As per Magento notification yesterday, PayPal Instant Payment Notification will no longer allow HTTP use to send back verification messages. In order to comply with this PayPal Instant Payment Notification changes, all Magento merchants using PayPal have to apply the patch SUPEE-8167 or upgrade to the latest Magento 1.9.3.3. It’s must to upgrade or patch before 30th June, 2017 to avoid any service disruptions.
Installation process:
I have explained installation of patches with both the ways here:
Follow this instruction to install patch on your store,
Method 1:
Upload patch files in the root of Magento.
Make one file with the name of patch.php, write following code in it,
1 |
<!--?php print("<PRE>"); passthru("/bin/bash PATCH_SUPEE-8167.sh"); print("</PRE>"); echo "Done"; ?--> |
replace the file name in it, upload it in the root and run the file from the browser.
Name should be PATCH_SUPEE-8167.sh
You should receive following screen once you run patch.php from the browser,
If you are getting error like this,
“Error! Some required system tools, that are utilized in this sh script, are not installed; Tool (s) “patch” is (are) missed, please install it(them).
That means system tools aren’t installed in your server to run the sh script, you can contact your hosting provider or follow another method.
We have updated the patch files for the older Magento versions. It is very much recommended to use this patches at your own risk, please take backup of your website prior to installation.
Method 2:
You can install patch with SSH as well. You will need SSH, if you don’t know how to set up SSH, contact your hosting provider.
Upload the patch files in the root,
In ssh console, run the command as following.
For .sh file extension
Sh PATCH_SUPEE-8167.sh
For .patch file extension:
patch —p0 < patch_file_name.patch
Method 3:
Download the zip file for the patch installation. You can also download these Pre Patched files from GitHub. After downloading the files, simply upload it to your Magento root folder.
Magento version | SUPEE-8167 |
Magento 1.9.3.2 | SUPEE_8167_Magento_1.9.3.2 |
Magento 1.9.3.1 | SUPEE_8167_Magento_1.9.3.1 |
Magento 1.9.3.0 | SUPEE_8167_Magento_1.9.3.0 |
Magento 1.9.2.4 | SUPEE_8167_Magento_1.9.2.4 |
Magento 1.9.2.3 | SUPEE_8167_Magento_1.9.2.3 |
Magento 1.9.2.2 | SUPEE_8167_Magento_1.9.2.2 |
Magento 1.9.2.1 | SUPEE_8167_Magento_1.9.2.1 |
Magento 1.9.1.1 | SUPEE_8167_Magento_1.9.1.1 |
Magento 1.9.1.0 | SUPEE_8167_Magento_1.9.1.0 |
Magento 1.8.1.0 | SUPEE_8167_Magento_1.8.1.0 |
Magento 1.7.0.2 | SUPEE_8167_Magento_1.7.0.2 |
It is still recommended to upgrade to Magento version 1.9.3.3 which includes all the security patches including SUPEE 8167. If you need any help regarding Magento version Upgrade, Checkout our Magento Upgrade Service.
Hi, I run the script and it said :
Checking if patch can be applied/reverted successfully…
ERROR: Patch can’t be applied/reverted successfully.
Done
Magento version is 1.7 and the lines aboves are not in ipn.php file, do you know what’s going on?
I finally modified the file manually (app/code/core/Mage/Paypal/Model/Ipn.php) after placing an order, everything seems ok.
Thanks
Hi, I run the script and it said :
Checking if patch can be applied/reverted successfully…
ERROR: Patch can’t be applied/reverted successfully.
Done
Magento version is 1.7 and the lines aboves are not in ipn.php file, do you know what’s going on?
I finally modified the file manually (app/code/core/Mage/Paypal/Model/Ipn.php) after placing an order, everything seems ok.
Thanks
After updating SUPEE, still I am getting SUPEE 8167 notification while login in admin panel.
Is there any issue ?
No, there is no issue, you can ignore or mark all those message as read.
After updating SUPEE, still I am getting SUPEE 8167 notification while login in admin panel.
Is there any issue ?
No, there is no issue, you can ignore or mark all those message as read.
Hello, I run the script and it said “Done” (nothing else, maybe it was too fast).
How can I check if everything worked? If I check the last edited time stamp on the ftp server in /htdocs/app/code/core/Mage/Paypal/Model/Ipn.php it still gives me a old date (january 2017)
Please confirm this in your Ipn.php file
diff --git app/code/core/Mage/Paypal/Model/Ipn.php app/code/core/Mage/Paypal/Model/Ipn.php
index a49d295..977ce23 100644
--- app/code/core/Mage/Paypal/Model/Ipn.php
+++ app/code/core/Mage/Paypal/Model/Ipn.php
@@ -37,6 +37,20 @@ class Mage_Paypal_Model_Ipn
const DEFAULT_LOG_FILE = 'paypal_unknown_ipn.log';
/**
+ * Default postback endpoint URL.
+ *
+ * @var string
+ */
+ const DEFAULT_POSTBACK_URL = 'https://ipnpb.paypal.com/cgi-bin/webscr';
+
+ /**
+ * Sandbox postback endpoint URL.
+ *
+ * @var string
+ */
+ const SANDBOX_POSTBACK_URL = 'https://ipnpb.sandbox.paypal.com/cgi-bin/webscr';
+
+ /**
* Store order instance
*
* @var Mage_Sales_Model_Order
@@ -132,14 +146,15 @@ class Mage_Paypal_Model_Ipn
*/
protected function _postBack(Zend_Http_Client_Adapter_Interface $httpAdapter)
{
+ $url = $this->_getPostbackUrl();
+
$postbackQuery = http_build_query($this->_request) . '&cmd=_notify-validate';
- $postbackUrl = $this->_config->getPaypalUrl();
- $this->_debugData['postback_to'] = $postbackUrl;
+ $this->_debugData['postback_to'] = $url;
$httpAdapter->setConfig(array('verifypeer' => $this->_config->verifyPeer));
$httpAdapter->write(
Zend_Http_Client::POST,
- $postbackUrl,
+ $url,
'1.1',
array('Connection: close'),
$postbackQuery
@@ -176,6 +191,16 @@ class Mage_Paypal_Model_Ipn
}
/**
+ * Get postback endpoint URL.
+ *
+ * @return string
+ */
+ protected function _getPostbackUrl()
+ {
+ return $this->_config->sandboxFlag ? self::SANDBOX_POSTBACK_URL : self::DEFAULT_POSTBACK_URL;
+ }
+
+ /**
* Load and validate order, instantiate proper configuration
*
*
Hello, I run the script and it said “Done” (nothing else, maybe it was too fast).
How can I check if everything worked? If I check the last edited time stamp on the ftp server in /htdocs/app/code/core/Mage/Paypal/Model/Ipn.php it still gives me a old date (january 2017)