SUPEE-10888是Magento 1的新安全补丁，解决了12个安全问题。

https://magento.com/security/patches/supee-10888

SUPEE-10888，Magento Commerce 1.14.3.10和开放源1.9.3.10包含多项安全增强功能，可帮助关闭跨站点脚本（XSS），跨站点请求伪造（CSRF）和其他漏洞。

可以在https://magento.com/tech-resources/download#download2243找到该修补程序

应用此修补程序时，您需要注意哪些常见问题？

应用补丁后，以下文件已更改/创建

app/code/core/Mage/Admin/Model/User.php 
app/code/core/Mage/Admin/etc/config.xml 
app/code/core/Mage/Adminhtml/Block/Catalog/Product/Edit/Tab/Super/Config.php 
app/code/core/Mage/Adminhtml/Block/Widget/Grid/Massaction/Abstract.php 
app/code/core/Mage/Adminhtml/Model/LayoutUpdate/Validator.php 
app/code/core/Mage/Adminhtml/controllers/Catalog/ProductController.php 
app/code/core/Mage/Adminhtml/controllers/Permissions/UserController.php 
app/code/core/Mage/Adminhtml/etc/config.xml 
app/code/core/Mage/Checkout/Model/Api/Resource/Customer.php 
app/code/core/Mage/Checkout/Model/Type/Onepage.php 
app/code/core/Mage/Cms/Model/Wysiwyg/Images/Storage.php 
app/code/core/Mage/Core/etc/config.xml 
app/code/core/Mage/Core/etc/system.xml 
app/code/core/Mage/Customer/Helper/Data.php 
app/code/core/Mage/Customer/Model/Customer.php 
app/code/core/Mage/Customer/Model/Resource/Customer.php 
app/code/core/Mage/Customer/controllers/AccountController.php 
app/code/core/Mage/Customer/etc/config.xml app/code/core/Mage/Customer/etc/config.xml
app/code/core/Mage/Customer/sql/customer_setup/upgrade-1.6.2.0.6.1.1-1.6.2.0.6.1.2.php 
app/code/core/Mage/Paypal/Model/Express/Checkout.php 
app/code/core/Mage/XmlConnect/controllers/ReviewController.php 
app/code/core/Zend/Filter/PregReplace.php app/code/core/Zend/Filter/PregReplace.php
app/design/adminhtml/default/default/template/bundle/product/edit/bundle/option.phtml 
app/design/adminhtml/default/default/template/bundle/sales/creditmemo/create/items/renderer.phtml 
app/design/adminhtml/default/default/template/bundle/sales/creditmemo/view/items/renderer.phtml 
app/design/adminhtml/default/default/template/bundle/sales/invoice/create/items/renderer.phtml 
app/design/adminhtml/default/default/template/bundle/sales/invoice/view/items/renderer.phtml 
app/design/adminhtml/default/default/template/bundle/sales/order/view/items/renderer.phtml 
app/design/adminhtml/default/default/template/bundle/sales/shipment/create/items/renderer.phtml 
app/design/adminhtml/default/default/template/bundle/sales/shipment/view/items/renderer.phtml 
app/design/adminhtml/default/default/template/catalog/product/helper/gallery.phtml 
app/design/frontend/base/default/template/bundle/email/order/items/creditmemo/default.phtml 
app/design/frontend/base/default/template/bundle/email/order/items/invoice/default.phtml 
app/design/frontend/base/default/template/bundle/email/order/items/order/default.phtml 
app/design/frontend/base/default/template/bundle/email/order/items/shipment/default.phtml 
app/design/frontend/base/default/template/bundle/sales/order/creditmemo/items/renderer.phtml 
app/design/frontend/base/default/template/bundle/sales/order/invoice/items/renderer.phtml 
app/design/frontend/base/default/template/bundle/sales/order/items/renderer.phtml 
app/design/frontend/base/default/template/bundle/sales/order/shipment/items/renderer.phtml 
app/design/frontend/base/default/template/downloadable/checkout/multishipping/item/downloadable.phtml 
app/design/frontend/base/default/template/downloadable/email/order/items/creditmemo/downloadable.phtml 
app/design/frontend/base/default/template/downloadable/email/order/items/invoice/downloadable.phtml 
app/design/frontend/base/default/template/downloadable/email/order/items/order/downloadable.phtml 
app/design/frontend/base/default/template/downloadable/sales/order/creditmemo/items/renderer/downloadable.phtml 
app/design/frontend/base/default/template/downloadable/sales/order/invoice/items/renderer/downloadable.phtml 
app/design/frontend/default/iphone/template/downloadable/sales/order/creditmemo/items/renderer/downloadable.phtml 
app/design/frontend/default/iphone/template/downloadable/sales/order/invoice/items/renderer/downloadable.phtml 
app/design/frontend/default/iphone/template/downloadable/sales/order/items/renderer/downloadable.phtml 
app/design/frontend/rwd/default/template/bundle/email/order/items/creditmemo/default.phtml 
app/design/frontend/rwd/default/template/bundle/email/order/items/invoice/default.phtml 
app/design/frontend/rwd/default/template/bundle/email/order/items/order/default.phtml 
app/design/frontend/rwd/default/template/bundle/email/order/items/shipment/default.phtml 
app/design/frontend/rwd/default/template/bundle/sales/order/items/renderer.phtml 
app/design/frontend/rwd/default/template/downloadable/email/order/items/creditmemo/downloadable.phtml 
app/design/frontend/rwd/default/template/downloadable/email/order/items/invoice/downloadable.phtml 
app/design/frontend/rwd/default/template/downloadable/email/order/items/order/downloadable.phtml 
app/locale/en_US/Mage_Adminhtml.csv app/locale/en_US/Mage_Adminhtml.csv
app/locale/en_US/Mage_Customer.csv app/locale/en_US/Mage_Customer.csv
app/locale/en_US/template/email/account_password_reset_confirmation.html 
app/locale/en_US/template/email/admin_new_user_notification.html 
downloader/Maged/Controller.php downloader/Maged/Controller.php
skin/adminhtml/default/enterprise/images/placeholder/thumbnail.jpg 

