Open in app

Sign in

Write

Sign in

Static or Custom Blocks are not Working — Magento 1.9.2.2

Dennis Walters
3 min readNov 19, 2015

--

You must be here because of your static block or custom block shortcodes are not working. It must happen after updating either any Magento version to version 1.9.2.2 or installing patch SUPEE-6788. Lot of Magento website owners are facing this problems and we have also seen this most common question asked in Magento stackexchange and Magento community.

So here for example on the homepage, I include CMS Static Block as follows:

{{block type=”cms/block” block_id=”blog”}}

After upgrading this, blog block was no longer displaying in home page. Moreover, this shortcode also shows a PHP error in my log files:

Notice: Undefined variable: block in /app/code/core/Mage/Core/Model/Email/Template/Filter.php on line 187

I checked if it’s only for this block or for all my custom blocks and I realised all static blocks are not working and not displaying in front end.

So, I did Googled and gone through various answers and investigated this issue. This is actually not a bug but a new security patch SUPEE-6788. And it was already mentioned in technical details that blocks which you want to display should be added to whitelist.

Magento now includes a white list of allowed blocks or directives. If a module or extension uses variables like {{config path=”web/unsecure/base_url”}} and {{block type=rss/order_new}} in CMS pages or emails, and the directives are not on this list, you will need to add them with your database installation script. Extensions or custom code that handles content (like blog extensions) might be affected. — See more at: http://magento.com/security/patches/supee-6788-technical-details#sthash.oywSvFeq.dpuf

After reading this it clears my mind that this PHP error is coming because I have not added this block in whitelist.

The responsible code in Filter.php will be like this:

if (isset($blockParameters[‘type’])) { if ($this->_permissionBlock->isTypeAllowed($blockParameters[‘type’])) { $type = $blockParameters[‘type’]; $block = $layout->createBlock($type, null, $blockParameters); } } elseif (isset($blockParameters[‘id’])) { $block = $layout->createBlock(‘cms/block’); if ($block) { $block->setBlockId($blockParameters[‘id’]); } }

Just this PHP checks if your block type is added to the white list, which is stored in the MySQL table permission_block.

Now to resolve this go to System => Permissions => Blocks

And Click on Add new Block, fill in the block type and set Allowed to Yes

If you are facing difficulty in finding out which block id to add, simply add the block type which you have added the block with a shortcode. In this shortcode

{{block type=”cms/block” block_id=”blog”}}

Select “Is Allowed” as “Yes”

Now, your static block is whitelisted in Magento and can be used to display on frontend.

For 3rdparty extension or custom blocks, insert your custom block name in “Block Name” field. E.g. for brandlogo slider, add brandlogo/brandlogo

Select “Is Allowed” as “Yes”

Now, your custom module block is whitelisted in Magento and can be used to display on frontend.

The type to add would be ‘cms/block’. If you are not able to figure out which block type to use, you can temporarily edit the Magento core to find out the type of the block. Open the file

/app/code/core/Mage/Core/Model/Email/Template/Filter.php

Navigate to line 175 and here you can update this code

if (isset($blockParameters[‘type’])) { if ($this->_permissionBlock->isTypeAllowed($blockParameters[‘type’])) { $type = $blockParameters[‘type’]; $block = $layout->createBlock($type, null, $blockParameters); } } elseif (isset($blockParameters[‘id’])) { $block = $layout->createBlock(‘cms/block’); if ($block) { $block->setBlockId($blockParameters[‘id’]); } }

to print the block type if it’s not whitelisted.

if (isset($blockParameters[‘type’])) { if ($this->_permissionBlock->isTypeAllowed($blockParameters[‘type’])) { $type = $blockParameters[‘type’]; $block = $layout->createBlock($type, null, $blockParameters); } else { var_dump($blockParameters[‘type’]); die; } } elseif (isset($blockParameters[‘id’])) { $block = $layout->createBlock(‘cms/block’); if ($block) { $block->setBlockId($blockParameters[‘id’]); } } Make sure that this breaks your site, therefore it should be temporarily used to figure out missing block type. Ideally, you should send a mail including missing block type.

if (isset($blockParameters[‘type’])) { if ($this->_permissionBlock->isTypeAllowed($blockParameters[‘type’])) { $type = $blockParameters[‘type’]; $block = $layout->createBlock($type, null, $blockParameters); } else { mail(‘email@domain.com’, ‘Disallowed block for ‘ . Mage::getBaseUrl(), $blockParameters[‘type’] . “\n” . print_r($_SERVER, true)); } } elseif (isset($blockParameters[‘id’])) { $block = $layout->createBlock(‘cms/block’); if ($block) { $block->setBlockId($blockParameters[‘id’]); } }

Originally published at www.mconnectmedia.com on November 19, 2015.

Magento
Magento2

--

--

Dennis Walters
Dennis Walters

Written by Dennis Walters

98 Followers
120 Following

eCommerce Executive at mconnectmedia.com

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams