Robustness fixes (PayPal encoding and bad request handling) #9

Merged
merged 4 commits into from Mar 6, 2013

Conversation

Projects
None yet
2 participants

First issue was that we get a 500 error if it's not an IPN request, so I solved this by sending a HttpResponseBadRequest.

The big issue was the encoding of the form data - if PayPal sent you weird characters (which Django pulls into unicode strings), the code fell over because urllib.urlencode doesn't support that (url data is bytes). First try was I used Django's urlencode function which automatically encodes into UTF-8, however this required the PayPal account holder to change their settings (bad, especially if you don't control the account - it's a clients), so I looked at the POST and it turns out there's a 'charset' field.

If one sets request.encoding to request.POST['charset'], it picks it up properly. You can then encode the form data as per this, too.

radiosilence added some commits Mar 6, 2013

@radiosilence radiosilence Handling bad request properly. a134ae2
@radiosilence radiosilence Not using poor quality URL encode. 074e76f
@radiosilence radiosilence More robust error handling. a28544c
@radiosilence radiosilence Encode IPN data based on request from PayPal, otherwise
IPN will not work/there will be an encoding error. This
is better than simply encoding as UTF-8 as what the
data needs to be encoded as depends on the account settings.

We also have to set encoding on the request object in order
for Django to pick up that the encoding is whatever it is
as opposed to assuming it's UTF-8.
be5d477
Owner

emesik commented Mar 6, 2013

Thanks a lot!
Man, I had no idea that PayPal sends the charset information. I cursed at them so much for having the win-1250 encoding by default! :D

@emesik emesik added a commit that referenced this pull request Mar 6, 2013

@emesik emesik Merge pull request #9 from DjangoAdminHackers/master
Robustness fixes (PayPal encoding and bad request handling)
30bb9cc

@emesik emesik merged commit 30bb9cc into emesik:master Mar 6, 2013

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment