Subscribe via RSS

Random redirect to homepage with Magento

This issue has bobbed its head a few times in various different ways.

The example is that a user reaches checkout, my account or an equally session critical area, but instead of reaching the selected page, they are redirected to the homepage. This can be a conversion killer as usually the bug appears most notably on checkout.

There can be a few reasons for this, however, we have found the two most common are:

1. Missing Com.php class

This is very common and a peculiar “bug” as it isn’t in the strictest sense. The file is required by the Zend library, but isn’t present with Magento’s default installation. Thankfully, this is a quick fix.

Com.php should be in ./lib/Zend/Validate/Hostname/Com.php. You can easily create it by copying ./lib/Zend/Validate/Hostname/De.php to ./lib/Zend/Validate/Hostname/Com.php and editing the file contents, so the class name is:

class Zend_Validate_Hostname_Com implements Zend_Validate_Hostname_Interface

Or use the whole file contents shown here:

<?php
 
/**
 * Zend Framework
 *
 * LICENSE
 *
 * This source file is subject to the new BSD license that is bundled
 * with this package in the file LICENSE.txt.
 * It is also available through the world-wide-web at this URL:
 * http://framework.zend.com/license/new-bsd
 * If you did not receive a copy of the license and are unable to
 * obtain it through the world-wide-web, please send an email
 * to license@zend.com so we can send you a copy immediately.
 *
 * @category   Zend
 * @package    Zend_Validate
 * @copyright  Copyright (c) 2005-2008 Zend Technologies USA Inc. (http://www.zend.com)
 * @license    http://framework.zend.com/license/new-bsd     New BSD License
 * @version    $Id: De.php 8064 2008-02-16 10:58:39Z thomas $
 */
 
 
/**
 * @see Zend_Validate_Hostname_Interface
 */
#require_once 'Zend/Validate/Hostname/Interface.php';

 
/**
 * @category   Zend
 * @package    Zend_Validate
 * @copyright  Copyright (c) 2005-2008 Zend Technologies USA Inc. (http://www.zend.com)
 * @license    http://framework.zend.com/license/new-bsd     New BSD License
 */
class Zend_Validate_Hostname_Com implements Zend_Validate_Hostname_Interface
{
 
    /**
     * Returns UTF-8 characters allowed in DNS hostnames for the specified Top-Level-Domain
     *
     * @see http://www.denic.de/en/domains/idns/liste.html Germany (.DE) alllowed characters
     * @return string
     */
    static function getCharacters()
    {
        return  '\x{00E1}\x{00E0}\x{0103}\x{00E2}\x{00E5}\x{00E4}\x{00E3}\x{0105}\x{0101}\x{00E6}\x{0107}' .
                '\x{0109}\x{010D}\x{010B}\x{00E7}\x{010F}\x{0111}\x{00E9}\x{00E8}\x{0115}\x{00EA}\x{011B}' .
                '\x{00EB}\x{0117}\x{0119}\x{0113}\x{011F}\x{011D}\x{0121}\x{0123}\x{0125}\x{0127}\x{00ED}' .
                '\x{00EC}\x{012D}\x{00EE}\x{00EF}\x{0129}\x{012F}\x{012B}\x{0131}\x{0135}\x{0137}\x{013A}' .
                '\x{013E}\x{013C}\x{0142}\x{0144}\x{0148}\x{00F1}\x{0146}\x{014B}\x{00F3}\x{00F2}\x{014F}' .
                '\x{00F4}\x{00F6}\x{0151}\x{00F5}\x{00F8}\x{014D}\x{0153}\x{0138}\x{0155}\x{0159}\x{0157}' .
                '\x{015B}\x{015D}\x{0161}\x{015F}\x{0165}\x{0163}\x{0167}\x{00FA}\x{00F9}\x{016D}\x{00FB}' .
                '\x{016F}\x{00FC}\x{0171}\x{0169}\x{0173}\x{016B}\x{0175}\x{00FD}\x{0177}\x{00FF}\x{017A}' .
                '\x{017E}\x{017C}\x{00F0}\x{00FE}';
    }
 
}

2. Session validation issues

This is a much easier fix and doesn’t require any file creation.

