cancel
Showing results for 
Search instead for 
Did you mean: 

SUPEE 7405: Cannot remove the item from Cart.

SUPEE 7405: Cannot remove the item from Cart.

Basically I got this problem after SUPEE 7405 update. Whenever I add something to the cart and then click remove item in the AJAX cart, it tells me "Cannot remove the item."

I have to refresh the page and then the item successfully removes.
Basically adding and then instantly removing item=Doesnt work., I need to add, refresh page (or go the other page of site) and then click remove, item will be removed.

I noticed that patch overrode:

app/code/core/Mage/Checkout/controllers/CartController.php
/**
     * Delete shoping cart item action
     */
    public function deleteAction()
    {
        $id = (int) $this->getRequest()->getParam('id');
        if ($id) {
            try {
                $this->_getCart()->removeItem($id)
                  ->save();
            } catch (Exception $e) {
                $this->_getSession()->addError($this->__('Cannot remove the item.'));
                Mage::logException($e);
            }
        }
        $this->_redirectReferer(Mage::getUrl('*/*'));
    }


The code ABOVE is the code Before patch. Below is the code AFTER patch.

 

  /**
     * Delete shoping cart item action
     */
    public function deleteAction()
    {
        if ($this->_validateFormKey()) {
            $id = (int)$this->getRequest()->getParam('id');
            if ($id) {
                try {
                    $this->_getCart()->removeItem($id)
                        ->save();
                } catch (Exception $e) {
                    $this->_getSession()->addError($this->__('Cannot remove the item.'));
                    Mage::logException($e);
                }
            }
        } else {
            $this->_getSession()->addError($this->__('Cannot remove the item.'));
        }

        $this->_redirectReferer(Mage::getUrl('*/*'));
    }


Any help?

12 REPLIES

Re: SUPEE 7405: Cannot remove the item from Cart.

If this is anything like the SUPEE-6788 patch, then the following line is the tell

 

 if ($this->_validateFormKey()) {

and your custom AJAX shopping cart extension needs to be patched to work with formkeys.

 

Usually this is something as simple as repairing the problematic template .phtml file by adding a hidden form element to pass the formkey upon any cart action.

 

You might try contacting the developer for the cart extension to see if they've already addressed the issue.

 

Re: SUPEE 7405: Cannot remove the item from Cart.

What if simply remove the form key from the file? It should solve the problem, I wonder will it cause any security flaws ?

Re: SUPEE 7405: Cannot remove the item from Cart.

Solving the issue by removing the patch reopens the following security issue. Your decision, your customers

 

CSRF Delete Items from Cart - APPSEC-1212  

Type:Cross-site Request Forgery (CSRF)
CVSSv3 Severity:4.3 (Medium)
Known Attacks:None
Description:

Magento does not validate the form key when deleting items from the shopping cart using a GET request. As a result, a user could use phishing emails or other malicious attacks to trick a customer into deleting items from his cart.

Product(s) Affected:Magento CE prior to 1.9.2.3, and Magento EE prior to 1.14.2.3; Magento 2 CE & EE prior to 2.0.1
Fixed In:CE 1.9.2.3, EE 1.14.2.3, CE & EE 2.0.1
Reporter:Shabad Shashidar Reddy

 

And the answer to wondering if it will cause any security flaws is always YES, they did the change for a reason.

Re: SUPEE 7405: Cannot remove the item from Cart.

Hi!

I got same issue you need to find this file in your template or base folder

/template/checkout/cart/item/default.phtml

 

Find <a href="<?php echo $this->getDeleteUrl() ?>" title="<?php echo Mage::helper('core')->quoteEscape($this->__('Remove Item')) ?>" class="btn-remove btn-remove2"><?php echo $this->__('Remove Item') ?></a>

 

Replace with 

<a href="<?php echo $this->getDeleteUrl() ?>form_key/<?php echo $formKey = Mage::getSingleton('core/session')->getFormKey();?>" title="<?php echo Mage::helper('core')->quoteEscape($this->__('Remove Item')) ?>" class="btn-remove btn-remove2"><?php echo $this->__('Remove Item') ?></a>

 

 

 

Re: SUPEE 7405: Cannot remove the item from Cart.

This did not work for me, with changes applied it shows the form key in url for delete button. However, my other ajax flycart without this change still works just fine. Could I be experiencing a js conflict since it has both of the same action on the same page?

 

javascript&colon;ajaxcartConfig.deleteItem('http://www.***.com/checkout/cart/delete/id/3839/')form_key/aMN11vrvpZ7r3Ybj

doesn't work

 

javascript&colon;ajaxcartConfig.deleteItem('http://www.***.com/checkout/cart/delete/id/3839/')

works (ajax flycart only)

 

weird right?

 

My updated code:

<td class="a-center"><a href="<?php echo $this->getDeleteUrl()?>form_key/<?php echo $formKey = Mage::getSingleton('core/session')->getFormKey();?>" title="<?php echo Mage::helper('core')->quoteEscape($this->__('Remove Item')) ?>" class="btn-remove btn-remove2"><?php echo $this->__('Remove item')?></a></td>

Can't narrow down as to where the delete button is getting called from on flycart (looks like same button but can't find individual code).

 

Re: SUPEE 7405: Cannot remove the item from Cart.

Hi,

 

Had the same issue.

 

Have you Disable Magento Compilation?

 

Disable Magento Compilation, Clear Cache, Reindexed fixed mine.

 

Thank you

Melbourne | Australia - priyan.d@webdesignace.com.au
My Magento 1x Shop

Re: SUPEE 7405: Cannot remove the item from Cart.

Magento Compilation stays disabled and I have cleared cache and re-indexed. same issues. I can only clear the entire cart. I noticed when I do delete from my minicart it just says it does, but it's still there and the actual trash can icons do nothing at all. It's been quite confusing for me.

Re: SUPEE 7405: Cannot remove the item from Cart.

@advanceduzer Thank you very much! This worked perfectly.

 

Also, this cart issue hasn't occurred on my other similar magento setup (same extensions, themes etc.).

 

I wonder what is the root cause of this issue?

Re: SUPEE 7405: Cannot remove the item from Cart.

I'm still having issues. On the Ajax side without form_keys in url it declares the item was removed but, the item remained in the cart.

 

I get this JS error in relation to this action:

Error: TypeError: ajaxcartConfig is null
Source File: javascript&colon;ajaxcartConfig.deleteItem('http://www.***.com/checkout/cart/delete/id/5063/')
Line: 1

 

In shopping cart with form_key:
Error: SyntaxError: missing ; before statement
Source File: javascript&colon;ajaxcartConfig.deleteItem('http://www.***.com/checkout/cart/delete/id/5063/')form_key/OjH9hLidJtdk793J
Line: 1, Column: 82
Source Code:
tem('http://www.***.com/checkout/cart/delete/id/5063/')form_key/OjH9hLidJtdk793J

 

This happens only in FireFox. In Chromium, The actual cart page does not remove the item but when I am on any other page with the minicart the item removes successfully with the action being : javascript&colon;ajaxcartConfig.deleteItem('http://www.***.com/checkout/cart/delete/id/5065/')

 

Any ideas?