Magento ver. 220.127.116.11
We recently had a client contact us to let us know their product reviews weren’t working after the Magento security patches were applied. There were actually two issues at hand here. For one, the product review form was not working when customers were submitting reviews. As nothing would come through on the backend. And two, the Magento Product Review Follow-up Emails extension by TRM Marketing stopped sending out emails. In this article, we will be discussing the issue with the extension not working.
After looking at the Magento Admin Panel => Reports => Follow-up Review Email Queue we found that the email queue had not been processed since the latest SUPEE-6788 security patch was applied. The scheduled “Send Time” column was showing dates that had already come and gone along with having an email status of “Queued” instead of “Sent”. This was an indication the module was not working properly.
SUPEE-6788 Issues with Extension
There are two known issues with the SUPEE-6788 security patch that could cause conflicts with this particular extension. The first issue is the requirement for variables and blocks to be registered in a whitelist in order to be used in transactional emails. The second, and main issue, is because of a rule applied to the .htaccess file denying access to cron.php. This rule causes cron jobs to stop working which is the reason why the extension’s emails were no longer being sent out. These two issues will need to be addressed in order to fix the extension.
Variables and Blocks to be Whitelisted
First check the extension’s transactional email for custom blocks/variables and then add them to the whitelist. Go to Magento Admin Panel => System => Transactional Emails and look for a template named “Reviewemail”. Click on the template to review the code in the edit email template screen. Look for variables that begin with web/unsecure/base_url, web/secure/base_url, trans_email/ident, and general/store. And blocks such as core/template and catalog/product_new.
For this extension, we did not find any blocks to be whitelisted but we did find two variables (trans_email/ident_support/email and general/store_information/phone). These two variables will need to be added to the whitelist now required with the SUPEE-6788 security patch. To whitelist, go to the Magento Admin Panel => System => Permissions => Variables and add these two variables with a status of “Allowed”.
Update Cron Jobs Command
Second, the cron jobs command will need to be updated to work with the new rule applied with the security patch. In our case, it appears cron jobs stopped working the same day security patch SUPEE-6788 was installed. The cron jobs command was setup to call cron.php via HTTP, which is now forbidden by default. We were able to fix the issue by changing the cron job command to something like this:
* * * * * php /path/to/magento/cron.php -mdefault
* * * * * php /path/to/magento/cron.php -malways
Originally, the command was:
* * * * * wget http://example.com/cron.php
In our case, and required by our client’s web host we went with the command:
* * * * * php -q /path/to/magento/cron.php -mdefault
With those two changes now in place, the email extension should be working properly. And you should begin to see the status of the emails change from “Queued” to “Sent” under Magento Admin Panel => Reports => Follow-up Review Email Queue. For questions, please contact email@example.com.