cancel
Showing results for 
Search instead for 
Did you mean: 

SUPEE-6482 shows unknown

SUPEE-6482 shows unknown

After install 6482.

 

I checking on magereport.com and it show Unknow.

 

Security patch 6482 (XSS)   unknown

 

Can you help me.

 

3 REPLIES

Re: SUPEE-6482 shows unknown

Hi @Thunghiem

 

Which version of Magento are you using and how did you apply the patch?

 

Check app/code/core/Mage/Api/Model/Server/Adapter/Soap.php file 

 

-        if( $withAuth ) {
-            $phpAuthUser = $this->getController()->getRequest()->getServer('PHP_AUTH_USER', false);
-            $phpAuthPw = $this->getController()->getRequest()->getServer('PHP_AUTH_PW', false);
+        if ( $withAuth ) {
+            $phpAuthUser = rawurlencode($this->getController()->getRequest()->getServer('PHP_AUTH_USER', false));
+            $phpAuthPw = rawurlencode($this->getController()->getRequest()->getServer('PHP_AUTH_PW', false));
+            $scheme = rawurlencode($this->getController()->getRequest()->getScheme());

in the above file the line which have - in front of them should be replaced by the lines with + in front of them. 

 

If you see as I mentioned I think you have applied the patch correctly.

 

I have mentioned the code from patch file PATCH_SUPEE-6482_CE_1.8.0.0_v1-2015-08-03-06-52-35.sh

 

magereport.com do not have access to your code so it may show false reoort also.

 

---
Problem Solved Click Accept as Solution!:Magento Community India Forum

Re: SUPEE-6482 shows unknown

Dear muk_t,

 

In admin it show version 1.9.1.0. But when i check on this page

 

http://magescan.steverobbins.com/

 

It show version is 1.9.2.0.

 

I try apply version 1.9.1.1 and 1.9.2.0 all it still show unknown.

 

 

Re: SUPEE-6482 shows unknown

 Dear muk_t,

 

How will i do to downgrade to 1.9.1.0 from 1.9.2.0.

 

Thanks.