cancel
Showing results for 
Search instead for 
Did you mean: 

CE 1.9.1.1 issue with SUPEE-10266

CE 1.9.1.1 issue with SUPEE-10266

This is for CE 1.9.1.1.

Installed this:
PATCH_SUPEE-9767_CE_1.9.3.0_v2-2017-07-11-11-04-56.sh

Which updated the validate() method in app/code/core/Mage/Core/Model/File/Validator/Image.php

Now trying to apply this:
PATCH_SUPEE-10266_CE_1.9.1.1_v1-2017-09-15-04-59-56.sh

And it's not compatible with the above update, gettting an error:

patching file app/code/core/Mage/Core/Model/File/Validator/Image.php
Hunk #1 FAILED at 90.

9 REPLIES 9

Re: CE 1.9.1.1 issue with SUPEE-10266

Me too, same version of Magento, same problem.

Re: CE 1.9.1.1 issue with SUPEE-10266

Same here, for 1.7.0.2 patch and 1.9.3.0...need to resolve asap

Re: CE 1.9.1.1 issue with SUPEE-10266

I'm having the same problem with the same version of Magento. Has anyone found a solution yet??

Re: CE 1.9.1.1 issue with SUPEE-10266

Bump. Same problem for me. Same version of Mage.

Re: CE 1.9.1.1 issue with SUPEE-10266

This solution to change a few lines of code in the patch file seemed to work for me:

 

https://magento.stackexchange.com/questions/193279/security-patch-supee-10266-possible-issues/193377...

Re: CE 1.9.1.1 issue with SUPEE-10266

Same issue for me. 

 

Re: CE 1.9.1.1 issue with SUPEE-10266

I have the same issue. any solution please?

Re: CE 1.9.1.1 issue with SUPEE-10266

Error:

checking file app/code/core/Mage/Core/Model/File/Validator/Image.php
Hunk #1 FAILED at 90.
1 out of 1 hunk FAILED
I fixed it by replacing lines 454-472 by 454-471 from PATCH_SUPEE-10266_CE_1.9.1.0_v1-2017-09-13-06-34-33.sh

Old code, line 454-472:

diff --git app/code/core/Mage/Core/Model/File/Validator/Image.php app/code/core/Mage/Core/Model/File/Validator/Image.php
index 7f7b9d0..8a28da2 100644
--- app/code/core/Mage/Core/Model/File/Validator/Image.php
+++ app/code/core/Mage/Core/Model/File/Validator/Image.php
@@ -90,7 +90,13 @@ class Mage_Core_Model_File_Validator_Image
         $fileInfo = getimagesize($filePath);
         if (is_array($fileInfo) and isset($fileInfo[2])) {
             if ($this->isImageType($fileInfo[2])) {
-                return null;
+                /**
+                 * if 'general/reprocess_images/active' false then skip image reprocessing.
+                 * NOTE: If you turn off images reprocessing, then your upload images process may cause security risks.
+                 */
+                if (!Mage::getStoreConfigFlag('general/reprocess_images/active')) {
+                    return null;
+                }
             }
         }
         throw Mage::exception('Mage_Core', Mage::helper('core')->__('Invalid MIME type.'));
New code, lines 454-471:

diff --git app/code/core/Mage/Core/Model/File/Validator/Image.php app/code/core/Mage/Core/Model/File/Validator/Image.php
index 8618bca..d3aba19 100644
--- app/code/core/Mage/Core/Model/File/Validator/Image.php
+++ app/code/core/Mage/Core/Model/File/Validator/Image.php
@@ -90,6 +90,13 @@ class Mage_Core_Model_File_Validator_Image
         list($imageWidth, $imageHeight, $fileType) = getimagesize($filePath);
         if ($fileType) {
             if ($this->isImageType($fileType)) {
+                /**
+                 * if 'general/reprocess_images/active' false then skip image reprocessing.
+                 * NOTE: If you turn off images reprocessing, then your upload images process may cause security risks.
+                 */
+                if (!Mage::getStoreConfigFlag('general/reprocess_images/active')) {
+                    return null;
+                }
                 //replace tmp image with re-sampled copy to exclude images with malicious data
                 $image = imagecreatefromstring(file_get_contents($filePath));
                 if ($image !== false) {

Re: CE 1.9.1.1 issue with SUPEE-10266

Above code will solve your problem.