Magento CE ver. 22.214.171.124
We recently had a client contact us to let us know their product reviews weren’t working after the Magento security patches were applied. There were actually two issues at hand here. For one, the product review form was not working when customers were submitting reviews. As nothing would come through on the backend. And two, the Magento Product Review Follow-up Emails extension by TRM Marketing stopped sending out emails. In this article, we will be discussing the issue with the customer reviews not showing up in the backend of Magento for approval. Therefore, losing a client’s product review entirely.
SUPEE-8788 And Product Review Form
We took a quick look to find out what was going on with the product review form on the product pages of our client’s store. What we found out was that if you attempted to write a product review and click “submit review” absolutely nothing would happen. No notification is given to the client leaving the review that it was sent for moderation. Nor is the review found in the Magento backend admin panel as a review waiting for approval.
The SUPEE-8788 security patch introduced an “if statement” for all of the post methods that checks if a form key was sent with the submitted form. If no form key is sent the controller will redirect you back to the page without any errors. Which is exactly what is happening when someone is trying to submit a product review on our client’s store.
Fixing The Product Review Form
This is actually a really quick fix which needs to be applied to the custom template files within your Magento store, thanks to the SUPEE-8788 security patch. The security patch made changes to the base template of the below files. If your custom template files overwrite any of these files they will need to be updated accordingly. Files to be updated will be located in the custom theme folder of your Magento files ( app/design/frontend/default/(custom-theme)/template/).
Below are a list of templates that will need to be updated within your custom template files:
app/design/frontend/base/default/template/checkout/cart.phtml app/design/frontend/base/default/template/checkout/onepage/review/info.phtml app/design/frontend/base/default/template/wishlist/view.phtml app/design/frontend/base/default/template/sales/reorder/sidebar.phtml app/design/frontend/base/default/template/tag/customer/view.phtml app/design/frontend/base/default/template/persistent/customer/form/login.phtml app/design/frontend/base/default/template/customer/form/login.phtml app/design/frontend/base/default/template/review/form.phtml app/design/frontend/base/default/template/catalog/product/view.phtml
To update the files, simply copy the below code and paste it into each custom template file just after the beginning of the form tag.
<?php echo $this->getBlockHtml('formkey'); ?>
Once the bit of code is added to the product review form, the client should see that their review was submitted for moderation and the review will appear in the backend of Magento for approval. You can check for pending reviews under Magento Admin Panel => Catalog => Reviews and Ratings => Customer Reviews => Pending Reviews. For questions, please contact email@example.com.