XF 2.1 Server errors after 2.1.9 security patch

imno007

imno007

Well-known member
Just wondering if anyone else has encountered these. After manually applying latest security patch (still using XF. 2.1.4), I get a bunch of these on subscription payments:

  • Error: Call to undefined method XF\Repository\Payment::findLogsByTransactionIdForProvider()
  • src/XF/Payment/PayPal.php:268
#0 payment_callback.php(40): XF\Payment\PayPal->validateTransaction(Object(XF\Payment\CallbackState))
#1 {main}

Request state

array(4) {
["url"] => string(40) "/payment_callback.php?_xfProvider=paypal"
["referrer"] => bool(false)
["_GET"] => array(1) {
["_xfProvider"] => string(6) "paypal"
}
["_POST"] => array(33) {
["mc_gross"] => string(5) "10.00"
["protection_eligibility"] => string(8) "Eligible"
["payer_id"] => string(13) "C4HSN8G5C9R"
["payment_date"] => string(25) "02:53:15 May 04, 2020 PDT"
["payment_status"] => string(9) "Completed"
["charset"] => string(12) "windows-1252"
["first_name"] => string(7) "Gerhard"
["mc_fee"] => string(4) "0.74"
["notify_version"] => string(3) "3.9"
["custom"] => string(32) "c28cP-FusdXELod2iVlrCnrfjo4r8"
["payer_status"] => string(8) "verified"
["business"] => string(16) ""
["quantity"] => string(1) "1"
["verify_sign"] => string(56) "AbG0N5HKLVi82Ll0NU9QIVe1CH7.ACi6QCf4do2kV935aSTQVFs5iPJZ"
["payer_email"] => string(21) ""
["txn_id"] => string(17) "5PR09417MA095892M"
["payment_type"] => string(7) "instant"
["last_name"] => string(9) ""
["receiver_email"] => string(16) ""
["payment_fee"] => string(4) "0.74"
["shipping_discount"] => string(4) "0.00"
["receiver_id"] => string(13) "GJB98LXVCX6"
["insurance_amount"] => string(4) "0.00"
["txn_type"] => string(10) "web_accept"
["item_name"] => string(39) "Account upgrade: 2 months"
["discount"] => string(4) "0.00"
["mc_currency"] => string(3) "USD"
["item_number"] => string(0) ""
["residence_country"] => string(2) "GB"
["shipping_method"] => string(7) "Default"
["transaction_subject"] => string(0) ""
["payment_gross"] => string(5) "10.00"
["ipn_track_id"] => string(13) "c7bfd07628d4d"
}
}
 
Sort by date Sort by votes
Looks like findLogsByTransactionIdForProvider is not in XF\Repository\Payment.php in 2.1.4.

It's only in 2.1.5a onwards.

I've made the developers aware.
 
Upvote 0 Downvote
I hasten to add that wasn't the official company response.

But this is:
xenforo.com

XenForo 2.1.9 and 2.0.13 Released (Security Fix)

Today, we are releasing XenForo 2.1.9 and XenForo 2.0.13 to address a potential security vulnerability that may affect any customer who makes use of our PayPal payment handler. As well as user upgrades, this may affect add-ons you have installed which process payments using our PayPal payment...
xenforo.com xenforo.com

🙂
 
Upvote 0 Downvote
We're getting these messages logged @Brogan
  • InvalidArgumentException: Passing in the "body" request option as an array to send a POST request has been deprecated. Please use the "form_params" request option to send a application/x-www-form-urlencoded request, or the "multipart" request option to send a multipart/form-data request.
  • src\vendor\guzzlehttp\guzzle\src\Client.php:416
  • Generated by: Unknown account
  • May 4, 2020 at 7:18 AM
Stack trace
#0 src\vendor\guzzlehttp\guzzle\src\Client.php(119): GuzzleHttp\Client->invalidBody()
#1 src\vendor\guzzlehttp\guzzle\src\Client.php(131): GuzzleHttp\Client->requestAsync('post', Object(GuzzleHttp\Psr7\Uri), Array)
#2 src\vendor\guzzlehttp\guzzle\src\Client.php(89): GuzzleHttp\Client->request('post', 'https://ipnpb.p...', Array)
#3 src\XF\Payment\PayPal.php(178): GuzzleHttp\Client->__call('post', Array)
#4 payment_callback.php(36): XF\Payment\PayPal->validateCallback(Object(XF\Payment\CallbackState))
#5 {main}

I'm running 2.1.7
 
Last edited:
Upvote 0 Downvote
Pretty sure what you've done is downloaded the xf-patch-2013.zip patch (for 2.0.13) instead of the xf-patch-219.zip patch (for 2.1.9).

Please download the correct patch and see if the errors go away.
 
Upvote 0 Downvote
Chris D said:
Pretty sure what you've done is downloaded the xf-patch-2013.zip patch (for 2.0.13) instead of the xf-patch-219.zip patch (for 2.1.9).

Please download the correct patch and see if the errors go away.
Click to expand...
Thanks! It's been a crazy week, my son and girlfriend both had appendectomies this week! It's the craziest scenario!
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

Alan_SP
  • Question Question
XF 2.2 Users can't register - server errors
Replies
6
Views
424
Alan_SP
Alan_SP
Stuart Wright
  • Question Question
XF 2.2 Push notification failure - operation timed out errors
Replies
11
Views
655
Joe Link
Joe Link
KensonPlays
  • Solved
XF 2.2 "Missing closing `}`" -- When there isn't?
Replies
10
Views
293
KensonPlays
KensonPlays
KensonPlays
  • Solved
MG 2.2 Database Errors with Media Gallery
Replies
5
Views
659
KensonPlays
KensonPlays
Pepelepew
  • Question Question
XF 2.2 InvalidArgumentException: The error value must be a string or an object which can be cast to a string
Replies
1
Views
176
Paul B
Paul B
Top Bottom