在原始v1补丁2018-09-18中，文件名中包含：

File skin/adminhtml/default/enterprise/images/placeholder/thumbnail.jpg: git binary diffs are not supported.

Magento确实通过发布新的补丁文件来解决此问题。仍然v1但2018-09-19在文件名中。

问题的补丁PATCH_SUPEE-10888_CE_v1.9.0.1_v1-2018-09-18-02-54-39.sh香草Magento的1.8.1.0，并安装所有以前的修补程序：

can't find file to patch at input line 1019
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:
--------------------------
|diff --git app/design/frontend/rwd/default/template/bundle/sales/order/items/renderer.phtml app/design/frontend/rwd/default/template/bundle/sales/order/items/renderer.phtml
|index b1ec5eb0460..ca3e8b32474 100644
|--- app/design/frontend/rwd/default/template/bundle/sales/order/items/renderer.phtml
|+++ app/design/frontend/rwd/default/template/bundle/sales/order/items/renderer.phtml
--------------------------

实际上，该文件app/design/frontend/rwd/default/template/bundle/sales/order/items/renderer.phtml在1.8.1.0中不存在，因此我从补丁文件中删除了此更改。

我没有使用更新2018-09-19的补丁程序成功执行此操作。仅PATCH_SUPEE-10888_CE_v1.8.1.0_v1-2018-09-18-02-54-39在删除了thumbnail.jpg像我对/magento//a/242823/13642的评论中所述的更改之后，文件才成功

