Reply
Member
Posts: 4
Registered: ‎04-18-2012

SIM:ALL Platforms:Consecutive Spaces in x_* fields

I posted about a week ago about a problem that showed up sometime between the 2nd and 6th of April.  I just wanted to share what we came across and what our final solution will end up being.  It would appear the core of the problem is in Authorize.Net's site, but we have been unable to contact anyone who can uderstand what is going on well enough to file a proper trouble ticket.  The problem is that when Authorize.net collects x_cust_id and x_invoice_num fields it will transalte anything beyond the first consecutive space to a   in the hidden form field as well as the displayed field.  If a   is passed to them they will translate it one step further to  .  I have not tested to see what if anything occurs if a   is passed.  After a couple weeks of back and forth our final solution was to modify our data before sending and replace spaces with - characters and then again when we load the batch into our system we remove the -s and replace them with spaces (we chose - because it's a relatively safe character that we do not use in the invoice or customer ID fields).  

 

For reference, you can reproduce this problem using the following HTML/JS code.  simply open the page, fill in your test login credentials, update the hash and submit.  Once you have submitted view the source on authorize.net's site (note:  chrome can make it difficult to view the source and tends to display the source from before the post as opposed to the authorize.net site, I don't believe this occurs in IE or firefox).  

 

<html>
	<head>
	<script type="text/javascript" src="http://crypto-js.googlecode.com/files/2.5.3-crypto-md5-hmac.js"></script>
	<script type="text/javascript">
function load()
{
document.forms['signinForm'].elements['x_fp_timestamp'].value = Math.round((new Date()).getTime() / 1000);
document.forms['signinForm'].elements['x_fp_timestampv'].value = document.forms['signinForm'].elements['x_fp_timestamp'].value;
document.forms['signinForm'].elements['x_fp_sequence'].value = Math.floor(Math.random()* 999999999);
document.forms['signinForm'].elements['x_fp_sequencev'].value = document.forms['signinForm'].elements['x_fp_sequence'].value;
document.forms['signinForm'].elements['x_description'].value = document.forms['signinForm'].elements['x_fp_sequence'].value + '-' + document.forms['signinForm'].elements['x_fp_timestamp'].value;
document.forms['signinForm'].elements['x_descriptionv'].value = document.forms['signinForm'].elements['x_description'].value;
updateHash();
}
function updateHash()
{
document.forms['signinForm'].elements['x_fp_hash'].value = Crypto.HMAC(Crypto.MD5, document.forms['signinForm'].elements['x_login'].value + '^' + document.forms['signinForm'].elements['x_fp_sequence'].value + '^' + document.forms['signinForm'].elements['x_fp_timestamp'].value + '^' + document.forms['signinForm'].elements['x_amount'].value + '^', document.forms['signinForm'].elements['TransactionKey'].value);
document.forms['signinForm'].elements['x_fp_hashv'].value = document.forms['signinForm'].elements['x_fp_hash'].value;
alert("Hash Updated");
}
</script>
	</head>
	<body onload="load()">
		<H3><b>Note:  To use this form, fill in a test authorize.net login, transaction key and amount.  Click Update Hash and then submit.  You will be taken to the authorize.net site where you can view source and see the effect on x_cust_id and x_invoice_num.</b></h3>
		<form name="signinForm" method="post" action="https://test.authorize.net/gateway/transact.dll" >
			<input name="x_fp_timestamp" type="hidden" value="1335293026">
			<input name="x_fp_timestampv" disabled="true" type="input" value="1335293026">x_fp_timestamp <br/>
			<input name="x_fp_hash" type="hidden" value="5f06fa49acdcd8199663ade332085f4c">
			<input name="x_fp_hashv" disabled="true" type="input" value="5f06fa49acdcd8199663ade332085f4c">x_fp_hash <br/>
			<input name="x_description" type="hidden" value="test">
			<input name="x_descriptionv" disabled="true" type="input" value="test">x_description <br/>
			<input name="x_type" type="hidden" value="AUTH_CAPTURE">
			<input name="x_typev" disabled="true" type="input" value="AUTH_CAPTURE">x_type <br/>
			<input name="x_show_form" type="hidden" value="PAYMENT_FORM">
			<input name="x_show_formv" disabled="true" type="input" value="PAYMENT_FORM">x_show_form <br/>
			<input name="x_version" type="hidden" value="3.1">
			<input name="x_versionv" disabled="true" type="input" value="3.1">x_version <br/>
			<input name="x_relay_response" type="hidden" value="true">
			<input name="x_relay_responsev" disabled="true" type="input" value="true">x_relay_response <br/>
			<input name="x_test_request" type="hidden" value="TRUE">
			<input name="x_test_requestv" disabled="true" type="input" value="TRUE">x_test_request <br/>
			<input name="x_fp_sequence" type="hidden" value="591">
			<input name="x_fp_sequencev" disabled="true" type="input" value="591">x_fp_sequence <br/>
			<input name="x_login" type="input" value="">x_login <br/>
			<input name="TransactionKey" type = "input" value="">Transaction Key <br/>
			<input name="x_amount" type="input" value="19.99">x_amount <br/>
			<input type="button" value="Update Hash" onClick="load()"><br/>
			<input name="x_method" type="hidden" value="CC">
			<input name="x_methodv" disabled="true" type="input" value="CC">x_method <br/>
			<input name="x_company" type="hidden" value="01">
			<input name="x_companyv" disabled="true" type="input" value="01">x_company <br/>
			<input name="x_cust_id" type="hidden" value="A   000000">
			<input name="x_cust_idv" disabled="true" type="input" value="A   000000">x_cust_id (actual spaces submitted)<br/>
			<input name="x_last_name" type="hidden" value="TEST">
			<input name="x_last_namev" disabled="true" type="input" value="TEST">x_last_name <br/>
			<input name="x_invoice_num" type="hidden" value="A &nbsp;&nbsp;000000">
			<input name="x_invoice_numv" disabled="true" type="input" value="A &nbsp;&nbsp;000000">x_invoice_num (Non-Breaking spaces submitted)<br/>
			<input type="submit">
		</form>
	</body>
</html>