My client got the following notice. The most recent version of the PayPal payment plugin (version $Id: paypal.php 7049 2013-07-02 13:59:39Z alatak) appears to still be using HTTP 1.0 protocol and PayPal requires HTTP 1.1 protocol by Oct. 7, 2013. PayPal's other issues appear to be addressed but I'm no expert in coding. I made PayPal's PHP example bold for reference. Please advise if this plugin is going to work by PayPal's deadline. Thanks.
QuoteDear Customer,
In a bulletin dated October 18, 2011, we announced that we were going to expand the number of IP addresses for www.paypal.com to improve our site's performance, scalability and availability. As part of this transition, we planned to discontinue support for HTTP 1.0 protocol starting October 7, 2013.
We have recently identified that this change may impact the ability of some of our merchants to perform IPN (Instant Payment Notification) post-back validation or PDT (Payment Data Transfer) posts to www.paypal.com and ipnpb.paypal.com. This happens when the IPN or PDT scripts use HTTP 1.0 protocol and do not include the "Host: www.paypal.com" or "Host: ipnpb.paypal.com" header in the HTTP request.
Additional Details
Starting October 7, 2013, we will require all incoming requests to have a "Host" header which complies with HTTP 1.1 Specifications. This header was not required under HTTP 1.0. IPN and PDT scripts using HTTP 1.0 may start failing with "HTTP/1.0 400 Bad Request" errors after October 7, 2013, which will result in IPN messages not being validated successfully, or PDT scripts not being able to retrieve transaction information.
Action Required before October 7, 2013
Merchants need to update their IPN and/or PDT scripts to use HTTP 1.1, and include the "Host" and "Connection: close" HTTP header in the IPN postback script.
Example with Host as www.paypal.com (please make necessary changes if you are using ipnpb.paypal.com):
ASP
//Set values for the request back
req.Method="POST";
req.Host="'www.paypal.com'";
req.ContentType="application/x-www-form-urlencoded";
Perl
$req=HTTP::Request->new('POST', 'https://www.paypal.com/cgi-bin/webscr');
$req->content_type('application/x-www-form-urlencoded');
$req->header(Host=> 'www.paypal.com');
$req->header(Connection=> 'close');
PHP
// post back to PayPal system to validate
$header="POST /cgi-bin/webscr HTTP/1.1\r\n";
$header .="Content-Type: application/x-www-form-urlencoded\r\n";
$header .="Host: www.paypal.com\r\n";
$header .="Connection: close\r\n\r\n";
Java
HttpsURLConnection uc=(HttpsURLConnection) u.openConnection();
uc.setDoOutput(true);
uc.setRequestProperty("Content-Type","application/x-www-form-urlencoded");
uc.setRequestProperty("Host", "www.paypal.com");
uc.setRequestProperty("Connection", "Close");
The PayPal Sandbox has been configured to reject any HTTP requests without the "Host" header with HTTP 400 error. Merchants can use the Sandbox environment to certify the changes to their IPN and PDT scripts.
For more information on PDT and IPN, please refer to http://www.paypal.com/pdt and http://www.paypal.com/ipn. For additional information or questions about this change, please contact PayPal's Merchant Technical Support team via https://www.paypal.com/mts.
Sincerely,
PayPal
I also want to know the same thing.
Try changing the plugin code yourselves I have done this and tested in sandbox, works fine!
$header = "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "User-Agent: PHP/" . phpversion() . "\r\n";
$header .= "Referer: " . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . @$_SERVER['QUERY_STRING'] . "\r\n";
$header .= "Server: " . $_SERVER['SERVER_SOFTWARE'] . "\r\n";
$header .= "Host: " . $this->_getPaypalUrl($method) . ":" . $port . "\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($post_msg) . "\r\n";
$header .= "Accept: */*\r\n\r\n";
Change to
$header="POST /cgi-bin/webscr HTTP/1.1\r\n";
// $header = "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "User-Agent: PHP/" . phpversion () . "\r\n";
$header .= "Referer: " . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . @$_SERVER['QUERY_STRING'] . "\r\n";
$header .= "Server: " . $_SERVER['SERVER_SOFTWARE'] . "\r\n";
$header .= "Host: " . $this->_getPaypalUrl ($method) . ":" . $port . "\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen ($post_msg) . "\r\n";
// $header .= "Accept: */*\r\n\r\n";
///new item
$header .="Connection: close\r\n\r\n";
Hello Hutson,
thank you
i will do the changes in the code.