如果您使用的是自定义主题，并且主题覆盖以下文件中的任何一个，则需要在主题中手动添加更改

app/design/frontend/base/default/template/bundle/email/order/items/creditmemo/default.phtml 
app/design/frontend/base/default/template/bundle/email/order/items/invoice/default.phtml 
app/design/frontend/base/default/template/bundle/email/order/items/order/default.phtml 
app/design/frontend/base/default/template/bundle/email/order/items/shipment/default.phtml 
app/design/frontend/base/default/template/bundle/sales/order/creditmemo/items/renderer.phtml 
app/design/frontend/base/default/template/bundle/sales/order/invoice/items/renderer.phtml 
app/design/frontend/base/default/template/bundle/sales/order/items/renderer.phtml 
app/design/frontend/base/default/template/bundle/sales/order/shipment/items/renderer.phtml 
app/design/frontend/base/default/template/downloadable/checkout/multishipping/item/downloadable.phtml 
app/design/frontend/base/default/template/downloadable/email/order/items/creditmemo/downloadable.phtml 
app/design/frontend/base/default/template/downloadable/email/order/items/invoice/downloadable.phtml 
app/design/frontend/base/default/template/downloadable/email/order/items/order/downloadable.phtml 
app/design/frontend/base/default/template/downloadable/sales/order/creditmemo/items/renderer/downloadable.phtml 
app/design/frontend/base/default/template/downloadable/sales/order/invoice/items/renderer/downloadable.phtml 
app/design/frontend/default/iphone/template/downloadable/sales/order/creditmemo/items/renderer/downloadable.phtml 
app/design/frontend/default/iphone/template/downloadable/sales/order/invoice/items/renderer/downloadable.phtml 
app/design/frontend/default/iphone/template/downloadable/sales/order/items/renderer/downloadable.phtml 
app/design/frontend/rwd/default/template/bundle/email/order/items/creditmemo/default.phtml 
app/design/frontend/rwd/default/template/bundle/email/order/items/invoice/default.phtml 
app/design/frontend/rwd/default/template/bundle/email/order/items/order/default.phtml 
app/design/frontend/rwd/default/template/bundle/email/order/items/shipment/default.phtml 
app/design/frontend/rwd/default/template/bundle/sales/order/items/renderer.phtml 
app/design/frontend/rwd/default/template/downloadable/email/order/items/creditmemo/downloadable.phtml 
app/design/frontend/rwd/default/template/downloadable/email/order/items/invoice/downloadable.phtml 
app/design/frontend/rwd/default/template/downloadable/email/order/items/order/downloadable.phtml 

例如，如果您添加了

 app/design/frontend/base/default/template/bundle/email/order/items/creditmemo/default.phtml

在您的主题中，那么您必须手动进行更改

app/design/frontend/[YourPackge]/[YourTheme]/template/bundle/email/order/items/creditmemo/default.phtml

例如 找到这些行

$attributes['option_label']

并替换为下面

$this->escapeHtml($attributes['option_label']);

如/magento//a/243531/142中所述，您需要检查所有自定义的前端模板文件，并手动在其中包含补丁中的更改。

除此之外，您还需要检查account_password_reset_confirmation.html邮件模板。根据您的商店，在app/locale/[LANG]/template/email/所有语言的“系统”>“交易电子邮件” 下或后端中。在所有各自的模板中，您需要更改_query_id=$customer.id为_query_id=$customer.rp_customer_id。已以向后兼容的方式实现了此更改，但是如果要包括所有安全性改进，则不要错过此更改。

