Purge data on cc fail

eileenmcnaughton · eileenmcnaughton · commit 55e6aca34985 · 2017-03-07T23:41:47.000+13:00
diff --git a/CRM/Core/Payment/OmnipayMultiProcessor.php b/CRM/Core/Payment/OmnipayMultiProcessor.php
@@ -908,18 +908,24 @@ public function doPreApproval(&$params) {
             }
           }
         }
+        $this->gateway = NULL;
         unset($params['credit_card_number']);
         unset($params['cvv2']);
         return array(
           'pre_approval_parameters' => array('token' => $response->getTransactionReference())
         );
       }
       else {
+        $this->purgeSensitiveDataFromSession();
+        unset($params['credit_card_number']);
+        unset($params['cvv2']);
         return $this->handleError('alert', 'failed processor transaction ' . $this->_paymentProcessor['payment_processor_type'], (array) $response, 9001, $response->getMessage());
       }
-    } catch (\Exception $e) {
+    }
+    catch (\Exception $e) {
+      $this->purgeSensitiveDataFromSession();
       // internal error, log exception and display a generic message to the customer
-      return $this->handleError('error', 'unknown processor error ' . $this->_paymentProcessor['payment_processor_type'], array($e->getCode() => $e->getMessage()), $e->getCode(), 'Sorry, there was an error processing your payment. Please try again later.');
+      $this->handleError('error', 'unknown processor error ' . $this->_paymentProcessor['payment_processor_type'], array($e->getCode() => $e->getMessage()), $e->getCode(), 'Sorry, there was an error processing your payment. Please try again later.');
     }
   }
 
@@ -981,5 +987,32 @@ private function createGateway($id) {
     $this->setProcessorFields();
   }
 
+  /**
+   * Remove sensitive data from the session before it is stored.
+   *
+   * @return array
+   */
+  protected function purgeSensitiveDataFromSession() {
+    foreach ($_SESSION as &$key) {
+      if (isset($key['values']) && is_array($key['values'])) {
+        foreach ($key['values'] as &$values) {
+          foreach (array(
+                     'credit_card_number',
+                     'cvv2',
+                     'credit_cate_type'
+                   ) as $fieldName) {
+            if (!empty($values[$fieldName])) {
+              $values[$fieldName] = '';
+            }
+          }
+          if (isset($values['credit_card_exp_date'])) {
+            $values['credit_card_exp_date'] = array('M' => '', 'Y' => '');
+          }
+        }
+      }
+    }
+    return array($key, $values);
+  }
+
 }
 
diff --git a/CRM/Core/Payment/PaymentExtended.php b/CRM/Core/Payment/PaymentExtended.php
@@ -277,9 +277,6 @@ protected function handleError($level, $message, $context, $errorCode = 9001, $u
     $this->gateway = NULL;
     $log = new CRM_Utils_SystemLogger();
     $log->log($level, $message, (array) $context);
-
-    $userMessage = $userMessage ? $userMessage : $message;
-    CRM_Core_Session::setStatus($userMessage);
     throw new \Civi\Payment\Exception\PaymentProcessorException($userMessage);
   }
 

Original file line number	Diff line number	Diff line change
`@@ -277,9 +277,6 @@ protected function handleError($level, $message, $context, $errorCode = 9001, $u`
`277`	`277`	`$this->gateway = NULL;`
`278`	`278`	`$log = new CRM_Utils_SystemLogger();`
`279`	`279`	`$log->log($level, $message, (array) $context);`
`280`		`-`
`281`		`- $userMessage = $userMessage ? $userMessage : $message;`
`282`		`- CRM_Core_Session::setStatus($userMessage);`
`283`	`280`	`throw new \Civi\Payment\Exception\PaymentProcessorException($userMessage);`
`284`	`281`	`}`
`285`	`282`