Last active
September 2, 2022 16:23
-
-
Save schmengler/c42acc607901a887ef86b4daa7a0445b to your computer and use it in GitHub Desktop.
Magento SUPEE-9767 Checkout Form Key Theme Patch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| find -L app/design/frontend -regex '.*\(shipping\|billing\|shipping_method\|payment\).phtml' -exec grep -L formkey {} \; \ | |
| | xargs sed -i 's/<\/form>/<?php echo $this->getBlockHtml("formkey") ?><\/form>/g' | |
| find -L skin/frontend -name 'opcheckout.js' -exec grep -L form_key {} \; \ | |
| | xargs sed -i 's/if (elements\[i\].name=='\''payment\[method\]'\'') {/if (elements[i].name=='\''payment[method]'\'' || elements[i].name == '\''form_key'\'') {/g' |
You mentioned a very important point. setMethod() - function of opcheckout.js has to be fixed too. Otherwise the customer password is not correctly stored.
diff --git a/skin/frontend/base/default/js/opcheckout.js b/skin/frontend/base/default/js/opcheckout.js
index b18b3d2..aedc13e 100644
--- a/skin/frontend/base/default/js/opcheckout.js
+++ b/skin/frontend/base/default/js/opcheckout.js
@@ -159,11 +159,12 @@ Checkout.prototype = {
},
setMethod: function(){
+ var formKey = $('checkout-step-login').select('[name=form_key]')[0].value;
if ($('login:guest') && $('login:guest').checked) {
this.method = 'guest';
new Ajax.Request(
this.saveMethodUrl,
- {method: 'post', onFailure: this.ajaxFailure.bind(this), parameters: {method:'guest'}}
+ {method: 'post', onFailure: this.ajaxFailure.bind(this), parameters: {method:'guest', form_key:formKey}}
);
Element.hide('register-customer-password');
this.gotoSection('billing', true);
@@ -172,7 +173,7 @@ Checkout.prototype = {
this.method = 'register';
new Ajax.Request(
this.saveMethodUrl,
- {method: 'post', onFailure: this.ajaxFailure.bind(this), parameters: {method:'register'}}
+ {method: 'post', onFailure: this.ajaxFailure.bind(this), parameters: {method:'register', form_key:formKey}}
);
Element.show('register-customer-password');
this.gotoSection('billing', true);
Hi - I get the same problem as redtennis above:
getting an error after executing add-checkout-form-key.sh
sed: no input files
Any ideas?
open your custom theme payment.phtml file
app/design/frontend/custompackage/customtheme/template/checkout/onepage/payment.phtml
cut the below code from 'co-payment-form'
<?php echo $this->getBlockHtml("formkey") ?>
and paste it above 'co-payment-form' form tag like
<?php echo $this->getBlockHtml("formkey") ?>
<form id='co-payment-form'>
This thing resolved my issue.
<?php echo $this->getBlockHtml("formkey") ?> should put under <form id='co-payment-form'> , not above. Otherwise it will not work.
It should like:
<form id='co-payment-form' action="">
<?php echo $this->getBlockHtml("formkey") ?>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@fedekrum see this thread: https://community.magento.com/t5/Security-Patches/Checkout-Stuck-on-Step-4-after-SUPEE-9767-with-Formkey/m-p/68018
basically the patch updates files in app/code/core as well as app/design/frontend/base skin/frontend/base. if your theme has overridden the files updated by the patch then your theme files (not patched) will be loaded by Magento in place of the patched base files.