今天早上，我已经应用了补丁。主要文件位于Magento后端。

app/code/core/Mage/Admin/Model/User.php
app/code/core/Mage/Admin/etc/config.xml
app/code/core/Mage/Adminhtml/Block/Catalog/Product/Edit/Tab/Super/Config.php
app/code/core/Mage/Adminhtml/Block/Widget/Grid/Massaction/Abstract.php
app/code/core/Mage/Adminhtml/Model/LayoutUpdate/Validator.php
app/code/core/Mage/Adminhtml/controllers/Catalog/ProductController.php
app/code/core/Mage/Adminhtml/controllers/Permissions/UserController.php
app/code/core/Mage/Adminhtml/etc/config.xml
app/code/core/Mage/Checkout/Model/Api/Resource/Customer.php
app/code/core/Mage/Checkout/Model/Type/Onepage.php
app/code/core/Mage/Cms/Model/Wysiwyg/Images/Storage.php
app/code/core/Mage/Core/etc/config.xml
app/code/core/Mage/Core/etc/system.xml
app/code/core/Mage/Customer/Helper/Data.php
app/code/core/Mage/Customer/Model/Customer.php
app/code/core/Mage/Customer/Model/Resource/Customer.php
app/code/core/Mage/Customer/controllers/AccountController.php
app/code/core/Mage/Customer/etc/config.xml
app/code/core/Mage/Customer/sql/customer_setup/upgrade-1.6.2.0.5.1.2-1.6.2.0.5.1.3.php
app/code/core/Mage/Paypal/Model/Express/Checkout.php
app/code/core/Mage/XmlConnect/controllers/ReviewController.php
app/code/core/Zend/Filter/PregReplace.php
app/locale/en_US/Mage_Adminhtml.csv
app/locale/en_US/Mage_Customer.csv
app/locale/en_US/template/email/account_password_reset_confirmation.html
app/locale/en_US/template/email/admin_new_user_notification.html
downloader/Maged/Controller.php
skin/adminhtml/default/enterprise/images/placeholder/thumbnail.jpg

Escapehtml添加的文件

app/design/adminhtml/default/default/template/bundle/product/edit/bundle/option.phtml
app/design/adminhtml/default/default/template/bundle/sales/creditmemo/create/items/renderer.phtml
app/design/adminhtml/default/default/template/bundle/sales/creditmemo/view/items/renderer.phtml
app/design/adminhtml/default/default/template/bundle/sales/invoice/create/items/renderer.phtml
app/design/adminhtml/default/default/template/bundle/sales/invoice/view/items/renderer.phtml
app/design/adminhtml/default/default/template/bundle/sales/order/view/items/renderer.phtml
app/design/adminhtml/default/default/template/bundle/sales/shipment/create/items/renderer.phtml
app/design/adminhtml/default/default/template/bundle/sales/shipment/view/items/renderer.phtml
app/design/adminhtml/default/default/template/catalog/product/helper/gallery.phtml
app/design/frontend/base/default/template/bundle/email/order/items/creditmemo/default.phtml
app/design/frontend/base/default/template/bundle/email/order/items/invoice/default.phtml
app/design/frontend/base/default/template/bundle/email/order/items/order/default.phtml
app/design/frontend/base/default/template/bundle/email/order/items/shipment/default.phtml
app/design/frontend/base/default/template/bundle/sales/order/creditmemo/items/renderer.phtml
app/design/frontend/base/default/template/bundle/sales/order/invoice/items/renderer.phtml
app/design/frontend/base/default/template/bundle/sales/order/items/renderer.phtml
app/design/frontend/base/default/template/bundle/sales/order/shipment/items/renderer.phtml
app/design/frontend/base/default/template/downloadable/checkout/multishipping/item/downloadable.phtml
app/design/frontend/base/default/template/downloadable/email/order/items/creditmemo/downloadable.phtml
app/design/frontend/base/default/template/downloadable/email/order/items/invoice/downloadable.phtml
app/design/frontend/base/default/template/downloadable/email/order/items/order/downloadable.phtml
app/design/frontend/base/default/template/downloadable/sales/order/creditmemo/items/renderer/downloadable.phtml
app/design/frontend/base/default/template/downloadable/sales/order/invoice/items/renderer/downloadable.phtml
app/design/frontend/rwd/default/template/bundle/email/order/items/creditmemo/default.phtml
app/design/frontend/rwd/default/template/bundle/email/order/items/invoice/default.phtml
app/design/frontend/rwd/default/template/bundle/email/order/items/order/default.phtml
app/design/frontend/rwd/default/template/bundle/email/order/items/shipment/default.phtml
app/design/frontend/rwd/default/template/bundle/sales/order/items/renderer.phtml
app/design/frontend/rwd/default/template/downloadable/email/order/items/creditmemo/downloadable.phtml
app/design/frontend/rwd/default/template/downloadable/email/order/items/invoice/downloadable.phtml
app/design/frontend/rwd/default/template/downloadable/email/order/items/order/downloadable.phtml

