If you have SSH access, it would be more simple to apply the patch via SSH.
If you have no SSH access to apply the patch, you can simply upgrade your installation to Magento 1.9.2.3 version which includes all the latest security patches (SUPEE-5344, SUPEE-5994, SUPEE-6285, SUPEE-6482, SUPEE-6788, SUPEE-7405). If Magento upgrade is not possible in the moment due to some reason you still can apply the patch via FTP/sFTP upload as shown in this article.

Before applying this patch, make sure to apply all previous patches.

If you wish to save time and have us to install these patches for you, simply click here to order installation.

Preparations

    • Disable Magento Compiler and clear compiler cache
    • Install all previous patches (namely, SUPEE-1533,SUPEE-5344,SUPEE-5994, SUPEE-6285, SUPEE-6482, SUPEE-6788)

    Applying Magento patches via FTP/sFTP or FileManager / File Upload

    To apply patches in this way we simply replace changed files. This way can not be used blindly if you or your developers have changed any core Magento files (which is a big no-no, by the way). Such changes should be re-applied to patched files, or you loose these changes.

    The following files are changed by SUPEE-7405:

    001
    002
    003
    004
    005
    006
    007
    008
    009
    010
    011
    012
    013
    014
    015
    016
    017
    018
    019
    020
    021
    022
    023
    024
    025
    026
    027
    028
    029
    030
    031
    032
    033
    034
    035
    036
    037
    038
    039
    040
    041
    042
    043
    044
    045
    046
    047
    048
    049
    050
    051
    052
    053
    054
    055
    056
    057
    058
    059
    060
    061
    062
    063
    064
    065
    066
    067
    068
    069
    070
    071
    072
    073
    074
    app/code/core/Mage/Admin/Model/Observer.php
    app/code/core/Mage/Admin/Model/Redirectpolicy.php
    app/code/core/Mage/Admin/Model/Resource/User.php
    app/code/core/Mage/Admin/Model/User.php
    app/code/core/Mage/Adminhtml/Block/Sales/Order/View/Tab/History.php
    app/code/core/Mage/Adminhtml/Block/Widget/Grid.php
    app/code/core/Mage/Adminhtml/Helper/Catalog/Product/Edit/Action/Attribute.php
    app/code/core/Mage/Adminhtml/Helper/Sales.php
    app/code/core/Mage/Adminhtml/Model/System/Config/Backend/File.php
    app/code/core/Mage/Adminhtml/Model/System/Config/Backend/Image.php
    app/code/core/Mage/Adminhtml/Model/System/Config/Backend/Image/Favicon.php
    app/code/core/Mage/Adminhtml/controllers/IndexController.php
    app/code/core/Mage/Authorizenet/Helper/Admin.php
    app/code/core/Mage/Authorizenet/Helper/Data.php
    app/code/core/Mage/Authorizenet/controllers/Adminhtml/Authorizenet/Directpost/PaymentController.php
    app/code/core/Mage/Captcha/etc/config.xml
    app/code/core/Mage/Catalog/Block/Product/View/Options/Type/Select.php
    app/code/core/Mage/Catalog/Model/Category/Attribute/Backend/Image.php
    app/code/core/Mage/Catalog/Model/Resource/Product/Attribute/Backend/Image.php
    app/code/core/Mage/CatalogIndex/etc/config.xml
    app/code/core/Mage/CatalogInventory/Helper/Minsaleqty.php
    app/code/core/Mage/Checkout/Block/Cart/Item/Renderer.php
    app/code/core/Mage/Checkout/controllers/CartController.php
    app/code/core/Mage/Checkout/controllers/OnepageController.php
    app/code/core/Mage/Core/Helper/Data.php
    app/code/core/Mage/Core/Model/App.php
    app/code/core/Mage/Core/Model/Config.php
    app/code/core/Mage/Core/Model/Email/Queue.php
    app/code/core/Mage/Core/Model/Email/Template/Filter.php
    app/code/core/Mage/Core/Model/File/Validator/Image.php
    app/code/core/Mage/Core/Model/Input/Filter/MaliciousCode.php
    app/code/core/Mage/Core/Model/Session.php
    app/code/core/Mage/Customer/controllers/AccountController.php
    app/code/core/Mage/Dataflow/Model/Convert/Parser/Csv.php
