Skip to content

Instantly share code, notes, and snippets.

@davidpanxl

davidpanxl/supee-7405-1.1.md

Forked from peterjaap/supee-7405-1.1.md
Created April 11, 2017 01:55
Show Gist options
  • Save davidpanxl/bdc0a17a1c133b67a2f044175e960874 to your computer and use it in GitHub Desktop.
Save davidpanxl/bdc0a17a1c133b67a2f044175e960874 to your computer and use it in GitHub Desktop.
Download ZIP
Overview of Magento patch SUPEE-7405 1.1
Raw
supee-7405-1.1.md

Patch SUPEE-7405 1.1 overview

This patch is not to be confused with the SUPEE-7405 that was released on January 20th, 2016. This is a fix for that patch.

"Yo dawg, we heard you like patching so here's a patch for your patch so you can patch while you're patching." - Xzibit, MCD+

Changed files

  • app/code/core/Mage/Adminhtml/Helper/Sales.php +1/-1
  • app/code/core/Mage/Core/Model/Config.php +2/-2
  • app/code/core/Mage/Sales/Model/Quote/Item.php +3/-2
  • lib/Varien/File/Uploader.php +2/-2
  • app/etc/applied.patches.list +7/-0

What has changed exactly?

app/code/core/Mage/Adminhtml/Helper/Sales.php

< $links = []; 
> $links = array();

This was done to introduce PHP 5.3 compatibility. Boooo. Don't encourage devs who don't upgrade.

app/code/core/Mage/Core/Model/Config.php

> protected function _makeEventsLowerCase($area, Mage_Core_Model_Config_Base $mergeModel) 
< protected function _makeEventsLowerCase($area, Varien_Simplexml_Config $mergeModel)

Magento changed the class that is used in this method to one that is lower in the inheritance tree. I'm guessing this is the one that has to do with the API bug.

app/code/core/Mage/Sales/Model/Quote/Item.php

< unset($itemOptionValue['qty'], $itemOptionValue['uenc']); 
< unset($optionValue['qty'], $optionValue['uenc']); 
> foreach (array('qty', 'uenc', 'form_key') as $key) { 
>     unset($itemOptionValue[$key], $optionValue[$key]); 
> }

I'm guessing this is the bug that had to do with the cart not merging correctly when a user logged in and had the same product twice in his cart.

Fabian Schmengler commented;

It still does not fix the issue properly. The problem is, the buyRequest option is compared when checking for equality. Changed session => item treated as different. Remaining problem: related_products is an empty array for products added via product page and not present when added via list. Also, any arbitrary user POST data is in the buyRequest option, so you can actively prevent merging. Removing && !$item->getProduct()->hasCustomOptions() from the compare() method worked great for me so far.

lib/Varien/File/Uploader.php

< chmod($destinationFile, 0640); 
> chmod($destinationFile, 0666); 
< if (!(@is_dir($destinationFolder) || @mkdir($destinationFolder, 0750, true))) { 
> if (!(@is_dir($destinationFolder) || @mkdir($destinationFolder, 0777, true))) {

Loosened file permissions for creating files and folders using the Uploader.

Difference with CE 1.9.2.4 update

Peter O'Callaghan pointed out:

1.9.2.4 adds CURLOPT_SSLVERSION as an allowed parameter in Varien_Http_Adapter_Curl, but this doesn’t appear to be in the 7405 1.1 patch. This sounds suspiciously like it’s something todo with preparation for support for TLS 1, 1.1 deprecations, but since it doesn’t seem to be utilised in any of the other changes, I’m assuming this isn’t massively important ATM?!

That's it folks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment