[bop-devel] AuthorizeNet MD5 Check
Ivan Kohler
ivan at sisd.com
Tue Sep 25 14:18:25 PDT 2007
On Tue, Sep 25, 2007 at 01:44:26PM -0700, Bill Moseley wrote:
> On Sun, Sep 23, 2007 at 05:44:43PM -0700, Ivan Kohler wrote:
> > > http://rt.cpan.org/Public/Bug/Display.html?id=15210
> >
> > Yes, it would be nice to get that one taken care of. I'm not sure if
> > either the "silently strip" or "throw error" solutions are really the
> > right thing, and had the time to really think about what needs to be
> > done here. If Authorize.Net can accept some sort of quoting or
> > esacping, that would be ideal, but IIRC that's not possible. :/
>
> The more I look at this problem the more lame Authorize.net (the
> gateway) seems.
>
> The problem is that Authorize.net doesn't escape x_encap_char in
> responses? So if you submitted a name of 'William "Bill" Moseley'
> that the response might include:
>
> 123,345,"some text","William "Bill" Moseley",123
>
> and cause Text::CSV_XS to fail parsing? Amazing.
Yes.
> Looks like you should pick some odd character (tilde?) as the
> delimiter and remove it from imput.
No.
Take a look at the bug report; the submitter makes a good case for *not*
modifying the input. It might not be a priority for me personally, but
I'm convinced enough that we should avoid it if possible.
Ideally, the module should scan the input and pick a delimiter
on-the-fly that isn't contained in the input data. That way the only
case where we would have to throw a fatal error would be the rare case
where the input contained every possible character.
> And set the x_encap_char to the
> empty string (although that might trigger it to use the default
> setting in the Merchant Interface. Ugly to have to pick some
> character that the end-user can't use. Poor implementation.
An empty encap_char works for me, if it works and doens't pull up some
other default as you speculate. Otherwise, same process as picking the
delim_character above.
> Authorize.net is scaring me.
I see you haven't worked with gateways before. Authorize.net is one of
the better ones.
--
_ivan
More information about the bop-devel
mailing list