https://bugzilla.wikimedia.org/show_bug.cgi?id=26341
Summary: Credit card types no longer accurately checked in back-end form validation Product: MediaWiki extensions Version: any Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: Normal Component: DonationInterface AssignedTo: aricha...@wikimedia.org ReportedBy: aricha...@wikimedia.org CC: tf...@wikimedia.org Since the credit card type selection was removed from our credit card forms (users now just enter in their credit card #s w/o selecting the cc type from a drop-down), the back-end form validation no longer properly verifies credit card numbers. This is resulting in a very high number of failed transactions due to unsupported credit card types. Currently, the code in DonationInterface/payflowpro_gateway/payflowprog_gateway.body.php that is deprecated and no longer works is: <code> // validate that credit card number entered is correct for the brand switch( $data['card'] ) { case 'american': // pattern for Amex $pattern = '/^3[47][0-9]{13}$/'; // if the pattern doesn't match if ( !preg_match( $pattern, $data['card_num'] ) ) { $error_result = '1'; $error['card'] = wfMsg( 'payflowpro_gateway-error-msg-amex' ); } break; case 'mastercard': // pattern for Mastercard $pattern = '/^5[1-5][0-9]{14}$/'; // if pattern doesn't match if ( !preg_match( $pattern, $data['card_num'] ) ) { $error_result = '1'; $error['card'] = wfMsg( 'payflowpro_gateway-error-msg-mc' ); } break; case 'visa': // pattern for Visa $pattern = '/^4[0-9]{12}(?:[0-9]{3})?$/'; // if pattern doesn't match if ( !preg_match( $pattern, $data['card_num'] ) ) { $error_result = '1'; $error['card'] = wfMsg( 'payflowpro_gateway-error-msg-visa' ); } break; case 'discover': // pattern for Discover $pattern = '/^6(?:011|5[0-9]{2})[0-9]{12}$/'; // if pattern doesn't match if ( !preg_match( $pattern, $data['card_num'] ) ) { $error_result = '1'; $error['card'] = wfMsg( 'payflowpro_gateway-error-msg-discover' ); } break; } // end switch </code> $data['card'] will no longer carry a useful value due to the form changes. We should probably be detecting the credit card type based on the credit card BIN and determining card-type validity based off the result. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l