jpayam Posted December 16, 2017 Share Posted December 16, 2017 Hi can i disable token ( like below ) on add to cart and other forms on my store? <input type="hidden" name="token" value="7df6b9f14c4d76ef6f4b6777465295b0"></form> Quote Link to comment Share on other sites More sharing options...
Noodleman Posted December 16, 2017 Share Posted December 16, 2017 why would you? its auto added for a reason... Quote Link to comment Share on other sites More sharing options...
bsmither Posted December 16, 2017 Share Posted December 16, 2017 A simple way (apparently, as I haven't verified this works everywhere) to disable checking the token, regardless if it exists or not, is: In /classes/sanitize.class.php, in the checkToken() function, there are two places: The first applies to the admin section. We will leave that as it is for now. The second applies to when payment gateways call back with transaction results. An exception is created. We will make that exception apply regardless. In this function, find: if (!empty($_POST)) { $csrf_exception = false; Change to: if (!empty($_POST)) { $csrf_exception = true; // Set this to false to restore normal CSRF protection! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.