«
»

Magento SUPEE-6285 Patch and WebShopApps

Posted by: Josh Friday, July 10th, 2015

Magento have released a important security patch called SUPEE-6285. We recommend you apply this patch right away which is available directly from Magento.

We’ve analyzed the impact of this patch against our extensions and some will require updates in order to work correctly when accessing their admin menus. There’s absolutely no impact to their functionality on the front end or around rating.

What Should You Do Next?

If you’re using any of the below extensions, you will need to either contact us for the latest version or apply the fix yourself. The process is outlined below for each extension.

MatrixRate

You should download the latest version and install it on your site.

CSV Based Extensions

(ProductMatrix, Premium MatrixRate, Shipping Override, Handling Fees Matrix)

Some users are reporting issues exporting CSV files after patching their site. This particularly affects Magento CE1.7/EE1.12 users.

Find this file on your servers file system: app/code/community/Webshopapps/Wsacommon/controllers/System/ConfigController.php

Add this function to the bottom of the file before the last bracket:

protected function _isAllowed()
{
    return true;
}

Dimensional Shipping

Find this file on your servers file system: app/code/community/Webshopapps/Boxmenu/controllers/Adminhtml/BoxmenuController.php

Add this function to the bottom of the file before the last bracket:

protected function _isAllowed()
{
    return Mage::getSingleton('admin/session')->isAllowed('catalog/boxmenu');
}

DropShip/Ship Manager

Find this file on your servers file system: app/code/community/Webshopapps/Dropcommon/controllers/Adminhtml/DropshipController.php

Add this function to the bottom of the file before the last bracket:

protected function _isAllowed()
{
    return Mage::getSingleton('admin/session')->isAllowed('dropcommon');
}

Find this file on your servers file system: app/code/community/Webshopapps/Dropcommon/controllers/Adminhtml/ShipmethodsController.php

Add this function to the bottom of the file before the last bracket:

protected function _isAllowed()
{
    return Mage::getSingleton('admin/session')->isAllowed('dropcommon');
}

Shipping Insurance

Find this file on your servers file system: app/code/community/Webshopapps/Insurance/controllers/Adminhtml/InsuranceController.php

Add this function to the bottom of the file before the last bracket:

protected function _isAllowed()
{
    return Mage::getSingleton('admin/session')->isAllowed('catalog/insurance');
}

Store Pickup

Find this file on your servers file system: app/code/community/Webshopapps/Wsastorepickup/controllers/Adminhtml/WsastorepickupController.php

Add this function to the bottom of the file before the last bracket:

protected function _isAllowed()
{
    return Mage::getSingleton('admin/session')
                                 ->isAllowed('catalog/webshopapps/locations');
}

Shipping Calendar

Find this file on your servers file system: app/code/community/Webshopapps/Timegrid/controllers/Adminhtml/TimegridController.php

Add this function to the bottom of the file before the last bracket:

protected function _isAllowed()
{
    return Mage::getSingleton('admin/session')->isAllowed('catalog/timegrid');
}

Logger

WebShopApps Logger currently uses the permissions of “Notifications” which can be found under “System->Notification” in the Roles Resources tab of user permissions in Magento.

The latest version moves WebShopApps logger into its own permissions area. If you’d like the latest version, please contact us and we can send it over to you as part of your extension update.

This entry was posted on Friday, July 10th, 2015 at 5:01 pm and is filed under Shipping in Magento. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

7 Responses to “Magento SUPEE-6285 Patch and WebShopApps”

  1. Jon says:
    July 10, 2015 at 8:27 pm

    Thank you for making this information available so quickly. We depend on your applications to make our site easy to use by our customers. Protecting our customers is paramount and this information allows us to move forward while keeping our site patched.

  2. Nancy says:
    July 10, 2015 at 10:13 pm

    Thanks, Karen, for getting these changes out so fast and effectively. Just got the patch installed on Tuesday. You’re our first vendor to proactively provide these changes. Had to get them from another vendor via bug report 🙂

  3. B. Moore says:
    July 10, 2015 at 10:29 pm

    Which solution do we use if we have Product Matrix and Shipping Override running on Magento EE ver. 1.13.0.2?

  4. Clare Hamilton says:
    July 13, 2015 at 9:35 am

    Hi,

    Do you have instructions for the extension Premium Rate Module please?

    Many thanks,

  5. Josh says:
    July 13, 2015 at 9:41 am

    Hi, You will just need the patch to Common.

  6. Josh says:
    July 13, 2015 at 9:42 am

    Hi, you just need to apply the fix described in under CSV Based Extensions. It only affects the CSV export on that extension.

  7. Brian says:
    August 6, 2015 at 10:30 pm

    I’ve followed your instructions for fixing Product Matrix, since patching Magento 1.14.2.0 resulted in the csv export no longer working. However, adding the _isAllowed function to the shipping controller doesn’t appear to have corrected the problem.

    Is there a different methodology for fixing Product Matrix for Magento EE 1.14.2.0, or is the only option to buy the latest version of Product Matrix?

Leave a Reply