Magento can’t upload images after CE 1.9.2.3 / SUPEE-7405 update

Magento can’t upload images after CE 1.9.2.3 / SUPEE-7405 update

After the recent Magento update which included patch SUPEE-7405 it appears many people have an issue uploading images through the Magento backend. As part of the SUPEE-7405 patch Magento has increased security around the upload and checking of images to prevent malicous content.

Cause

The permissions for folders/files created when uploaded are too restritive, they where 777 and now after the recent update are 750 for folders and 640 for files.

Solution

To fix this issue I had to revert change the permissions to more realistic values, 775 for folders and 644 for files. These can be changed here;

lib/Varien/File/Uploader.php

line 219, change 0640 to 0644
line 541, change 0750 to 0755

 

Share this post

Comments (6)

  • Lloyd Reply

    This still did not resolve the issue. I’m on a windows machine and wondering if there may be another solutions to fix this.

    6th February 2016 at 1:59 am
    • TheWebsiteGuy Reply

      Unfortunately I no experience with Windows hosting so wouldn’t know what to suggest.

      20th February 2016 at 11:50 pm
  • SP Reply

    I am using magento1.9.2.4 on mac os x 10.7.5 . I am having the same problem.. cant upload image to a product.

    17th March 2016 at 9:04 am
    • TheWebsiteGuy Reply

      What exactly is the issue you have as I haven’t experienced any problem with 1.9.2.4?

      18th March 2016 at 7:57 pm
  • Tom Reply

    Thanks! Your fix worked perfectly!

    My issue wasn’t the same though, I had a plugin (FME Media Appearance) which wasn’t uploading video thumbnails with the correct permissions, yet everything else in the store was uploading fine. This seemed to sort it.

    Thank you again!

    28th April 2016 at 8:37 am
  • Omar Faruque Reply

    Not working, after fresh installation of magento 1.9.2.4, backed image uploder not working… not uploade any image.

    25th December 2016 at 6:27 pm

Leave a Reply

Your email address will not be published. Required fields are marked *