leicester web designer blog

Magento upgrade formkey validation

A recent Magento Community security upgrade introduced 'formkey valiation' strengthening, particularly on the checkout. On several sites I've upgraded the checkout subsequently stopped working. Here's a little aid memoire of how I've fixed these sites.

 When performing this particular Magento upgrade (in these cases from 1.9.3 to 1.9.3.6) it is neccessary to check that your custom theme files contain the necessary formkey code. You add the code to your template files with the following php call:

<?php echo $this->getBlockHtml('formkey') ?>

These are the files that need changing. They are found under /design/frontend/package/theme/template/checkout/ and /design/frontend/package/theme/template/persistent/checkout/onepage/.

Some people have found that in payment.phtml it is necessary to ensure that the 'formkey' sits outside of the <fieldset> due to some custom javascript stripping the formkey out. So, the code in payment.phtml looks like this:

magento formkey code

Fixing Checkout Errors

If the checkout fails, inspect the Ajax request to ensure that the formkey is there in the form data. In Chrome you can do this using the inspector and then clicking on the Ajax call and then on the particular method call. In the instance below, the savePayment method.

magento formkey data

 

If the form_key is not present in the Form Data tab (as was the case in my experience), recheck that every .phtml file in your custom theme has the correct formkey code. There is some useful information here about possible causes and fixes.

Then check to see if there is opcheckout.js in the skin folder of your theme /skinfrontend/theme/ or the default theme /skin/frontend/default/default/js/. If so, remove or replace with the version found in /skin/frontend/base/default/js. You may need to do file compare to check that there are no custom methods in the file you are removing or replacing.

In my experience it was having opcheckout.js in the /skin/frontend/default/default/js/ folders that was the cause of the checkout failing after upgrading to Magento CE 1.9.3.6.

If you want us to upgrade your Magento CE, please get in touch on 0116 279 3822.

Satisfied Clients

Fresh Web Services Ltd:
LCB Depot, 31 Rutland Street, Leicester. LE1 1RE
Phone: +44 (0)116 279 3822
Company No: 04716234
52.634568, -1.127919
Use of this website constitutes acceptance of the
Fresh Web Services Terms and Privacy Policy including cookie-use
Find us on Google+
Find us on Facebook
Follow us on Twitter
Fresh Web Services is rated 5 stars on Google based on 5 reviews
Top