Starky04 Posted August 28, 2014 Share Posted August 28, 2014 The problem: When choosing the PayPal payment option you get a 403 Forbidden Error on the following file: modules\paypal\express_checkout\payment.php You have ensured that the permissions are correct for the module When navigating to the script directly (e.g. http://www.mysite.com/modules/paypal/express_checkout/payment.php) the page loads with a PayPal error. NOTE - it loads and does not show you a 403 Forbidden Error The PayPal module has this problem because of the following form behind the payment button: <form id="paypal_payment_form" action="http://mysite.com/modules/paypal/express_checkout/payment.php" title="Pay with PayPal" method="post" data-ajax="false"> <input type="hidden" name="quantity" value="1"> <input type="hidden" name="id_p_attr" value=""> <input type="hidden" name="express_checkout" value="cart"> <input type="hidden" name="current_shop_url" value="http://mysite.com/quick-order?"> <!-- THIS IS THE CULPRIT --> <input type="hidden" name="bn" value="PRESTASHOP_ECM"> </form> You can see that the input with the name 'current_shop_url' contains a URL which matches our description and will therefore be blocked by the mod_security module. Easy Solution - Have your host disable this feature for you site As simple as that. This will lower your security though. Hacky Solution - Alter the PayPal module to stop it from producing URLs which will be blocked. Make changes to the following files: express_checkout/process.php in setCancelURL function //$url = urldecode(Tools::getValue('current_shop_url')); // Comment out this line $url = "http://" . urldecode(Tools::getValue('current_shop_url')); // Add this line views/templates/hook/express_checkout_payment.tpl in the form near the bottom of the file <!--<input type="hidden" name="current_shop_url" value="{$PayPal_current_page|escape:'htmlall':'UTF-8'}" /> Comment out this line --> <input type="hidden" name="current_shop_url" value="{substr($PayPal_current_page, 7)|escape:'htmlall':'UTF-8'}" /> <!-- Add this line --> views/templates/hook/express_checkout_shortcut_form.tpl in the form near the bottom of the file <!--<input type="hidden" name="current_shop_url" value="{$PayPal_current_page|escape:'htmlall':'UTF-8'}" /> Comment out this line --> <input type="hidden" name="current_shop_url" value="{substr($PayPal_current_page, 7)|escape:'htmlall':'UTF-8'}" /> <!-- Add this line --> Hopefully this can help some of you. This caused me a lot of issues and took quite a while to figure out so I don't want the rest of you to have to go through that too! 1 Link to comment Share on other sites More sharing options...
El Patron Posted August 28, 2014 Share Posted August 28, 2014 thanks for sharing, I will pin this in PayPal section for community review/comment. Link to comment Share on other sites More sharing options...
bellini13 Posted August 28, 2014 Share Posted August 28, 2014 Could you explain what the result of the Hacky Solution is? How is the URL different when making this change? Link to comment Share on other sites More sharing options...
Starky04 Posted August 28, 2014 Author Share Posted August 28, 2014 (edited) Please ignore/delete Edited August 29, 2014 by Starky04 (see edit history) Link to comment Share on other sites More sharing options...
Starky04 Posted August 28, 2014 Author Share Posted August 28, 2014 (edited) Please ignore/delete Edited August 29, 2014 by Starky04 (see edit history) Link to comment Share on other sites More sharing options...
Starky04 Posted August 29, 2014 Author Share Posted August 29, 2014 I've had to put this into a code block for some reason... no idea what's wrong with the forum. I've made it bit more difficult to understand because of the order that I've listed the code changes in. The second and third changes remove 'http://' from the form input URL using the substr() function. I would note that you may need to change the index passed in from 7 to 8 if the URL is using 'https://'. Since a URL with 'http://' at the start is no longer being posted to PayPal, the mod_security module does not raise a 403 error. We can't post the URL to PayPal as it is though because their API will reject it because it is not properly formatted. To fix this, we prefix 'current_shop_url' with 'http://' to get it back to it's original form. We do it in the process.PHP file because this is where the form posted to - we are intercepting and restoring the URL before calling the AP Link to comment Share on other sites More sharing options...
bellini13 Posted August 29, 2014 Share Posted August 29, 2014 ah ok, understand now what you are doing, thanks for the explanation. Link to comment Share on other sites More sharing options...
jordanh2015 Posted August 18, 2015 Share Posted August 18, 2015 This worked perfect for me then a few days later randomly stopped working all ive done is add more products Link to comment Share on other sites More sharing options...
zvp Posted December 22, 2016 Share Posted December 22, 2016 I also have the 403 problem, so I wonder whether this solutions is also recommendable for the latest version of Prestashop? Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now