News:

Support the VirtueMart project and become a member

Main Menu

Email from Paypal

Started by david.kwock, August 07, 2013, 15:55:21 PM

Previous topic - Next topic

david.kwock

Hi,

I just got a email from Paypal, but not sure whether it is related to the VM2's Paypal plugin.
It says that they are going to abandon HTTP 1.0 protocol from the 7th of Oct,2013.

I guess that VM2 maybe not using the HTTP1.0 at all, but just in case, I  wanna make sure about this.

This is a copy of email from Paypal:

Quote
In a bulletin dated  the 18th of October, 2011, we announced that we were going to expand the number of IP addresses for www.paypal.com to improve our site's performance, scalability and availability. As part of this transition, we planned to discontinue support for HTTP 1.0 protocol starting the 7th of October, 2013.
We have recently identified that this change may impact the ability of some of our merchants to perform IPN (Instant Payment Notification) post-back validation or PDT (Payment Data Transfer) posts to www.paypal.com and ipnpb.paypal.com. This happens when the IPN or PDT scripts use HTTP 1.0 protocol and do not include the "Host: www.paypal.com" or "Host: ipnpb.paypal.com" header in the HTTP request.

Additional Details
Starting the 7th of October, 2013, we will require all incoming requests to have a "Host" header which complies with HTTP 1.1 Specifications. This header was not required under HTTP 1.0. IPN and PDT scripts using HTTP 1.0 may start failing with "HTTP/1.0 400 Bad Request" errors after the 7th of October, 2013, which will result in IPN messages not being validated successfully, or PDT scripts not being able to retrieve transaction information.


so.. we can simply ignore this email? please let me know.

Thank you!!

David

slammy

Hi,
I  recieved this email too. Never heard of it before.
I noticed at dev.virtuemart.net on version sr 2.0.14 an extra download for the paypal payment plugin. Is it already included there or another higher version or will it be part of next stable release? With best regards

AH

Alatak is working on this small change
Regards
A

Joomla 4.4.5
php 8.1

slammy

thank you Hutson for your info

sscheidegger


Quote from: Hutson on August 07, 2013, 20:23:16 PM
Alatak is working on this small change

Does this mean that the current version of VM doesn't use HTTP1.1 and we will need to update VM to a new version before October 7?

slammy

Quote from: sscheidegger on August 13, 2013, 14:32:07 PM

Quote from: Hutson on August 07, 2013, 20:23:16 PM
Alatak is working on this small change

Does this mean that the current version of VM doesn't use HTTP1.1 and we will need to update VM to a new version before October 7?

Maybe it´s possible to install the plugin itself without any vm-update (take a look at dev.virtuemart.net FILES -> see a plugin download in stable release 2.0.14 ...), if not you´ll have to update VM to a  new version I think.

sscheidegger

Thanks a lot for the information! I think I'll wait a bit before I upgrade my template to the current version...

alatak

Hello
QuoteDoes this mean that the current version of VM doesn't use HTTP1.1 and we will need to update VM to a new version before October 7?
yes, the fix is the following:

replace in file plugins/vmpayment/paypal/paypal.php this code

$header = "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "User-Agent: PHP/" . phpversion() . "\r\n";
$header .= "Referer: " . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . @$_SERVER['QUERY_STRING'] . "\r\n";
$header .= "Server: " . $_SERVER['SERVER_SOFTWARE'] . "\r\n";
$header .= "Host: " . $this->_getPaypalUrl($method) . ":" . $port . "\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($post_msg) . "\r\n";
$header .= "Accept: */*\r\n\r\n";


with
$header="POST /cgi-bin/webscr HTTP/1.1\r\n";
$header .= "User-Agent: PHP/" . phpversion () . "\r\n";
$header .= "Referer: " . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . @$_SERVER['QUERY_STRING'] . "\r\n";
$header .= "Server: " . $_SERVER['SERVER_SOFTWARE'] . "\r\n";
$header .= "Host: "  . $this->_getPaypalUrl ($method) . ":" . $port . "\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen ($post_msg) . "\r\n";
$header .="Connection: close\r\n\r\n";

clairemarie

Hi

I hope you don't mind, but can I clarify?
I'm using Joomla! 2.5.7 / VM 2.10.10

Will there be an update to the PayPal plugin?  Will I need to upgrade VM in order to get the PayPal update?
Or
Can I just replace the code above without upgrading?  Can I replace the code now? Or should I wait until Oct 7?

Thanks
Claire

sscheidegger

@alatak: Thanks a lot! That's very helpful!

@clairemarie: According to the Paypal mail the new code should already work now and the old code should stop working on Oct 7. But I didn't have time to test it yet. You can just try to replace the code an test if paypal is still working for you.


clairemarie

Hi,

I would like to replace the code and test with my paypal sandbox account.

in my papypal.php file I don't have all the code listed above, I only have:

$header = "POST /cgi-bin/webscr HTTP/1.0\r\n";
      $header .= "Content-Type: application/x-www-form-urlencoded\r\n";
      $header .= "Content-Length: " . strlen ($post_msg) . "\r\n\r\n";

Should I just replace only those 3 lines or should I replace with all the code?

Many thanks
Claire

jenkinhill

You can download the modified file for that old VM version. It is  plgvm_virtuemart_paypal_vm2.0.10_1.4.zip on http://dev.virtuemart.net/projects/virtuemart/files
Kelvyn
Lowestoft, Suffolk, UK

Retired from forum life November 2023

Please mention your VirtueMart, Joomla and PHP versions when asking a question in this forum

clairemarie

Hi

Thanks for pointing me in the direction of the files.  I replaced them but unfortunately when I processed an order it did not get confirmed.
As a little test for myself I went back to the original file and replaced these 3 lines

$header = "POST /cgi-bin/webscr HTTP/1.0\r\n";
      $header .= "Content-Type: application/x-www-form-urlencoded\r\n";
      $header .= "Content-Length: " . strlen ($post_msg) . "\r\n\r\n";

with the code from the earlier post

$header="POST /cgi-bin/webscr HTTP/1.1\r\n";
      $header .= "User-Agent: PHP/" . phpversion () . "\r\n";
      $header .= "Referer: " . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . @$_SERVER['QUERY_STRING'] . "\r\n";
      $header .= "Server: " . $_SERVER['SERVER_SOFTWARE'] . "\r\n";
      $header .= "Host: "  . $this->_getPaypalUrl ($method) . ":" . $port . "\r\n";
      $header .= "Content-Type: application/x-www-form-urlencoded\r\n";
      $header .= "Content-Length: " . strlen ($post_msg) . "\r\n";
      $header .="Connection: close\r\n\r\n";

and this seems to work - I'm not a developer by any means, so just wanted to check if there is any reason I shouldn't do this?
(I am going to talk with my developer about upgrading, but I need this sorted sooner)

Thanks
Claire