact us, our technical support team can help you to debug the issue.

      Thank you

      • Magecomp,

        Well I tried it again this morning and everything worked fine after installing the patch. Not sure what it was before hand but all is good. So once again thanks for everything! Cheers

  • I installed it by doing without ssh(ftp), but cant check if it installed successfully...
    I test it with some extensions like appliedpatches or the same with philwinkle but it shows only 1.9.2.3...
    no patch informations.
    How can I be sure that is all ok ?

    • Hello Schmidt,

      If you install the patch, that doesn't mean Magento version will be changed. If you have installed Patch using FTP, you won't be able to verify it with any extension like you mentioned. Did you check in https://www.magereport.com/?
      Please install SUPEE 7405 v 1.1 after older SUPEE 7405.

Leave a Comment
Share
Published by
Dhiren Vasoya
9 years ago

Recent Posts

How to Add Tooltip in Checkout Shipping Field in Magento 2?

Hello Magento Friends, In today’s blog, I will explain How to Add Tooltip in Checkout…

2 days ago

How to Integrate and Use MongoDB with Laravel?

MongoDB is a popular NoSQL database that offers flexibility and scalability when handling modern web…

3 days ago

NodeJS | Callback Function

In NodeJS, callbacks empower developers to execute asynchronous operations like reading files, handling requests, and…

4 days ago

How to Show SKU in Order Summary in Magento 2?

Hello Magento Friends, In today’s blog, we will learn How to Show SKU in Order…

6 days ago

Best Colors to Use for CTA Buttons

The "Buy Now" and "Add to Cart" buttons serve as the primary call-to-action (CTA) elements…

1 week ago

Magento 2: How to Save Custom Field Value to quote_address for Multi-Shipping Orders

Hello Magento Friends, In Magento 2, the checkout process allows customers to choose multiple shipping…

1 week ago