If – as me – you’ve set Magento patchs file webpage as your browser favorites or if you don’t remember the last time you saw a notification in your back-office which does not concern a security issue, this blog post is for you 🙂
A few weeks ago, I warned you compared to the sense of security that can provide the application of security patches Magento : this is not because you have installed Magento patch files that you are secured: if vulnerable files have been overloaded either by a module coming from Magento connect or by custom development, this is this this file which is used by Magento and which needs to be patch.
So it means with the patches files you download from Magento website:
- Look for PATCH content to find the patched files
- check source code whether these files have been overloaded
- patch both overload and original files.
And not only:
- Apply Magento patch files.
Just boring when there are patches concerning dozen of files like Magento SUPEE-6285 patch file
The updateMagentoPatches project
I’ve shared with you a shell script which generates a custom Magento patch file applying:
- Magento patch files
- Same patch on your local overload or themes overload
This shell script is available in my github project updateMagentoPatches available at https://github.com/kypfr/updateMagentoPatches
Roadmap of the updateMagentoPatches project
This is the first release covering only the overload made either using autoloading or a custom theme.
When I have enough time, I’ll include:
- files overloaded by configuration (config.xml file)
- Custom templates files using setTemplate method
And for sure, feel free to contribute 🙂