A new Magento patch 9767 and called SUPEE-9767 is released recently. It addresses several security issues. It is important to install this version of the security as soon as possible. Some dangerous remote code execution issues are reported.This patch closes 15 dangerous remote code execution leaks and vulnerabilities for example in Javascript, cache or logs. It is again one of the main security patches, which needs to be installed quickly. One high risk issue has already known attacks, so time to hurry!In this below article, we have explained major issues faced with the installation along with solutions of the same. Read on the whole article to solve your issues! Magento Security Patch SUPEE-9767 : Read Before UpgradingAfter installing patch package we facing some issue and how to solve it : 1) Enable Form Key browser issue
- You must have enabled Form Key validation on checkout YES after successfully installing the patch issue
Goto Admin > System > Configuration > Advanced > Admin > Security > Enable Form Key Validation On Checkout > Yes.
2) Patch installation after Shipping method is not working
If you have been using default one page and using a custom theme, then you will face shipping method issue at checkout page.
You should include from key in your custom theme checkout files.
<?php echo $this->getBlockHtml('formkey') ?>
There are below listed file in you can add form key line after starting <form> tag.
template/checkout/cart/shipping.phtml
template/checkout/multishipping/billing.phtml
template/checkout/multishipping/shipping.phtml
template/checkout/multishipping/addresses.phtml
template/checkout/onepage/billing.phtml
template/checkout/onepage/payment.phtml
template/checkout/onepage/shipping.phtml
template/checkout/onepage/shipping_method.phtml
template/persistent/checkout/onepage/billing.phtml
Example :-
<form action="" id="co-payment-form">
<fieldset>
<?php echo $this->getChildHtml('methods') ?>
<?php echo $this->getBlockHtml('formkey') ?> // Include formkey line
</fieldset>
</form>
Magento onepage checkout opcheckout.js error
<form action="" .....>
<fieldset>
.......
<?php echo $this->getBlockHtml('formkey') ?>
</fieldset>
</form>
Facing any issues? contact this Magento Development company from USA & get in touch .
3) Magento onepage checkout opcheckout.js error
If you using default onepage checkout and have opcheckout.js
then should check if
(elements[i].name=='payment[method]' || elements[i].name == 'form_key') {is available at opcheckout.js
If not exists then replace
if (elements[i].name=='payment[method]') {
with
if (elements[i].name=='payment[method]' || elements[i].name == 'form_key') {
Customer login when getting error
Invalid method Mage_Core_Model_Session::renewFormKey(Array
(
)
)
Trace:
#0 /app/code/core/Mage/Customer/Model/Session.php(311): Varien_Object->__call('renewFormKey', Array)
#1 app/code/core/Mage/Customer/Model/Session.php(311): Mage_Core_Model_Session->renewFormKey()
#2 app/code/core/Mage/Customer/Model/Session.php(255): Mage_Customer_Model_Session->_logout()
Soltuion :- There are two possible causes of this error:1) there are local overrides either in code/local/Mage or in one of extensions that rewrites Mage_Core_Model_SessionTo solve it, corresponding override should be patched as well with adding renewFormKey method and OPcode cache should be flushed.2) if not overwrite any model file in local that time you go to below file and comment the line:
app/code/core/Mage/Customer/Model/Session.php(311):
public function setCustomerAsLoggedIn($customer)
{
$this->setCustomer($customer);
$this->renewSession();
Mage::getSingleton('core/session')->renewFormKey();
Mage::dispatchEvent('customer_login', array('customer'=>$customer));
return $this;
}
Above code replace with below code
public function setCustomerAsLoggedIn($customer)
{
$this->setCustomer($customer);
$this->renewSession();
Mage::dispatchEvent('customer_login', array('customer'=>$customer));
return $this;
}
Hope this article has been helpful to you. Contact us today for any queries!
