-
-
Save schmengler/c42acc607901a887ef86b4daa7a0445b to your computer and use it in GitHub Desktop.
find -L app/design/frontend -regex '.*\(shipping\|billing\|shipping_method\|payment\).phtml' -exec grep -L formkey {} \; \ | |
| xargs sed -i 's/<\/form>/<?php echo $this->getBlockHtml("formkey") ?><\/form>/g' | |
find -L skin/frontend -name 'opcheckout.js' -exec grep -L form_key {} \; \ | |
| xargs sed -i 's/if (elements\[i\].name=='\''payment\[method\]'\'') {/if (elements[i].name=='\''payment[method]'\'' || elements[i].name == '\''form_key'\'') {/g' |
Hi Fabian,
Thanks for sharing the script!
It worked perfectly on Linux, but not on OSX. To fix this, I have updated the script to be POSIX compliant. You can find the updated version here: https://gist.github.com/aadmathijssen/fa5f30b7e5a59a57fff3f78d1404e3a1
Aad
Sorry I am a novice to this, this script looks like it will solve what I need. How could I execute this script ?
- Make a backup of your magento directory
- Save the script to your local magento directory
- chmod +x scriptname.sh
- ./scriptname.sh
I just ran these commands in ssh and it worked! Thank you, shmengler =^___^=
Morning guys, in the file opcheckout.js is reccomend changing saveMethod to:
setMethod: function(){ var formKey = $('checkout-step-login').select('[name=form_key]')[0].value; if ($('login:guest') && $('login:guest').checked) { this.method = 'guest'; new Ajax.Request( this.saveMethodUrl, {method: 'post', onFailure: this.ajaxFailure.bind(this), parameters: {method:'guest', form_key:formKey}} ); Element.hide('register-customer-password'); this.gotoSection('billing', true); } else if($('login:register') && ($('login:register').checked || $('login:register').type == 'hidden')) { this.method = 'register'; new Ajax.Request( this.saveMethodUrl, {method: 'post', onFailure: this.ajaxFailure.bind(this), parameters: {method:'register', form_key:formKey}} ); Element.show('register-customer-password'); this.gotoSection('billing', true); } else{ alert(Translator.translate('Please choose to register or to checkout as a guest').stripTags()); return false; } document.body.fire('login:setMethod', {method : this.method}); },
getting an error after executing add-checkout-form-key.sh
sed: no input files
I also tried executing the commands seperately, and got the following permission denied error
sudo find -L app/design/frontend -regex '.*(shipping|billing|shipping_method|payment).phtml' -exec grep -L formkey {} ; \
| xargs sed -i 's/</form>/getBlockHtml("formkey") ?></form>/g'
sed: couldn't open temporary file app/design/frontend/base/default/template/checkout/onepage/progress/sedY701n3: Permission denied
could you please help resolve this error?
Thank you!
@schmengler - you did great job
@schmengler , can you explain at the top for what this patch is or what does it fix and in what conditions must be installed?
Excellent!
@fedekrum see this thread: https://community.magento.com/t5/Security-Patches/Checkout-Stuck-on-Step-4-after-SUPEE-9767-with-Formkey/m-p/68018
basically the patch updates files in app/code/core as well as app/design/frontend/base skin/frontend/base. if your theme has overridden the files updated by the patch then your theme files (not patched) will be loaded by Magento in place of the patched base files.
You mentioned a very important point. setMethod() - function of opcheckout.js has to be fixed too. Otherwise the customer password is not correctly stored.
diff --git a/skin/frontend/base/default/js/opcheckout.js b/skin/frontend/base/default/js/opcheckout.js
index b18b3d2..aedc13e 100644
--- a/skin/frontend/base/default/js/opcheckout.js
+++ b/skin/frontend/base/default/js/opcheckout.js
@@ -159,11 +159,12 @@ Checkout.prototype = {
},
setMethod: function(){
+ var formKey = $('checkout-step-login').select('[name=form_key]')[0].value;
if ($('login:guest') && $('login:guest').checked) {
this.method = 'guest';
new Ajax.Request(
this.saveMethodUrl,
- {method: 'post', onFailure: this.ajaxFailure.bind(this), parameters: {method:'guest'}}
+ {method: 'post', onFailure: this.ajaxFailure.bind(this), parameters: {method:'guest', form_key:formKey}}
);
Element.hide('register-customer-password');
this.gotoSection('billing', true);
@@ -172,7 +173,7 @@ Checkout.prototype = {
this.method = 'register';
new Ajax.Request(
this.saveMethodUrl,
- {method: 'post', onFailure: this.ajaxFailure.bind(this), parameters: {method:'register'}}
+ {method: 'post', onFailure: this.ajaxFailure.bind(this), parameters: {method:'register', form_key:formKey}}
);
Element.show('register-customer-password');
this.gotoSection('billing', true);
Hi - I get the same problem as redtennis above:
getting an error after executing add-checkout-form-key.sh
sed: no input files
Any ideas?
open your custom theme payment.phtml file
app/design/frontend/custompackage/customtheme/template/checkout/onepage/payment.phtml
cut the below code from 'co-payment-form'
<?php echo $this->getBlockHtml("formkey") ?>
and paste it above 'co-payment-form' form tag like
<?php echo $this->getBlockHtml("formkey") ?>
<form id='co-payment-form'>
This thing resolved my issue.
<?php echo $this->getBlockHtml("formkey") ?>
should put under <form id='co-payment-form'>
, not above. Otherwise it will not work.
It should like:
<form id='co-payment-form' action="">
<?php echo $this->getBlockHtml("formkey") ?>
First site I tried this on decided to rename billing.phtml to billing-default.phtml. Probably not a sane choice, but just wanted to leave a note here as people may run into issues like this.