After being prompted to install the new patch I went ahead and did so straight away.
But now I've gone back and looked at the .sh file I noticed there is changes being made to template files.
I had a custom theme and I also have a onestep checkout extension installed on my site, do I need to apply the patch to those somehow or do I not need to worry?
Best Answer
There's a series of changes you need to make in addition to just running the patch.
I've used the 1.9.1.1 patch as an example here, but sadly, the patches differ dependent on release.
Custom template files
If you have modified or overridden the
base/default
template with your own package/design, then you'll need to manually apply the patches as necessary to the following.In
app/design/frontend/base/default/template/checkout/cart.phtml
,In
app/design/frontend/base/default/template/checkout/cart/noItems.phtml
,In
app/design/frontend/base/default/template/checkout/onepage/failure.phtml
In
app/design/frontend/base/default/template/rss/order/details.phtml
,In
app/design/frontend/base/default/template/wishlist/email/rss.phtml
,In
app/design/frontend/default/modern/template/checkout/cart.phtml
,.htaccess
rulesIf you aren't using a
.htaccess
compatbile web server, then you'll need to manually add the following deny rules.For Nginx,
File permissions
If the user of your web server PHP process isn't the owner of the document root and relies on group permissions, and the
var/report
orvar/log
directories are removed - you will encounter issues with the new default file permissions.Eg. In the following scenario,
The revised default file permissions of
0750
, will strip write permissions from the group - which will prohibit your web server from being able to write to the directory.Equally, if you rely on the
everyone
permission, all access will be stripped.