In the system.log
file of my Magento install I have the following error message
DEBUG (7): Security problem:
block_name
has not been whitelisted.
where block_name
is the name of a block used in my store.
What does it mean and how do I fix it?
blocksdebuggingmagento-1.9system.logwhitelist
In the system.log
file of my Magento install I have the following error message
DEBUG (7): Security problem:
block_name
has not been whitelisted.
where block_name
is the name of a block used in my store.
What does it mean and how do I fix it?
Best Answer
This message means that one of the blocks that is used in your Magento store is not on the whitelist.
With Security Patch SUPEE-6788 and Magento CE 1.9.2.2 a new whitelist for blocks was introduced. Magento now includes a white list of allowed blocks or directives. If a module or extension uses variables like
{{config path=”web/unsecure/base_url”}}
and{{block type=rss/order_new}}
in CMS pages or emails, and the directives are not on this list, you will need to add them with your database. If a block is not on the whitelist it will not be rendered.Error
As of Security Patch SUPEE-7405 and Magento CE 1.9.2.3 there is a new core feature which will easily identify blocks that are missing from the whitelist for you. The
blockDirective($construction)
function inwas updated and now looks like this:
If a block is missing from the whitelist then the system will detect it and print an error including the missing blocks name in the
system.log
file located inOf course you must have logging enabled to get this message. This is the error you will see
How to fix
To fix this you will have to manually add the missing blocks name to the whitelist. Only add blocks that you trust. If you don't know where the block is coming from then find this out first. Once you are sure that you want to add the missing block, then in your Magento Admin Panel go to
and click on the
Add New Block
button. From here you can add the missing block to the whitelist. Just enter theblock_name
that showed up in your error message in theBlock Name *
field, setIs Allowed
to "Yes" and hit theSave Block
button.Don't forget to flush cache. Your missing block is now allowed and the error should be gone.