Critical Reminder: Download and install Magento… how to insure these patches installed successfully? [duplicate]

Question

This question already has answers here:

How to check the latest patch version applied to magento? (4 answers)

Closed 4 years ago.

i got this message from Magento

"Critical Reminder: Download and install Magento security patches. Download now."

and after i installed the required patches successfully i still got that message, so my question is how i insure these patches installed successfully? and if should i remove that alert manually?

Answer 1

One of the main files patched is app/core/Mage/Core/Controller/Request/Http.php

For example in Magento 1.6.2.0, doing a diff between the patched file and the original shows the following added code.

Compare: (<)V:\Magento\Magento 1.6\Changes\20150217 Patches\5346\Http.php (15698 bytes)
   with: (>)V:\Magento\Magento 1.6\Changes\20150217 Patches\5346\Http.php.old (15031 bytes)

79,85d79
<      * Flag for recognizing if request internally forwarded
<      *
<      * @var bool
<      */
<     protected $_internallyForwarded = false;
< 
<     /**
540,562d533
< 
<     /**
<      * Define that request was forwarded internally
<      *
<      * @param boolean $flag
<      * @return Mage_Core_Controller_Request_Http
<      */
<     public function setInternallyForwarded($flag = true)
<     {
<         $this->_internallyForwarded = (bool)$flag;
<         return $this;
<     }
< 
<     /**
<      * Checks if request was forwarded internally
<      *
<      * @return bool
<      */
<     public function getInternallyForwarded()
<     {
<         return $this->_internallyForwarded;
<     }
< 

The following command line entry can quickly tell if this file has been patched by looking for the added _internallyForwarded flag. Run it in your Magento root folder:

grep "_internallyForwarded" app/code/core/Mage/Core/Controller/Request/Http.php

The following shows the file has been patched.

public_html$ grep "_internallyForwarded" app/code/core/Mage/Core/Controller/Request/Http.php
     protected $_internallyForwarded = false;
        $this->_internallyForwarded = (bool)$flag;
        return $this->_internallyForwarded;

Other files that may have been patched:

app/code/core/Mage/Admin/Model/Observer.php
app/code/core/Mage/Core/Controller/Request/Http.php
lib/Varien/Db/Adapter/Pdo/Mysql.php

Also check app/etc/applied.patches.list to see what the latest patch applications are at the end of the list.

Watch in case Magento's totally excellent internal quality control identifies the patch as 5346 instead of 5344 as advertised on the download. They got it (something?) in the append message.

Answer 2

That message is coming from Magento's RSS feed - it's not based on whether or not you have installed the patch, so if you installed the patch you can remove the alert manually.

There is a scanner at https://shoplift.byte.nl/ which checks whether you've installed the SUPEE-5344 patch correctly.

Answer 3

Reminder

Reminder is implemented in Mage_AdminNotification module.

There is no check if patches were installed or not.

To remove reminder:

• Login to backend
• Navigate to System → Notification
• Mark reminder as read or remove it

Patches

To apply patches:

• How to Apply and Revert Magento Patches
• Critical Reminder: Download and install Magento security patches

Which patches were applied?

• Check file /app/etc/applied.patches.list