From abf9f93dd7502fb7c1aa258156fd0db21eb1112c Mon Sep 17 00:00:00 2001 From: Graham Knop Date: Fri, 7 Mar 2008 19:50:33 +0000 Subject: [PATCH] ensure proper XML for ITransact messages --- docs/changelog/7.x.x.txt | 1 + lib/WebGUI/Commerce/Payment/ITransact.pm | 63 ++++++++++++------------ 2 files changed, 33 insertions(+), 31 deletions(-) diff --git a/docs/changelog/7.x.x.txt b/docs/changelog/7.x.x.txt index 4b21be888..e115eb319 100644 --- a/docs/changelog/7.x.x.txt +++ b/docs/changelog/7.x.x.txt @@ -5,6 +5,7 @@ - new YUI based date picker - fixed: changing image thumbnail size doesn't resize image - fixed: loadAddConfigs loads hidden files + - ensure proper XML encoding for ITransact messages 7.5.5 - fixed: Several typos in the new Calendar help documentation. diff --git a/lib/WebGUI/Commerce/Payment/ITransact.pm b/lib/WebGUI/Commerce/Payment/ITransact.pm index 8a655cad8..1d7826520 100644 --- a/lib/WebGUI/Commerce/Payment/ITransact.pm +++ b/lib/WebGUI/Commerce/Payment/ITransact.pm @@ -30,6 +30,7 @@ use Tie::IxHash; use WebGUI::International; use LWP::UserAgent; use XML::Simple; +use HTML::Entities qw(encode_entities_numeric); use HTTP::Cookies; use WebGUI::SQL; @@ -466,50 +467,50 @@ my %transactionData = %{$self->{_transactionParams}}; $xml = ''. -" +' - $userData{EMAIL} + '.encode_entities_numeric($userData{EMAIL}).' - $userData{STREET} - $userData{FIRSTNAME} - $userData{LASTNAME} - $userData{CITY} - $userData{STATE} - $userData{ZIP} - $userData{COUNTRY} - $userData{PHONE} + '.encode_entities_numeric($userData{STREET}).' + '.encode_entities_numeric($userData{FIRSTNAME}).' + '.encode_entities_numeric($userData{LASTNAME}).' + '.encode_entities_numeric($userData{CITY}).' + '.encode_entities_numeric($userData{STATE}).' + '.encode_entities_numeric($userData{ZIP}).' + '.encode_entities_numeric($userData{COUNTRY}).' + '.encode_entities_numeric($userData{PHONE}).' - $cardData{ACCT} - $cardData{EXPMONTH} - $cardData{EXPYEAR}\n"; + '.encode_entities_numeric($cardData{ACCT}).' + '.encode_entities_numeric($cardData{EXPMONTH}).' + '.encode_entities_numeric($cardData{EXPYEAR})."\n"; - $xml .= "$cardData{CVV2}\n" if $self->get('useCVV2'); + $xml .= ''.encode_entities_numeric($cardData{CVV2})."\n" if $self->get('useCVV2'); # 1 $xml .= " - ".$self->get('vendorId')." - ".$self->get('password')." - ".$self->session->setting->get("companyURL")."\n"; + ".encode_entities_numeric($self->get('vendorId'))." + ".encode_entities_numeric($self->get('password'))." + ".encode_entities_numeric($self->session->setting->get("companyURL"))."\n"; if ($self->{_recurring}) { $xml .= -" - $transactionData{RECIPE} - $transactionData{TERM} - $transactionData{AMT} - $transactionData{DESCRIPTION} +' + '.encode_entities_numeric($transactionData{RECIPE}).' + '.encode_entities_numeric($transactionData{TERM}).' + '.encode_entities_numeric($transactionData{AMT}).' + '.encode_entities_numeric($transactionData{DESCRIPTION})." \n"; }; $xml .= -" - ".$self->get('emailMessage')." - ID: $transactionData{ORGID} +' + '.encode_entities_numeric($self->get('emailMessage')).' + ID: '.encode_entities_numeric($transactionData{ORGID})." \n"; @@ -523,18 +524,18 @@ my %transactionData = %{$self->{_transactionParams}}; $data =~ tr/A-Za-z0-9 //dc; my $itemPrice = $_->{amount} / $_->{quantity}; $xml .= -" - ".$data." - ".sprintf('%.2f', $itemPrice)." - ".$_->{quantity}." +' + '.encode_entities_numeric($data).' + '.encode_entities_numeric(sprintf('%.2f', $itemPrice)).' + '.encode_entities_numeric($_->{quantity})." \n"; } if ($self->{_shipping}->{cost}) { $xml .= " - Shipping cost. ".$self->{_shipping}->{description}." - ".sprintf('%.2f', $self->{_shipping}->{cost})." + Shipping cost. ".encode_entities_numeric($self->{_shipping}->{description})." + ".encode_entities_numeric(sprintf('%.2f', $self->{_shipping}->{cost}))." 1 \n"; };