How to Install Magento SUPEE 6788 with or without SSH
Securing the stores against any potential attacks or threats is a must factor for any E-commerce store. To serve this purpose, Magento releases Security Patches frequently. With the Security Patches correctly installed in Magento stores, the store owners increase the security and hence provide safe transaction experience to their customers!
Magento released Security Patch SUPEE 6788 on Oct 27, 2015, to ensure protection against threats such as remote code execution, information leaks, and cross-site scripting.
With nearing of Magento 1 end of life, it is strongly recommended to migrate to the latest Magento 2.4.6 rather than installing Magento SUPEE-6788.
Installing Magento SUPEE 6788
One of the below methods is to be followed to install Magento SUPEE 6788.
Method 1: Install Magento SUPEE 6788 using SSH
Contact your hosting provider if you don’t know how to set up SSH. Download Magento SUPEE 6788 Patches files for your Magento Version from here.
Upload the patch into your Magento root directory and run the appropriate SSH command:
For .sh file extension:
|
1 |
sh patch_file_name.sh |
Example:
|
1 |
sh PATCH_SUPEE-6788_CE_v1.9.3.2-1.9.3.7_v1-2018-02-23-06-01-40.sh |
For .patch file extension:
|
1 |
patch —p0 < patch_file_name.patch |
Note: Once executed the command, refresh the cache in the Admin under “System > Cache Management” so that the changes can be reflected. We strongly recommend that you test all patches in a test environment before taking them live.
Method 2: Install Magento SUPEE 6788 with PrePatched Files
Download the zip file for your Magento Version for the patch installation. You can also download these Pre Patched files from GitHub. After downloading the files, just upload it to your Magento root folder.
| Magento Version | SUPEE 6788 |
|---|---|
| Magento 1.9.2.1 | CE-1.9.2.1 |
| Magento 1.9.2.0 | CE-1.9.2.0 |
| Magento 1.9.1.1 | CE-1.9.1.1 |
| Magento 1.9.1.0 | CE-1.9.1.0 |
| Magento 1.9.0.1 | CE-1.9.0.1 |
| Magento 1.8.1.0 | CE-1.8.1.0 |
| Magento 1.8.0.0 | CE-1.8.0.0 |
| Magento 1.7.0.2 | CE-1.7.0.2 |
| Magento 1.6.2.0 | CE-1.6.2.0 |
| Magento 1.6.1.0 | CE-1.6.1.0 |
| Magento 1.5.1.0 | CE-1.5.1.0 |
How to check if Magento SUPEE 6788 has been installed correctly?
Use magereport.com to check the accuracy of the installation process.
Magento SUPEE 6788 Installation Possible Issues:
After Magento SUPEE 6788 installation, if you don’t get bash output like “Patch was applied/reverted successfully”, check the output for any issues. If the issue still persists, it is recommended to update the .htaccess file. First of all, take a backup and replace the default one. If it doesn’t help, we provide advanced solution to follow but implemet it on your own responsibility.
Simply remove the lines 163-195 from the patch file which should start with:
|
1 |
diff --git .htaccess .htaccess |
and end with:
|
1 |
+ </Files> |
Additionally, if it helps apply the patch, simply add below lines at the end of your .htaccess file:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
## Deny access to cron.php <Files cron.php> ############################################ ## uncomment next lines to enable cron access with base HTTP authorization ## http://httpd.apache.org/docs/2.2/howto/auth.html ## ## Warning: .htpasswd file should be placed somewhere not accessible from the web. ## This is so that folks cannot download the password file. ## For example, if your documents are served out of /usr/local/apache/htdocs ## you might want to put the password file(s) in /usr/local/apache/. #AuthName "Cron auth" #AuthUserFile ../.htpasswd #AuthType basic #Require valid-user ############################################ Order allow,deny Deny from all </Files> |
Now check if any file has been infected with patch file override. Most of the updated files reside in core structure and they shouldn’t be affected but still it’s wise decision to check files below to check after patch installation:
- Any class overriding Mage_Customer_AccountController (magento_root/app/code/core/Mage/Customer/controllers/AccountController.php).
- Custom design theme may override customer registration form where you should simply add a form key right after the “form” tag:
|
1 |
<input type="hidden" name="form_key" value="<?php echo Mage::getSingleton('core/session')->getFormKey() ?>" /> |
- Affected templates are as follows:
- magento_root/app/design/frontend/base/default/template/customer/form/register.phtml
- magento_root/app/design/frontend/base/default/template/persistent/customer/form/register.phtml
- magento_root/app/design/frontend/rwd/enterprise/template/customer/form/register.phtml
- For Enterprise Edition:
- magento_root/app/design/frontend/enterprise/default/template/customer/form/register.phtml
- magento_root/app/design/frontend/enterprise/default/template/persistent/customer/form/register.phtml
- magento_root/app/design/frontend/rwd/enterprise/template/customer/form/register.phtml
- magento_root/app/design/frontend/rwd/enterprise/template/persistent/customer/form/register.phtml
- Forgot password reset form may have overridden, here, replace the “form” opening tag with the below one:
|
1 |
<form action="<?php echo $this->getUrl('*/*/resetpasswordpost'); ?>" method="post" id="form-validate"> |
- Affected templates are as follows:
- magento_root/app/design/frontend/base/default/template/customer/form/resetforgottenpassword.phtml
- magento_root/app/design/frontend/rwd/default/template/customer/form/resetforgottenpassword.phtml
- For Enterprise Edition:
- magento_root/app/design/frontend/enterprise/default/template/customer/form/resetforgottenpassword.phtml
- “customer_account_changeforgotten” may have replaced Customer layout “customer_account_resetpassword”. So, if you have magento_root/app/design/frontend/custom_package/custome_theme/layout/customer.xml or custom theme with the same file in “default”, “rwd” or “enterprise” packages, replace:
|
1 2 3 |
<customer_account_resetpassword translate="label"> ......... </customer_account_resetpassword> |
with:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
<customer_account_changeforgotten translate="label"> <label>Reset a Password</label> <remove name="right"/> <remove name="left"/> <reference name="head"> <action method="setTitle" translate="title" module="customer"> <title>Reset a Password</title> </action> </reference> <reference name="root"> <action method="setTemplate"> <template>page/1column.phtml</template> </action> <action method="setHeaderTitle" translate="title" module="customer"> <title>Reset a Password</title> </action> </reference> <reference name="content"> <block type="customer/account_changeforgotten" name="changeForgottenPassword" template="customer/form/resetforgottenpassword.phtml"/> </reference> </customer_account_changeforgotten> |
Feel free to ask any doubts in the Comments Section. I’d be happy helping you to solve your queries.
Store owners who don’t want to get into the task of installation may check Magento Security Patches Installation Service!
Also, Magento Upgrade is advisable over patch installation in order to get the latest features and higher security for your Magento stores! To get your Magento store upgraded to the latest version, check our Magento Upgrade Service.
Don’t forget to write down your suggestions, ask questions through commenting. Also hit the 5 stars below to appreciate our work.
Keep the security of your Magento store updated to the highest level using our Magento Security Patches Installation Service.
Prev
How to Install Magento SUPEE 6482 with or without SSH
How to Install Magento SUPEE 10266 With or Without SSH
Next