8)
Thanks Hutson,
I am not a programmer so I didn't have the confidence to make the changes you did on my own. Until Alatek gets the changes made, it's still the old code in VM 2.0.22a so I am adding some notes for those that need it that don't know how and where to make the change.
- Locate plugins > vmpayment > paypal.
- Open paypal.php.
- At approximately line 691, locate this code: $header = "POST /cgi-bin/webscr HTTP/1.0\r\n";
- Update the block of code per Hutson's suggestion above.
Hello
The changes must be done before the 7th october.
Before that date, there will be a new release of Virtuemart.
I will provide in a while also a plugin release for all of you that are not using the latest version of VirtueMart.
Thanks Alatek!
Hello
I have uploaded the new paypal plugins here
http://dev.virtuemart.net/projects/virtuemart/files
you have one plugin for each VM version. They have the following name
plgvm_virtuemart_paypal_vm{version number}_1.4.zip
For the versions 22 and upward, the fix is included in the release. You do not need to update.
I realize you're not supporting VM 1.1.9 anymore but I have a client using PayPal that won't be upgraded before the deadline. On their Joomla 1.5 site, I made similar changes to this file: administrator > components > com_virtuemart > notify.php. I am curious if this is sufficient around line 272:
Edited 8/29/13: I removed my code because it was not correct and I didn't want anyone to use it. Please see Alatak's code below. Thanks Alatak!
wait a sec, does this affect everyone using paypal as a payment option in all versions of virtuemart?
Yes. It affects all cart systems using Paypal.
ANYONE CAN DEVELOP THE PATCH FOR THE PAYPAL HTTP 1.1 FOR VIRTUEMART 1.1.9.
THIS WILL BE GREATLY APPRECIATED BY MANY PEOPLE.
THANKS
Hello
You have to replace in the file administrator/components/com_virtuemart/notify.php
the following lines
$header = "POST $uri HTTP/1.0\r\n";
$header.= "User-Agent: PHP/".phpversion()."\r\n";
$header.= "Referer: ".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'].@$_SERVER['QUERY_STRING']."\r\n";
$header.= "Server: ".$_SERVER['SERVER_SOFTWARE']."\r\n";
$header.= "Host: ".$hostname.":80\r\n";
$header.= "Content-Type: application/x-www-form-urlencoded\r\n";
$header.= "Content-Length: ".strlen($workstring)."\r\n";
$header.= "Accept: */*\r\n\r\n";
$fp = fsockopen ( $hostname, 80, $errno, $errstr, 30);
[/code]
with
$port = 443;
$protocol = 'ssl://';
$header="POST /cgi-bin/webscr HTTP/1.1\r\n";
$header .= "User-Agent: PHP/" . phpversion () . "\r\n";
$header .= "Referer: " . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . @$_SERVER['QUERY_STRING'] . "\r\n";
$header .= "Server: " . $_SERVER['SERVER_SOFTWARE'] . "\r\n";
$header .= "Host: " . $hostname . ":" . $port . "\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen ($workstring) . "\r\n";
$header .="Connection: close\r\n\r\n";
$fp = fsockopen ( $protocol . $hostname, 80, $errno, $errstr, 30);
THANK YOU.
THAT SAVE ME A LOT OF WORK.
