SUPEE-7245: Add To Cart issue on Compare Products Page when enabling SSL using the blank theme

isitnikov · isitnikov · commit 780f3bd1b3dd · 2015-11-02T11:25:24.000+02:00
- Merge of solution MAGETWO-42776
diff --git a/app/code/Magento/Catalog/view/frontend/templates/product/compare/list.phtml b/app/code/Magento/Catalog/view/frontend/templates/product/compare/list.phtml
@@ -65,6 +65,7 @@
                                 <div class="actions-primary">
                                     <?php if ($_item->isSaleable()): ?>
                                         <form data-role="tocart-form" action="<?php echo $this->helper('Magento\Catalog\Helper\Product\Compare')->getAddToCartUrl($_item); ?>" method="post">
+                                            <?php echo $block->getBlockHtml('formkey')?>
                                             <button type="submit" class="action tocart primary">
                                                 <span><?php echo __('Add to Cart'); ?></span>
                                             </button>
diff --git a/app/code/Magento/Catalog/view/frontend/templates/product/list.phtml b/app/code/Magento/Catalog/view/frontend/templates/product/list.phtml
@@ -79,6 +79,7 @@ $imageBlock =  $block->getLayout()->createBlock('Magento\Catalog\Block\Product\I
                                         <form data-role="tocart-form" action="<?php echo $postParams['action']; ?>" method="post">
                                             <input type="hidden" name="product" value="<?php echo $postParams['data']['product']; ?>">
                                             <input type="hidden" name="<?php echo Action::PARAM_NAME_URL_ENCODED; ?>" value="<?php echo $postParams['data'][Action::PARAM_NAME_URL_ENCODED]; ?>">
+                                            <?php echo $block->getBlockHtml('formkey')?>
                                             <button type="submit"
                                                     title="<?php echo $block->escapeHtml(__('Add to Cart')); ?>"
                                                     class="action tocart primary">
diff --git a/app/code/Magento/Catalog/view/frontend/templates/product/view/form.phtml b/app/code/Magento/Catalog/view/frontend/templates/product/view/form.phtml
@@ -21,6 +21,7 @@
         <input type="hidden" name="product" value="<?php echo $_product->getId() ?>" />
         <input type="hidden" name="selected_configurable_option" value="" />
         <input type="hidden" name="related_product" id="related-products-field" value="" />
+        <?php echo $block->getBlockHtml('formkey')?>
         <?php echo $block->getChildHtml('form_top'); ?>
         <?php if (!$block->hasOptions()):?>
             <?php echo $block->getChildHtml('product_info_form_content'); ?>
diff --git a/app/code/Magento/Checkout/Controller/Cart/Add.php b/app/code/Magento/Checkout/Controller/Cart/Add.php
@@ -79,6 +79,10 @@ protected function _initProduct()
      */
     public function execute()
     {
+        if (!$this->_formKeyValidator->validate($this->getRequest())) {
+            return $this->resultRedirectFactory->create()->setPath('*/*/');
+        }
+
         $params = $this->getRequest()->getParams();
         try {
             if (isset($params['qty'])) {
