Announcement

Collapse
No announcement yet.

Possible Issues of Magento Security Patch SUPEE-7405: Image Upload Bug

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Possible Issues of Magento Security Patch SUPEE-7405: Image Upload Bug

    As you already know, on 20th January 2016 Magento released security patch SUPEE-7405. The patch is mandatory for every Magento installation, and it is recommended to install the patch as soon as possible. The patch also addresses multiple security issues in Magento and contains changes to more than 50 core files which are important functional updates. one of them – it is image uploading bug which resulted from incorrect file permission for newly uploaded images.
    Basically, the latest Magento security patch SUPEE-7405 affects file permissions on images uploaded from the Magento admin dashboard. Before applying the patch, uploaded files via admin panel such as product images, cms pages etc. used 0777 permissions and the patch changes these permissions to 0640 and 0750 which make them inaccessible for all users.
    For easier demonstration, you can check the changes in this file: lib/Varien/File/Uploader.php

    diff --git lib/Varien/File/Uploader.php lib/Varien/File/Uploader.php
    ---
    ---
    - chmod($destinationFile, 0777);
    + chmod($destinationFile, 0640);
    ---
    ---
    - if (!(@is_dir($destinationFolder) || @mkdir($destinationFolder, 0777, true))){
    + if (!(@is_dir($destinationFolder) || @mkdir($destinationFolder, 0750, true))){

    See more information HERE: http://bsscommerce.com/blog/possible...ge-upload-bug/
    Last edited by zacnguyen; 25-03-16, 08:49 AM.

  • #2
    Is SUPEE can be patched??I am using latest version of SUPEE ..how can i patch with this..Please suggest instructions??

    Comment

    Working...
    X