cancel
Showing results for 
Search instead for 
Did you mean: 

magento patch 6285 v2

magento patch 6285 v2

magento now requested to redownload the same patch, revert old one, and apply new one

and all just for this little part:

 

diff --git app/design/frontend/rwd/default/template/checkout/cart.phtml app/design/frontend/rwd/default/template/checkout/cart.phtml
index 7bceece..88753c3 100644
--- app/design/frontend/rwd/default/template/checkout/cart.phtml
+++ app/design/frontend/rwd/default/template/checkout/cart.phtml
@@ -115,7 +115,7 @@
                         <span class="or">-<?php echo $this->__('or'); ?>-</span>
 
                         <?php if($this->getContinueShoppingUrl()): ?>
-                            <button type="button" title="<?php echo $this->__('Continue Shopping') ?>" class="button2 btn-continue" onclick="setLocation('<?php echo $this->getContinueShoppingUrl() ?>')"><span><span><?php echo $this->__('Continue Shopping') ?></span></span></button>
+                            <button type="button" title="<?php echo $this->quoteEscape($this->__('Continue Shopping')) ?>" class="button2 btn-continue" onclick="setLocation('<?php echo Mage::helper('core')->quoteEscape($this->getContinueShoppingUrl()) ?>')"><span><span><?php echo $this->__('Continue Shopping') ?></span></span></button>
                         <?php endif; ?>
                         <!--[if lt IE 8]>
                         <input type="hidden" id="update_cart_action_container" />

why they just cant create a new patch, just for this one little fix?? LOL

------------
MagenX - Magento and Server optimization
7 REPLIES

Re: magento patch 6285 v2

Heh, it's Magento... I'm noticing this is only for the 1.9.0.0-1.9.1.1 patch, correct?

 

None of the other version patches have been incremented to v2

I used site ground to update to v1.9.2.0 do i still need to patch anything

Hi

 

i downloaded the patch SUPEE-6285,

however instead of using the patch, i used site grounds Softaculous to update magneto from 1.9.1.1 to 1.9.2.0, i did this on the 09/07/2015

I have just received the following email from magento....

 

"Re-download new Magento security patch
We are aware that you recently downloaded a Magento security patch on Tuesday, July 7th.
We’ve since learned that this security patch omitted patches on responsive web design (RWD) themes for XSS and have since published an updated version of the patch, which resolves this gap. We are specifically writing to you to take immediate action to return to the download page and download the updated patch V2. To apply the patch, you will need to revert the previous patch and apply the new version.

Thank you for your cooperation. We apologize for any inconvenience this may have caused.

Regards,
Magento Team"


Do I need to patch something else? or am I ok running my site as it is?

Re: I used site ground to update to v1.9.2.0 do i still need to patch anything

yes, this is the only change for one magento version 

looks like you have to manually change that file...

------------
MagenX - Magento and Server optimization

Re: I used site ground to update to v1.9.2.0 do i still need to patch anything

Note, if you applied Version 1 of the patch and now need to revert the patch and cannot because you deleted it from everywhere (good idea to keep an archive of Magento changes BTW!!!) and install Version 2, Magento has added the v1 patch back to the download page.

Re: I used site ground to update to v1.9.2.0 do i still need to patch anything

can you give me a idea of what steps i need to take to make the changes?

 

I'm new to magento and i'm basically learning

Re: I used site ground to update to v1.9.2.0 do i still need to patch anything

If you are running version 1.9.2.0, then the patch is not needed. It is only needed for 1.9.1.1 or older.

Re: I used site ground to update to v1.9.2.0 do i still need to patch anything

Good pointer, we've got confused people out there trying to apply the SUPEE-6285 V1 to revert and then reapply SUPEE-6285 V2  to their Magento 1.9.2.0 installations.

 

Examining the code in the RWD checkout.phtml file shows it's already got the XSS patch, no need to mess with 1.9.2.0!

 

    <?php if($this->getContinueShoppingUrl()): ?>
        <button type="button" title="<?php echo $this->quoteEscape($this->__('Continue Shopping')) ?>" class="button2 btn-continue" onclick="setLocation('<?php echo Mage::helper('core')->quoteEscape($this->getContinueShoppingUrl()) ?>')"><span><span><?php echo $this->__('Continue Shopping') ?></span></span></button>
    <?php endif; ?>

 

For everyone out there, 1.9.2.0 is fine, the patch is for 1.9.x.x previous to this. If you applied the V1 patch, it's missing an update to the template file

 

app/design/frontend/rwd/default/template/checkout/cart.phtml

And you're better off just manually editing the file to change the line out and making a note in applied.patches.list

 

Remove    <button type="button" title="<?php echo $this->__('Continue Shopping') ?>" class="button2 btn-continue" onclick="setLocation('<?php echo $this->getContinueShoppingUrl() ?>')"><span><span><?php echo $this->__('Continue Shopping') ?></span></span></button>
Replace    <button type="button" title="<?php echo $this->quoteEscape($this->__('Continue Shopping')) ?>" class="button2 btn-continue" onclick="setLocation('<?php echo Mage::helper('core')->quoteEscape($this->getContinueShoppingUrl()) ?>')"><span><span><?php echo $this->__('Continue Shopping') ?></span></span></button>