- πΊπΈUnited States TomTech
Automatically closed because Drupal 7 security and bugfix support has ended β as of 5 January 2025. If the issue verifiably applies β to later versions, please reopen with details and update the version.
When processing an IPN message for an Adaptive Payments, the IPN validation procedure that is implemented in the module is correct, however, it fails to properly validate an Adaptive Payments IPN due to a strange POST variable encoding issue. PayPal sends data in a very strange way that PHP's POST variable parser fails to handle. For example:
transaction%5B0%5D.is_primary_receiver=true&
transaction%5B0%5D.id_for_sender_txn=3BN58289VJ345364K&
transaction%5B1%5D.paymentType=SERVICE&
transaction%5B0%5D.amount=USD+18.95&
charset=windows-1252&
transaction_type=Adaptive+Payment+PAY&
transaction%5B1%5D.id_for_sender_txn=5XS94988DT196883F&
transaction%5B1%5D.is_primary_receiver=false
Is sent as the post body. I've snipped the data and added some newlines for clarity. But you can see that PayPal is passing in urlencoded() variable names that are strange to PHP transaction[0].is_primary_receiver=true (unencoded) would normally be transaction[0][is_primary_receiver]=true. This causes a problem as PHP parses them like this:
$ipn = array(
"transaction" => array(
"0" => 'NONE',
"1" => 'Completed',
),
// ... snip ...
);
Instead of treating the entire first part of the key-value-pair as a string and coming out like this:
array (
'transaction%5B0%5D.is_primary_receiver' => 'true',
'transaction%5B0%5D.id_for_sender_txn' => '3BN58289VJ345364K',
'transaction%5B0%5D.receiver' => 'omitted@omitted.com',
'transaction%5B1%5D.paymentType' => 'SERVICE',
'transaction%5B0%5D.amount' => 'USD 18.95',
'charset' => 'windows-1252',
'transaction_type' => 'Adaptive Payment PAY',
'transaction%5B1%5D.id_for_sender_txn' => '5XS94988DT196883F',
// ... snip ...
);
Data coming through in this format will pass validation. PayPal's docs make note that PHP has a problem with this although, arguably PayPal's format for sending array data over POST is odd as well.
This issue appears to only impact Adaptive Payments and obviously the IPN for EC, WPS, WPP, etc. are working just fine.
Closed: outdated
2.0
PayPal / IPN
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
Automatically closed because Drupal 7 security and bugfix support has ended β as of 5 January 2025. If the issue verifiably applies β to later versions, please reopen with details and update the version.