MAGETWO-45757: CSRF Vulnerability on Cart Checkout

Stanislav Idolov · Stanislav Idolov · commit 9b7f584225d3 · 2015-11-19T10:50:52.000+02:00
diff --git a/app/code/Magento/Checkout/Controller/Cart/Delete.php b/app/code/Magento/Checkout/Controller/Cart/Delete.php
@@ -15,6 +15,10 @@ class Delete extends \Magento\Checkout\Controller\Cart
      */
     public function execute()
     {
+        if (!$this->_formKeyValidator->validate($this->getRequest())) {
+            return $this->resultRedirectFactory->create()->setPath('*/*/');
+        }
+
         $id = (int)$this->getRequest()->getParam('id');
         if ($id) {
             try {
