Magento released the latest security patch SUPEE-9767 patching various security issues. It is a straight forward installation but required to cover a couple of areas. This is quick step by step guide to cover the process and links I found really helpful and made the job easy.

  • Download the SUPEE 9767 patch file match for the current Magento installation
  • Upload the patch file to the root
  • In command line run the following command (It should match the patch file name)
    >> sh
  • If the download folder is removed (Which we did as a security measure) remove the
    download folder related code from the patch file
  • If you come across any other missing files check in this repo. It might be due to
    a previous patch could not generate a new file. Add the new file and apply STEP 2
  • Apply the template level changes to the custom template files.
  • Add the script to the magento shell folder and run it
  • Add getBlockHtml(‘formkey’) ?> to all the template files.
  • Apply the JS file changes to the over writes
  • After applying the patch successfully check the following settings before testing
  • Enable Form Key Validation On Checkout
    >> Admin > System > Configuration > Advanced > Admin > Security
  • Test Login in and out in Admin User level
  • Placed a test order enabling create account
  • Upload image from the admin area.