CRM-17611 do not set dummy trxn_id on declines and do not attempt to validate non...

author eileenmcnaugton <eileen@fuzion.co.nz>

Sun, 22 Nov 2015 23:56:46 +0000 (12:56 +1300)

committer eileenmcnaugton <eileen@fuzion.co.nz>

Tue, 1 Dec 2015 07:26:34 +0000 (20:26 +1300)
author eileenmcnaugton <eileen@fuzion.co.nz>
Sun, 22 Nov 2015 23:56:46 +0000 (12:56 +1300)
committer eileenmcnaugton <eileen@fuzion.co.nz>
Tue, 1 Dec 2015 07:26:34 +0000 (20:26 +1300)
diff --git a/CRM/Core/Payment/AuthorizeNetIPN.php b/CRM/Core/Payment/AuthorizeNetIPN.php

index 54d46c1837aa7ef558bad67af04ad9bd5d548024..3ac7b77042d5ef1266cfdd24ce874088a219ad7b 100644 (file)
--- a/CRM/Core/Payment/AuthorizeNetIPN.php
+++ b/CRM/Core/Payment/AuthorizeNetIPN.php
@@ -231,7 +231,9 @@ class CRM_Core_Payment_AuthorizeNetIPN extends CRM_Core_Payment_BaseIPN {
      if ($input['trxn_id']) {
        $input['is_test'] = 0;
      }
-    else {
+    // Only assume trxn_id 'should' have been returned for success.
+    // Per CRM-17611 it would also not be passed back for a decline.
+    elseif ($input['response_code'] == 1) {
        $input['is_test'] = 1;
        $input['trxn_id'] = md5(uniqid(rand(), TRUE));
      }
@@ -347,6 +349,10 @@ INNER JOIN civicrm_membership_payment mp ON m.id = mp.membership_id AND mp.contr
     * @throws CRM_Core_Exception
     */
    public function checkMD5($paymentObject, $input) {
+    if (empty($input['trxn_id'])) {
+      // For decline we have nothing to check against.
+      return;
+    }
      if (!$paymentObject->checkMD5($input['MD5_Hash'], $input['trxn_id'], $input['amount'], TRUE)) {
        $message = "Failure: Security verification failed";
        $log = new CRM_Utils_SystemLogger();
author	eileenmcnaugton <eileen@fuzion.co.nz>
	Sun, 22 Nov 2015 23:56:46 +0000 (12:56 +1300)
committer	eileenmcnaugton <eileen@fuzion.co.nz>
	Tue, 1 Dec 2015 07:26:34 +0000 (20:26 +1300)