Magento Patch SUPEE-10266
There is a new Magento security patch called SUPEE-10266 out. It addresses some very important tasks so it is a very important security patch, which should be installed as fast as possible. I show you all you need to know about it and if it is safe to install it on your live shop.
Magento Patch SUPEE-10266
There were some recent security patches for Magento that had some major issues and was fixed by another patch. Magento patch 10266 is a very straight forward one, which is in comparison quite small. It does not add additional functionality nor it deletes functionality (like flash in a previous patch). All tested installs on different Magento 1 versions worked without problems. The shop is online, and basic functionality like user login, cart and checkout worked as expected.
Details
A detailed view on patch changes show us some usual suspicious files like:
- core/Mage/Admin/Model/Session.php
it loggs out a user if it comes from admin - core/Mage/Adminhtml/Controller/Action.php
forces some form key validations - core/Mage/Checkout/controllers/CartConroller.php
additional check for customerId from session - core/Zend/Serializer/Adapter/PhpCode.php
added serialization for php code
also it adds additional validation for form fields.
Conclusion
It is safe to install Magento patch SUPEE-10266 on your live shop. If you have a deployment and/or a development system it is a good idea to check if it runs without errors. Currently there is nothing to complain, so it looks as if it is another easy to use security patch for Magento 1.
What are your experiences with this patch? Do you had problems with it?
