SUPEE-9767 V2 Possible problems and solved Issues

Question

Magento just Release Updated version Of SUPEE-9767 and Magento - CE 1.9.3.4.

So MY question is which bugs were solved in V2 and do we need to re apply V2 if we already apply v1.

And what are the new changes in CE 1.9.3.4, is it just fixes with the new security patch or much more??

and which bugs are still there after this v2 version.

Answer 1

SUPEE-9767 V2 released July 12th 2017 addresses bugs and issues identified by the community following the release of version 1 of the SUPEE-9767 security update (Magento CE 1.9.3.3) on May 31st 2017.

Specifically the following changes have been made in SUPEE-9767 V2 (Magento CE 1.9.3.4)

• General Fixes

  • restored missing strip_tags functionality in the checkout JavaScript.
  • changed how Magento validates form keys during the generic five-step checkout process. Previously, customer registration failed during standard checkout processing if form key authentication was enabled.
  • Magento now displays the Allow_symlinks message in the Admin message area as expected.
  • Magento now preserves the background transparency of uploaded images as expected. Previously, transparency was lost after the image was uploaded, resulting in an unusable image. You can now use Checkout with Multiple Addresses when checkout form validation is enabled.

• Installation

  • You can now install an extension as part of installing a package.
  • The Allow symlinks option is now disabled during installation or upgrade processes. Previously, when you changed the Allow symlinks setting to true in the database before upgrading and then installing the patch, this option remained enabled, but you could no longer access it from the Admin panel.

If you have been affected by any of these problems since applying SUPEE-9767 V1 you should apply this update to resolve the issues.

Note This patch replaces SUPEE-9767. Previously installed SUPEE-9767 patch needs to be reverted prior to installing this version.

To revert a patch :

• Change to your Magento installation directory.
• Enter the following command as a user with sufficient privileges to write to Magento files (typically, the web server user or root):
• sh patch-file-name.sh -R

Template Changes

The patch adds <?php echo $this->getBlockHtml("formkey") ?>to the following template files:

app/design/frontend/rwd/default/template/checkout/multishipping/addresses.phtml
app/design/frontend/base/default/template/checkout/onepage/payment.phtml
app/design/frontend/rwd/default/template/checkout/onepage/payment.phtml

Symlinks

The Allow symlinks option is now disabled during installation or upgrade processes

If you use modman to manage Magento extensions ensure that Allow Symlinks in admin has not been reset to No after applying this patch or updating to Magento CE 1.9.3.4. The update removes the Template Settings configuration panel from admin. You can also enable symlinks with n98-magerun using n98-magerun.phar dev:symlinks

Update: Confirmed if symlinks are enabled this patch will disable symlinks after installation.

Download

The patch and Magento CE 1.9.3.4 source code can be downloaded from https://magento.com/tech-resources/download - click on the release archive tab and scroll down for Magento CE 1.X downloads.

Diff File

Here is the source code diff file for Magento CE 1.9.3.4 compared with Magento CE 1.9.3.3

