Magento Supee-8788 Supee-1533 Conflict Fixed
Oct 13, 2016 · 2 minute readCategory: magento
TL;DR Run the script at the bottom.
The Issue
If you’ve previously applied the SUPEE-1533 patch to your Magento site, then when you try to apply the SUPEE-8788 patch you’ll see the following error:
checking file app/code/core/Mage/Adminhtml/controllers/DashboardController.php
Hunk #1 FAILED at 91.
1 out of 1 hunk FAILED
This is caused by the fact that the SUPEE-8788 patch seems to have been taken against an un-patched version of Magento. This can be seen from the following:
The SUPEE-8788 patch contains:
@@ -91,7 +91,7 @@ class Mage_Adminhtml_DashboardController extends Mage_Adminhtml_Controller_Actio
if ($gaData && $gaHash) {
$newHash = Mage::helper('adminhtml/dashboard_data')->getChartDataHash($gaData);
- if ($newHash == $gaHash) {
+ if (hash_equals($newHash, $gaHash)) {
if ($params = unserialize(base64_decode(urldecode($gaData)))) {
$response = $httpClient->setUri(Mage_Adminhtml_Block_Dashboard_Graph::API_URL)
->setParameterGet($params)
The important line here is:
if ($params = unserialize(base64_decode(urldecode($gaData)))) {
Which is supposed to match up with:
if ($gaData && $gaHash) {
$newHash = Mage::helper('adminhtml/dashboard_data')->getChartDataHash($gaData);
if ($newHash == $gaHash) {
$params = json_decode(base64_decode(urldecode($gaData)), true);
if ($params) {
$response = $httpClient->setUri(Mage_Adminhtml_Block_Dashboard_Graph::API_URL)
->setParameterGet($params)
The important lines here are:
$params = json_decode(base64_decode(urldecode($gaData)), true);
if ($params) {
Now they don’t match because of the change made in SUPEE-1533:
if ($gaData && $gaHash) {
$newHash = Mage::helper('adminhtml/dashboard_data')->getChartDataHash($gaData);
if ($newHash == $gaHash) {
- if ($params = unserialize(base64_decode(urldecode($gaData)))) {
+ $params = json_decode(base64_decode(urldecode($gaData)), true);
+ if ($params) {
$response = $httpClient->setUri(Mage_Adminhtml_Block_Dashboard_Graph::API_URL)
->setParameterGet($params)
The Fix
In order to apply SUPEE-8788 we need to temporarily revert the changes made to
DashboardController.php by SUPEE-1533. We can then apply the patch and restore
the SUPEE-1533 changes.
[NOTE: It’s really important you restore the SUPEE-1533 changes as the use of json_encode here protects against the Shoplift Bug]
To install the patch copy the following script into a .sh file in the root of your Magento install (along with the SUPEE-8788 patch) and run the script.
#!/usr/bin/env bash
dashboard_controller='app/code/core/Mage/Adminhtml/controllers/DashboardController.php';
# Remove 'if ($params) {'
sed -i '96d' $dashboard_controller;
# Replace json_encode line with serialize line
json_encode_line='$params = json_decode(base64_decode(urldecode($gaData)), true);';
serialize_line='if ($params = unserialize(base64_decode(urldecode($gaData)))) {';
sed -i -e "s/$json_encode_line/$serialize_line/" $dashboard_controller;
# This now puts the code in the state expected by the patch
# Apply SUPEE-8788 patch
sh PATCH_SUPEE-8788_CE_1.8.1.0_v1-2016-10-11-06-54-44.sh
# Add back 'if ($params) {'
sed -i '96i\ if ($params) {' $dashboard_controller;
# Add back json_encode line
serialize_line='if ($params = unserialize(base64_decode(urldecode($gaData)))) {';
json_encode_line='$params = json_decode(base64_decode(urldecode($gaData)), true);';
sed -i -e "s/$serialize_line/$json_encode_line/" $dashboard_controller;