List (and command that generated it) of places that form key validation has been added in 1.13.1

form_key_checks.txt

Controllers that have added form key validation:
 
$ git grep --files-with-matches "this->_validateFormKey())" <core_sources_update_commit_hash>
<core_sources_update_commit_hash>:app/code/core/Enterprise/Checkout/controllers/CartController.php
<core_sources_update_commit_hash>:app/code/core/Enterprise/GiftRegistry/controllers/IndexController.php
<core_sources_update_commit_hash>:app/code/core/Enterprise/GiftRegistry/controllers/ViewController.php
<core_sources_update_commit_hash>:app/code/core/Enterprise/Reward/controllers/CustomerController.php
<core_sources_update_commit_hash>:app/code/core/Enterprise/Wishlist/controllers/SearchController.php
<core_sources_update_commit_hash>:app/code/core/Mage/Catalog/controllers/Product/CompareController.php
<core_sources_update_commit_hash>:app/code/core/Mage/Checkout/controllers/CartController.php
<core_sources_update_commit_hash>:app/code/core/Mage/Checkout/controllers/MultishippingController.php
<core_sources_update_commit_hash>:app/code/core/Mage/Checkout/controllers/OnepageController.php
<core_sources_update_commit_hash>:app/code/core/Mage/Customer/controllers/AccountController.php
<core_sources_update_commit_hash>:app/code/core/Mage/Customer/controllers/AddressController.php
<core_sources_update_commit_hash>:app/code/core/Mage/Oauth/controllers/Adminhtml/Oauth/ConsumerController.php
<core_sources_update_commit_hash>:app/code/core/Mage/Review/controllers/ProductController.php
<core_sources_update_commit_hash>:app/code/core/Mage/Sendfriend/controllers/ProductController.php
<core_sources_update_commit_hash>:app/code/core/Mage/Wishlist/Controller/Abstract.php
<core_sources_update_commit_hash>:app/code/core/Mage/Wishlist/controllers/IndexController.php
<core_sources_update_commit_hash>:downloader/Maged/Controller.php
 
Templates that have added form keys:
 
$ git grep --files-with-matches "getBlockHtml('formkey');" <core_sources_update_commit_hash>
<core_sources_update_commit_hash>:app/design/frontend/base/default/template/checkout/cart.phtml
<core_sources_update_commit_hash>:app/design/frontend/base/default/template/checkout/multishipping/overview.phtml
<core_sources_update_commit_hash>:app/design/frontend/base/default/template/checkout/onepage/login.phtml
<core_sources_update_commit_hash>:app/design/frontend/base/default/template/customer/form/login.phtml
<core_sources_update_commit_hash>:app/design/frontend/base/default/template/persistent/checkout/onepage/login.phtml
<core_sources_update_commit_hash>:app/design/frontend/base/default/template/persistent/customer/form/login.phtml
<core_sources_update_commit_hash>:app/design/frontend/base/default/template/review/form.phtml
<core_sources_update_commit_hash>:app/design/frontend/base/default/template/sales/reorder/sidebar.phtml
<core_sources_update_commit_hash>:app/design/frontend/base/default/template/wishlist/view.phtml
<core_sources_update_commit_hash>:app/design/frontend/enterprise/default/template/checkout/cart.phtml
<core_sources_update_commit_hash>:app/design/frontend/enterprise/default/template/checkout/multishipping/overview.phtml
<core_sources_update_commit_hash>:app/design/frontend/enterprise/default/template/checkout/onepage/login.phtml
<core_sources_update_commit_hash>:app/design/frontend/enterprise/default/template/checkout/widget/sku.phtml
<core_sources_update_commit_hash>:app/design/frontend/enterprise/default/template/customer/form/login.phtml
<core_sources_update_commit_hash>:app/design/frontend/enterprise/default/template/persistent/checkout/onepage/login.phtml
<core_sources_update_commit_hash>:app/design/frontend/enterprise/default/template/persistent/customer/form/login.phtml
<core_sources_update_commit_hash>:app/design/frontend/enterprise/default/template/review/form.phtml
<core_sources_update_commit_hash>:app/design/frontend/enterprise/iphone/template/wishlist/view.phtml