SUPEE-9767 Magento CE 1.9.3.3 Onestep Checkout not working with Form Key Validation On Checkout enabled [duplicate]
https://magento.stackexchange.com/questions/176984
-
09-10-2020 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
After upgrading to Magento CE 1.9.3.3, when I enable Form Key Validation on Checkout as recommended by SUPEE-9767 onestep checkout stops working.
After selecting a payment method, when I click Continue Payment the one step process does not continue. I do not see any server response or logged error messages.
When I disable Form Key Validation on Checkout, the checkout process functions as expected.
This is a default Magento installation with no extended theme.
Update1
This seems to be associated with SUPEE-9767 Patch/CE 1.9.3.3 - One Page Checkout - Customer Registration issue where the ajax savepayment method call is returning null even though template files are patched and formkeys are present,
I could not replicate this on a clean 1933 install.
Update2
Here is the cause of my problem
<input name="form_key" type="hidden" value="SLLU234jmligBYb9" disabled="" autocomplete="off">
CSS is adding the disabled selector to the form_key. This means the form_key value is not submitted to the one step checkout controller causing the controller to return null. To test this, remove the disabled selector in your browser inspector.
This problem was caused by Paypal Plus which dynamically replaces the contents of fieldset at the onestep checkout payment method. See my answer below.
Solution
My problem was caused by dynamic code (paypal plus) in the one page checkout process overwriting the fieldset element in the one step method form html - deleting or disabling (with css) the hidden form_key element.
The fix is to ensure the formkey element is not being affected by dynamic code or css. Moving the formkey code outside of the fieldset may help
<form action="" id="co-payment-form">
<?php echo $this->getBlockHtml('formkey') ?>
<fieldset>
<?php echo $this->getChildHtml('methods') ?>
</fieldset>
</form>
You can easily confirm if the form_key is being detected and sent to the one page controller by inspecting the ajax network requests in your browser as you move through the checkout methods, each method should include the form key in the ajax form data, if the form key is not there but had been patched in the Magento source code then check for external code affecting the form key element, i.e. css or dynamic client side changes.
OTHER TIPS
https://gist.github.com/schmengler/c42acc607901a887ef86b4daa7a0445b
apply this patch after 9767 as you applied security patch and this patch add form keys in all required PHTML file
In my case I had applied SUPE-9767 but our custom checkout was missing the formkey code as above, i.e. <?php echo $this->getBlockHtml('formkey') ?>. I was still getting the error when I hit the checkout, but then I cleared the compiled classes:
server:~$ cd /path/to/magento/public/shell
server:/path/to/magento/public/shell$ php compiler.php disable
server:/path/to/magento/public/shell$ php compiler.php clear
server:/path/to/magento/public/shell$ php compiler.php compile
server:/path/to/magento/public/shell$ php compiler.php enable
And also cleared the cache for good measure:
server:/path/to/magento/public/shell$ cd ..
server:/path/to/magento/public/$ rm -r var/cache/*
Problem solved.
Add in all of your custom checkout templates in forms next line
<?php echo $this->getBlockHtml('formkey') ?>
If you're using EE, you might need to check if your custom theme has also overridden the following file:
app/design/frontend/rwd/enterprise/template/giftcardaccount/onepage/payment/scripts.phtml
var quoteBaseGrandTotal = <?php echo (float)$this->_getQuote()->getBaseGrandTotal(); ?>;
var isGiftCardApplied = <?php if($this->isFullyPaidAfterApplication()): ?>true<?php else: ?>false<?php endif; ?>;
var epsilon = 0.0001;
function enablePaymentMethods(free) {
Payment.prototype.init = function () {
var elements = Form.getElements(this.form);
var methodName = '';
for (var i=0; i < elements.length; i++) {
if (elements[i].name == 'payment[method]'
|| elements[i].name == 'payment[use_customer_balance]'
|| elements[i].name == 'payment[use_reward_points]'
// Make sure the next line exists in your theme
|| elements[i].name == 'form_key'
) {
methodName = elements[i].value;
Having the same issue, but I had to edit the core files to fix it!
I'm getting this error:
[02-Jun-2017 14:25:32 UTC] PHP Fatal error: Call to undefined method Mage_Checkout_OnepageController::isFormkeyValidationOnCheckoutEnabled() in /chroot/he/Checkout/controllers/OnepageController.php on line 353
[02-Jun-2017 14:37:07 UTC] PHP Fatal error: Call to undefined method Mage_Checkout_OnepageController::isFormkeyValidationOnCheckoutEnabled() in /chroot/he/Checkout/controllers/OnepageController.php on line 353
[02-Jun-2017 14:41:48 UTC] PHP Fatal error: Call to undefined method Mage_Checkout_OnepageController::isFormkeyValidationOnCheckoutEnabled() in /chroot/he/Checkout/controllers/OnepageController.php on line 353
[02-Jun-2017 14:43:09 UTC] PHP Fatal error: Call to undefined method Mage_Checkout_OnepageController::isFormkeyValidationOnCheckoutEnabled() in /chroot/he/Checkout/controllers/OnepageController.php on line 353
[02-Jun-2017 14:52:19 UTC] PHP Fatal error: Call to undefined method Mage_Checkout_OnepageController::isFormkeyValidationOnCheckoutEnabled() in /chroot/he/Checkout/controllers/OnepageController.php on line 353
[02-Jun-2017 15:00:40 UTC] PHP Fatal error: Call to undefined method Mage_Checkout_OnepageController::isFormkeyValidationOnCheckoutEnabled() in /chroot/he/Checkout/controllers/OnepageController.php on line 353
[02-Jun-2017 15:03:54 UTC] PHP Fatal error: Call to undefined method Mage_Checkout_OnepageController::isFormkeyValidationOnCheckoutEnabled() in /chroot/he/Checkout/controllers/OnepageController.php on line 353
[02-Jun-2017 15:06:50 UTC] PHP Fatal error: Call to undefined method Mage_Checkout_OnepageController::isFormkeyValidationOnCheckoutEnabled() in /chroot/he/Checkout/controllers/OnepageController.php on line 353
[02-Jun-2017 15:09:45 UTC] PHP Fatal error: Call to undefined method Mage_Checkout_OnepageController::isFormkeyValidationOnCheckoutEnabled() in /chroot/he/Checkout/controllers/OnepageController.php on line 353
[02-Jun-2017 15:12:50 UTC] PHP Fatal error: Call to undefined method Mage_Checkout_OnepageController::isFormkeyValidationOnCheckoutEnabled() in /chroot/he/Checkout/controllers/OnepageController.php on line 353
So i edited out the function $this-> isFormkeyValidationOnCheckoutEnabled()
in this file:
\app\code\core\Mage\Checkout\controllers\OnepageController.php
and Now my checkout process works again!
Checkout Stuck on Step 4 after SUPEE-9767 with Formkey Validation on Checkout Enabled Obviously you are using a custom theme then. Simple as it is, you will have to add the Line there too. It is easy as follows: Open your custom themes payment.phtml and add the line in your Formular with ID "co-payment-form":
<?php echo $this->getBlockHtml('formkey') ?>
As example I did it right after the initial php-tag so its on top of the template.
Additionally: If your custom theme overwrites the opcheckout.js, there is some needed editing too: Find
if (elements[i].name=='payment[method]') {
and replace it with
if (elements[i].name=='payment[method]' || elements[i].name == 'form_key') {
All credits to community.magento.com
You have to use form key in your formkey to make it working.
getBlockHtml('formkey') ?>