Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Magento SUPEE-9767 Checkout Form Key Theme Patch
find -L app/design/frontend -regex '.*\(shipping\|billing\|shipping_method\|payment\).phtml' -exec grep -L formkey {} \; \
| xargs sed -i 's/<\/form>/<?php echo $this->getBlockHtml("formkey") ?><\/form>/g'
find -L skin/frontend -name 'opcheckout.js' -exec grep -L form_key {} \; \
| xargs sed -i 's/if (elements\[i\].name=='\''payment\[method\]'\'') {/if (elements[i].name=='\''payment[method]'\'' || elements[i].name == '\''form_key'\'') {/g'
@mpchadwick

This comment has been minimized.

Copy link

mpchadwick commented Jun 1, 2017

First site I tried this on decided to rename billing.phtml to billing-default.phtml. Probably not a sane choice, but just wanted to leave a note here as people may run into issues like this.

@aadmathijssen

This comment has been minimized.

Copy link

aadmathijssen commented Jun 1, 2017

Hi Fabian,

Thanks for sharing the script!

It worked perfectly on Linux, but not on OSX. To fix this, I have updated the script to be POSIX compliant. You can find the updated version here: https://gist.github.com/aadmathijssen/fa5f30b7e5a59a57fff3f78d1404e3a1

Aad

@vishy93

This comment has been minimized.

Copy link

vishy93 commented Jun 1, 2017

Sorry I am a novice to this, this script looks like it will solve what I need. How could I execute this script ?

@djinnsour

This comment has been minimized.

Copy link

djinnsour commented Jun 1, 2017

  1. Make a backup of your magento directory
  2. Save the script to your local magento directory
  3. chmod +x scriptname.sh
  4. ./scriptname.sh
@neko-in-space

This comment has been minimized.

Copy link

neko-in-space commented Jun 1, 2017

I just ran these commands in ssh and it worked! Thank you, shmengler =^___^=

@vishy93

This comment has been minimized.

Copy link

vishy93 commented Jun 2, 2017

Morning guys, in the file opcheckout.js is reccomend changing saveMethod to:
setMethod: function(){ var formKey = $('checkout-step-login').select('[name=form_key]')[0].value; if ($('login:guest') && $('login:guest').checked) { this.method = 'guest'; new Ajax.Request( this.saveMethodUrl, {method: 'post', onFailure: this.ajaxFailure.bind(this), parameters: {method:'guest', form_key:formKey}} ); Element.hide('register-customer-password'); this.gotoSection('billing', true); } else if($('login:register') && ($('login:register').checked || $('login:register').type == 'hidden')) { this.method = 'register'; new Ajax.Request( this.saveMethodUrl, {method: 'post', onFailure: this.ajaxFailure.bind(this), parameters: {method:'register', form_key:formKey}} ); Element.show('register-customer-password'); this.gotoSection('billing', true); } else{ alert(Translator.translate('Please choose to register or to checkout as a guest').stripTags()); return false; } document.body.fire('login:setMethod', {method : this.method}); },

@redtennis

This comment has been minimized.

Copy link

redtennis commented Jun 2, 2017

getting an error after executing add-checkout-form-key.sh

sed: no input files

I also tried executing the commands seperately, and got the following permission denied error

sudo find -L app/design/frontend -regex '.*(shipping|billing|shipping_method|payment).phtml' -exec grep -L formkey {} ; \

| xargs sed -i 's/</form>/getBlockHtml("formkey") ?></form>/g'

sed: couldn't open temporary file app/design/frontend/base/default/template/checkout/onepage/progress/sedY701n3: Permission denied

could you please help resolve this error?
Thank you!

@giappv

This comment has been minimized.

Copy link

giappv commented Jun 3, 2017

@schmengler - you did great job

@fedekrum

This comment has been minimized.

Copy link

fedekrum commented Jun 5, 2017

@schmengler , can you explain at the top for what this patch is or what does it fix and in what conditions must be installed?

@twosg

This comment has been minimized.

Copy link

twosg commented Jun 7, 2017

Excellent!

@nshiff

This comment has been minimized.

Copy link

nshiff commented Jun 12, 2017

@fedekrum see this thread: https://community.magento.com/t5/Security-Patches/Checkout-Stuck-on-Step-4-after-SUPEE-9767-with-Formkey/m-p/68018

basically the patch updates files in app/code/core as well as app/design/frontend/base skin/frontend/base. if your theme has overridden the files updated by the patch then your theme files (not patched) will be loaded by Magento in place of the patched base files.

@borriglione

This comment has been minimized.

Copy link

borriglione commented Jun 15, 2017

@vishy93

You mentioned a very important point. setMethod() - function of opcheckout.js has to be fixed too. Otherwise the customer password is not correctly stored.

diff --git a/skin/frontend/base/default/js/opcheckout.js b/skin/frontend/base/default/js/opcheckout.js
index b18b3d2..aedc13e 100644
--- a/skin/frontend/base/default/js/opcheckout.js
+++ b/skin/frontend/base/default/js/opcheckout.js
@@ -159,11 +159,12 @@ Checkout.prototype = {
    },

    setMethod: function(){
+        var formKey = $('checkout-step-login').select('[name=form_key]')[0].value;
        if ($('login:guest') && $('login:guest').checked) {
            this.method = 'guest';
            new Ajax.Request(
                this.saveMethodUrl,
-                {method: 'post', onFailure: this.ajaxFailure.bind(this), parameters: {method:'guest'}}
+                {method: 'post', onFailure: this.ajaxFailure.bind(this), parameters: {method:'guest', form_key:formKey}}
            );
            Element.hide('register-customer-password');
            this.gotoSection('billing', true);
@@ -172,7 +173,7 @@ Checkout.prototype = {
            this.method = 'register';
            new Ajax.Request(
                this.saveMethodUrl,
-                {method: 'post', onFailure: this.ajaxFailure.bind(this), parameters: {method:'register'}}
+                {method: 'post', onFailure: this.ajaxFailure.bind(this), parameters: {method:'register', form_key:formKey}}
            );
            Element.show('register-customer-password');
            this.gotoSection('billing', true);
@skinnybloke

This comment has been minimized.

Copy link

skinnybloke commented Jun 28, 2017

Hi - I get the same problem as redtennis above:

getting an error after executing add-checkout-form-key.sh
sed: no input files

Any ideas?

@umeshtandel

This comment has been minimized.

Copy link

umeshtandel commented Jul 13, 2017

open your custom theme payment.phtml file
app/design/frontend/custompackage/customtheme/template/checkout/onepage/payment.phtml

cut the below code from 'co-payment-form'
<?php echo $this->getBlockHtml("formkey") ?>

and paste it above 'co-payment-form' form tag like

<?php echo $this->getBlockHtml("formkey") ?>
<form id='co-payment-form'>

This thing resolved my issue.

@diegoliliang

This comment has been minimized.

Copy link

diegoliliang commented Feb 6, 2018

@umeshtandel

<?php echo $this->getBlockHtml("formkey") ?> should put under <form id='co-payment-form'> , not above. Otherwise it will not work.

It should like:

<form id='co-payment-form' action="">
<?php echo $this->getBlockHtml("formkey") ?>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.