Magento SUPEE-9767

SUPEE-9767 comes with a brand new Form Key validation on the checkout page. This is in order to prevent some cross-site scripting attacks on the checkout page.

So for that, Magento includes a new form key validation that can be enabled from the Admin Panel.

This option is available in:

Admin Panel > System > Configuration > Advanced > Admin > Security > Enable Form Key Validation On Checkout.

It is highly recommended to enable this option, so make sure to turn it on.

Checkout Not Working

A very known issue caused by this patch is that you might have a custom theme which should be overriding Magento checkout’s view files.

For instance:


Magento added the following portion of code in line 40:

If you are using a custom theme called “rwd/codealist”, you won’t have this line. So you need to add it to each phtml file related to the checkout page.

Those can be the following

  • app/design/frontend/base/default/template/checkout/cart/shipping.phtml
  • app/design/frontend/base/default/template/checkout/multishipping/billing.phtml
  • app/design/frontend/base/default/template/checkout/onepage/billing.phtml
  • app/design/frontend/base/default/template/checkout/onepage/shipping.phtml
  • app/design/frontend/base/default/template/persistent/checkout/onepage/billing.phtml
  • app/design/frontend/rwd/default/template/checkout/multishipping/addresses.phtml
  • app/design/frontend/rwd/default/template/checkout/onepage/payment.phtml
  • app/design/frontend/rwd/default/template/checkout/onepage/shipping.phtml

In conclusion, you should check if your custom theme is rewriting any of this files, and add the portion of code mentioned above on each file.


Leave a comment