Recently released announce regarding Magento vulnerability which is about to be disclosed by CheckPoint mentions necessity of installing Magento patches SUPEE-1533 and SUPEE-5344 available for download at MagentoCommerce site:
To apply these patches you need SSH access (shell access actually, SSH is just most used way to get shell access) to the server. To apply patches without SSH access please refer to this article.
If you wish to save time and have us to install these patches for you, simply click here to order installation.
Step 0: Preparations
Make sure to Disable Magento Compiler
System > Configuration > Tools > Magento Compiler and clear compiled cache.
Step 1: Verify your Magento version
As you can see in the example, it is Magento 18.104.22.168
Step 2: Download corresponding patches
Patches are obtained from https://www.magentocommerce.com/products/downloads/magento/
Make sure to get the right version.
Step 3: Place patches into Magento Root directory
Upload your files into Magento root directory. It is important to place patch files directly into Magento root directory and execute it also directly in Magento root directory
Step 4: Run the patches
Step 5: Verification
Test that your store is working. If you use PHP opcode caches (APC/XCache/eAccelerator) make sure to flush it after patching, otherwise code will continue to run from caches.
Verify that your store have green SAFE status at http://magento.com/security-patch our patch tester page
Additionally, if your store still using default /admin/ path, you may consider securing your Magento /admin/ by admin path change.
Known issues / errors
Tool(s) “patch” is(are) missed, please install it
As it is stated in error message
patch utility needs to be installed on your system. Installation is usually done with superuser privileges, so make sure you have these. To install patch on Debian/Ubuntu use:
To install patch on RedHat/CentOS/Fedora use:
Failed hunks for every file to be patched and for every line
It can happen if patch is already applied manually (most likely) or these core files were changed earlier by some manual customization. If so, the files needs to be compared with original files from your Magento version and replaced if no changes expected. Alternatively, refer to Applying SUPEE-5344 and SUPEE-1533 without SSH
patch: unrecognized option `–dry-run’
It can happen if your patch version have no
--dry-run option, just use
--check option instead:
- Edit the patch file (PATCH_SUPEE-5344_CE_22.214.171.124_v1-2015-02-10-08-10-38.sh in our example) and change the following line from:
@@ -123,7 +123,7 @@
if [ "$1" = "dry-run" ]
- DRY_RUN_FLAG=" --dry-run"
+ DRY_RUN_FLAG=" --check"
echo "Checking if patch can be applied/reverted successfully..."
Alternatively, refer to Applying SUPEE-5344 and SUPEE-1533 without SSH
Call to undefined method Mage_Core_Controller_Request_Http::getInternallyForwarded()
The following fatal PHP error is logged in webserver error log or shown on attempt to login into admin backend:
PHP Fatal error: Call to undefined method Mage_Core_Controller_Request_Http::getInternallyForwarded() in app/code/core/Mage/Admin/Model/Observer.php on line 76
It means that file
app/code/core/Mage/Core/Controller/Request/Http.php is overriden either by Magento Compiler (disable Magento compiler and flsuh compiled code), or by PHP opcode cache (restart webserver), or by one of local modifications from app/code/local or app/code/community (check for
app/code/community/Mage/Core/Controller/Request/Http.php and patch these files as well or delete them).