Announcement

Collapse
No announcement yet.

error with recieving a request post method with content from my payment processor

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • error with recieving a request post method with content from my payment processor

    I have added a new payment processor 'stripe' to my vbulletin forum, and when the callback is sent to vbulletin payment_gateway.php, its blocked by $_SERVER['REQUEST_METHOD']) == 'POST' and $_SERVER['CONTENT_LENGTH'] > 0, inside /core/init.php. The method used by stripe is sending the response back in a json encoded array and has to be received with $response = json_decode(file_get_contents('php://input'), true );

    I guess my question is why is a request method of post blocked with any content size and how is the best way to work around this. I could write a new callback page and convert it all to POST array before its sent to vbulletin payment_gateway.php. but I would rather not create files that's not needed and also is there a security reason for this to be blocked within vbulletin?

    Thanks.

  • #2
    I also encountered the same issue when I implemented Stripe payment gateway to vB5. Stripe is sending the webhook request parameters as a JSON and I had no choice but to modify /core/includes/init.php to allow Stripe webhook requests to go through.

    I changed:

    PHP Code:
    if (empty($_POST) AND isset($_SERVER['CONTENT_LENGTH']) AND $_SERVER['CONTENT_LENGTH'] > 0)
    {
        die(
    'The file(s) uploaded were too large to process.');

    to:

    PHP Code:
    if (empty($_POST) AND isset($_SERVER['CONTENT_LENGTH']) AND $_SERVER['CONTENT_LENGTH'] > 0)
    {
        if (
    stripos($_SERVER['REQUEST_URI'], '/core/payment_gateway.php?method=stripe') === FALSE) {
            die(
    'The file(s) uploaded were too large to process.');
        }

    Glenn Vergara
    Former vBulletin Developer
    Last edited by Glenn Vergara; Mon 29 Feb '16, 10:10am.

    GIPHY for vB5 AutoLinker Auto-Create Flag Report Topic Social Icons in Postbit Clear Cache Cron DragDrop Upload Topic AJAX AutoUpdate Custom Avatars Selector Stop Links in Posts...and more!

    Comment


    • #3
      Thanks that's one way i did not think about, I ended up modifying the payment_gateway.php before it called init.php with this.

      Code:
      //I set this before REQUIRE BACK END defines.
      
      if( $_REQUEST['method'] == 'stripe' ){
          $_POST['resp'] = file_get_contents('php://input');
          $_SERVER['CONTENT_LENGTH'] = 0;
      }
      also I assume this was blocked to stop anyone from sending files within vbulletin for malicious scripts or files being sent?
      Last edited by cjg9590; Tue 1 Mar '16, 2:02am.

      Comment


      • #4
        I think your solution is better. It just accepts the stripe request for payment_gateway.php and not for any other requests.

        GIPHY for vB5 AutoLinker Auto-Create Flag Report Topic Social Icons in Postbit Clear Cache Cron DragDrop Upload Topic AJAX AutoUpdate Custom Avatars Selector Stop Links in Posts...and more!

        Comment


        • #5
          yea i would say both work to allow the callback to work, I also added a check for stripe ip's so i know its only allowing stripe server only.

          Comment

          widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
          Working...
          X