Magento 1.9.3.3 (SUPEE-9767)

Magento SUPEE-9767

Y hoy (en realidad el parche se hizo público ayer martes) tuvimos nuevo parche de seguridad (que ni por casualidad hay que tomarse a la ligera) y con ello, nueva versión. Con ustedes: Magento 1.9.3.3.

Como siempre, vamos a descargar el patch que corresponda a nuestra versión y lo vamos a ejecutar vía shell. Por ejemplo:

sh PATCH_SUPEE-9767_CE_1.9.3.0_v1-2017-05-25-09-09-56.sh

Una vez aplicado, vamos a ver que los archivos modificados fueron:

app/code/core/Mage/Admin/Model/Session.php
app/code/core/Mage/Adminhtml/Block/Widget/Grid/Column/Filter/Date.php
app/code/core/Mage/Adminhtml/Model/Config/Data.php
app/code/core/Mage/Adminhtml/controllers/Catalog/Product/GalleryController.php
app/code/core/Mage/Checkout/controllers/MultishippingController.php
app/code/core/Mage/Checkout/controllers/OnepageController.php
app/code/core/Mage/Checkout/etc/system.xml
app/code/core/Mage/Cms/Model/Wysiwyg/Images/Storage.php
app/code/core/Mage/Core/Controller/Front/Action.php
app/code/core/Mage/Core/Controller/Request/Http.php
app/code/core/Mage/Core/Model/File/Validator/Image.php
app/code/core/Mage/Core/etc/system.xml
app/code/core/Mage/Customer/Model/Session.php
app/code/core/Mage/Dataflow/Model/Convert/Adapter/Zend/Cache.php
app/code/core/Mage/Dataflow/Model/Convert/Container/Abstract.php
app/code/core/Mage/Dataflow/Model/Convert/Parser/Csv.php
app/code/core/Mage/Dataflow/Model/Convert/Parser/Xml/Excel.php
app/code/core/Mage/ImportExport/Model/Import/Uploader.php
app/code/core/Mage/Sales/Model/Quote/Item.php
app/code/core/Mage/Widget/Model/Widget/Instance.php
app/code/core/Mage/XmlConnect/Helper/Image.php
app/code/core/Mage/XmlConnect/controllers/Adminhtml/MobileController.php
app/design/adminhtml/default/default/layout/main.xml
app/design/adminhtml/default/default/template/page/head.phtml
app/design/frontend/base/default/template/checkout/cart/shipping.phtml
app/design/frontend/base/default/template/checkout/multishipping/billing.phtml
app/design/frontend/base/default/template/checkout/multishipping/shipping.phtml
app/design/frontend/base/default/template/checkout/onepage/billing.phtml
app/design/frontend/base/default/template/checkout/onepage/payment.phtml
app/design/frontend/base/default/template/checkout/onepage/shipping.phtml
app/design/frontend/base/default/template/checkout/onepage/shipping_method.phtml
app/design/frontend/base/default/template/persistent/checkout/onepage/billing.phtml
app/design/frontend/rwd/default/layout/page.xml
app/design/frontend/rwd/default/template/checkout/cart/shipping.phtml
app/design/frontend/rwd/default/template/checkout/multishipping/addresses.phtml
app/design/frontend/rwd/default/template/checkout/multishipping/billing.phtml
app/design/frontend/rwd/default/template/checkout/onepage/payment.phtml
app/design/frontend/rwd/default/template/checkout/onepage/shipping.phtml
app/design/frontend/rwd/default/template/persistent/checkout/onepage/billing.phtml
app/etc/applied.patches.list
app/etc/config.xml
js/varien/payment.js
skin/frontend/base/default/js/opcheckout.js

Y se agregan los siguientes archivos:

app/code/core/Mage/Adminhtml/Block/Checkout/Formkey.php
app/code/core/Mage/Adminhtml/Block/Notification/Symlink.php
app/code/core/Mage/Checkout/controllers/OnepageController.php.orig
app/code/core/Mage/Cms/Model/Wysiwyg/Images/Storage.php.orig
app/code/core/Mage/Core/Model/File/Validator/Image.php.orig
app/design/adminhtml/default/default/template/notification/formkey.phtml
app/design/adminhtml/default/default/template/notification/symlink.phtml
app/design/frontend/base/default/template/checkout/onepage/payment.phtml.orig
app/design/frontend/rwd/default/template/checkout/onepage/payment.phtml.orig
js/lib/jquery/jquery-1.12.0.js
js/lib/jquery/jquery-1.12.0.min.js
js/lib/jquery/jquery-1.12.0.min.map
skin/frontend/base/default/js/opcheckout.js.orig

Dado que modifica y valida plantillas y validaciones del checkout, la recomendación es que se pongan a testear si tienen customizaciones especiales o una versión vieja del algún checkout de terceros.

El anuncio no anunciado puede leerse en SUPEE-9767.

Y si quieren ver el diff en, por ejemplo, un Magento 1.9.2.2, aquí están los cambios: https://gist.github.com/barbanet/a14609586e2263b49181a615e1d83e75

Tweet about this on TwitterShare on Google+Email this to someoneShare on FacebookShare on LinkedIn