Magento critical security patches - How to apply - magento

Today when i logged into my magento store admin, it shown a new critical message like
Critical Reminder: Download and install Magento security patches. Download now.
Then i download SUPEE-5344 and SUPEE-1533 from https://www.magentocommerce.com/products/downloads/magento.
Please tell me how can i apply these patch files to my magento store.
Thank You!

Applying SUPEE-5344 and SUPEE-1533 Magento patches via FTP/sFTP or FileManager / File Upload without SSH
Refer Link: http://magentary.com/kb/apply-supee-5344-and-supee-1533-without-ssh/
You can test whether Magento is safe from vulnerable for security point of view see link: https://shoplift.byte.nl/ and enter your URL.

You should have a look at the official documentation on applying patches
But in short.
Download the patch from the Magento site,
Transfer the patch to you Magento installation root directory,
Call sh patch-file-name.sh and you should see the message Patch was applied/reverted successfully.,
You may need to revert permissions after the process and also make sure you download the right patch for the version of Magento you have in place.

for SSL use putty client software and use it to access SSL.
Go to your website hosted directory and type the
above command and yout patch get applied/reverted successfully.

Steps To Run Security Patche File in magento.
1 First download security error patche file from magento community .
2 Download files move it into root folder in magento.
3 Create a php file in root directory of magento for run patche files.
4 Rename Security patches files according to you.
Final Step Open Php file and add these function in php
<?php
print("<PRE>");
passthru("bash patch-1.sh");
print("</PRE>");
//patch-1.sh define the name of download security patch file name .
?>

First download .sh patch files and move to your document root (magento root folder). Then connect to ssh and go to your document root folder.
run this command.
sh patch-file-name.sh
A message such as the following displays to confirm the patch installed successfully:
Patch was applied/reverted successfully.
Delete cache and session.
rm -rf var/cache var/session
Now you may need to reassign ownership again. Based on your group name command. Generally there are two groups www-data or apache. If you have www-data then run this command
chown -R www-data .
For apache use this.
chown -R apache

Related

How to upload Magento patch to root directory?

I am not a developer.
Today when I login admin panel, a message pop up telling me to download/upload Magento CE Patches SUPEE-5344 and SUPEE-1533
And I found this tutorial Magento CE Patches tutorial But I don't know what path to upload the .SH files. I know they provided an Example, /var/www/html/magento.but I don't have this www file should I create one?
Since I don't know what to do so I uploaded on cgi-bin folder. And I am not sure is working or not.
Please help me with this.
Best Regards
The patches should be uploaded and executed from Magento root directory. If you have Magento installed, the directory should exist already. This is the typical content of this directory:
$ ls -1
api.php
app
cron.php
cron.sh
downloader
errors
favicon.ico
includes
index.php
index.php.sample
install.php
js
lib
mage
media
PATCH_SUPEE-4829_EE_1.14.1.0_v1.sh
pkginfo
shell
skin
var
Upload it to the root of your magento installation. If your not confident with ssh i would ask a web developer to do this work for you, as potentially you could break everything.

Changing Base URL in Magento

I am moving a magento store from mydomaintest.com to mydomain.com.
When I say move, in this instance, we simply used the Cpanel to Modify Account and changed the Domain Name from mydomaintest.com to mydomain.com.
Then using the advice found in forums I used PHPMyAdmin to update the Magento Core Config table to the new BaseURL for both Secure and Unsecure url's.
After doing this I deleted all files in /var/cache.
Trying to access the site by domain name or IP is providing the following error:
Fatal error: require_once() [function.require]: Failed opening required '/home/mydomain/public_html/errors/report.php' (include_path='/home/mydomain/public_html/app/code/local:/home/mydomain/public_html/app/code/community:/home/mydomain/public_html/app/code/core:/home/mydomain/public_html/lib:.:/usr/lib/php:/usr/local/lib/php') in /home/mydomain/public_html/app/Mage.php on line 847
Please help, we are trying to move live today and can't seem to figure this one out.
Thanks!
John
Go to System > Index management and Reindex data as it also contain the url rewrites. Also be sure to check System > Cache Management (some versions still have that) and flush all cache as var/cache is not the only caching location. The zend components save their cache in the tmp folder.
I had this issue with Magento running with Apache2 on Ubuntu 14.10
Make sure that MySQL module for PHP is install:
dpkg --list | grep php5-mysql
If it is not listed, you need to install it:
sudo apt-get install php5-mysql
Then restart Apache:
sudo service apache2 restart
In our case we get this message because someone deleted the "error" folder - the site works fine until an error happens.
Once we restored the folder (and make sure PHP can access it), we see the normal Magento error page.
If you don't have the folder you can download Magento and extract it from the archive.

