Applying patches manually with no SSH access
You have a good point here. The patches are supplied as .sh files and there is no solution offered by Magento for FTP only websites.
I suggest one would copy his website's code to a local environment through FTP (you would probably have that already). Then apply the patch by running the .sh file.
Now you need to find out which files you need to upload again. If you would open the .sh patch file, then you will see it consist of two sections:
- Bash shell code to apply the patch. This code is general for every patch.
- The actual patch in the form of a unified patch format. This indicates only the lines in files that were changed (including some context lines). This starts below the line
__PATCHFILE_FOLLOWS__
From the second section you could read which files were/are affected by the patch. You need to upload these files again to your FTP or... you could just upload everything.
Applying manually without bash/shell
- If you can't run
.sh files (in Windows), then you could extract the second section of the patch (the unified patch) and apply it manually with a patching tool (or for example through PHPStorm).
- The website Magentary.com provides ZIP files for each Magento version containing the patched files only.
Patches in current & future releases?
The patches that are released right now apply to all versions that were already released. Of course, might Magento release a new version (major or minor). Then they will contain all security patches as Magento will also apply the patches to their development code base naturally (these patches even originate from that code base ;)).
UPDATE:
Every last patch Magento has also released new versions of Magento CE and EE already containing the specific latest patch. See the Release Archive tab on the Magento download page.
Check this sheet, maintained by JH, for which patches to install for which Magento CE and EE version: https://docs.google.com/spreadsheets/d/1MTbU9Bq130zrrsJwLIB9d8qnGfYZnkm4jBlfNaBF19M
In Magento 1.9.3.x, catalogsearch_result table is NO longer used I think.
There are minor differences/changes in CatalogSearch module in 1.9.3.x and 1.9.0.x versions.
You can check app\code\core\Mage\CatalogSearch\Model\Fulltext.php, here NEW property _foundData is added which holds FullText search results instead saving in catalogsearch_result table.
Check prepareResult method of both versions,
In 1.9.3.x versions,
$this->_foundData = $adapter->fetchPairs($select, $bind);
In 1.9.0.x versions,
$sql = $adapter->insertFromSelect($select,
$this->getTable('catalogsearch/result'),
array(),
Varien_Db_Adapter_Interface::INSERT_ON_DUPLICATE);
$adapter->query($sql, $bind);
What should be done now (for 1.9.3.x versions) ?
You can use getFoundData method of this class to get results :
$searchText = STRING_TO_SEARCH;
$query = Mage::getModel('catalogsearch/query')->loadByQueryText($searchText);
if($query->getId()){
$fulltextResource = Mage::getResourceModel('catalogsearch/fulltext')->prepareResult(
Mage::getModel('catalogsearch/fulltext'),
$query->getQueryText(),
$query
);
$prod_ids = $fulltextResource->getFoundData();
//print_r($prod_ids);
}
Here $prod_ids is an Array variable which contains Product Id and No. of count as Key=>Value pair.
Best Answer
The reason why Magento is doing this is because whenever a patch is released, they need to include it into a new release. Otherwise they are going to have to say "Hey download 1.9.3.0, then add SUPEE-8788 and SUPEE-9652". Then people that don't know how to apply patches are going to complain (and they have which is why they are doing this).
If you take a look at patch SUPEE-9652, that is where you see the sendmail.php update. The dates are changed to 2017 because this release is in 2017 and the last one is was in 2016.
The Magento 1 version policy looks like this:
1 . MAJOR . MINOR . PATCH