Critical Reminder: Download and install Magento security patches. (FTP with no SSH access)
Applying patches manually with no SSH access
You have a good point here. The patches are supplied as .sh files and there is no solution offered by Magento for FTP only websites.
I suggest one would copy his website's code to a local environment through FTP (you would probably have that already). Then apply the patch by running the .sh file.
Now you need to find out which files you need to upload again. If you would open the .sh patch file, then you will see it consist of two sections:
- Bash shell code to apply the patch. This code is general for every patch.
- The actual patch in the form of a unified patch format. This indicates only the lines in files that were changed (including some context lines). This starts below the line
__PATCHFILE_FOLLOWS__
From the second section you could read which files were/are affected by the patch. You need to upload these files again to your FTP or... you could just upload everything.
Applying manually without bash/shell
- If you can't run
.shfiles (in Windows), then you could extract the second section of the patch (the unified patch) and apply it manually with a patching tool (or for example through PHPStorm). - The website Magentary.com provides ZIP files for each Magento version containing the patched files only.
Patches in current & future releases?
The patches that are released right now apply to all versions that were already released. Of course, might Magento release a new version (major or minor). Then they will contain all security patches as Magento will also apply the patches to their development code base naturally (these patches even originate from that code base ;)).
UPDATE:
Every last patch Magento has also released new versions of Magento CE and EE already containing the specific latest patch. See the Release Archive tab on the Magento download page.
Check this sheet, maintained by JH, for which patches to install for which Magento CE and EE version: https://docs.google.com/spreadsheets/d/1MTbU9Bq130zrrsJwLIB9d8qnGfYZnkm4jBlfNaBF19M
Unfortunately, there's no 'easy' way to install these patches without shell access, but there's two ways to do it.
Install patch through PHP
- Use an FTP client to upload the specific patch to the root of your Magento folder.
- Create a PHP file called applypatch.php that will run the patch for you, and upload it to the root of your Magento folder. Make sure to use the right patch name here, if you don't use the patch for version 1.8.x-1.9.x
<?php
print("<PRE>");
passthru("/bin/bash PATCH_SUPEE-5344_CE_1.8.0.0_v1.sh");
print("</PRE>");
?>
- Visit the file at http://your.domain.com/applypatch.php, and check if the output looks as expected.
Install patch manually
The .sh file contains a 'DIFF' patch. These show what lines were removed and added. While I don't advise it, you should be able to manually download the files through FTP, and edit these files in your editor of choice, and then reupload them again through FTP. The format isn't too hard to interpret, so you can do this for all the files and shouldn't take more then a few minutes.
In My case I use bitbucket for version Maintenance and make live my changes via bitBucket only.
So What I do When I apply the patches is, apply that patch In my local system and test all things. that my website is working.
and push all chnages to bitbucket and at live site pull all changes and my patch is applied.
In case what you do if you do not have ssh access is
1) Apply patch in local and push changes to bitbucket. Bitbucket tell you which files were changed from last commit.
2) upload those file manually via FTP and your patch is applied.