error with recieving a request post method with content from my payment processor

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • cjg9590
    Member
    • Jan 2016
    • 34
    • 5.1.x
    #1

    error with recieving a request post method with content from my payment processor

    I have added a new payment processor 'stripe' to my vbulletin forum, and when the callback is sent to vbulletin payment_gateway.php, its blocked by $_SERVER['REQUEST_METHOD']) == 'POST' and $_SERVER['CONTENT_LENGTH'] > 0, inside /core/init.php. The method used by stripe is sending the response back in a json encoded array and has to be received with $response = json_decode(file_get_contents('php://input'), true );

    I guess my question is why is a request method of post blocked with any content size and how is the best way to work around this. I could write a new callback page and convert it all to POST array before its sent to vbulletin payment_gateway.php. but I would rather not create files that's not needed and also is there a security reason for this to be blocked within vbulletin?

    Thanks.
    Tags: None
    • glennrocksvb
      Former vBulletin Developer
      • Mar 2011
      • 4021
      • 5.7.X
      #2
      I also encountered the same issue when I implemented Stripe payment gateway to vB5. Stripe is sending the webhook request parameters as a JSON and I had no choice but to modify /core/includes/init.php to allow Stripe webhook requests to go through.

      I changed:

      PHP Code:
      if (empty($_POST) AND isset($_SERVER['CONTENT_LENGTH']) AND $_SERVER['CONTENT_LENGTH'] > 0)
      {
          die(      'The file(s) uploaded were too large to process.');
      to:

      PHP Code:
      if (empty($_POST) AND isset($_SERVER['CONTENT_LENGTH']) AND $_SERVER['CONTENT_LENGTH'] > 0)
      {
          if (      stripos($_SERVER['REQUEST_URI'], '/core/payment_gateway.php?method=stripe') === FALSE) {
              die(      'The file(s) uploaded were too large to process.');
          }
      Last edited by glennrocksvb; Mon 29 Feb '16, 9:10am.

      Flag Icon Postbit Insert GIPHY Impersonate User BETTER INITIALS AVATAR Better Name Card Quote Selected Text Bookmark Posts Post Footer Translate Stop Links in Posts +MORE!

        Comment

        • cjg9590
          Member
          • Jan 2016
          • 34
          • 5.1.x
          #3
          Thanks that's one way i did not think about, I ended up modifying the payment_gateway.php before it called init.php with this.

          Code:
          //I set this before REQUIRE BACK END defines.

if( $_REQUEST['method'] == 'stripe' ){
    $_POST['resp'] = file_get_contents('php://input');
    $_SERVER['CONTENT_LENGTH'] = 0;
}
          also I assume this was blocked to stop anyone from sending files within vbulletin for malicious scripts or files being sent?
          Last edited by cjg9590; Tue 1 Mar '16, 1:02am.

            Comment

            • glennrocksvb
              Former vBulletin Developer
              • Mar 2011
              • 4021
              • 5.7.X
              #4
              I think your solution is better. It just accepts the stripe request for payment_gateway.php and not for any other requests.

              Flag Icon Postbit Insert GIPHY Impersonate User BETTER INITIALS AVATAR Better Name Card Quote Selected Text Bookmark Posts Post Footer Translate Stop Links in Posts +MORE!

                Comment

                • cjg9590
                  Member
                  • Jan 2016
                  • 34
                  • 5.1.x
                  #5
                  yea i would say both work to allow the callback to work, I also added a check for stripe ip's so i know its only allowing stripe server only.

                    Comment

                    Previous template Next
                    widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                    Working...