From: kmsluder at optonline dot net
Operating system: Red Hat Linux 8/ 2.2 Kernel
PHP version: 4.3.2
PHP Bug Type: Verisign Payflow Pro related
Bug description: PayFlow Pro requires explicit putenv()
Description:
------------
When using the PayFlow Pro extension on Linux (PHP compiled as Apache2
module), one must explicitly set the PFPRO_CERT_PATH environment variable
using a putenv() call prior to calling pfpro_init(), else the extension
will attempt to look in the certs/ subfolder of the working directory.
This occurs even if the PFPRO_CERT_PATH variable has been set by Apache
via a SetEnv directive, or if the environment variable has been added
through the shell.
This requires either placing certificates in the certs/ subfolder of where
PHP scripts are stored (obviously not a good idea), or specifically adding
PFPRO_ to the list of safe mode allowed environment variables.
Reproduce code:
---------------
<?php
// File name: /usr/local/apache/htdocs/test_pfpro.php
// Echo the value of PFPRO_CERT_PATH, just to prove its existence
echo 'The value of PFPRO_CERT_PATH is: ' . getenv('PFPRO_CERT_PATH');
// Removing this line will cause pfpro to look
// in /usr/local/apache/htdocs/certs for the certificate file
putenv('PFPRO_CERT_PATH=/usr/local/verisign/payflowpro/linux/certs');
// The rest of this code is taken from the documentation for
pfpro_process()
pfpro_init();
$transaction = array('USER' => 'mylogin',
'PWD' => 'mypassword',
'PARTNER' => 'VeriSign',
'TRXTYPE' => 'S',
'TENDER' => 'C',
'AMT' => 1.50,
'ACCT' => '4111111111111111',
'EXPDATE' => '0904'
);
$response = pfpro_process($transaction);
if (!$response) {
die("Couldn't establish link to Verisign.\n");
}
echo "Verisign response code was ".$response['RESULT'];
echo ", which means: ".$response['RESPMSG']."\n";
pfpro_cleanup();
?>
Expected result:
----------------
The value of PFPRO_CERT_PATH is:
/usr/local/verisign/payflowpro/linux/certs
Verisign response code was 0, which means: Approved
Actual result:
--------------
The value of PFPRO_CERT_PATH is:
/usr/local/verisign/payflowpro/linux/certs
Verisign response code was -31, which means: Certficate chain did not
validate; Local certificate not found
--
Edit bug report at http://bugs.php.net/?id=25349&edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=25349&r=trysnapshot4
Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=25349&r=trysnapshot5
Fixed in CVS: http://bugs.php.net/fix.php?id=25349&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=25349&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=25349&r=needtrace
Try newer version: http://bugs.php.net/fix.php?id=25349&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=25349&r=support
Expected behavior: http://bugs.php.net/fix.php?id=25349&r=notwrong
Not enough info: http://bugs.php.net/fix.php?id=25349&r=notenoughinfo
Submitted twice: http://bugs.php.net/fix.php?id=25349&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=25349&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=25349&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=25349&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=25349&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=25349&r=gnused