Alatak
On my test server the updated failed using the code given
the $port in fsockopen for ssl is not 80 but 443
Therefore the code for this should be
$port = 443;
$protocol = 'ssl://';
$header="POST /cgi-bin/webscr HTTP/1.1\r\n";
$header .= "User-Agent: PHP/" . phpversion () . "\r\n";
$header .= "Referer: " . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . @$_SERVER['QUERY_STRING'] . "\r\n";
$header .= "Server: " . $_SERVER['SERVER_SOFTWARE'] . "\r\n";
$header .= "Host: " . $hostname . ":" . $port . "\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen ($workstring) . "\r\n";
$header .="Connection: close\r\n\r\n";
$fp = fsockopen ( $protocol . $hostname, $port , $errno, $errstr, 30);
I have tested on localhost and will move to live site over the weekend
Hello
Huston,
Yes you are rigth the last line is:
$fp = fsockopen ( $protocol . $hostname, $port , $errno, $errstr, 30)
and not
$fp = fsockopen ( $protocol . $hostname, 80 , $errno, $errstr, 30)
Hi
Sorry to repost my question but I didn't get a reply in my earlier post http://forum.virtuemart.net/index.php?topic=117779.0
I'm using VM 2.0.10
the code in my paypal.php file only has 3 lines
[quote]$header = "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen ($post_msg) . "\r\n\r\n";[/quote]
should I replace these 3 lines with all of this code below:
$header="POST /cgi-bin/webscr HTTP/1.1\r\n";
$header .= "User-Agent: PHP/" . phpversion () . "\r\n";
$header .= "Referer: " . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . @$_SERVER['QUERY_STRING'] . "\r\n";
$header .= "Server: " . $_SERVER['SERVER_SOFTWARE'] . "\r\n";
$header .= "Host: " . $this->_getPaypalUrl ($method) . ":" . $port . "\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen ($post_msg) . "\r\n";
$header .="Connection: close\r\n\r\n";
Many thanks
Claire
clairemarie,
You are using an old version of VirtueMart 2 so you may be using a old version of paypal.php as well. Please check line 11 of your paypal.php file as the version we're discussing here for VirtueMart 2.0.22 says:
version $Id: paypal.php 7049 2013-07-02 13:59:39Z alatak
If you're seeing something else, you probably need to update your VM before updating the PayPal code. I would imagine with that much of a change in code that it's probably connected to something else that has changed as well.
A word of warning though — I am sticking with VM 2.0.22a at present because 2.0.22b seems to have broken Gantry for VM pages. I recommend you update VM on your local machine before committing your site online. I'll update after I figure out what the problem is.
Hi
Thanks for the reply.
Yes - I am on an older version:
version $Id: paypal.php 5177 2011-12-28 18:44:10Z alatak
I'm hoping to get updated soon, but if it doesn't happen before the 7th Oct I was hoping this code amendment would see me through.
Firstly I tried updating my paypal plugin with plgvm_virtuemart_paypal_vm2.0.10_1.4.zip from here: http://dev.virtuemart.net/projects/virtuemart/files
but unfortunately when I tested the purchase it didn't confirm.
When I replaced the code in the original file on my test site and made a purchase with my paypal Sandbox - all seemed to be ok - but I thought I should check just in case I may have missed something important.
Thanks
Claire
Claire,
Since it worked using the sandbox, you're probably fine. However, I'm not a PHP programmer so I couldn't say for sure. Hopefully Alatak will see your post and let you know.
I do know that the 3 lines of code you said were in your version of paypal.php are in the latest version that came with 2.0.22 but they are commented out. That indicates that they were used in the past but replaced with new code. I just don't know if there were any other changes between your version and the most recent one besides the ones specified in this thread.
You could use software like TextWrangler (I'm on a Mac) to compare the paypal.com that came with your VM version and the one that comes with VM version 2.0.22 and see if there are any other differences. If not, I'd say you're probably safe -- but again, I'm not a programmer!
Hello
I have directly modify the version which was in the release. Reason why the version number in the file should be the same as the one included in the release.
Humm.. but yes thee was another issue i had fixed concerning the SSL protocol in very old version of paypal.. may be that is the reason
Even if you are using the version 2.0.10, can you try and test this one with both the sandox and the live account, plz
http://dev.virtuemart.net/attachments/download/626/plgvm_virtuemart_paypal_vm2.0.20_1.4.zip
Hi Alatak,
I'm sorry - I tried those files - I get a blank screen after I press the confirm order button.
