Skip to content

Instantly share code, notes, and snippets.

@mikejolley
Last active September 5, 2024 01:54
Show Gist options
  • Save mikejolley/0941e0882efcad64ea40 to your computer and use it in GitHub Desktop.
Save mikejolley/0941e0882efcad64ea40 to your computer and use it in GitHub Desktop.
Quick snippet/plugin/dropin to test IPN support
<?php
/**
* Plugin Name: PayPal Sandbox IPN Tester
* Description: Pings the IPN endpoint to see if your server can connect. Just head to <a href="/?ipn-test=1">yoursite.com/?ipn-test=1</a> whilst logged in as admin.
* Version: 1.0.0
* Author: WooThemes
* Requires at least: 4.1
* Tested up to: 4.3
*/
if ( ! defined( 'ABSPATH' ) ) {
exit;
}
add_action( 'wp_loaded', 'paypal_sandbox_ipn_tester' );
function paypal_sandbox_ipn_tester() {
if ( ! empty( $_GET['ipn-test'] ) && current_user_can( 'manage_options' ) ) {
$response = wp_safe_remote_post( 'https://www.sandbox.paypal.com/cgi-bin/webscr', array(
'body' => array(
'test_ipn' => 1,
'cmd' => '_notify-validate'
)
) );
if ( ! is_wp_error( $response ) ) {
wp_die( 'SUCCESS' );
} else {
wp_die( 'FAIL - ' . $response->get_error_message() );
}
}
}
@jcamomile
Copy link

Awesome! Paypal documentation on this issue.. lengthy, confusing and convoluted. This tool... simple and definitive. Priceless! Thanks!

@Pross
Copy link

Pross commented Sep 17, 2015

Nice, simple.

@cheddar2014
Copy link

Thanks so much, appreciate this!

@anjmat
Copy link

anjmat commented Sep 23, 2015

perfect. Thank you.

@garretthyder
Copy link

THANK YOU

@robin-scott
Copy link

Does this cover the 2016 stuff that PayPal has been sending round?

@craigcpaterson
Copy link

Like silicondales, I would like to know if this plugin covers the 2016 merchant security upgrades

@reidbiztech
Copy link

I suggest modifying it thus for a better test:

      $response = wp_safe_remote_post( 'https://www.sandbox.paypal.com/cgi-bin/webscr', array(
        'body'       => array(
            'test_ipn' => 1,
            'cmd'      => '_notify-validate'
        ),
        'httpversion' => '1.1'
      ) );

Because of: https://www.paypal-knowledge.com/infocenter/index?page=content&widgetview=true&id=FAQ1914&viewlocale=en_US

@reidbiztech
Copy link

The response from my host (one of the big ones):

In order to utilize the TLS 1.2 cipher in accordance with Paypals new policies. You would need to contact the developer of the plugin or your site to have them update the cURLOPT to use TLS 1.2 specificlly. It is defaulting to TLS 1.0, but you can use up to TLS 1.2 if you specify it in your code.

My response to them:

WooCoommerce uses core WordPress functions to post to the PayPal IPN url. So, then we need to get the WordPress core code modified to use the proper curl settings. I have not had the best of luck getting modifications accepted to the wordpress core in the past. Perhaps if the request comes from someone like Hostgator they will listen?

This will affect every single WooCommerce/WordPress site that is hosted on your systems. On June 17th 2016 they will all stop working. I suggest we head this off at the pass while we have the opportunity.

Thanks for any additional help and weight you can add to the case to be made to Auttomatic.

@mikejolley
Copy link
Author

@reidbiztech versions older than that can be disabled at host level. TBH, those older standards should be disabled anyway because they are nowhere near as secure.

WooCommerce core does set httpversion to 1.1. That part isn't an issue.

@reidbiztech
Copy link

No, they can't. Shared hosting environments need to consider more than just WordPress, as described here:
https://core.trac.wordpress.org/ticket/36320#comment:7

But here is my tentative fix anyway:

function rbst_http_api_transports() {
    return array( 'streams', 'curl' );
}
add_filter( 'http_api_transports', 'rbst_http_api_transports', 9999 );

@mozzak
Copy link

mozzak commented Mar 25, 2016

@reidbiztech, I just copied the code in one of my plugins and tested via IPN Simulator. No luck.

Can you let me know where to past this code ? Also, I am using a relative old php version 5.4 . Could that be an issue ?

thanks for your input.

Mike

@mozzak
Copy link

mozzak commented Mar 25, 2016

so interestingly, before adding your code to my plugin I received this error:

SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

after adding your code I receive this error:

FAIL - The SSL certificate for the host could not be verified.

Can you make sense of this ? Any idea where to go from here ?

thanks a lot,
Mike

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment