Solved: Re: SUPEE-6482 shows unknown

John Ricana · ‎01-18-2016

Hello,

After I have installed the SUPEE 6482, it is showing as "unknown" on magereport.com.

I have followed the correct installation guide which shows only affected 2 files after executing the patch:

- app/code/core/Mage/Api/Model/Server/Adapter/Soap.php

- app/code/core/Mage/Catalog/Model/Product/Api/V2.php

Please refer below for the actual error message from Magereport:

"We were unable to conclusively check your shop. The check might have been blocked by other emergency measures you, or your provider, have taken."

Thanks and Looking Forward!

Mukesh Tiwari · ‎01-20-2016

Hi @John Ricana

Why are you focusing only on the magereport site specifically?

Lets follow the following approach.

1) Download the fresh copy of patch file for the Magento version which you are using.

2) Now open this file with a text editor lets say notepad++

3) You will see something like following in the file.

diff --git app/code/core/Mage/Catalog/Model/Product/Api/V2.php app/code/core/Mage/Catalog/Model/Product/Api/V2.php
index 3179278..9e25106 100644
--- app/code/core/Mage/Catalog/Model/Product/Api/V2.php
+++ app/code/core/Mage/Catalog/Model/Product/Api/V2.php
@@ -108,7 +108,7 @@ class Mage_Catalog_Model_Product_Api_V2 extends Mage_Catalog_Model_Product_Api
      */
     public function create($type, $set, $sku, $productData, $store = null)
     {
-        if (!$type || !$set || !$sku) {
+        if (!$type || !$set || !$sku || !is_object($productData)) {
             $this->_fault('data_invalid');
         }

4) Now once you have applied the patch go to app/code/core/Mage/Catalog/Model/Product/Api/V2.php file.

In this file for public function create($type, $set, $sku, $productData, $store = null) method you should have following line

+        if (!$type || !$set || !$sku || !is_object($productData))

instead of if (!$type || !$set || !$sku) you can compare this file with default files of Magento version which you are using.

If you want to try with some another tool also then try this.Scan Your Magento Store

---
Problem Solved Click Accept as Solution!:Magento Community India Forum

View solution in original post

Mukesh Tiwari · ‎01-18-2016

Hi @John Ricana

Check for the applied.patches.list file at app/etc/ ;location. If it shows the patch files modified for SUPEE-6482 the everything should be ok. As you mentioned that file included in patch exists at specified locations.

---
Problem Solved Click Accept as Solution!:Magento Community India Forum

John Ricana · ‎01-18-2016

HI @Mukesh Tiwari

Thanks for your reply.

I have checked the applied.patches.list and there is no SUPEE 6482 on the list.

May I ask why is it not showing? and how do I fix this?

Below is the only contents of the applied.patches.list:

2013-12-31 00:12:42 UTC | SUPEE-2518 | CE_1.7.0.2 | v1 | e6f2d2354843b1ca69988a44de1761ce180e746c | Thu Nov 21 12:44:53 2013 +0200 | v1.7.0.2..SUPEE-2518
patching file app/code/core/Mage/Cms/Helper/Wysiwyg/Images.php

2014-01-12 20:01:49 UTC | SUPEE-2518 | CE_1.7.0.2 | v1 | e6f2d2354843b1ca69988a44de1761ce180e746c | Thu Nov 21 12:44:53 2013 +0200 | v1.7.0.2..SUPEE-2518
patching file app/code/core/Mage/Cms/Helper/Wysiwyg/Images.php

Mukesh Tiwari · ‎01-19-2016

Hi @John Ricana

How did you apply the patch? If you applied using SSH then applied.patches.list file should contain an entry mentioning the patch information.

---
Problem Solved Click Accept as Solution!:Magento Community India Forum

John Ricana · ‎01-19-2016

Hi @Mukesh Tiwari

Yes, we applied the patch via SSH. But I just found out that my teammate didn't add it to the git repo that's why it wasn't updated on our DEV and Production server. Thank you for this.

But was confuses me is that, on our DEV server it worked fine even though the file applied.patches.list was not updated or there was no SUPEE 6482 on the list. When we checked our DEV link on the magereport, it appears that the patch SUPEE 6482 is installed.

Would like to ask if that is possible?

Mukesh Tiwari · ‎01-19-2016

Hi @John Ricana

If you have both file in place then no need to worry.As a best practice always commit the applied.patches.list file to repository.

As it helps to track all the applied patches.Also make sure that this file is not accessible publicly in browser url. Magereport may not be 100% accurate some times.

---
Problem Solved Click Accept as Solution!:Magento Community India Forum

John Ricana · ‎01-19-2016

Hi @Mukesh Tiwari,

So now we have updated the file applied.patches.list with the patch but it still doesn't show as "installed" in magereport.com.

It still shows as "unknown" and with the same error notification message

"We were unable to conclusively check your shop. The check might have been blocked by other emergency measures you, or your provider, have taken." in the Magereport site.

But basically how do we check if a Security Patch is installed properly?

Can you please help check our site if the patch SUPEE 6482 is installed?

Mukesh Tiwari · ‎01-20-2016

Hi @John Ricana

Why are you focusing only on the magereport site specifically?

Lets follow the following approach.

1) Download the fresh copy of patch file for the Magento version which you are using.

2) Now open this file with a text editor lets say notepad++

3) You will see something like following in the file.

diff --git app/code/core/Mage/Catalog/Model/Product/Api/V2.php app/code/core/Mage/Catalog/Model/Product/Api/V2.php
index 3179278..9e25106 100644
--- app/code/core/Mage/Catalog/Model/Product/Api/V2.php
+++ app/code/core/Mage/Catalog/Model/Product/Api/V2.php
@@ -108,7 +108,7 @@ class Mage_Catalog_Model_Product_Api_V2 extends Mage_Catalog_Model_Product_Api
      */
     public function create($type, $set, $sku, $productData, $store = null)
     {
-        if (!$type || !$set || !$sku) {
+        if (!$type || !$set || !$sku || !is_object($productData)) {
             $this->_fault('data_invalid');
         }

4) Now once you have applied the patch go to app/code/core/Mage/Catalog/Model/Product/Api/V2.php file.

In this file for public function create($type, $set, $sku, $productData, $store = null) method you should have following line

+        if (!$type || !$set || !$sku || !is_object($productData))

instead of if (!$type || !$set || !$sku) you can compare this file with default files of Magento version which you are using.

If you want to try with some another tool also then try this.Scan Your Magento Store

---
Problem Solved Click Accept as Solution!:Magento Community India Forum

John Ricana · ‎01-20-2016

Hi @Mukesh Tiwari

Thanks for your help.

Basically I doubled check what we did when we installed the SUPEE 6482 including the one on step 3 and they are just the same with the ones on your steps listed above.

Also I found on the magereport site -> https://www.magereport.com/page/about#some_checks_are_grey_Can_I_make_them_green

"MageReport checks from the outside, because it cannot see your code. Sometimes checks will give an "unknown" result. This is notably the case for a fully patched shop".

I will closed now this ticket and thanks again!

By the way, is https://magentary.com/magento-security-patch-tester/ also a valid site? appreciate the help.