在Magento Commerce中，添加了上述文件以外的文件：

app/code/core/Enterprise/GiftRegistry/Helper/Data.php
app/code/core/Enterprise/GiftRegistry/Model/Attribute/Processor.php
app/design/frontend/enterprise/default/template/cms/hierarchy/pagination.phtml
app/design/frontend/enterprise/iphone/template/bundle/sales/order/items/renderer.phtml
app/design/frontend/enterprise/iphone/template/downloadable/sales/order/creditmemo/items/renderer/downloadable.phtml
app/design/frontend/enterprise/iphone/template/downloadable/sales/order/invoice/items/renderer/downloadable.phtml
app/design/frontend/enterprise/iphone/template/downloadable/sales/order/items/renderer/downloadable.phtml
app/design/frontend/rwd/enterprise/template/cms/hierarchy/pagination.phtml
app/design/frontend/rwd/enterprise/template/rma/return/view.phtml

到目前为止，我还没有遇到任何问题。

在Magento EE 1.13.1.0中

补丁正在寻找错误的文件（我相信是社区文件）。

必须从补丁文件中删除这些行并应用。应用成功。

已通知Magento核心团队，但尚未收到反馈。

diff --git app/design/frontend/rwd/default/template/bundle/sales/order/items/renderer.phtml app/design/frontend/rwd/default/template/bundle/sales/order/items/renderer.phtml
index b3e997f59f3..f34c2bba6a2 100644
--- app/design/frontend/rwd/default/template/bundle/sales/order/items/renderer.phtml
+++ app/design/frontend/rwd/default/template/bundle/sales/order/items/renderer.phtml
@@ -43,7 +43,7 @@
     <?php $attributes = $this->getSelectionAttributes($_item) ?>
     <?php if ($_prevOptionId != $attributes['option_id']): ?>
     <tr class="bundle label<?php if($_item->getLastRow()): ?> last<?php endif; ?>">
-        <td><div class="option-label"><?php echo $attributes['option_label'] ?></div></td>
+        <td><div class="option-label"><?php echo $this->escapeHtml($attributes['option_label']); ?></div></td>
         <td data-rwd-label="SKU" class="lin-hide">&nbsp;</td>
         <td data-rwd-label="Price" class="lin-hide">&nbsp;</td>
         <td data-rwd-label="Qty" class="lin-hide">&nbsp;</td>

在CE 1.7.0.2上安装了所有先前补丁程序的补丁程序之后，密码重置表单不再起作用。

（PATCH_SUPEE-10888_CE_v1.7.0.2_v1-2018-09-18-03-00-22.sh）

编辑：

从9月18日（v1）还原补丁程序并从9月19日（v1）应用更新的补丁程序+缓存刷新并清除magento缓存后，不再发生此问题。

（PATCH_SUPEE-10888_CE_v1.7.0.2_v1-2018-09-19-03-01-22.sh）

谢谢罗伯的线索。

需要应用SUPEE-10752。我还应用了PHP 7.2兼容性修补程序，并在安装SUPEE-10888之前删除了Inchoo_PHP7兼容性修补程序。工作没有问题。

Magento CE 1.6.2.0

尝试在前端重置客户帐户密码时，一旦应用补丁，就会出现以下错误。

致命错误：在第1536行的app / code / core / Mage / Eav / Model / Entity / Abstract.php中的非对象上调用成员函数getBackend（）。

原来，该补丁没有运行SQL升级脚本（app / code / core / Mage / Customer / sql / customer_setup / upgrade-1.6.1.0.1.2-1.6.1.0.1.3.php），该脚本创建了一个名为rp_customer_id。

