Details
-
Type:
Bug
-
Status: Done/Fixed
-
Priority:
Critical
-
Resolution: Fixed/Completed
-
Affects Version/s: 3.3.6, 3.4.1
-
Fix Version/s: 3.4.2
-
Component/s: Core CiviCRM
-
Labels:None
Description
Credit cards numbers are stored in the log in (for Drupal) sites/default/files/civicrm/templates_c/en_US/ConfigAndLog/(log file name).log. This happens because the Authorize.net subscription request (from CRM/Core/Payment/AuthorizeNet.php) is logged without the number being scrubbed first. This happens in line 285 for v3.3.3, line 287 for later versions. Problem can be temporarily solved by commenting out the line that reads:
CRM_Core_Error::debug_var( 'Create Subscription Request', $arbXML );
Long-term fix, if that should still be logged, would be to remove the xml node with the credit card info, or to save just the last four there, or something.