Jump to content

[Resolved] Missing transaction logs/PayPal IPN


Recommended Posts

31 minutes ago, bsandall said:

Perhaps also checked against a whitelisted set of allowed URLs? Since, you know, CSRF is exactly that - an attack by a remote server. ;)

EDIT: And by whitelisted URLs, I mean internal (CubeCart) ones that are allowed to be called remotely without a CSRF token.

That explains why my MailChimp plugin is creating subscriptions from the Newsletter Subscription tab in CC customer account, but can't handle an unsubscribe from MailChimp. There needs to be some way to allow certain remote actions that plugins, etc., might need.

Link to comment
Share on other sites

5 hours ago, foz1234 said:

Many thanks for your order! The order status is currently pending but it will automatically update to processing once payment is confirmed. Normally this is automated and will happen within the hour but please do contact us if you require more information.

I rolled back our plushcatalog store to a GitHub commit from early March (basically back to 6.1.5). I then took an order all the way to payment and, unlike my usual testing, I actually paid for it with a different account debit card. I used a different domain email address. And all the payment process worked properly. And the refund from PP processed correctly on CC as well.

I DID see the part I've quoted from your comment, @foz1234 But by the time I checked in admin, it had Processed.

All the CSRF changes are what I don't have in my live code.

I DO still have captcha turned off, thanks to all the changes in that coding that my plugins and edits don't have yet.

Link to comment
Share on other sites

I have had two calls this morning from customers who after filling in their details at checkout, found that when they clicked on the 'secure checkout' button were unable to proceed!  I did a test purchase while they were on the phone and I too could not get past this stage...
I had changed the config.xml as per yesterdays advice from @Al Brookbanks but after changing <csrf>false</csrf> back to <csrf>true</csrf> everything seems to be working again...
Link to comment
Share on other sites

Glad to see this progress with gateways, for sure. But I have a MailChimp API plugin that communicates both ways with the store that apparently isn't able to communicate back to the store at this time on 6.1.7, thanks to CSRF. So there's still more to be done here. I understand CC is trying to shut down unauthorized server access to our stores, and that's a good thing. We just need a way to tell the code what is allowed through. Windows does the same thing with allowed exceptions in Defender. (I think it's Defender that does that - maybe something else?)

Link to comment
Share on other sites

5 minutes ago, Christopher Short said:

I wish I could get it to go to processing at authorization, and complete at capture though :)

I wish I understood all this well enough to be of help, but I certainly do not. Maybe it would be best to make a new thread about what you need, since this thread has gotten so long.

Link to comment
Share on other sites

  • 1 year later...

Hi All,

I have been just reading about the trials and tribulations of IPN PayPal and getting responses back and changing orders from pending to processing. I'm having all of these issues, PayPal doesn't seem to give a response of 200 and CC does change the status from pending to processing, I have made the changes to code in the PayPal gateway.class so that the 'amp' is removed however I haven't turned off csrf where/how do I do this, this may solve my problem (hopefully). I'm currently using version 6.2 of cubecart.

Hope somebody can help me or point me in the right direction

Best Regards,


Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...