检查是否已清除Magento缓存，但更重要的是，如果启用了清漆缓存，请清除它。在禁用所有缓存并清理了清漆缓存之后，SQL脚本在数据库中创建了新属性。

在补丁中为1.14.2.0至1.14.2.4找到了一些错字

在文件中app/design/frontend/enterprise/iphone/template/downloadable/sales/order/creditmemo/items/renderer/downloadable.phtml，它错误地进行了以下更改：

<dt><?php echo $this->escspeHtml($this->getLinksTitle()); ?></dt>

代替

<dt><?php echo $this->escapeHtml($this->getLinksTitle()); ?></dt>

这是差异供参考：

diff --git app/design/frontend/enterprise/iphone/template/downloadable/sales/order/creditmemo/items/renderer/downloadable.phtml app/design/frontend/enterprise/iphone/template/downloadable/sales/order/creditmemo/items/renderer/downloadable.phtml index 6ed3cd9bfd4..f8b1573605a 100644 --- app/design/frontend/enterprise/iphone/template/downloadable/sales/order/creditmemo/items/renderer/downloadable.phtml +++ app/design/frontend/enterprise/iphone/template/downloadable/sales/order/creditmemo/items/renderer/downloadable.phtml @@ -55,7 +55,7 @@ <!-- downloadable --> <?php if ($links = $this->getLinks()): ?> <dl class="item-options"> - <dt><?php echo $this->getLinksTitle() ?></dt> + <dt><?php echo $this->escspeHtml($this->getLinksTitle()); ?></dt> <?php foreach ($links->getPurchasedItems() as $link): ?> <dd><?php echo $this->escapeHtml($link->getLinkTitle()); ?></dd> <?php endforeach; ?>

里面应该有一个错字/app/code/core/Mage/Core/etc/system.xml，但它没有中断，因为用法在这里也拼错了<crate_admin_user_notification translate="label comment"><create_admin_user_notification translate="label comment">if(Mage::getStoreConfigFlag('admin/security/crate_admin_user_notification')

目前在Magento CE 1.9.1.0上失败。

patching file app/code/core/Mage/Adminhtml/Model/LayoutUpdate/Validator.php
Hunk #2 FAILED at 57.

目视检查源文件，确认不存在相关代码。

patching file app/code/core/Mage/Customer/controllers/AccountController.php
Hunk #3 FAILED at 845.

...

can't find file to patch at input line 600
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:
--------------------------
|diff --git app/code/core/Zend/Filter/PregReplace.php app/code/core/Zend/Filter/PregReplace.php

如所示，没有这样的文件。

patching file app/design/adminhtml/default/default/template/bundle/product/edit/bundle/option.phtml
Hunk #1 FAILED at 209.

只是针对EE用户的FYI，因为此补丁需要SUPEE-10752，所以您可能会遇到一些会话被随机丢弃或结帐重定向到主页而不是成功页面的情况。

我们按照此顺序应用以下补丁的通常过程：

1. SUPEE-10570v2（PATCH_SUPEE-10570_EE_v1.14.2.4_v2-2018-03-22-10-57-00.sh）
2. SUPEE-10752（PATCH_SUPEE-10752_EE_v1.14.2.4_v1-2018-06-25-09-53-38.sh）
3. SUPEE-10888（PATCH_SUPEE-10888_EE_v1.14.2.4_v1-2018-09-19-03-07-06.sh）

但是，针对EE 的补丁SUPEE-10752包含以下更改：app / code / core / Mage / Core / Model / Session / Abstract / Varien.php

+    const VALIDATOR_PASSWORD_CREATE_TIMESTAMP   = 'password_create_timestamp';


+    /**
+     * Use password creation timestamp in validator key
+     *
+     * @return bool
+     */
+    public function useValidateSessionPasswordTimestamp()
+    {
+        return true;
+    }


+        if ($this->useValidateSessionPasswordTimestamp()
+            && isset($validatorData[self::VALIDATOR_PASSWORD_CREATE_TIMESTAMP])
+            && isset($sessionData[self::VALIDATOR_SESSION_EXPIRE_TIMESTAMP])
+            && $validatorData[self::VALIDATOR_PASSWORD_CREATE_TIMESTAMP]
+            > $sessionData[self::VALIDATOR_SESSION_EXPIRE_TIMESTAMP] - $this->getCookie()->getLifetime()
+        ) {
+            return false;
+        }

