Have you been using IATS with CiviCRM for a loooong time? If so read this

2015-07-28 15:56
Written by
Eileen - member of the CiviCRM community - view blog guidelines

IATS has been a payment processor extension with CiviCRM for quite a while and has been actively developed & supported. If you are using the IATS extension you can say a quiet thank you to Alan, Karin & Stephen & stop reading.


If, however, you have been using IATS since the dark days before it was an extension and never switched over then it's time to make that change to ensure your site stays secure. Use IATS & need to check? Go to administer -> customise data & screens -> manage extensions and look for IATS. If it says installed - refer to the quiet thank you above (or better yet make a quiet donation to CiviCRM :-).


If not it's time to install the IATS extension https://civicrm.org/extensions/iats-payments - Alan has generously offered to provide support anyone making the transition. You can log an issue on the github repo if you need help - https://github.com/iATSPayments/com.iatspayments.civicrm

How can I tell?

If you have access to run mysql on the database run this - if it returns anything other than 0 you have the old IATS in use.

SELECT count(*) FROM civicrm_payment_processor WHERE is_active = 1 AND class_name = 'Payment_IATS';


What if you can't make the switch?

There is a potential insecurity in the old IATS code. It's likely that it can't be exploited in anyway and that, in fact, no-one at all is using that code anyway, since it's not accessible on a normal install. However, we have decided to remove the insecure code from the next 4.4 & 4.6 releases on the basis we shouldn't ship code that may not be secure.


So, make the switch before you upgrade to the latest LTS or 4.6 release when they come out next week