Magento patch 6788

Hi everyone,

As you may be aware, Magento development team is about to release a patch called SUPEE-6788 which adresses several security issues.

At first, the patch was supposed not be backward compatible but at the time we write this post, Magento team has stated that they have postponed the patch in order to make it backward compatible.

We have still decided to write this small tutorial on how to fix your modules in case the patch would not be backward compatible.

So, let's say you have custom admin route declared like this in your module config.xml:


        

            
				admin
				
					MyCompany_CustomModule
					custommodule_admin
				
            			
	

As documented in this Magento document, you will have to replace that piece of code by:



			
				
					
						MyCompany_CustomModule_Adminhtml
					
				
			


Then, let's suppose your admin controller is called CustomController.php, you will have to ensure that this controller is located under the controllers/Adminhtml repository.

Finally, based on this example, look into your module files (all of them including layouts and templates) for the following string: custommodule_admin.

The possible locations where you can find it are:

  • your module etc/adminhtml.xml (or directly in your config.xml if adminhtml nodes are declared directly in this file)
  • your adminhtml layout file (used as part of layout handles)
  • as a part of a parameter of a getUrl function

To replace that old custom admin route with your new one, here is the procedure, still based on our example:

Before patching your module:

  • route = custommodule_admin
  • controllername = CustomController.php under Adminhtml folder

So you most likely found strings looking like this : "custommodule_admin/adminhtml_custom/action" or like this "custom_module_adminhtml_custom_action"

Now, after the modifications above your should have:

  • route = adminhtml
  • controllername = CustomController under Adminhtml folder (this has not changed).

You should now replace your string with something like this: "adminhtml/custom/action" or "adminhtml_custom_action"

This is basically it, obviously this is a general tutorial and depending on how the module has been written, your case might be slightly different, I suggest you post a comment or contact us directly if you need help to fix your Magento modules.

Please note that our modules have been patched today and will be released tomorrow to implement this fix.

To finish, I suggest you read this very good article written by Alan Storm explaining how routes work on Magento, it will definitely help you through the process: http://alanstorm.com/magento_admin_hello_world_revisited