我不得不在最后一部分申请invalid_session_fix-2018-03-14-05-10-19.patch低于它在发现https://magento.com/tech-resources/download下SUPEE-10570 > invalid_session_fix.patch （0 MB）

diff --git a/app/code/core/Mage/Core/Model/Session/Abstract/Varien.php b/app/code/core/Mage/Core/Model/Session/Abstract/Varien.php
index 59b3ea8..35155f1 100644
--- a/app/code/core/Mage/Core/Model/Session/Abstract/Varien.php
+++ b/app/code/core/Mage/Core/Model/Session/Abstract/Varien.php
@@ -485,7 +485,7 @@ class Mage_Core_Model_Session_Abstract_Varien extends Varien_Object
             && isset($validatorData[self::VALIDATOR_PASSWORD_CREATE_TIMESTAMP])
             && isset($sessionData[self::VALIDATOR_SESSION_EXPIRE_TIMESTAMP])
             && $validatorData[self::VALIDATOR_PASSWORD_CREATE_TIMESTAMP]
-            > $sessionData[self::VALIDATOR_SESSION_EXPIRE_TIMESTAMP] - $this->getCookie()->getLifetime()
+            > $sessionData[self::VALIDATOR_SESSION_EXPIRE_TIMESTAMP]
         ) {
             return false;
         }

我已经看到许多客户遇到问题，他们打电话给我们，他们无法登录和查看其帐户。

电子邮件和密码正确-没有登录错误消息，页面仅重新加载到主页或登录页面，他们似乎无法进入自己的帐户！这是在应用补丁10888之后发生的，我们确实应用了10752。

挖后，我在表中找到customer_entity，并引发了对我来说，受影响的客户有一个时间戳created_date后的updated_date。我认为不应该这样吗？

因此，为了进行测试，我将created_date更改为update_date之前，甚至更改了一分钟。对于某些用户而言，这本身就帮助他们重新获得了帐户。对于其他用户，我还必须使用查询通过SQL更新密码：

update customer_entity_varchar set value = md5('123456') 
   where where entity_id = 105 /*enter customer's entity_id found in customer_entity */
   and attribute_id in 
      (select attribute_id from eav_attribute where attribute_code = 'password_hash' 
        and entity_type_id = 1);

我还没有完全研究SUPEE 10888对客户核心文件所做的更改，但是该补丁肯定存在问题。

此外，我似乎无法像通常那样通过管理面板更新客户密码，保存时页面会导致错误。

使用1.9.2.4

我正在使用Magento 1.9.3.7。操作系统是Ubuntu的。PHP版本是7.0。

尝试应用路径SUPPER-10888时遇到以下错误。

Checking if a patch can be applied/reverted successfully...

