Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Realex: Handle XML response with unescaped ampersand

I fixed this by switching Realex response parsing to Nokogiri,
which is smarter about dealing with malformed XML. I also added
Nokogiri as an explicit dependency, especially since iTransact was
already using it.
  • Loading branch information...
commit 93e78b2df48ee618cf60eaa59210b9a16df38367 1 parent dc1a62f
@ntalbott ntalbott authored
View
1  activemerchant.gemspec
@@ -24,6 +24,7 @@ Gem::Specification.new do |s|
s.add_dependency('builder', '>= 2.0.0')
s.add_dependency('json', '>= 1.5.1')
s.add_dependency('active_utils', '>= 1.0.2')
+ s.add_dependency('nokogiri')
s.add_development_dependency('rake')
s.add_development_dependency('mocha')
View
12 lib/active_merchant/billing/gateways/realex.rb
@@ -1,4 +1,4 @@
-require 'rexml/document'
+require 'nokogiri'
require 'digest/sha1'
module ActiveMerchant
@@ -101,9 +101,8 @@ def commit(request)
def parse(xml)
response = {}
- xml = REXML::Document.new(xml)
- xml.elements.each('//response/*') do |node|
-
+ doc = Nokogiri::XML(xml)
+ doc.xpath('//response/*').each do |node|
if (node.elements.size == 0)
response[node.name.downcase.to_sym] = normalize(node.text)
else
@@ -112,8 +111,7 @@ def parse(xml)
response[name.to_sym] = normalize(childnode.text)
end
end
-
- end unless xml.root.nil?
+ end unless doc.root.nil?
response
end
@@ -312,4 +310,4 @@ def sanitize_order_id(order_id)
end
end
end
-end
+end
View
41 test/unit/gateways/realex_test.rb
@@ -123,6 +123,16 @@ def test_cvv_result
assert_equal 'M', response.cvv_result['code']
end
+ def test_malformed_xml
+ @gateway.expects(:ssl_post).returns(malformed_unsuccessful_purchase_response)
+
+ response = @gateway.purchase(@amount, @credit_card, @options)
+ assert_instance_of Response, response
+ assert_failure response
+ assert_equal '[ test system ] This is not awesome', response.params['message']
+ assert response.test?
+ end
+
def test_capture_xml
@gateway.expects(:new_timestamp).returns('20090824160201')
@@ -360,6 +370,35 @@ def unsuccessful_purchase_response
RESPONSE
end
+ def malformed_unsuccessful_purchase_response
+ <<-RESPONSE
+<response timestamp='20010427043422'>
+ <merchantid>your merchant id</merchantid>
+ <account>account to use</account>
+ <orderid>order id from request</orderid>
+ <authcode>authcode received</authcode>
+ <result>01</result>
+ <message>[ test system ] This is & not awesome</message>
+ <pasref> realex payments reference</pasref>
+ <cvnresult>M</cvnresult>
+ <batchid>batch id for this transaction (if any)</batchid>
+ <cardissuer>
+ <bank>Issuing Bank Name</bank>
+ <country>Issuing Bank Country</country>
+ <countrycode>Issuing Bank Country Code</countrycode>
+ <region>Issuing Bank Region</region>
+ </cardissuer>
+ <tss>
+ <result>89</result>
+ <check id="1000">9</check>
+ <check id="1001">9</check>
+ </tss>
+ <sha1hash>7384ae67....ac7d7d</sha1hash>
+ <md5hash>34e7....a77d</md5hash>
+</response>"
+ RESPONSE
+ end
+
def successful_refund_response
<<-RESPONSE
<response timestamp='20010427043422'>
@@ -410,4 +449,4 @@ def assert_xml_equal_recursive(a, b)
end
a.children.zip(b.children).all?{|a1, b1| assert_xml_equal_recursive(a1, b1)}
end
-end
+end
Please sign in to comment.
Something went wrong with that request. Please try again.