[bop-devel] Patch for BOP::AuthorizeNet CPAN bug #15210

Ivan Kohler ivan at freeside.biz
Fri Nov 13 11:42:39 PST 2009 

It doesn't seem like a good idea to join all the data into a giant 
string and then search it for each character.

Can you use a hash to store which characters are in the post data 
instead?  Then checking is much more straighforward and doesn't involve 
repeatedly sequentially scanning a large string for each possible 
encapsulation character.

Also, why is the set of characters to check limited?  Is there a reason 
not to try every ASCII character or at least 32-127 ?

-- 
_ivan


On Wed, Nov 11, 2009 at 01:59:51PM -0700, Josh Rosenbaum wrote:
> Attached is a patch for BOP::AuthorizeNet version 3.20 that fixes CPAN 
> bug #15210.
> 
> http://rt.cpan.org/Public/Bug/Display.html?id=15210
> 
> It appears this bug is 4 years old, so I'm surprised no one has sent 
> in this simple patch yet. This is a pretty nasty bug.
> 
> Brief overview of bug: 
> 
> If a double quote was included in any input we previously completely 
> broke down, because we could not parse the return value correctly. So 
> we'd report a failure, however, the transaction could in fact have 
> been successful!
> 
> Fix Method:
> 
> As suggested by Ivan, this fix checks for the encapsulating character 
> in our input. If it exists, we try and grab another encapsulating 
> character. We have a bunch of various character options, but start 
> with the ones given by AuthorizeNet in their example of x_encap_char 
> here:
> 
> http://developer.authorize.net/guides/AIM/Transaction_Response/Transaction_Response.htm
> 
> If we are unable to get a usable encapsulating character we fail out 
> gracefully, without ever having hit the Authorize.Net servers.
> 
> Cheers,
> 
> -- Josh

> --- AIM.pm_3_20	2009-11-11 13:33:02.000000000 -0700
> +++ AIM.pm	2009-11-11 13:33:23.000000000 -0700
> @@ -223,9 +223,33 @@
>        $post_data{'x_Email_Customer'} = 'FALSE';
>      }
>  
> +    my $data_string = join("", values %post_data);
> +
> +    my $encap_character;
> +    # The first set of characters here are recommended by authorize.net in their
> +    #   encapsulating character example.
> +    # The second set we made up hoping they will work if the first fail.
> +    # The third chr(31) is the binary 'unit separator' and is our final last
> +    #   ditch effort to find something not in the input.
> +    foreach my $char( qw( | " ' : ; / \ - * ), qw( # ^ + < > [ ] ~), chr(31) ){
> +      if( index($data_string, $char) == -1 ){ # found one.
> +        $encap_character = $char;
> +        last;
> +      }
> +    }
> +
> +    if(!$encap_character){
> +      $self->is_success(0);
> +      $self->error_message(
> +			   "DEBUG: Input contains all encapsulating characters."
> +			   . " Please remove | or ^ from your input if possible."
> +			  );
> +      return;
> +    }
> +
>      $post_data{'x_ADC_Delim_Data'} = 'TRUE';
>      $post_data{'x_delim_char'} = ',';
> -    $post_data{'x_encap_char'} = '"';
> +    $post_data{'x_encap_char'} = $encap_character;
>      $post_data{'x_ADC_URL'} = 'FALSE';
>      $post_data{'x_Version'} = '3.1';
>  
> @@ -241,7 +265,7 @@
>      #trim 'ip_addr="1.2.3.4"' added by eProcessingNetwork Authorize.Net compat
>      $page =~ s/,ip_addr="[\d\.]+"$//;
>  
> -    my $csv = new Text::CSV_XS({ binary=>1, escape_char=>'' });
> +    my $csv = new Text::CSV_XS({ binary=>1, escape_char=>'', quote_char => $encap_character });
>      $csv->parse($page);
>      my @col = $csv->fields();
>  

> _______________________________________________
> bop-devel mailing list
> bop-devel at 420.am
> http://420.am/cgi-bin/mailman/listinfo/bop-devel

More information about the bop-devel mailing list