错误：无法成功应用/还原补丁。

检查文件app / code / core / Mage / Admin / Model / User.php Hunk＃2成功完成676（偏移-20行）。检查文件app / code / core / Mage / Admin / etc / config.xml检查文件app / code / core / Mage / Adminhtml / Block / Catalog / Product / Edit / Tab / Super / Config.php检查文件app / code / core / Mage / Adminhtml / Block / Widget / Grid / Massaction / Abstract.php检查文件app / code / core / Mage / Adminhtml / Model / LayoutUpdate / Validator.php Hunk＃2 FAILED at57。Hunk＃3成功在80（偏移-12行）。Hunk＃4的Fuzz 2（偏移-12行）以115分成功。Hunk＃5的Fuzz 1（偏移-21行）以139成功。Hunk＃6成功获得161条（偏移-21行）。6个大块中的1个失败检查文件app / code / core / Mage / Adminhtml / controllers / Catalog / ProductController.php大块＃1成功达到1020（偏移-11行）。检查文件app / code / core / Mage / Adminhtml / controllers / Permissions / UserController.php检查文件app / code / core / Mage / Adminhtml / etc / config.xml检查文件app / code / core / Mage / Checkout / Model / Api / Resource / Customer.php Hunk＃1以绒毛1（偏移-1行）获得了151的成功。检查文件app / code / core / Mage / Checkout / Model / Type / Onepage.php Hunk＃1在731上成功获得模糊1（偏移-3行）。检查文件app / code / core / Mage / Cms / Model / Wysiwyg / Images / Storage.php检查文件app / code / core / Mage / Core / etc / config.xml检查文件app / code / core / Mage / Core / etc / system.xml检查文件app / code / core / Mage / Customer / Helper / Data.php检查文件app / code / core / Mage / Customer / Model / Customer.php检查文件app / code / core / Mage / Customer /Model/Resource/Customer.php Hunk＃1成功达到332（-1行偏移）。检查文件app / code / core / Mage / Customer / controllers / AccountController.php Hunk＃1在755成功（偏移-1行）。Hunk＃2在810（偏移-1行）处成功。Hunk＃3在871失败。Hunk＃4在883（偏移-2行）成功。4个大块中的1个失败检查文件app / code / core / Mage / Customer / etc / config.xml大块＃1失败，28岁。1个大块中的1个失败检查文件app / code / core / Mage / Customer / sql / customer_setup / upgrade-1.6.2.0.5.1.2-1.6.2.0.5.1.3.php检查文件app / code / core / Mage / Paypal / Model / Express / Checkout.php检查文件app / code / core / Mage / XmlConnect / controllers / ReviewController.php在输入行600上找不到要修补的文件也许您使用了错误的-p或--strip选项？Hunk＃4成功获得883（偏置-2行）。4个大块中的1个失败检查文件app / code / core / Mage / Customer / etc / config.xml大块＃1失败，28岁。1个大块中的1个失败检查文件app / code / core / Mage / Customer / sql / customer_setup / upgrade-1.6.2.0.5.1.2-1.6.2.0.5.1.3.php检查文件app / code / core / Mage / Paypal / Model / Express / Checkout.php检查文件app / code / core / Mage / XmlConnect / controllers / ReviewController.php在输入行600上找不到要修补的文件也许您使用了错误的-p或--strip选项？Hunk＃4成功获得883（偏置-2行）。4个大块中的1个失败检查文件app / code / core / Mage / Customer / etc / config.xml大块＃1失败，28岁。1个大块中的1个失败检查文件app / code / core / Mage / Customer / sql / customer_setup / upgrade-1.6.2.0.5.1.2-1.6.2.0.5.1.3.php检查文件app / code / core / Mage / Paypal / Model / Express / Checkout.php检查文件app / code / core / Mage / XmlConnect / controllers / ReviewController.php在输入行600上找不到要修补的文件也许您使用了错误的-p或--strip选项？

导致此的文本是：

| diff --git app / code / core / Zend / Filter / PregReplace.php app / code / core / Zend / Filter / PregReplace.php | index 586c0fe20a0..d6fa2dac0ec 100644 | --- app / code / core / Zend / Filter / PregReplace.php

| +++ app / code / core / Zend / Filter / PregReplace.php

要修补的文件：跳过此修补程序？[y]正在跳过补丁。2个大块中的2个忽略了检查文件app / design / adminhtml / default / default / template / bundle / product / edit / bundle / option.phtml大块＃1失败209.1个大块中的1个失败检查文件app / design / adminhtml / default / default / template / bundle / sales / creditmemo / create / items / renderer.phtml检查文件app / design / adminhtml / default / default / default / template / bundle / sales / creditmemo / view / items / renderer.phtml检查文件app / design / adminhtml / default / default / template / bundle / sales / invoice / create / items / renderer.phtml检查文件app / design / adminhtml / default / default / template / bundle / sales / invoice / view / items / renderer .phtml检查文件app / design / adminhtml / default / default / template / bundle / sales / order / view / items / renderer。

知道缺少什么吗？