After being prompted to install the new patch I went ahead and did so straight away.
But now I've gone back and looked at the .sh file I noticed there is changes being made to template files.
I had a custom theme and I also have a onestep checkout extension installed on my site, do I need to apply the patch to those somehow or do I not need to worry?
There's a series of changes you need to make in addition to just running the patch.
I've used the 22.214.171.124 patch as an example here, but sadly, the patches differ dependent on release.
Custom template files
If you have modified or overridden the
base/defaulttemplate with your own package/design, then you'll need to manually apply the patches as necessary to the following.
If you aren't using a
.htaccesscompatbile web server, then you'll need to manually add the following deny rules.
If the user of your web server PHP process isn't the owner of the document root and relies on group permissions, and the
var/logdirectories are removed - you will encounter issues with the new default file permissions.
Eg. In the following scenario,
The revised default file permissions of
0750, will strip write permissions from the group - which will prohibit your web server from being able to write to the directory.
Equally, if you rely on the
everyonepermission, all access will be stripped.