Magento has released a new security patch that affects many parts of Magento and as a result will affect your store. You should use various good practices when installing this patch or else it will negatively affect your store.
Preparing to install the SUPEE-6788 patch
Before you install the Magento security patch you MUST install all previous security patches. This will ensure that it can be properly installed. In addition, you should follow these other recommendations:
- Create a development environment and install the patch there first. The patch causes many core Magento changes that will break extensions and customizations
- Only after your development environment has been fully tested should you move the changes to production
What are some of the behavior changes of Magento after the patch?
- Bypassing the admin.html module for admin URLs will no longer work. Any extension that does this will no longer work after installing the patch.
- SQL field names and quoted field names will no longer be allowed with collection filtering. Any extension that makes use of this will not work after the patch
- The magento CMS system now uses a whitelist system of allowed block / config directives
If you are using any extensions that are affected they will not work. So, ensure you wait to update until any of these issues are resolved with your store.
Okay, I am ready. What are the installation steps?
Download the patch and you will have an sh file. Upload this to your magento root directory and run the following in shell. Replace [file name] with the actual name of the downloaded sh file.
sh [file name]