Only in magento1934/app/code/core/Mage/Adminhtml/Model/System/Config/Backend: Symlink.php
diff -r magento1934/app/code/core/Mage/Checkout/controllers/OnepageController.php magento1933/app/code/core/Mage/Checkout/controllers/OnepageController.php
352a353,356
>         if ($this->isFormkeyValidationOnCheckoutEnabled() && !$this->_validateFormKey()) {
>             return;
>         }
> 
diff -r magento1934/app/code/core/Mage/Core/etc/config.xml magento1933/app/code/core/Mage/Core/etc/config.xml
31c31
<             <version>1.6.0.7</version>
---
>             <version>1.6.0.6</version>
diff -r magento1934/app/code/core/Mage/Core/etc/system.xml magento1933/app/code/core/Mage/Core/etc/system.xml
600,620d599
<                 <template translate="label">
<                     <label>Template Settings</label>
<                     <frontend_type>text</frontend_type>
<                     <sort_order>25</sort_order>
<                     <show_in_default>0</show_in_default>
<                     <show_in_website>0</show_in_website>
<                     <show_in_store>0</show_in_store>
<                     <fields>
<                         <allow_symlink translate="label comment">
<                             <label>Allow Symlinks</label>
<                             <frontend_type>select</frontend_type>
<                             <source_model>adminhtml/system_config_source_yesno</source_model>
<                             <backend_model>adminhtml/system_config_backend_symlink</backend_model>
<                             <sort_order>10</sort_order>
<                             <show_in_default>0</show_in_default>
<                             <show_in_website>0</show_in_website>
<                             <show_in_store>0</show_in_store>
<                             <comment>Warning! Enabling this feature is not recommended on production environments because it represents a potential security risk.</comment>
<                         </allow_symlink>
<                     </fields>
<                 </template>
diff -r magento1934/app/code/core/Mage/Core/Model/File/Validator/Image.php magento1933/app/code/core/Mage/Core/Model/File/Validator/Image.php
98d97
<                     imagealphablending($img, false);
100,101d98
<                     imagesavealpha($img, true);
< 
104,117d100
<                             $transparencyIndex = imagecolortransparent($image);
<                             if ($transparencyIndex >= 0) {
<                                 imagecolortransparent($img, $transparencyIndex);
<                                 for ($y = 0; $y < $imageHeight; ++$y) {
<                                     for ($x = 0; $x < $imageWidth; ++$x) {
<                                         if (((imagecolorat($img, $x, $y) >> 24) & 0x7F)) {
<                                             imagesetpixel($img, $x, $y, $transparencyIndex);
<                                         }
<                                     }
<                                 }
<                             }
<                             if (!imageistruecolor($image)) {
<                                 imagetruecolortopalette($img, false, imagecolorstotal($image));
<                             }
127c110
<                             break;
---
>                             return;
129d111
< 
Only in magento1934/app/code/core/Mage/Core/sql/core_setup: upgrade-1.6.0.6-1.6.0.7.php
diff -r magento1934/app/design/adminhtml/default/default/layout/main.xml magento1933/app/design/adminhtml/default/default/layout/main.xml
122c122
<                 <block type="adminhtml/checkout_formkey" name="checkout_formkey" as="checkout_formkey" template="notification/formkey.phtml"/>
---
>                 <block type="adminhtml/checkout_formkey" name="checkout_formkey" as="checkout_formkey" template="notification/formkey.phtml"/></block>
124d123
<             </block>
diff -r magento1934/app/design/adminhtml/default/default/template/oauth/authorize/head-simple.phtml magento1933/app/design/adminhtml/default/default/template/oauth/authorize/head-simple.phtml
45c45
<     var SKIN_URL = '<?php echo $this->jsQuoteEscape($this->getSkinUrl()) ?>';
---
>     var SKIN_URL = '<?php echo $this->getSkinUrl() ?>';
diff -r magento1934/app/design/frontend/base/default/template/checkout/multishipping/addresses.phtml magento1933/app/design/frontend/base/default/template/checkout/multishipping/addresses.phtml
87d86
<     <?php echo $this->getBlockHtml("formkey") ?>
diff -r magento1934/app/design/frontend/base/default/template/checkout/onepage/payment.phtml magento1933/app/design/frontend/base/default/template/checkout/onepage/payment.phtml
38a39
>         <?php echo $this->getBlockHtml('formkey') ?>
40d40
<     <?php echo $this->getBlockHtml('formkey') ?>
diff -r magento1934/app/design/frontend/rwd/default/template/checkout/onepage/payment.phtml magento1933/app/design/frontend/rwd/default/template/checkout/onepage/payment.phtml
39a40
>         <?php echo $this->getBlockHtml('formkey') ?>
41d41
<     <?php echo $this->getBlockHtml('formkey') ?>
diff -r magento1934/app/Mage.php magento1933/app/Mage.php
174c174
<             'patch'     => '4',
---
>             'patch'     => '3',
diff -r magento1934/downloader/lib/Mage/Connect/Package.php magento1933/downloader/lib/Mage/Connect/Package.php
1131c1131
<                            'error'=>"Invalid package name, allowed: [a-zA-Z0-9_+] chars"),
---
>                            'error'=>"Invalid package name, allowed: [a-zA-Z0-9_-] chars"),
diff -r magento1934/downloader/lib/Mage/Connect/Validator.php magento1933/downloader/lib/Mage/Connect/Validator.php
340c340
<         return preg_match("/^[a-zA-Z0-9_+]+$/i", $name);
---
>         return preg_match("/^[a-zA-Z0-9_]+$/i", $name);
diff -r magento1934/downloader/Maged/Connect.php magento1933/downloader/Maged/Connect.php
409,411c409
< </style>
< <script type="text/javascript" src="js/prototype.js"></script>
< </head><body>
---
> </style></head><body>
diff -r magento1934/downloader/Maged/Controller.php magento1933/downloader/Maged/Controller.php
1063c1063
<             'patch'     => '4',
---
>             'patch'     => '3',
diff -r magento1934/lib/Mage/Connect/Package.php magento1933/lib/Mage/Connect/Package.php
1310c1310
<                            'error'=>"Invalid package name, allowed: [a-zA-Z0-9_+] chars"),
---
>                            'error'=>"Invalid package name, allowed: [a-zA-Z0-9_-] chars"),
diff -r magento1934/lib/Mage/Connect/Validator.php magento1933/lib/Mage/Connect/Validator.php
321c321
<         return preg_match("/^[a-zA-Z0-9_+]+$/i", $name);
---
>         return preg_match("/^[a-zA-Z0-9_-]+$/i", $name);
diff -r magento1934/RELEASE_NOTES.txt magento1933/RELEASE_NOTES.txt
1,10d0
< ==== 1.9.3.4 ====

Here are the Official Magento CE 1.9.3.4 Release Notes