0

i got this message from Magento

"Critical Reminder: Download and install Magento security patches. Download now."

and after i installed the required patches successfully i still got that message, so my question is how i insure these patches installed successfully? and if should i remove that alert manually?

Mohammed Asad
  • 3
  • 3

3 Answers3

5

That message is coming from Magento's RSS feed - it's not based on whether or not you have installed the patch, so if you installed the patch you can remove the alert manually.

There is a scanner at https://shoplift.byte.nl/ which checks whether you've installed the SUPEE-5344 patch correctly.

xyphoid
  • 985
  • 6
  • 11
0

One of the main files patched is app/core/Mage/Core/Controller/Request/Http.php

For example in Magento 1.6.2.0, doing a diff between the patched file and the original shows the following added code. 

Compare: (<)V:\Magento\Magento 1.6\Changes\20150217 Patches\5346\Http.php (15698 bytes)
   with: (>)V:\Magento\Magento 1.6\Changes\20150217 Patches\5346\Http.php.old (15031 bytes)

79,85d79
<      * Flag for recognizing if request internally forwarded
<      *
<      * @var bool
<      */
<     protected $_internallyForwarded = false;
< 
<     /**
540,562d533
< 
<     /**
<      * Define that request was forwarded internally
<      *
<      * @param boolean $flag
<      * @return Mage_Core_Controller_Request_Http
<      */
<     public function setInternallyForwarded($flag = true)
<     {
<         $this->_internallyForwarded = (bool)$flag;
<         return $this;
<     }
< 
<     /**
<      * Checks if request was forwarded internally
<      *
<      * @return bool
<      */
<     public function getInternallyForwarded()
<     {
<         return $this->_internallyForwarded;
<     }
<

The following command line entry can quickly tell if this file has been patched by looking for the added _internallyForwarded flag. Run it in your Magento root folder:

grep "_internallyForwarded" app/code/core/Mage/Core/Controller/Request/Http.php

The following shows the file has been patched.

public_html$ grep "_internallyForwarded" app/code/core/Mage/Core/Controller/Request/Http.php
     protected $_internallyForwarded = false;
        $this->_internallyForwarded = (bool)$flag;
        return $this->_internallyForwarded;

Other files that may have been patched:

app/code/core/Mage/Admin/Model/Observer.php
app/code/core/Mage/Core/Controller/Request/Http.php
lib/Varien/Db/Adapter/Pdo/Mysql.php

Also check app/etc/applied.patches.list to see what the latest patch applications are at the end of the list.

Watch in case Magento's totally excellent internal quality control identifies the patch as 5346 instead of 5344 as advertised on the download. They got it (something?) in the append message.

Fiasco Labs
  • 7,593
  • 4
  • 28
  • 48
  • Hi, I have checked applied.patches.list for getting sure which files are patched, then I can see .....SUPEE-5345 | EE_1.12.0.2 | v1 |....I guess this should be SUPEE-5345 | CE_1.7.0.2 instead SUPEE-5345 | EE_1.12.0.2 Is this correct ? Because I am not sure whether that is correct or not . As I am using magento CE_1.7.0.2 edition that's why I have been confused whether these are correct or not.so can you please confirm the same ? You can see the files I have downloaded are PATCH_SUPEE-1533_EE_1.12.x_v1-2015-02-10-08-19-16.sh and PATCH_SUPEE-5345_CE_1.7.0.2_v1-2015-02-10-08-11-22.sh – jyotiranjan.in Apr 20 '15 at 06:51
  • When you scan through the patch code, the 5344 patch internally is reported as 5344, 5345, 5346 so far, depending on the version of Magento being patched. – Fiasco Labs Apr 23 '15 at 03:41
0

Reminder

Reminder is implemented in Mage_AdminNotification module.

There is no check if patches were installed or not.

To remove reminder:

  • Login to backend
  • Navigate to System → Notification
  • Mark reminder as read or remove it

Patches

To apply patches:

Which patches were applied?

  • Check file /app/etc/applied.patches.list
Community
  • 1
Aleksey Razbakov
  • 580
  • 2
  • 6
  • 19