I recently upgraded from 1.8 to 1.9 and then to 220.127.116.11 using magento connect.
I supposed latest version contains all the bug fixes needed, but scanning my site with magereport.com it says
"Security patch 5344 (Shoplift) -> not installed"
I'm a bit confused..
The shoplift patch code is included in 18.104.22.168 yes. Not sure how the security scan works but it may be looking for the applied.patches.list (although probably not as that lives in app/etc which shouldn't be publicly accessible).
Thank you for your reply Richard.
The scan is trying to access some resources on the webserver (I see requests inside apache logs), most of them return 404 or 401 or 503 but some return 200 OK.
I submitted a bug report on magereport, I hope they will give us more detail about the scan.
That's probably the best way to go about it, No idea on how they check it's been applied so they will be far better to help you.
--- app/code/core/Mage/Admin/Model/Observer.php --- app/code/core/Mage/Core/Controller/Request/Http.php --- app/code/core/Mage/Oauth/controllers/Adminhtml/Oauth/AuthorizeController.php --- app/code/core/Mage/XmlConnect/Model/Observer.php --- lib/Varien/Db/Adapter/Pdo/Mysql.php
chiefair nice suggestion!
I compared those files and there are no differences.
Where did you get the list of changed files in latest magento version?
magereport developer told me /index.php/admin/Cms_Wysiwyg/directive/index/ SHOULD NOT throw any error, on my magento 22.214.171.124 installation it raises an exception.
He says: " It is true that 126.96.36.199 should contain the 5344 patch. Perhaps there are some remnants of an older installation?"