Prevent invalid or done IPN from being sent again

diff --git a/wcfsetup/install/files/lib/action/PaypalCallbackAction.class.php b/wcfsetup/install/files/lib/action/PaypalCallbackAction.class.php
index fd194811fed85414a6bd4a2d4d9ac534f9b52b6f..6a09dce837dea4d0f84dc4903d11a05138a1b45a 100644 (file)
--- a/wcfsetup/install/files/lib/action/PaypalCallbackAction.class.php
+++ b/wcfsetup/install/files/lib/action/PaypalCallbackAction.class.php
@@ -43,10 +43,12 @@ class PaypalCallbackAction extends AbstractAction
                 $reply = $request->getReply();
                 $content = $reply['body'];
             } catch (SystemException $e) {
+                @\header('HTTP/1.1 500 Internal Server Error');
                 throw new SystemException('connection to paypal.com failed: ' . $e->getMessage());
             }
 
             if (\strpos($content, "VERIFIED") === false) {
+                @\header('HTTP/1.1 500 Internal Server Error');
                 throw new SystemException('request not validated');
             }
 
@@ -117,7 +119,6 @@ class PaypalCallbackAction extends AbstractAction
 
             $this->executed();
         } catch (SystemException $e) {
-            @\header('HTTP/1.1 500 Internal Server Error');
             echo $e->getMessage();
             $e->getExceptionID(); // log error