Recently, Magento has updated it’s SUPEE 10888 which includes multiple security enhancements that help close cross-site scripting (XSS), cross-site request forgery (CSRF) and other vulnerabilities.
To know all the functional fixes you can read official Magento Release notes for SUPEE 10888. We have come up with patch files and recommend you to install them as soon as possible to safeguard your Magento stores against potential security threats.
I have explained the installation of patches with both the ways here:
Follow this instruction to install a patch on your store,
Upload patch files in the root of Magento.
Make one file with the name of patch.php, write following code in it,
<!--?php print("<PRE>"); passthru("/bin/bash SUPEE-10888.sh"); print("</PRE>"); echo "Done"; ?-->
replace the file name in it, upload it in the root and run the file from the browser.
Name should be SH PATCH_SUPEE-10888_CE_v22.214.171.124_v1-2018-09-19-02-59-39.sh-34-37.sh
You should receive following screen once you run patch.php from the browser,
If you are getting error like this,
“Error! Some required system tools, that are utilized in this sh script, are not installed; Tool (s) “patch” is (are) missed, please install it(them).
That means system tools aren’t installed in your server to run the sh script, you can contact your hosting provider or follow another method.
You can install patch with SSH as well. You will need SSH, if you don’t know how to set up SSH, contact your hosting provider.
Upload the patch files in the root,
In ssh console, run the command as following.
For .sh file extension
For .patch file extension:
patch —p0 < patch_file_name.patch
Download the zip file for the patch installation. You can also download these Pre Patched files from GitHub. After downloading the files, simply upload it to your Magento root folder.
It is still recommended to upgrade to Magento version 126.96.36.199 which includes all the security patches including SUPEE 10888. If you need any help regarding Magento version Upgrade, Checkout our Magento Upgrade Service.