Magento released the latest security patch SUPEE-9767 patching various security issues. It is a straight forward installation but required to cover a couple of areas. This is quick step by step guide to cover the process and links I found really helpful and made the job easy.
- Download the SUPEE 9767 patch file match for the current Magento installation
- Upload the patch file to the root
- In command line run the following command (It should match the patch file name)
>> sh PATCH_SUPEE-9767_CE_18.104.22.168_v1.sh
- If the download folder is removed (Which we did as a security measure) remove the
download folder related code from the patch file
- If you come across any other missing files check in this repo. It might be due to
a previous patch could not generate a new file. Add the new file and apply STEP 2
- Apply the template level changes to the custom template files.
- Add the script to the magento shell folder and run it
- Add getBlockHtml(‘formkey’) ?> to all the template files.
- Apply the JS file changes to the over writes
- After applying the patch successfully check the following settings before testing
- Enable Form Key Validation On Checkout
>> Admin > System > Configuration > Advanced > Admin > Security
- Test Login in and out in Admin User level
- Placed a test order enabling create account
- Upload image from the admin area.