https://bugzilla.wikimedia.org/show_bug.cgi?id=26341
Summary: Credit card types no longer accurately checked in
back-end form validation
Product: MediaWiki extensions
Version: any
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: Normal
Component: DonationInterface
AssignedTo: aricha...@wikimedia.org
ReportedBy: aricha...@wikimedia.org
CC: tf...@wikimedia.org
Since the credit card type selection was removed from our credit card forms
(users now just enter in their credit card #s w/o selecting the cc type from a
drop-down), the back-end form validation no longer properly verifies credit
card numbers.
This is resulting in a very high number of failed transactions due to
unsupported credit card types.
Currently, the code in
DonationInterface/payflowpro_gateway/payflowprog_gateway.body.php that is
deprecated and no longer works is:
<code>
// validate that credit card number entered is correct for the brand
switch( $data['card'] ) {
case 'american':
// pattern for Amex
$pattern = '/^3[47][0-9]{13}$/';
// if the pattern doesn't match
if ( !preg_match( $pattern, $data['card_num'] ) ) {
$error_result = '1';
$error['card'] = wfMsg( 'payflowpro_gateway-error-msg-amex'
);
}
break;
case 'mastercard':
// pattern for Mastercard
$pattern = '/^5[1-5][0-9]{14}$/';
// if pattern doesn't match
if ( !preg_match( $pattern, $data['card_num'] ) ) {
$error_result = '1';
$error['card'] = wfMsg( 'payflowpro_gateway-error-msg-mc'
);
}
break;
case 'visa':
// pattern for Visa
$pattern = '/^4[0-9]{12}(?:[0-9]{3})?$/';
// if pattern doesn't match
if ( !preg_match( $pattern, $data['card_num'] ) ) {
$error_result = '1';
$error['card'] = wfMsg( 'payflowpro_gateway-error-msg-visa'
);
}
break;
case 'discover':
// pattern for Discover
$pattern = '/^6(?:011|5[0-9]{2})[0-9]{12}$/';
// if pattern doesn't match
if ( !preg_match( $pattern, $data['card_num'] ) ) {
$error_result = '1';
$error['card'] = wfMsg(
'payflowpro_gateway-error-msg-discover' );
}
break;
} // end switch
</code>
$data['card'] will no longer carry a useful value due to the form changes.
We should probably be detecting the credit card type based on the credit card
BIN and determining card-type validity based off the result.
--
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
