Quick snippet/plugin/dropin to test IPN support

ipn-test.php

<?php
/**
 * Plugin Name: PayPal Sandbox IPN Tester
 * Description: Pings the IPN endpoint to see if your server can connect. Just head to <a href="/?ipn-test=1">yoursite.com/?ipn-test=1</a> whilst logged in as admin.
 * Version: 1.0.0
 * Author: WooThemes
 * Requires at least: 4.1
 * Tested up to: 4.3
 */
if ( ! defined( 'ABSPATH' ) ) {
	exit;
}

add_action( 'wp_loaded', 'paypal_sandbox_ipn_tester' );

function paypal_sandbox_ipn_tester() {
	if ( ! empty( $_GET['ipn-test'] ) && current_user_can( 'manage_options' ) ) {
	  $response = wp_safe_remote_post( 'https://www.sandbox.paypal.com/cgi-bin/webscr', array(
	  	'body'       => array(
	  		'test_ipn' => 1,
	  		'cmd'      => '_notify-validate'
	  	)
	  ) );

	  if ( ! is_wp_error( $response ) ) {
	  	wp_die( 'SUCCESS' );
	  } else {
	  	wp_die( 'FAIL - ' . $response->get_error_message() );
	  }
	}
}

Thanks so much, appreciate this!

perfect. Thank you.

THANK YOU

Does this cover the 2016 stuff that PayPal has been sending round?

Like silicondales, I would like to know if this plugin covers the 2016 merchant security upgrades

I suggest modifying it thus for a better test:

      $response = wp_safe_remote_post( 'https://www.sandbox.paypal.com/cgi-bin/webscr', array(
        'body'       => array(
            'test_ipn' => 1,
            'cmd'      => '_notify-validate'
        ),
        'httpversion' => '1.1'
      ) );

Because of: https://www.paypal-knowledge.com/infocenter/index?page=content&widgetview=true&id=FAQ1914&viewlocale=en_US

The response from my host (one of the big ones):

In order to utilize the TLS 1.2 cipher in accordance with Paypals new policies. You would need to contact the developer of the plugin or your site to have them update the cURLOPT to use TLS 1.2 specificlly. It is defaulting to TLS 1.0, but you can use up to TLS 1.2 if you specify it in your code.

My response to them:

WooCoommerce uses core WordPress functions to post to the PayPal IPN url. So, then we need to get the WordPress core code modified to use the proper curl settings. I have not had the best of luck getting modifications accepted to the wordpress core in the past. Perhaps if the request comes from someone like Hostgator they will listen?

This will affect every single WooCommerce/WordPress site that is hosted on your systems. On June 17th 2016 they will all stop working. I suggest we head this off at the pass while we have the opportunity.

Thanks for any additional help and weight you can add to the case to be made to Auttomatic.

@reidbiztech versions older than that can be disabled at host level. TBH, those older standards should be disabled anyway because they are nowhere near as secure.

WooCommerce core does set httpversion to 1.1. That part isn't an issue.

No, they can't. Shared hosting environments need to consider more than just WordPress, as described here:
https://core.trac.wordpress.org/ticket/36320#comment:7

But here is my tentative fix anyway:

function rbst_http_api_transports() {
    return array( 'streams', 'curl' );
}
add_filter( 'http_api_transports', 'rbst_http_api_transports', 9999 );

@reidbiztech, I just copied the code in one of my plugins and tested via IPN Simulator. No luck.

Can you let me know where to past this code ? Also, I am using a relative old php version 5.4 . Could that be an issue ?

thanks for your input.

Mike

so interestingly, before adding your code to my plugin I received this error:

SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

after adding your code I receive this error:

FAIL - The SSL certificate for the host could not be verified.

Can you make sense of this ? Any idea where to go from here ?

thanks a lot,
Mike