Fix Magento 1.9.2.2 ‘Notice: Undefined variable: block in …/Template/Filter.php line 187’

This problem arose after upgrading to Magento 1.9.2.2. which is a patch release that patches a number of security flaws in Magento. After installation of the patch some parts of the front-end template stayed blank. Review of the exception.log file shows a number of exceptions that seem to occur from the template filter classes of Magento.

The error is:

Skip the details and Scroll to the solution

Cause of the problem

It is due to the fact that a permission system has been introduces that withholds various template filters from running. Since 1.9.2.2 a so called permission block is added to the filter class ‘Mage_Core_Model_Email_Template_Filter’ which is the class responsible for replacing templates:

Permissions are checked using _permissionBlock
app/code/core/Mage/Core/Model/Email/Template/Filter.php:176 Permissions are checked using _permissionBlock

If the type is not allowed, the $block variable is not created and an exception is written to the log files.

Magento APPSEC-1057

Magento refers to this patch as:

APPSEC-1057, template processing method allows access to private information.

The permission system normally only allows a reduced number of variables en block types:

Variables:

Block-types:

Resolution

The resolution is to add the required template variables and blocks to the permission tables ‘permission_variable’ and ‘permission_block’.

Log-in to your Magento back-end and navigate to System > Permissions > Blocks . Add a new entry and enter the block name (e.g.: mymodule/myblock). Choose Allow and click save.

You could add an SQL insert statement to the upgrade script of your module as well to automate this process when your plugin is updated.

More information about Magento patch SUPEE-6788.