Change admin routers after Installing Security Patch Supee 6788

Posted: November 02, 2015

SUPEE-6788 involves several patches that resolve a large number of security issues. According to Magento.com, the patch has the potential to break compatibility with a number of customizations and extensions. The most common issue is inaccessibility of extensions from the admin panel. We have solved the problem for you. Learn how to address the issue and get your e-commerce store up and running again.
The latest Magento Security Patch, SUPEE-6788 is now available for Magento Community Edition 1.7 and later releases.

Magento also released Magento Community Edition 1.9.2.2 and Magento Enterprise Edition 1.14.2.2 which includes SUPEE-6788.

BACKWARD COMPATIBILITY

This patch breaks backward compatibility in three ways that can affect extensions and customizations. For example, changes to admin routing can make extensions and customizations inaccessible from the admin panel if they are not using proper routing.

To help address concerns about the admin routing changes, these changes in the patch are turned off by default. This means that the patch will include the fix, but that it will be disabled when installed.

Need To Make Following Modifications In Custom modules For Making Compitible with the Magento patch SUPEE-6788

\app\code\community\[NameSpace]\[Modulename]\etc\config.xml

<admin>
    <routers>
        <modulename>
            <use>admin</use>
                <args>
                    <module>NameSpace_Modulename</module>
                    <frontName>modulename</frontName>
                </args>
        </modulename>
    </routers>
</admin>

Need to changed it to this:

<admin>
    <routers>
        <adminhtml>
            <args>
                <modules>
                    <modulename after="Mage_Adminhtml">NameSpace_Modulename_Adminhtml</modulename>
                </modules>
            </args>
        </adminhtml>
    </routers>        
</admin>

Need To Change Menu Action modulename/adminhtml_controllername/action To adminhtml/controllername/action.

<menu>
    <modulename translate="title" module="modulename">
        <title>Modulename</title>
            <sort_order>10</sort_order> 
        <children>
            <modulename translate="title" module="modulename">
                <title>Manage Item</title>
                <sort_order>10</sort_order>
                <action>modulename/adminhtml_controllername/action</action>
            </modulename>
        </children>
    </modulename>
</menu>

Need to changed it to this:

<menu>
    <modulename translate="title" module="modulename">
        <title>Modulename</title>
            <sort_order>10</sort_order> 
        <children>
            <modulename translate="title" module="modulename">
                <title>Manage Item</title>
                <sort_order>10</sort_order>
                <action>adminhtml/controllername/action</action>
            </modulename>
        </children>
    </modulename>
</menu>

Now Need to Modified your module layouts files. \app\design\adminhtml\default\default\layout\custommodule.xml

<?xml version="1.0"?>
<layout version="0.1.0">
    <modulename_adminhtml_controllername_action>
        <reference name="content">
            ...
        </reference>
    </modulename_adminhtml_controllername_action>
</layout>

Need to changed it to this:

<?xml version="1.0"?>
<layout version="0.1.0">
    <adminhtml_controllername_action>
        <reference name="content">
            ...
        </reference>
    </adminhtml_controllername_action>
</layout>

Plugin which Use Custom Block and Variables

SUPEE-6788 Custom Blocks (and Variables) Issue
Issue:

Some blocks are not shown on CMS pages, home page, category pages, landing pages in your Magento installation after installing SUPEE-6788 patch, page layout is broken.
Some transactional emails, order notification emails are broken, incomplete or have some data missing after installing SUPEE-6788 patch.

Solutions:

By default, only two blocks (core/template and catalog/product_new) are allowed for inclusion. So we need to add our extension’s custom block in blocks permission table.
Upgrade your custom module’s sql script as follow.

<?php $installer = $this; $installer->startSetup();
 
if(in_array($this->getTable('permission_block'),$installer->getConnection()->listTables())){
$installer->run("
    INSERT INTO {$this->getTable('permission_block')} (block_name,is_allowed) values ('custommodule/customblock','1');
    INSERT INTO {$this->getTable('permission_variable')} (variable_name,is_allowed) values ('custom_variable_name','1');
");
}
$installer->endSetup(); 
?>

You can manually add custom block and custom variable values which we need to use in the CMS > Pages or CMS > Static Blocks or System > Transactional Emails.
For Adding Custom block or Custom variable Go To System > Permissions > Blocks and Click On Add New block.