Form Key Validation Error
https://magento.stackexchange.com/questions/254918
-
07-02-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianFrage
So I have fixed my form key validation issues but my admin is still showing an error message.
Important: Formkey validation on checkout disabled. This may expose security risks. We strongly recommend to Enable Form Key Validation On Checkout in Admin / Security Section, for protect your own checkout process.
Does anyone know how i can get rid of this error? What file is this text on?
Lösung
You need to set "Yes" for Enable Form Key Validation On Checkout atAdmin / Security.
If you set Yes above error will gone!.
Important! Enabling this option means that your custom templates used in checkout process contain form_key output. Otherwise checkout may not work.
Update I
If you need to hide message without enabling Yes. You need to create a small module. In this module we will override system.xml and create a new source model.
Idea is if we set Enable Form Key Validation On Checkout to No message will display. You don't want to set it to Yes, So we need a third option.
Create following files:
app/etc/modules/Mago_Pawan.xml
<?xml version="1.0"?>
<config>
<modules>
<Mago_Pawan>
<active>true</active>
<codePool>local</codePool>
<depends>
<Mage_Catalog />
</depends>
</Mago_Pawan>
</modules>
</config>
app/code/local/Mago/Pawan/etc/config.xml
<?xml version="1.0"?>
<config>
<modules>
<Mago_Pawan>
<version>0.0.1</version>
</Mago_Pawan>
</modules>
<global>
<models>
<pawan>
<class>Mago_Pawan_Model</class>
</pawan>
</models>
</global>
</config>
app/code/local/Mago/Pawan/etc/system.xml
<?xml version="1.0"?>
<config>
<sections>
<admin>
<groups>
<security>
<fields>
<validate_formkey_checkout translate="label">
<label>Enable Form Key Validation On Checkout$$$$@@@</label>
<frontend_type>select</frontend_type>
<source_model>pawan/system_config_source_yesno</source_model>
<sort_order>4</sort_order>
<comment><![CDATA[<strong style="color:red">Important!</strong> Enabling this option means
that your custom templates used in checkout process contain form_key output.
Otherwise checkout may not work.]]></comment>
<show_in_default>1</show_in_default>
</validate_formkey_checkout>
</fields>
</security>
</groups>
</admin>
</sections>
</config>
app/code/local/Mago/Pawan/Model/System/Config/Source/Yesno.php
<?php
class Mago_Pawan_Model_System_Config_Source_Yesno
{
/**
* Options getter
*
* @return array
*/
public function toOptionArray()
{
return array(
array('value' => 2, 'label'=>Mage::helper('adminhtml')->__('I will manage')),
array('value' => 1, 'label'=>Mage::helper('adminhtml')->__('Yes')),
array('value' => 0, 'label'=>Mage::helper('adminhtml')->__('No')),
);
}
/**
* Get options in "key-value" format
*
* @return array
*/
public function toArray()
{
return array(
0 => Mage::helper('adminhtml')->__('No'),
1 => Mage::helper('adminhtml')->__('Yes'),
2 => Mage::helper('adminhtml')->__('I will manage'),
);
}
}
Note: After successful create/install module, you will see a third option. Just select this and it will work!
Update II
If you want comment/hide message without module you can check below file:
app/design/adminhtml/default/default/template/notification/formkey.phtml
<?php if ($this->canShow()): ?>
<div class="notification-global notification-global-warning">
<strong style="color:red">Important: </strong>
<span>Formkey validation on checkout disabled. This may expose security risks.
We strongly recommend to Enable Form Key Validation On Checkout in
<a href="<?php echo $this->getSecurityAdminUrl(); ?>">Admin / Security Section</a>,
for protect your own checkout process. </span>
</div>
<?php endif; ?>
You can comment/hide entire code, above file is responsible for showing only this form_key message so it will not harm any other functionality.
If you look block class for above phtml, there is a function
public function canShow()
{
return !Mage::getStoreConfigFlag('admin/security/validate_formkey_checkout');
}
It is checking value of system config and based on value showing message in admin.
