Details
-
Type: Bug
-
Status: Done/Fixed
-
Priority: Major
-
Resolution: Fixed/Completed
-
Affects Version/s: 4.2.0
-
Fix Version/s: 4.2.1
-
Component/s: CiviContribute
-
Labels:None
Description
Function doRecurPayment in /CRM/Core/Payment/AuthorizeNet.php compiles variable $arbXML and submits it to Authorize.net.
However, if any of the constituent elements of $arbXML happen to have an illegal XML character, such as ampersand or < > " ' there seems to be no code in place to escape the illegal characters.
The result is the transaction fails with E00003 Message: An error occurred while parsing EntityName.
A separate bug (I'll submit another issue) means that the error returned from authorize.net's recurring payment server is never shown on the screen or passed to watchdog, so the end result is that if there is & < > " or ' in any field passed through the XML file to authorize.net, the transaction fails silently with no error message or warning whatsoever.
$arbXML compiles the payor's name, address, city, state, zip, etc, as well as some other info such as the name of the contribution page. So if any of these fields happens to have & < > " or ' the result is that the transaction will fail silently and mysteriously.
In my case, I happened to use an ampersand in the name of the contribution page, which resulted in all recurring transactions failing silently.
Related: AuthorizeNet.php seems to assemble several different pieces of XML code in this same way, from data the users have submitted, without escaping possible illegal characters. Maybe this explains some of the mysterious and silent authorize.net failures that people have reported here & there.