Log into your Magento admin and nagivigate to Admin > Configuration > Web > Session Validation Settings, drop the menu down next to Validate REMOTE_ADDR and select No.

validate

3. Missing template validation key after upgrade

This is not very common, but if you have been running a store for a while and choose to upgrade to 1.3 without updating your template, your code will be missing a vital line required for validation on any customer settings related pages (address addition, registration etc.).

Make sure the following code:

<?php echo $this->getBlockHtml('formkey')?>

Is in the following template files:

template/wishlist/sharing.phtml:<?php echo $this->getBlockHtml('formkey')?>
template/wishlist/view.phtml:    <?php echo $this->getBlockHtml('formkey')?>
template/customer/address/edit.phtml:    <?php echo $this->getBlockHtml('formkey')?>
template/customer/form/newsletter.phtml:        <?php echo $this->getBlockHtml('formkey')?>
template/customer/form/edit.phtml:    <?php echo $this->getBlockHtml('formkey')?>

4. Add to cart core fault

Source: Fix add to cart (redirect to homepage) bug

The fix for this bug that has reported some success is as follows:

In ./app/code/core/Mage/Checkout/Helper/Cart.php around line 59 change:

//$continueShoppingUrl = $currentCategory->getUrl();
$continueShoppingUrl = $this->_getRequest()->getRequestUri();

To:

$continueShoppingUrl = $currentCategory->getUrl();
//$continueShoppingUrl = $this->_getRequest()->getRequestUri();

5. Site has been hacked/hijacked

Source: http://www.sonassi.com/knowledge-base/magentowordpress-injection-vulnerability/

Although this is the least likely situation, it is becoming more and more apparent to those stores that are not hosted in a secure environment. The resolution is ideally to patch up all applications to the latest versions, perform strict, regular security audits and try to maintain a security level close to that of a low grade PCI compliance.

We are going to write a script, intended to run on a cron, to help stores detect this situation (however unlikely).

Last 5 posts in Knowledge Base


Share and Enjoy:
  • Print
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • Blogplay

This entry was posted on Tuesday, December 1st, 2009 at 2:06 am and is filed under Knowledge Base, Magento. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.


11 Responses to “Random redirect to homepage with Magento”


  • criography
    11 Jan. 2010

    This is really helpful! Cheers guys!

    Reply



  • James
    3 Feb. 2010

    Is #4 obselete? I see this line of code in Cart.php

    $continueShoppingUrl = $this->getCurrentUrl();

    Reply



  • German
    16 Mar. 2010

    Hello, I followed your steps (I created the Com.php) but I still have the same error. In the cheqout porcess after filling the billing information, the system redirects to the cart page. I have the Magento V 1.3.2.4

    Any ideas ?
    Thank you. German

    Reply



  • ben@sonassi.com
    16 Mar. 2010

    H German,

    Did you try all 5 options?

    Reply



  • German
    16 Mar. 2010

    Hello. Thank you for your reply. In the 3 step, I have the getBlockHtml(’formkey’)?> in these files.
    In step 4 I have the $continueShoppingUrl = $this->getCurrentUrl(); line in Cart.php, so I think it is ok.

    Step 1, yes I created the file Com.php as you told us. And in my configuration I have the Validate REMOTE_ADDR value set to NO.

    Thank you very much.
    German

    Reply



  • CQ
    14 Apr. 2010

    @German -

    We’re having the same issue with a client site. We’ve put all 5 of these options into place, and still have reports of redirects at the billing stage of checkout. We cannot repro. If anybody has any additional ideas, post! :)

    Great post, by the way.

    Reply



  • Henrique
    11 May. 2010

    Guys. Here was the number of characters of the password that is in the etc/local.xml

    Reply



  • David Correll
    27 May. 2010

    Incredibly helpful post, I love that you didn’t stop at just 1 solution. Magento has so many quirks, it’s very blessed to have contributors like you.

    Thanks a mil.

    Reply



Leave a Reply

1 Trackbacks/Pingbacks

  1. Magento/Wordpress injection vulnerability | Manchester Magento web design, development, Magento hosting and aftercare :: sonassi
    January 13th, 2010 at 7:05 pm

    [...] had been recently contacted by an agency keen to resolve a Magento redirect on checkout bug. We quickly realised after inspection that the site had been subject to an all-too-common POST [...]