For the last few days every order being paid for by paypal is now staying at the "open status" even when the customer clicks the link to return to the site in Paypal,
Up until three days ago the order status changed to "processed" when the payment was successful..
I have done a few test orders and all are showing as "open"
Has something changed with Paypal that I don't know about.
Or can someone give me some idea where to start looking for the issue.
The issue is that Paypal uses Google API's which now use HTTP/2 headers. In addition to PayPal, Google Recaptcha is also broken on cs-cart.
Cs-cart is making the fix available in the next release of cs-cart but has refused to generate a service pack for the current release or an addon that will apply the fix to older versions of V4 cs-cart.
You can install this free addon that will apply the patch on all sites where the app/Tygh/Http.php file exists. It is a free addon and after you install it once, you should uninstall it and throw it away.
You can install it from the URL or download it to your PC and install it as 'local'. The addon should patch all V4 sites that utilize the Http.php module. It will detect if the fix has already been applied or not ans act accordingly.
The URL is: https://ez-ms.com/pr...p2_fix_v1.0.zip
I find it extremely annoying that cs-cart did not address this issue for all V4 sites by issuing a security patch type of addon release or to notify customers that this issue exists. It impacts Google Recaptcha as well as PayPal. Hence if you use Recaptcha on checkout, your users won't be able to even get to paypal.
Suggest you install the addon to fix the issue and send cs-cart a nasty-gram for not stepping up to the issue.
The same problem occurs when connecting to certain payment gateways. I had the same issue with Sage Payment Solutions and I needed that patch installed by CS-Cart support in order to fix my connection. It was quite annoying to have credit card payments stop working all of a sudden.
The issue seems somewhat random. According to cs-cart (who isn't chiming in on these threads), they do not see it in Russia and Europeans seem to see the paypal and certain other payment providers having issues but not Recaptcha. This leads me to believe that either the Google API's are rolling out by region (Google apps like Recaptcha) and/or that companies are using static versions and will be impacted at a later date when they upgrade their environments.
In any event, you will get stung eventually if you don't apply the patch. For me, I find it really annoying when new customers have to email me because they can't submit a form on my site to initiate contact.
Better to error on the side of safety. Not sure why cs-cart didn't just make the change by removing the '1' from the strpos() versus adding another loop to process HTTP/1 and HTTP/2 in the same fashion.
@johnbol1 My issue was with Sage Payment Solutions (now Paya).