Magento Shoplift mass update script

Discussion in 'Tips/Tricks/Mods' started by Xenocide, Apr 22, 2015.

  1. Xenocide

    Xenocide Member

    Hi Guys,

    Not sure if this is the best place to post this but i've made a script to update all the magento installations on your ISPConfig3 Server. It's a bit basic but it works. Feel free to modify as you see fit.

    Unzip the attached file to /root/ & mark the files as executable
    tar zxvf magento_shoplift.tar.gz . && find . -type f -name *.sh -exec chmod +x {} \;
    First off get a list of the vulnerable sites. I've done this as a manual step so you can sanity check it first & makes debugging easier.
    find /var/www/ -wholename '*/app/code/core/Mage/Core/Controller/Request/Http.php' | xargs grep -L _internallyForwarded > /root/magento_shoplift/paths.txt
    Then cd to /var/www/ so the paths match and run the script.
    The script basically does:
    Goes through the list of files and finds out the version of magento installed. It then selects the relevant patch and applies it then chown's the files back to what it should be.

    If you're feeling adventurous there's a line at the bottom of the script which will clear the magento cache directories for you afterwards. But i feel a bit uneasy about that so if you want to do that, go for it. Uncomment it :).

  2. Xenocide

    Xenocide Member

    Last edited: Apr 22, 2015

Share This Page