A new security patch has been released for Magento in the last few days. I have had to patch a number of sites running different Magneto versions and ran into a couple of common issues. This might help others having trouble.
“Patch can’t be applied/reverted successfull”
If the patch refuses to install, claiming there to be an issue with the .htaccess file, such as
ERROR: Patch can’t be applied/reverted successfully
patching file .htaccess
Hunk #1 succeeded at….
then you have reached a common issue. The problem is that the patch is expecting a pretty much unmodified .htaccess file. Odd considering that this file is one of the most likely files to be modified almost immediately.
The solution is to replace your .htaccess with a clean one from the install zip (or tar) file. Rename your original one first to .htaccess.proper or somesuch. Plop in the original .htaccess and then run the patch. If the patch completes run a file compare and add the new bits to your .htaccess.proper. The additional lines will probably be at the end of the patched file and relate to cron.php.
Remove the .htaccess file and rename your .htaccess.proper back to .htaccess.
The same thing can happen with a couple of other files/locations including:
- .htaccess.sample (why would you have this live? patch needs it though). Add it, patch it and remove it.
- For more recent versions of magento there may also be a dev folder which the patch will attempt to, er, patch. In some places it is recommended to remove this from a live environment. However, not having this folder can also cause the SUPEE 6788 to fail. Again, add it, patch it, remove it from live.
Make sure that you check the applied.patches.list (located in /app/etc/) to make sure that your patch has been applied.
Forms no longer submitting
One additional gotcha to watch out for is any custom forms that you may have on your site. Following the patch I found the “my account -> create new account” forms would no longer submit. Forms now need a form_key field to be processed so you will need to make sure that any custom forms you have kicking about, that may not have been patched, now include the hidden form_key field:
<input type=”hidden” name=”form_key” value=”<?php echo Mage::getSingleton(‘core/session’)->getFormKey() ?>” />
Existing modules not working
I have found some existing modules have stopped working. At the moment I don’t have a fix-all solution. Check for updates in Magento Connect or contact the module creators.
If I find any more things I will let you know. If you spot any please comment.