SUPEE-9767? #17
Comments
|
Hi @jthln, thanks for the report! I haven't looked into this just yet, though I shall do so in the coming week or so. A quick glance at this seems to indicate that this should be compatible with the form key changes -- the method Or are you talking about something else? |
|
I guess the various templates need to be updated to include the form key though? |
|
Oh indeed, if they do not include it, then they must. I need to do this in the coming weeks anyway -- So, yes, there are plans to include it, but at this stage I don't have a fixed timeframe. |
|
I've been testing this and no template changes are needed in this extension from what I can see. Since this extension uses the various form templates from the standard onepage checkout, then provided those have been adjusted in the active theme to include the form_key fields then it all works fine. Note: the Javascript fix in release v1.5.15 is needed to prevent one of the form_key fields from becoming disabled. I haven't yet determined whether the form_keys are being validated on submission of every step - from a quick look I can see that not all methods call the parent so it is possible there may need to be some minor changes here, but this doesn't prevent checkout from working. |
|
@bluec Thanks for your work, it's much appreciated <3 |
Are there any plans to include the SUPEE-9767 changes?
Currently formkey validation in e.g.
OnepageController::savePaymentetc. is missing.The text was updated successfully, but these errors were encountered: