From: eileenmcnaugton Date: Sun, 22 Nov 2015 23:56:46 +0000 (+1300) Subject: CRM-17611 do not set dummy trxn_id on declines and do not attempt to validate non... X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=5c6c7e763b39bc065adcb46de6b1e71bfea5a42a;p=civicrm-core.git CRM-17611 do not set dummy trxn_id on declines and do not attempt to validate non-existent trxn_id Conflicts: CRM/Core/Payment/AuthorizeNetIPN.php --- diff --git a/CRM/Core/Payment/AuthorizeNetIPN.php b/CRM/Core/Payment/AuthorizeNetIPN.php index 54d46c1837..3ac7b77042 100644 --- a/CRM/Core/Payment/AuthorizeNetIPN.php +++ b/CRM/Core/Payment/AuthorizeNetIPN.php @@ -231,7 +231,9 @@ class CRM_Core_Payment_AuthorizeNetIPN extends CRM_Core_Payment_BaseIPN { if ($input['trxn_id']) { $input['is_test'] = 0; } - else { + // Only assume trxn_id 'should' have been returned for success. + // Per CRM-17611 it would also not be passed back for a decline. + elseif ($input['response_code'] == 1) { $input['is_test'] = 1; $input['trxn_id'] = md5(uniqid(rand(), TRUE)); } @@ -347,6 +349,10 @@ INNER JOIN civicrm_membership_payment mp ON m.id = mp.membership_id AND mp.contr * @throws CRM_Core_Exception */ public function checkMD5($paymentObject, $input) { + if (empty($input['trxn_id'])) { + // For decline we have nothing to check against. + return; + } if (!$paymentObject->checkMD5($input['MD5_Hash'], $input['trxn_id'], $input['amount'], TRUE)) { $message = "Failure: Security verification failed"; $log = new CRM_Utils_SystemLogger();