cancel
Showing results for 
Search instead for 
Did you mean: 

SUPEE-6788 Developer Toolbox

SUPEE-6788 Developer Toolbox

I am not a developer on this project, but thought this could be helpful to people here.

 

Analysis/fix tool for extension and customization conflicts resulting from the Magento SUPEE-6788 patch.

https://github.com/rhoerr/supee-6788-toolbox

 

Usage

  • Backup your website.
  • Upload fixSUPEE6788.php to {magento}/shell/fixSUPEE6788.php
  • To analyze: Run from SSH: php -f fixSUPEE6788.php -- analyze
  • To apply changes: Run from SSH: php -f fixSUPEE6788.php -- fix
  • To fix missing whitelist entries only: Run from SSH: php -f fixSUPEE6788.php -- fixWhitelists
  • Additional option: recordAffected - If given, two files will be written after running:var/log/fixSUPEE6788-modules.log containing all modules affected by the patch, andvar/log/fixSUPEE6788-files.log containing all files the script would/did modify. Use this to grab an archive of modified files (tar czf modified.tar.gz -T var/log/fixSUPEE6788-files.log), or weed out any files/modules for the fix whitelist.
  • Excluding files and modules: If given, shell/fixSUPEE6788-whitelist-modules.log andshell/fixSUPEE6788-whitelist-files.log will be loaded, and any files/modules included will be left out of all analysis and fixes. Format should be identical to the files produced byrecordAffected.
  • Command with options: php -f fixSUPEE6788.php -- analyze recordAffected

All results are output to screen and to var/log/fixSUPEE6788.log.

We recommend patching your site in two phases: First, apply the SUPEE-6788 patch and immediately run this script with the fixWhitelists flag to fix any functionality broken by the whitelist changes. (Verify that all entries added should in fact be there.) Then, run this script with analyze and/or fix to correct controller conflicts. Verify all is well, then disable the admin controller compatibility mode.

After patching, scan with MageReport.com to confirm your site is up to date.

2 REPLIES

Re: SUPEE-6788 Developer Toolbox

Nice. We used this on several and it was very handy.

Unfortunately, there are some problems with this one.

One of them is that it requires shell access while some hostings still don't provide that.

Another problem is that on multiple environments this is not handy anymore.

 

To make everyone's lives easier we created an extension for this - http://supee6788.magebit.com

It adds all blocks to whitelist. Once it has ran once it disables itself so the security is still as it should be.

Another great feature here is that you can set whitelist till date. For example, you have a site under development on multiple environments. Install this extension and set the date to golive date. After the golive date it will not whitelist automatically anymore. You can also use this to scan all blocks used in code to see/add/remove blocks manually via admin panel.

 

NOTE: This extension will be publicly available at 5PM (GMT+2), Oct 30 as we need to make sure all is ruuning great on different stores etc. If you need it faster - contact us and we can send you the beta version.

Re: SUPEE-6788 Developer Toolbox

Will running the Analyze step on supee-6788-toolbox modify any files?