Magento Connect Manager Setting Error

Need an urgent solution about magento Error....
Am getting an error message in Magento 1.5.0.1 version at Magento Connect Manager ... I couldn't install magento extensions ...
The error msg shows as :
Warning: Your Magento folder does not have sufficient write permissions.
If you wish to proceed downloading Magento packages online, please set all Magento folders to have writable permission for the web server user (example: apache) or set up FTP Connection on the Magento Connect Manager Settings tab.
Whereas, I have changed the file permission from our end to 777
The locations are :
app/etc
app/code
var
media
Also, i have uploaded Magento files and folder directly into the root directory .. so, there is no Magento folder existed in the root directory..
Please give some soln ..
Thanks
make sure your web root directory (ie /var/www/public_html/) is actually read and write by apache so having it be the owner and set your permissions to 755 or 775. I bet you don't have a folder/file in the root that Magento Connect it trying to create but cant because the web root permissions are wrong not your magento file permissions themselves (that was my problem at least) ... and yes you shouldn't be 777 everything that is bad.

How to enable my Joomla extension?

When logged in as Administrator and trying to install a Joomla extension it fails giving this error message
JFolder::create:
Unable to create destination
At another Joomla site it works, and one difference is where it works Joomla is setup with default English and where it fails setup is in Swedish. Can you recommend how to troubleshoot and proceed? I tried with 2 different extensions and both work on the English joomla and not the Swedish.
Probably you have to check the rwx (Read-Write-Execute) permissions (should be 644 or 755) for allowing the extension's folder to be created.
You have to change the owner of the folders/files to the user of the Apache server using the "chown" command.
If the Apache user is httpd, run this command in your Joomla folder
chown -R httpd *
I already get this problem and this solution worked for me.
Also check the path to the /tmp folder in your configuration.php file.

Joomla Component Install Issue: Can't install any components, fresh install of latest Joomla

When I try to install any component, specifically my mtwMigrator component, I receive the following error:
* Warning! Failed to move file.
This is on a fresh install, with FTP Layer turned off, with default content installed, Joomla 1.5.14, latest PHP and my_SQL versions, Legacy mode turned on.
A very common cause of this error is due to file permissions. Joomla must be able to copy the files from your component into the components and administrator/components directories. If the system user the webserver runs as does not have write permissions to these folders, it will not be able to copy the files over.
The FTP layer is there to get around this issue. With the FTP layer on, you upload the component to the server first, then it is FTP'ed from the temporary directory to localhost. For this to work, the FTP user you specify must have permission to write to the components and administrator/components folders.
I had a similar problem when moving between machines (I know you said it was a fresh install - but someone might find this helpful). Ensure the $tmp_path entry in joomla\configuration.php is pointing to a valid directory. Mine wasn't.
In your Joomla backend, on the top menu, go to Help >> System Info >> Directory Permission and ensure that that are writable otherwise you don't want to have to change the folders to 777 and back again each time you install an extension.
In addition to this, you can mass chmod folders and files using Akeeba Admin Tools.
You mgiht also want to update to the latest Joomla 1.5 version (1.5.26)
The most ideal permission for Joomla directories is 755. There are cases when mod_suphp is not installed that the permission problem would occur.
Make sure that mod_suphp is installed and loaded by checking your php info e.g. and running this on your browser. If mod_suphp is not installed, then you will need help from your hosting provider to install this for you.
Normally, all directerories should have 755 (rwxr-xr-x) and all files 644 (rw-r--r--). If you want to set the most directories to not-writetable, you will need at least the directories listed in Help > System info > Directory Permissions. (Here you can also check which directories need to be changed, as non-writetable directories are shown in red.)
In some shared hosting environments, 755 / 644 isn't enough, as the owner of the file is not the (Web)Server User, but the FTP-User ... so either change it to 777 / 666 (not recommended, as you allow others to write your files), or get your FTP layer to work.
Another try: Joomla! does not work yet with the recent PHP 5.3. Can you use PHP 5.2? (Similar Problem in the Joomla Forum)

Resources