A recent Magento Community security upgrade introduced 'formkey validation' strengthening, particularly on the checkout. On several sites I've upgraded the checkout subsequently stopped working. Here's a little aide memoire of how I've fixed these sites.
When performing this particular Magento upgrade (in these cases from 1.9.3 to 220.127.116.11) it is neccessary to check that your custom theme files contain the necessary formkey code. You add the code to your template files with the following php call:
<?php echo $this->getBlockHtml('formkey') ?>
These are the files that need changing. They are found under /design/frontend/package/theme/template/checkout/ and /design/frontend/package/theme/template/persistent/checkout/onepage/.
Fixing Checkout Errors
If the checkout fails, inspect the Ajax request to ensure that the formkey is there in the form data. In Chrome you can do this using the inspector and then clicking on the Ajax call and then on the particular method call. In the instance below, the savePayment method.
If the form_key is not present in the Form Data tab (as was the case in my experience), recheck that every .phtml file in your custom theme has the correct formkey code. There is some useful information here about possible causes and fixes.
Then check to see if there is opcheckout.js in the skin folder of your theme /skinfrontend/theme/ or the default theme /skin/frontend/default/default/js/. If so, remove or replace with the version found in /skin/frontend/base/default/js. You may need to do file compare to check that there are no custom methods in the file you are removing or replacing.
In my experience it was having opcheckout.js in the /skin/frontend/default/default/js/ folders that was the cause of the checkout failing after upgrading to Magento CE 18.104.22.168.
If you want us to upgrade your Magento CE, please get in touch on 0116 279 3822.