    app/code/core/Mage/Downloadable/controllers/CustomerController.php
    app/code/core/Mage/ImportExport/Model/Export/Adapter/Abstract.php
    app/code/core/Mage/ImportExport/Model/Export/Adapter/Csv.php
    app/code/core/Mage/ImportExport/Model/Import/Entity/Abstract.php
    app/code/core/Mage/ImportExport/etc/config.xml
    app/code/core/Mage/ImportExport/etc/system.xml
    app/code/core/Mage/Newsletter/Model/Observer.php
    app/code/core/Mage/Newsletter/Model/Queue.php
    app/code/core/Mage/Page/etc/system.xml
    app/code/core/Mage/Paypal/controllers/PayflowController.php
    app/code/core/Mage/Paypal/controllers/PayflowadvancedController.php
    app/code/core/Mage/Paypal/etc/config.xml
    app/code/core/Mage/Persistent/etc/config.xml
    app/code/core/Mage/Review/controllers/ProductController.php
    app/code/core/Mage/Rss/Block/Catalog/Salesrule.php
    app/code/core/Mage/Rss/Helper/Order.php
    app/code/core/Mage/Sales/Helper/Guest.php
    app/code/core/Mage/Sales/Model/Quote/Address.php
    app/code/core/Mage/Sales/Model/Quote/Item.php
    app/code/core/Zend/Xml/Security.php
    app/design/adminhtml/default/default/template/authorizenet/directpost/iframe.phtml
    app/design/adminhtml/default/default/template/bundle/sales/creditmemo/create/items/renderer.phtml
    app/design/adminhtml/default/default/template/bundle/sales/creditmemo/view/items/renderer.phtml
    app/design/adminhtml/default/default/template/bundle/sales/invoice/create/items/renderer.phtml
    app/design/adminhtml/default/default/template/bundle/sales/invoice/view/items/renderer.phtml
    app/design/adminhtml/default/default/template/bundle/sales/order/view/items/renderer.phtml
    app/design/adminhtml/default/default/template/bundle/sales/shipment/create/items/renderer.phtml
    app/design/adminhtml/default/default/template/bundle/sales/shipment/view/items/renderer.phtml
    app/design/adminhtml/default/default/template/catalog/product/composite/fieldset/options/type/file.phtml
    app/design/adminhtml/default/default/template/downloadable/sales/items/column/downloadable/creditmemo/name.phtml
    app/design/adminhtml/default/default/template/downloadable/sales/items/column/downloadable/invoice/name.phtml
    app/design/adminhtml/default/default/template/downloadable/sales/items/column/downloadable/name.phtml
    app/design/adminhtml/default/default/template/sales/items/column/name.phtml
    app/design/adminhtml/default/default/template/sales/items/renderer/default.phtml
    app/design/adminhtml/default/default/template/sales/order/totals/discount.phtml
    app/design/adminhtml/default/default/template/sales/order/view/info.phtml
    app/design/frontend/base/default/template/catalog/product/view/options/type/file.phtml
    app/design/frontend/base/default/template/rss/order/details.phtml
    lib/Varien/File/Uploader.php
    lib/Varien/Io/File.php

    To install the patch via FTP/File Upload

    • select patch bundle archive corresponding to your Magento version from the table below and unpack it
    • upload all files and folders to Magento root directory of your store, replacing all files

    Downloads for other versions added to table on demand when we patch certain version via file upload for the first time.

    Magento version SUPEE-7405
    Magento 1.9.2.2 SUPEE-7405-1.9.2.2
    Magento 1.9.2.0-1.9.2.1 SUPEE-7405-1.9.2.1
    Magento 1.9.1.0-1.9.1.1 SUPEE-7405-1.9.1.1
    Magento 1.9.0.1 SUPEE-7405-1.9.0.1
    Magento 1.8.1.0 SUPEE-7405-1.8.1.0
    Magento 1.7.0.2 SUPEE-7405-1.7.0.2

    Verification and flush of PHP opcode cache

    Test that your store is working. If you use PHP opcode caches (APC/XCache/eAccelerator) make sure to flush it after patching (or restart webserver), otherwise code will continue to run from caches.

    Known issues

    • Sales Order page is blank in Backend after SUPEE-7405