We all know that Magento patches on Community Edition (CE) seldom get applied without any problems and SUPEE 9767 is no different. This post concerns 9767 applied to previously updated CE 1.7.0.2. Other versions and your mileage will vary. Also, we keep virtual machines of all running Magento installations and perform the patch process there BEFORE applying to the live site.
First, for performance, we had minimized:
skin/frontend/base/default/js/opcheckout.js
and since this file is touched we needed to replace it with the stock version (which we always keep around for just this sort of thing.) At that point, the patch applied successfully but of course that is just the beginning.
Second, the patch touches many of the one-page checkout template files and these are often modified by either a bought or a custom theme. In our case we needed to manually apply the form-key patch to:
app/design/frontend/theme/default/template/checkout/cart/shipping.phtml app/design/frontend/theme/default/template/checkout/onepage/payment.phtml app/design/frontend/theme/default/template/checkout/onepage/shipping.phtml app/design/frontend/theme/default/template/checkout/onepage/shipping_method.phtml app/design/frontend/theme/default/template/persistent/checkout/onepage/billing.phtml
Third, we were plagued with the one-page checkout registration issue which is a known problem and noted on the patch information page. The solution is a manual modification to the opcheckout.js file so that the form-key gets passed back to the controller.
Fourth, a problem we didn’t find documented (and may be from missing a manual update previously) was that a login at the first step of one-page checkout redirected to the main login page. Turns out there is a form-key missing from:
app/design/frontend/theme/default/template/persistent/checkout/onepage/login.phtml
and we used some older instructions to point us in the right direction. Instead of the implementation indicated there, we placed:
<?php echo $this->getBlockHtml('formkey') ?> after the closing of <ul class="form-list">
And this occurs in two places.
At this point we have a working, patched setup, but going forward we note that the opcheckout.js file has modifications outside of the patch process and may need to be rolled back should Magento release an updated version of 9767 without the problems.