Post Form Data To The Cart

phazei · July 7, 2011, 12:00am

How can I post form data to the cart? Whenever I try it gives me a 404 ?!

I have a module that needs more than what can be sent via GET.

tbirnseth · July 8, 2011, 12:00am

Why don't you include the form you're sending, specifically the action attribute.

Also would help if you mentioned what the form was intended to do.

phazei · July 8, 2011, 12:00am

[quote name='tbirnseth' timestamp='1310083953' post='116515']

Why don't you include the form you're sending, specifically the action attribute.

Also would help if you mentioned what the form was intended to do.

[/quote]

This is the form I'm sending:

```php

```

It simply gives a 404 error if anything is posted and doesn't even show the main page.

If action="http://unicacool.com/index.php?dispatch=checkout.cart" I noticed it forwards to "dispatch=checkout" but still gives the 404.

The goal is to get it to accept post data to:
/index.php?dispatch=checkout.remote_add

tbirnseth · July 8, 2011, 12:00am

I doubt the cart is going to accept a direct post to a secured controller that doesn't originate on the cart. I.e. sending to checkout from outside the cart could be pretty messy if allowed. Easy way to attack a merchant thorough posting items to a cart (or carts) on a continuous basis.

You still haven't said what it is you're trying to do. Your form is pretty useless since the checkout controller will never even look at a name of 'test'.

Suggest you do your own controller in my_changes to test/verify POSTing to the cart, whatever your purpose.

phazei · July 8, 2011, 12:00am

I have a checkout.pre in my_controllers that will process the contents of the post. It would work if I sent it to any other page that would process the data and forward the page. There are a number of other integrations we have with other sites where I simply define area and include the init file and core manually at the beginning and that works. This case is different because it's not only working on the back end since the user is getting to a page.

There's no security in preventing a $_POST, if the cart simply doesn't use the variables, there's no harm in it and it should be filtering all variables anyway. It's a ridiculous security measure.

tbirnseth · July 8, 2011, 12:00am

You might want to grep the core directory for 'secure_controller'.

Personally, I would prefer that it NOT allow POSTing to the checkout controller from a foreign site.

phazei · July 11, 2011, 12:00am

I'll check that out at work tomorrow. There's a verifiable authentication key so it only will accept certain posts. It could also always post somewhere else and then forward to the cart.

phazei · July 14, 2011, 12:00am

@tbirnseth

Thanks for your help!

Check it out:

http://fabric.unicacool.com/fabric

We still need to create an instructional video. You can double click the results for more options and drag stuff around to compare to see it side by side.

I’m still tweaking it here and there, so occasionally it stops working for a couple seconds. It’s a soft roll out so isn’t getting any traffic anyway.