Static blocks not working - Magento 1.9.2.2

in #magento8 years ago

The problem

Click here if you want to go directly to the solution.

After updating Magento to version 1.9.2.2, or installing security patch SUPEE-6788 on an older version, lots of people are noticing that their static block shortcodes are no longer working. On my homepage, for example, I'm including a CMS Static Block as follows:

{{block type="cms/block" block_id="slide_home"}}


After the upgrade, this block was no longer displaying. In fact, this shortcode caused a PHP error to show up in my log files:

Notice: Undefined variable: block  in /app/code/core/Mage/Core/Model/Email/Template/Filt<wbr />er.php on line 187


Furthermore, it soon became clear that error is not limited to shortcodes for CMS Static Blocks, but that in fact all my custom blocks, including those in 3rd party extensions, failed to display.

The cause


Upon investigating the issue, I quickly found out that this it not a bug, but a security feature added in security patch SUPEE-6788. When reading the technical details the author clearly states that blocks will have to be added to a white list if they are to be displayed:

Magento now includes a white list of allowed blocks or directives. If a module or extension uses variables like {{config path=”web/unsecure/base_url”}} and {{block type=rss/order_new}} in CMS pages or emails, and the directives are not on this list, you will need to add them with your database installation script. Extensions or custom code that handles content (like blog extensions) might be affected. - See more at: http://magento.com/security/patches/supee-6788-technical-details#sthash.oywSvFeq.dpuf
Checking the above PHP error, it becomes clear that it's caused by the requested block type (in my case cms/block) not being added to the white list. The responsible code in Filter.php looks as follows: 

if (isset($blockParameters['type'])) {
    if ($this->_permissionBlock->isTypeAllowed($blockParameters['type'])) {
        $type = $blockParameters['type'];
        $block = $layout->createBlock($type, null, $blockParameters);
    }
} elseif (isset($blockParameters['id'])) {
    $block = $layout->createBlock('cms/block');
    if ($block) {
        $block->setBlockId($blockParameters['id']);
    }
}


Simply put, this little piece of PHP checks if your block type is added to the white list, which is stored in the MySQL table permission_block.

The solution


Clearly, all that remains is adding the block type you wish to display to Magento's white list. Luckily, this is very easy and can be done through the Magento backend interface. Simply navigate to

System => Permissions => Blocks


And add the block type you wish to display. For a visual of my situation, see the screenshots below.

Navigate to System => Permissions => BlocksNavigate to System => Permissions> Blocks

Click on Add new Block, fill in the block type and set Allowed to Yes Click on Add new Block, fill in the block type and set Allowed to Yes

Which block type should I add to the white list?


Some people find it hard to find out which block id to add to the white list. If you added the block with a shortcode, simply add the block type. In this shortcode

<code>{{block type="cms/block" block_id="slide_home"}}</code>


the type to add would be 'cms/block'. If you can't figure out which block type to use, you can temporarily edit the Magento core to find out the type of the block. Open the file

/app/code/core/Mage/Core/Model/Email/Template/Filter.php


in your favorite editor and navigate to line 175. There you can update the code

if (isset($blockParameters['type'])) {
    if ($this->_permissionBlock->isTypeAllowed($blockParameters['type'])) {
        $type = $blockParameters['type'];
        $block = $layout->createBlock($type, null, $blockParameters);
    }
} elseif (isset($blockParameters['id'])) {
    $block = $layout->createBlock('cms/block');
    if ($block) {
        $block->setBlockId($blockParameters['id']);
    }
}


to print the block type if it's not whitelisted.

if (isset($blockParameters['type'])) {
    if ($this->_permissionBlock->isTypeAllowed($blockParameters['type'])) {
        $type = $blockParameters['type'];
        $block = $layout->createBlock($type, null, $blockParameters);
    } else {
        var_dump($blockParameters['type']);
        die;
    }
} elseif (isset($blockParameters['id'])) {
    $block = $layout->createBlock('cms/block');
    if ($block) {
        $block->setBlockId($blockParameters['id']);
    }
}


Please note that this breaks your site, and should only be used temporarily to find out the type of the missing block. A more subtle solution would be to send an email with the missing block type.

if (isset($blockParameters['type'])) {
    if ($this->_permissionBlock->isTypeAllowed($blockParameters['type'])) {
        $type = $blockParameters['type'];
        $block = $layout->createBlock($type, null, $blockParameters);
    } else {
        mail('[email protected]', 'Disallowed block for ' . Mage::getBaseUrl(), $blockParameters['type'] . "\n" . print_r($_SERVER, true));
    }
} elseif (isset($blockParameters['id'])) {
    $block = $layout->createBlock('cms/block');
    if ($block) {
        $block->setBlockId($blockParameters['id']);
    }
}
#static #blocks
8 years ago in #magento by
$0.00
    4 votes
    Reply 2
    Sort:  
  • Trending
    • [-]
     8 years ago 

    Congratulations @svosse! You have completed some achievement on Steemit and have been rewarded with new badge(s) :

    You made your First Vote

    Click on any badge to view your own Board of Honor on SteemitBoard.
    For more information about SteemitBoard, click here

    If you no longer want to receive notifications, reply to this comment with the word STOP

    By upvoting this notification, you can help all Steemit users. Learn how here!

    $0.12
    • Past Payouts $0.12
    • - Author $0.09
    • - Curators $0.03
    2 votes
    Reply

    Coin Marketplace

    STEEM 0.12
    TRX 0.34
    JST 0.033
    BTC 113425.50
    ETH 4172.67
    SBD 0.88