• What are the changes with Patch?
  • How to check if Patch applied properly or not?
  • How to test after apply patch?
  • What are the changes with Patch?
    Example:
    Change1: Admin routing in module's config file.

    Wrong Code:
    < imagegallery >
    < use >admin< /use >
    < args >
    < module >Mypackage_ImageGallery< /module >
    < frontName >imagegallery< /frontName >
    < /args >
    < /imagegallery >

    Correct Code:
    < adminhtml >
    < args >
    < modules >
    < imagegallery before="Mage_Adminhtml">
    Mypackage_ImageGallery_Adminhtml< /imagegallery >
    < /modules >
    < /args >
    < /adminhtml >

    Change2: Admin routing in module's config file for menu action.

    Wrong Code:
    < adminhtml >
    < menu >
    < imagegallery module="imagegallery" >
    < title >Image Gallery< /title >
    < sort_order >71< /sort_order >
    < children >
    < items module="imagegallery" >
    < title >Manage Image Gallery< /title >
    < sort_order >0< /sort_order >
    < action >imagegallery/adminhtml_imagegallery< /action >
    < /items >
    < /children >
    < /imagegallery >
    < /menu >
    < /adminhtml >

    Correct Code:
    < adminhtml >
    < menu >
    < imagegallery module="imagegallery" >
    < title >Image Gallery< /title >
    < sort_order >71< /sort_order >
    < children >
    < items module="imagegallery" >
    < title >Manage Image Gallery< /title >
    < sort_order >0< /sort_order >
    < action >adminhtml/imagegallery_imagegallery< /action >
    < /items >
    < /children >
    < /imagegallery >
    < /menu >
    < /adminhtml >

    Change3: Admin Controller Class Change
    I] Move Class File:
    From: app/code/local/Mypackage/ImageGallery/controllers/Adminhtml
    /ImagegalleryController.php
    To: app/code/local/Mypackage/ImageGallery/controllers/Adminhtml/Imagegallery
    /ImagegalleryController.php

    ii] Change Controller Class Name:
    From: Mypackage_ImageGallery_Adminhtml_ImagegalleryController
    To: Mypackage_ImageGallery_Adminhtml_Imagegallery_ImagegalleryController

    Change4: Changes in Module Link
    I] Wrong Code:
    return Mage::helper('adminhtml')->getUrl('mymodule/adminhtml_imagegallery/index');

    Correct Code:
    return Mage::helper('adminhtml')->getUrl('adminhtml/mymodule_imagegallery/index');

    ii] Wrong Code:
    $url = $this->getUrl('mymodule/adminhtml_field/save');

    Correct Code:
    $url = $this->getUrl('adminhtml/mymodule_field/save');

    Change5: ERROR: POSSIBLE SQL VULNERABILITY

    Wrong Code:
    $collection->addFieldToFilter('`main_table`.account_id', $accountId);

    Correct Code:
    $collection->addFieldToFilter('main_table.account_id', $accountId);

    Wrong Code:
    $collection->getSelect()
    ->joinLeft(
    array('cc' => Mage::getSingleton('core/resource')
    ->getTableName('catalog/category')),
    '`main_table`.`category_id` = `cc`.`entity_id`',
    array('path_ids'=>'path')
    );

    Correct Code:
    $collection->getSelect()
    ->joinLeft(
    array('cc' => Mage::getSingleton('core/resource
    ')->getTableName('catalog/category')),
    'main_table.category_id' ='cc.entity_id',
    array('path_ids'=>'path')
    );

    Wrong Code:
    $collection->getSelect()->where('`second_table`.`link_info` IS NULL');

    Correct Code:
    $collection->getSelect()->where('second_table.link_info IS NULL');
    How to check if Patch applied properly or not?
    After Apply Magento: Magento Security Patch (SUPEE6788)

    Before Start Testing make sure if patch is applied successfully or if there still any possible area remain to fix.

    To check using following reference tool:
    "Magento® SUPEE-6788 Developer Toolbox"
    Link : https://github.com/rhoerr/supee-6788-toolbox

    Run following command:
    php -f fixSUPEE6788.php -- analyze recordAffected

    If any affected things then we can see differences in following logs:

    • SUPEE-6788 Developer Toolbox by ParadoxLabs
    • https://github.com/rhoerr/supee-6788-toolbox
    • Time: 2015-11-03T10:11:34+00:00
    • Loading whitelists
    • Searching config for bad routers
    • Moving controllers for bad routers to avoid conflicts
    • Searching files for bad routes
    • Searching for whitelist problems
    • Summary

    Affected Modules:
    Affected Files:
    Issues:
    See var/log/fixSUPEE6788.log for a record of all results.
    Wrote affected modules to var/log/fixSUPEE6788-modules.log

    Affected Modules:
    Affected Files:
    Issues:
    See var/log/fixSUPEE6788.log for a record of all results.
    Wrote affected modules to var/log/fixSUPEE6788-modules.log
    Wrote affected files to var/log/fixSUPEE6788-files.log
    How to test after apply patch?
    After Apply Patch Successfully and fixes done as per patch instruction, following are two main testing area. If any modules that are affected by patch so testing area are depend on what are changed.

    Testing Area:
    A] Frontend
    B] Admin/Backend

    B] Frontend:
    B-i] Test CMS Pages or emails where possibility of uses:
    variables (config path) like {{config_path="design/email/footer"}} and (block type)
    like {{block type='mymodule/product_new'}} by any module or extensions.
    Test if all place is ok as expected result.

    B-ii] Test all modles listing and view page where possibility of uses collection query like
    $collection->addFieldToFilter('`fieldname`', array('eq'=>1));

    Please do test there should not be any error like:
    SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax;
    check the manual that corresponds to your MySQL server version for the right syntax to use near '.`value)` = 1)...

    B-iii] Go to Login Page, Create Account Page, Password Forgotton Page and do view source of page and
    find "form_key" in form area. If this key is not adding/found in form area then it must need to fix.

    A] Admin/Backend:
    A-i]
    To disable "Admin routing compatibility mode for extensions" Go To:
    Admin->System->Configuration->Advanced->Admin->Security->Admin routing compatibility mode for extensions -> Disable

    A-ii]
    In admin there should be two new links added for variables and block:
    Go to:
    Admin->System->Permissions->Variables
    Admin->System->Permissions->Blocks

    Please check if any new config path variables and block type used modules and extensions must be
    white listed here.