Navigation Menu

Skip to content

Instantly share code, notes, and snippets.

@peterjaap

peterjaap/supee-7405-1.1.md

Last active April 11, 2017 01:55
Show Gist options
  • Star 6 You must be signed in to star a gist
  • Fork 2 You must be signed in to fork a gist
  • Save peterjaap/002705a84fd409cb5c2c to your computer and use it in GitHub Desktop.
Save peterjaap/002705a84fd409cb5c2c to your computer and use it in GitHub Desktop.
Download ZIP
Overview of Magento patch SUPEE-7405 1.1
Raw
supee-7405-1.1.md

Patch SUPEE-7405 1.1 overview

This patch is not to be confused with the SUPEE-7405 that was released on January 20th, 2016. This is a fix for that patch.

"Yo dawg, we heard you like patching so here's a patch for your patch so you can patch while you're patching." - Xzibit, MCD+

Changed files

  • app/code/core/Mage/Adminhtml/Helper/Sales.php +1/-1
  • app/code/core/Mage/Core/Model/Config.php +2/-2
  • app/code/core/Mage/Sales/Model/Quote/Item.php +3/-2
  • lib/Varien/File/Uploader.php +2/-2
  • app/etc/applied.patches.list +7/-0

What has changed exactly?

app/code/core/Mage/Adminhtml/Helper/Sales.php

< $links = []; 
> $links = array();

This was done to introduce PHP 5.3 compatibility. Boooo. Don't encourage devs who don't upgrade.

app/code/core/Mage/Core/Model/Config.php

> protected function _makeEventsLowerCase($area, Mage_Core_Model_Config_Base $mergeModel) 
< protected function _makeEventsLowerCase($area, Varien_Simplexml_Config $mergeModel)

Magento changed the class that is used in this method to one that is lower in the inheritance tree. I'm guessing this is the one that has to do with the API bug.

app/code/core/Mage/Sales/Model/Quote/Item.php

< unset($itemOptionValue['qty'], $itemOptionValue['uenc']); 
< unset($optionValue['qty'], $optionValue['uenc']); 
> foreach (array('qty', 'uenc', 'form_key') as $key) { 
>     unset($itemOptionValue[$key], $optionValue[$key]); 
> }

I'm guessing this is the bug that had to do with the cart not merging correctly when a user logged in and had the same product twice in his cart.

Fabian Schmengler commented;

It still does not fix the issue properly. The problem is, the buyRequest option is compared when checking for equality. Changed session => item treated as different. Remaining problem: related_products is an empty array for products added via product page and not present when added via list. Also, any arbitrary user POST data is in the buyRequest option, so you can actively prevent merging. Removing && !$item->getProduct()->hasCustomOptions() from the compare() method worked great for me so far.

lib/Varien/File/Uploader.php

< chmod($destinationFile, 0640); 
> chmod($destinationFile, 0666); 
< if (!(@is_dir($destinationFolder) || @mkdir($destinationFolder, 0750, true))) { 
> if (!(@is_dir($destinationFolder) || @mkdir($destinationFolder, 0777, true))) {

Loosened file permissions for creating files and folders using the Uploader.

Difference with CE 1.9.2.4 update

Peter O'Callaghan pointed out:

1.9.2.4 adds CURLOPT_SSLVERSION as an allowed parameter in Varien_Http_Adapter_Curl, but this doesn’t appear to be in the 7405 1.1 patch. This sounds suspiciously like it’s something todo with preparation for support for TLS 1, 1.1 deprecations, but since it doesn’t seem to be utilised in any of the other changes, I’m assuming this isn’t massively important ATM?!

That's it folks!

@azngeek
Copy link

azngeek commented Feb 24, 2016

Nice overview. Appreciate the detailed analysis.

@sergeifilippov
Copy link

Great job! Really appreciate you doing this so we don't have to. 👍

@golf2849
Copy link

Thank you so much for this overview, it helped me a lot!

@davidpanxl
Copy link

非常感谢,虽然英文不是很好,一下子把你找到了,我很激动!
再次非常感谢,使用了你的代码,解决了购物车相同产品不合并的问题。

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment