In late January Magento released a pretty monolithic security patch that covered a wide range of issues, but specifically addressed a number of severe XSS ( Cross Site Scripting ) errors. As is often the cause with patching Magento, there are a few things to look out for, but one absolute howler if your website is still running on PHP5.3.
If you find that when you go to the Orders grid and view an Order the page is incomplete, it’s likely you’re running on PHP5.3 and you need to make a little tweak.
Open /app/code/core/Mage/Adminhtml/Helper/Sales.php, search for $links =  and replace that with $links = array();
Someone at Magento decided to use the PHP5.4+ only syntax for declaring an array, thereby breaking backwards compatibility, all so they could save typing a few additional characters. A poor decision on their part…
Need help with eCommerce? Based in Somerset or Wiltshire and have a Magento or WooCommerce store that you need help with? Please give Sweet-Apple a call on 01380 830224 for efficient and sensibly priced support.