From what I understand, PayPal just verifies that the data we send to them matches the data they sent to us. Using $_POST and building the $variables array, we're not really adding or removing anything. However, the loop to build the array does not work with some PayPal APIs that have nested arrays such as Adaptive Payments. Why not just send them back the raw data they sent to us using php://input?

Patch incoming.

CommentFileSizeAuthor
#2 1904046-2.patch1.2 KBmglaman
#1 commerce_paypal-post-to-stream-1904046-1.patch1.19 KBAnonymous (not verified)

Comments

Anonymous’s picture

Anonymous (not verified) commented
Status: Active » Needs review
StatusFileSize
new commerce_paypal-post-to-stream-1904046-1.patch1.19 KB

Patch attached. This code also should work against 1.0.

I don't see any issues with WPP or WPS, but I admit that I have not tested them. If someone can verify that this works with those implementations, then I might be able to send up a big patch for Adaptive Payments support.

mglaman’s picture

mglaman
Primary language English
Location WI, USA
commented
Issue summary: View changes
StatusFileSize
new 1904046-2.patch1.2 KB

Reroll. This makes sense since we just need to prefix the validate command.

mglaman’s picture

mglaman
Primary language English
Location WI, USA
commented
Status: Needs review » Needs work

Based on their example, there would technically be more to do to properly construct the array rather than reading from $_POST

// STEP 1: read POST data
// Reading POSTed data directly from $_POST causes serialization issues with array data in the POST.
// Instead, read raw POST data from the input stream.
$raw_post_data = file_get_contents('php://input');
$raw_post_array = explode('&', $raw_post_data);
$myPost = array();
foreach ($raw_post_array as $keyval) {
  $keyval = explode ('=', $keyval);
  if (count($keyval) == 2)
    $myPost[$keyval[0]] = urldecode($keyval[1]);
}
Anonymous’s picture

Anonymous (not verified) commented
Assigned: » Unassigned
rszrama’s picture

rszrama commented
Status: Needs work » Closed (won't fix)

This seems pretty risky to change, imo. Especially in the 7.x branch where we don't even offer support for Adaptive Payments. (Does PayPal itself support that API any more?) Closing this out until there's a concrete use case and some form of testability.