Magento recommends applying the latest Magento CE patch SUPEE-6788 or even better, to upgrade to Magento 1.9.2.x. This will keep your Magento shop safe from major security loop holes. A couple of things that you will notice after applying the patch or upgrade are: * Issues with Custom Blocks * Downloadable links in the customer's order history area disappeared
You can find technical details of all the fixes at the Magento Security Center.
In Magento team's words
"Magento now includes a white list of allowed blocks or directives. If a module or extension uses variables like and in CMS pages or emails, and the directives are not on this list, you will need to add them with your database installation script. Extensions or custom code that handles content (like blog extensions) might be affected."
This simply means, if your module has any custom blocks then, go to:
Magento Admin > System > Permissions > Blocks
And ensure that your custom block name is there. If not, add it.
This is also true for any configuration variables that you may use directly in your template. If, you find that some template variables have disappeared then, add it to the list here:
Magento Admin > System > Permissions > Variables
Please note that this is applicable only for config variables that you will need to access directly in your template (see the Magento team's note quoted above).
You may notice that the download links in your customer area have disappeared. In fact, you cannot even see the download count or status. This is due to a syntax error in the following script.
Change this (a very small change)
title="<?php echo Mage::helper('core')->quoteEscape(Mage::helper('downloadable'))->__('Start Download') ?>"
To this (the double bracket after 'downloadable' has been removed and put after 'Start Download')
title="<?php echo Mage::helper('core')->quoteEscape(Mage::helper('downloadable')->__('Start Download')) ?>"
That is it. If, you have encountered any more changes please feel free to post it below!
Schogini assures 24x7 - 6 hour turn around ticket response time and 24 hour Email response time (firstname.lastname@example.org)