This problem arose after upgrading to Magento 220.127.116.11. which is a patch release that patches a number of security flaws in Magento. After installation of the patch some parts of the front-end template stayed blank. Review of the exception.log file shows a number of exceptions that seem to occur from the template filter classes of Magento.
The error is:
exception 'Exception' with message 'Notice: Undefined variable: block in /data/web/public/app/code/core/Mage/Core/Model/Email/Template/Filter.php on line 187' in /data/web/public/app/code/core/Mage/Core/functions.php:245
Skip the details and Scroll to the solution…
Cause of the problem
It is due to the fact that a permission system has been introduces that withholds various template filters from running. Since 18.104.22.168 a so called permission block is added to the filter class ‘Mage_Core_Model_Email_Template_Filter’ which is the class responsible for replacing templates:
If the type is not allowed, the $block variable is not created and an exception is written to the log files.
Magento refers to this patch as:
APPSEC-1057, template processing method allows access to private information.
The permission system normally only allows a reduced number of variables en block types:
web/unsecure/base_url web/secure/base_url trans_email/ident_support/name trans_email/ident_support/email trans_email/ident_general/name trans_email/ident_general/email trans_email/ident_sales/name trans_email/ident_sales/email trans_email/ident_custom1/name trans_email/ident_custom1/email trans_email/ident_custom2/name trans_email/ident_custom2/email general/store_information/name general/store_information/phone general/store_information/address
core/template catalog/product_new enterprise_catalogevent/event_lister (in Magento Enterprise Edition)
The resolution is to add the required template variables and blocks to the permission tables ‘permission_variable’ and ‘permission_block’.
Log-in to your Magento back-end and navigate to System > Permissions > Blocks . Add a new entry and enter the block name (e.g.: mymodule/myblock). Choose Allow and click save.
You could add an SQL insert statement to the upgrade script of your module as well to automate this process when your plugin is updated.
More information about Magento patch SUPEE-6788.