Hello
It is probably due to a fatal error
Please set the "Error reporting" to maximum in Joomla. And try again. You will for sure a message displayed.
Hi Alatak,
Here's the message:
Fatal error: Call to undefined method plgVmPaymentPaypal::getEmailCurrency() in mysite/plugins/vmpayment/paypal/paypal.php on line 162
Quote from: clairemarie on September 01, 2013, 10:24:35 AM
Hi
Thanks for the reply.
Yes - I am on an older version:
version $Id: paypal.php 5177 2011-12-28 18:44:10Z alatak
I'm hoping to get updated soon, but if it doesn't happen before the 7th Oct I was hoping this code amendment would see me through.
Firstly I tried updating my paypal plugin with plgvm_virtuemart_paypal_vm2.0.10_1.4.zip from here: http://dev.virtuemart.net/projects/virtuemart/files
but unfortunately when I tested the purchase it didn't confirm.
When I replaced the code in the original file on my test site and made a purchase with my paypal Sandbox - all seemed to be ok - but I thought I should check just in case I may have missed something important.
Thanks
Claire
Hi Claire,
which code did you replace within your paypal.php I have the same version as you and only have the following 3 lines of code:
$header = "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen ($post_msg) . "\r\n\r\n";
Can you post what you got working please?
Thanks
Alan
Hi Alan
I replaced this:
$header = "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen ($post_msg) . "\r\n\r\n";
with this
$header="POST /cgi-bin/webscr HTTP/1.1\r\n";
$header .= "User-Agent: PHP/" . phpversion () . "\r\n";
$header .= "Referer: " . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . @$_SERVER['QUERY_STRING'] . "\r\n";
$header .= "Server: " . $_SERVER['SERVER_SOFTWARE'] . "\r\n";
$header .= "Host: " . $this->_getPaypalUrl ($method) . ":" . $port . "\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen ($post_msg) . "\r\n";
$header .="Connection: close\r\n\r\n";
I have only tested it in my dev site and with my paypal sandbox account so far, and I'm not convinced this is the right way to do it.
Thanks Claire,
Will also test this end. Hopefully alatak or another Developer could confirm that is correct
Thanks again
Alan
Hello
QuoteFatal error: Call to undefined method plgVmPaymentPaypal::getEmailCurrency() in mysite/plugins/vmpayment/paypal/paypal.php on line 162
OK. The reason is because i asked you to use another version of the paypal plugin.
@ clairemarie
QuoteI'm using VM 2.0.10
Can you please test this version. If everything is ok, i will release it.
[attachment cleanup by admin]
i'm also wanna know if it's working..
hello
Quotei'm also wanna know if it's working..
what do you mean ? what is working?
Quote from: alatak on September 10, 2013, 08:58:08 AM
Hello
QuoteFatal error: Call to undefined method plgVmPaymentPaypal::getEmailCurrency() in mysite/plugins/vmpayment/paypal/paypal.php on line 162
OK. The reason is because i asked you to use another version of the paypal plugin.
@ clairemarie
QuoteI'm using VM 2.0.10
Can you please test this version. If everything is ok, i will release it.
if this is working.. i'm also using VM 2.0.10
Hi Sorry - I didn't get notified that there had been new posts in this thread.
We are in the process of upgrading to 2.0.22c so I won't be able to test for you.
sorry
Quote from: alatak on September 10, 2013, 08:58:08 AM
Hello
QuoteFatal error: Call to undefined method plgVmPaymentPaypal::getEmailCurrency() in mysite/plugins/vmpayment/paypal/paypal.php on line 162
OK. The reason is because i asked you to use another version of the paypal plugin.
@ clairemarie
QuoteI'm using VM 2.0.10
Can you please test this version. If everything is ok, i will release it.
i tested it on live site and it works perfect.. it fix my problem also with the confirmed and pending problem..
Hello
Quotei tested it on live site and it works perfect.. it fix my problem also with the confirmed and pending problem..
ok, i am uploading the vesion plgvm_virtuemart_paypal_vm2.0.10_1.5.zip to dev.virtuemart.net then