There is a new security patch released by Magento, named as SUPEE-8788. Since this patch is of great importance in Magento development, it is not surprising to see merchants implementing it immediately by hiring SUPEE-8788 installation service.
The patch addresses are in the form of
Before you plan for an installation, you need to check out the old patches, whether they have been installed correctly or not. The reason being, many patches depend on other patches. The best way to check whether right patches are installed on your site or not is by using something like MageReport.
Having an SSH access means you are making things a lot simpler for patch installation. Before you start with the installation process, you need to disable the Magento compiler. You can do this by going to System > Configuration > Tools > Magento Compiler > Clear compiled cache.
You can apply this patch if the following conditions are met:
Once there is a successful patch installation, you need to check things like landing pages are correctly loading or not, payment transaction taking place smoothly or not, shipping, and CMS panel. Additionally, this patch affects other things as well such as downloadable products, admin pages, file upload, CMS, page sessions, and more.
Running a PHP version 5.6 or older will restrict you from logging into Magento Admin. The reason being function hash_equals() that is the root cause. Additionally, you will also fail in installing the patch on app/code/core/Mage/Adminhtml/controllers/DashboardController.php, if another patch like SUPEE-1533 has already been applied. Other problems that users have faced are quoted below:
“There are no frontend templates involved” – is not correct for older Magento versions. For example the 22.214.171.124 patch changes 9 frontend/base/default template files. – Kristof at Fooman
For anyone having problems with the .swf updates of the patch, I simply removed lines 5951-9818 from the patch and manually removed the .swf files from /skin/adminhtml/default/default/media – since that’s all the patch was doing anyway. – Liam McArthur
I tried both patching and upgrading my Magento to 1.9.3,but magereport still shows that the patch supee8788 is not applied, and credit card hijack detected – Srinivas
For more such challenges, please contact our Magento developers.