Magento – Patch SUPEE-8788, MageReport.com says no, but I say yes

magento-1patchessupee-8788

I recently went with all the workarounds that Magento supplied after the v1 of the patch had some issues, and now have finally successfully installed v2 of SUPEE-8788.

sh PATCH_SUPEE-8788_CE_1.9.0.1_v2-2016-10-14-09-37-14.sh
Checking if patch can be applied/reverted successfully...
Patch was applied/reverted successfully.

As well as being listed in the applied.patches.list.

However when scanning through magereport.com to assure everything is working correctly, it still alerts me stating that I am unpatched for 8788. Should I just bypass this as a possible error on their side or could there still be something more I need to do?

Best Answer

How Magereport detects the patch

Magereport checks for the following static assets that should have been removed:

/skin/adminhtml/default/default/media/flex.swf
/skin/adminhtml/default/default/media/uploader.swf
/skin/adminhtml/default/default/media/uploaderSingle.swf

It also checks for the following files that have been modified:

/js/mage/adminhtml/uploader/instance.js should contain "fustyFlowFactory"
/skin/adminhtml/default/default/boxes.css should contain "background:url(images/blank.gif) repeat;"

If you get an unexpected result

Are you running multiple Magento installations on the same domain? Due to the way Magento routing works, MageReport cannot distinguish between multiple installations on the same domain. So if you want to test an upgrade, you could put it on its own domain (eg. test.yourdomain.com).

Log on to SSH (shell)

Every check that’s been installed can easily be found in the content of your shop. More specifically it’s logged in app/etc/applied.patches.list.

So you run this command 'grep' via SSH to access the list of applied security patches:

grep '|' app/etc/applied.patches.list

Hope It's helpful for any one.

Related Topic