As you already know, on 20th January 2016 Magento released security patch SUPEE-7405. The patch is mandatory for every Magento installation, and it is recommended to install the patch as soon as possible. The patch also addresses multiple security issues in Magento and contains changes to more than 50 core files which are important functional updates.

However installing this patch also means that Magento users can face some possible problems, today we will discuss about one of them – it is image uploading bug which resulted from incorrect file permission for newly uploaded images.

Basically, the latest Magento security patch SUPEE-7405 affects file permissions on images uploaded from the Magento admin dashboard. Before applying the patch, uploaded files via admin panel such as product images, cms pages etc. used 0777 permissions and the patch changes these permissions to 0640 and 0750 which make them inaccessible for all users.

For easier demonstration, you can check the changes in this file: lib/Varien/File/Uploader.php

diff --git lib/Varien/File/Uploader.php lib/Varien/File/Uploader.php
- chmod($destinationFile, 0777);
+ chmod($destinationFile, 0640);
- if (!(@is_dir($destinationFolder) || @mkdir($destinationFolder, 0777, true))){
+ if (!(@is_dir($destinationFolder) || @mkdir($destinationFolder, 0750, true))){

See more:

View more threads in the same category: