Fix Magento 1.9.2.2 ‘Notice: Undefined variable: block in …/Template/Filter.php line 187’

This problem arose after upgrading to Magento 1.9.2.2. which is a patch release that patches a number of security flaws in Magento. After installation of the patch some parts of the front-end template stayed blank. Review of the exception.log file shows a number of exceptions that seem to occur from the template filter classes of Magento.

The error is:

exception 'Exception' with message 'Notice: Undefined variable: block  in /data/web/public/app/code/core/Mage/Core/Model/Email/Template/Filter.php on line 187' in /data/web/public/app/code/core/Mage/Core/functions.php:245

Skip the details and Scroll to the solution…

Cause of the problem

It is due to the fact that a permission system has been introduces that withholds various template filters from running. Since 1.9.2.2 a so called permission block is added to the filter class ‘Mage_Core_Model_Email_Template_Filter’ which is the class responsible for replacing templates:

$this->_permissionBlock->isTypeAllowed($blockParameters['type'])

[](http://tomlankhorst.nl/wp-content/uploads/2015/10/Screen-Shot-2015-10-29-at-10.55.01.png)

app/code/core/Mage/Core/Model/Email/Template/Filter.php:176 Permissions are checked using _permissionBlock

If the type is not allowed, the $block variable is not created and an exception is written to the log files.

Magento APPSEC-1057

Magento refers to this patch as:

APPSEC-1057, template processing method allows access to private information.

The permission system normally only allows a reduced number of variables en block types:

Variables:

web/unsecure/base_url 
web/secure/base_url 
trans_email/ident_support/name 
trans_email/ident_support/email 
trans_email/ident_general/name 
trans_email/ident_general/email 
trans_email/ident_sales/name 
trans_email/ident_sales/email 
trans_email/ident_custom1/name 
trans_email/ident_custom1/email 
trans_email/ident_custom2/name 
trans_email/ident_custom2/email 
general/store_information/name 
general/store_information/phone 
general/store_information/address

Block-types:

core/template 
catalog/product_new 
enterprise_catalogevent/event_lister (in Magento Enterprise Edition)

Resolution

The resolution is to add the required template variables and blocks to the permission tables ‘permission_variable’ and ‘permission_block’.

Log-in to your Magento back-end and navigate to System > Permissions > Blocks . Add a new entry and enter the block name (e.g.: mymodule/myblock). Choose Allow and click save.

You could add an SQL insert statement to the upgrade script of your module as well to automate this process when your plugin is updated.

More information about Magento patch SUPEE-6788.