• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[solved] $config['csrf_protection'] and Paypal

#1
[eluser]SPeed_FANat1c[/eluser]
Hi,

when $config['csrf_protection'] is TRUE Paypal IPN does not work.

So do you solve it? Check by IP addreses in the config file and the set to true or false accordingly?

I tried getting sandbox.paypal.com IP with $_SERVER['REMOTE_ADDR'] and get 216.113.191.33

I also googled for IPs and found such thing:

https://cms.paypal.com/us/cgi-bin/?cmd=_...echecklist

But there is no such IP address, so that means that the table is not updated or something. So I cannot trust it. And what if they decide to change the IP (for some reason) ? then I will also have to change IPs in config file.

How do you solve this problem?

Edit:

Found the solution in another thread:
Code:
if (isset($_SERVER["REQUEST_URI"]))
{
    if(stripos($_SERVER["REQUEST_URI"],'/mypage') === FALSE)
    {
        $config['csrf_protection'] = TRUE;
    }
    else
    {
        $config['csrf_protection'] = FALSE;
    }
}
else
{
    $config['csrf_protection'] = TRUE;
}

#2
[eluser]Jacob Graf[/eluser]
Worked for me! Here is a link to the original solution.

http://ellislab.com/forums/viewthread/182631/


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2019 MyBB Group.