woocommerce authorize.net payment gateway bug found in woocommerce-gateway-authorize-net-aim/classes

class-wc-gateway-authorize-net.php

<?php
	function process_payment( $order_id ) {
		global $woocommerce;

		$order = new WC_Order( $order_id );

		// the meta for order_tax isn't available yet because of meta caching in wordpress, pull tax from cart tax_total
		$order_tax = $order->order_tax ? $order->order_tax : WC()->cart->tax_total;

		$testmode = ($this->testmode == 'yes') ? 'TRUE' : 'FALSE';

		try {

		// ************************************************
		// Create request

			$authnet_request = array (
				"x_tran_key" 		=> $this->transkey,
				"x_login" 			=> $this->apilogin,
				"x_amount" 			=> $order->order_total,
				"x_card_num" 		=> $_POST['ccnum'],
				"x_card_code" 		=> (isset($_POST['cvv'])) ? $_POST['cvv'] : '',
				"x_exp_date" 		=> $_POST['expmonth'] . "-" . $_POST['expyear'],
				"x_type" 			=> $this->salemethod,
				"x_version" 		=> "3.1",
				"x_delim_data" 		=> "TRUE",
				"x_relay_response" 	=> "FALSE",
				"x_method" 			=> "CC",
				"x_first_name" 		=> $order->billing_first_name,
				"x_last_name" 		=> $order->billing_last_name,
				"x_address" 		=> $order->billing_address_1,
				"x_city" 			=> $order->billing_city,
				"x_state" 			=> $order->billing_state,
				"x_zip" 			=> $order->billing_postcode,
				"x_country" 		=> $order->billing_country,
				"x_phone" 			=> $order->billing_phone,
				"x_email"			=> $order->billing_email,
				"x_ship_to_first_name" => $order->shipping_first_name,
				"x_ship_to_last_name" => $order->shipping_last_name,
				"x_ship_to_company"	=> $order->shipping_company,
				"x_ship_to_address" => $order->shipping_address_1,
				"x_ship_to_city"	=> $order->shipping_city,
 				"x_ship_to_country" => $order->shipping_country,
				"x_ship_to_state"	=> $order->shipping_state,
				"x_ship_to_zip"		=> $order->shipping_postcode,
				"x_cust_id" 		=> $order->user_id,
				"x_customer_ip" 	=> $_SERVER['REMOTE_ADDR'],
				"x_invoice_num" 	=> ltrim( $order->get_order_number(), _x( '#', 'hash before order number', 'woocommerce' ) ),
				"x_test_request" 	=> $testmode,
				"x_delim_char" 		=> '|',
				"x_encap_char" 		=> '',
			);
			
			// only if there is tax should we add it to this data, then make sure it's only 2 decimal places
			if( $order_tax ){
				$authnet_request['x_tax'] = "Order Tax<|>Order Tax<|>". round( $order_tax, 2 );
			}

			// Don't send card details in the debug email
			$authnet_debug_request = $authnet_request;
			$authnet_debug_request['x_card_num'] = "XXXX";
			$authnet_debug_request['x_card_code'] = "XXXX";
			$authnet_debug_request['x_exp_date'] = "XXXX";

			$this->send_debugging_email( "URL: " . $this->gatewayurl . "\n\nSENDING REQUEST:" . print_r($authnet_debug_request,true));

		// ************************************************
		// Send request
			$post = '';
			foreach($authnet_request AS $key => $val){
				$post .= urlencode($key) . "=" . urlencode($val) . "&";
			}
			$post = substr($post, 0, -1);

			$response = wp_remote_post( $this->gatewayurl, array(
   				'method'		=> 'POST',
    			'body' 			=> $post,
    			'timeout' 		=> 70,
    			'sslverify' 	=> false
			));

			if ( is_wp_error($response) ) throw new Exception(__('There was a problem connecting to the payment gateway.', 'woothemes'));

			if( empty($response['body']) ) throw new Exception(__('Empty Authorize.net response.', 'woothemes'));

			$content = $response['body'];

			// prep response
			foreach ( preg_split("/\r?\n/", $content) as $line ) {
				if (preg_match("/^1|2|3\|/", $line)) {
					$data = explode("|", $line);
				}
			}

			// store response
			$response['response_code'] = $data[0];
			$response['response_sub_code'] = $data[1];
			$response['response_reason_code'] = $data[2];
			$response['response_reason_text'] = $data[3];
			$response['approval_code'] = $data[4];
			$response['avs_code'] = $data[5];
			$response['transaction_id'] = $data[6];
			$response['invoice_number_echo'] = $data[7];
			$response['description_echo'] = $data[8];
			$response['amount_echo'] = $data[9];
			$response['method_echo'] = $data[10];
			$response['transaction_type_echo'] = $data[11];
			$response['customer_id_echo'] = $data[12];
			$response['first_name_echo'] = $data[13];
			$response['last_name_echo'] = $data[14];
			$response['company_echo'] = $data[15];
			$response['billing_address_echo'] = $data[16];
			$response['city_echo'] = $data[17];
			$response['state_echo'] = $data[18];
			$response['zip_echo'] = $data[19];
			$response['country_echo'] = $data[20];
			$response['phone_echo'] = $data[21];
			$response['fax_echo'] = $data[22];
			$response['email_echo'] = $data[23];
			$response['ship_first_name_echo'] = $data[24];
			$response['ship_last_name_echo'] = $data[25];
			$response['ship_company_echo'] = $data[26];
			$response['ship_billing_address_echo'] = $data[27];
			$response['ship_city_echo'] = $data[28];
			$response['ship_state_echo'] = $data[29];
			$response['ship_zip_echo'] = $data[30];
			$response['ship_country_echo'] = $data[31];
			$response['tax_echo'] = $data[32];
			$response['duty_echo'] = $data[33];
			$response['freight_echo'] = $data[34];
			$response['tax_exempt_echo'] = $data[35];
			$response['po_number_echo'] = $data[36];

			$response['md5_hash'] = $data[37];
			$response['cvv_response_code'] = $data[38];
			$response['cavv_response_code'] = $data[39];

			$this->send_debugging_email( "RESPONSE RAW: " . $content . "\n\nRESPONSE:" . print_r($response,true));

		// ************************************************
		// Retreive response

			if (($response['response_code'] == 1) || ($response['response_code'] == 4)) {
				// Successful payment

				$order->add_order_note( __('Authorize.net payment completed', 'woocommerce') . ' (Response Code: ' . $response['response_code'] . ')' );
				$order->payment_complete();

				$woocommerce->cart->empty_cart();

				// Empty awaiting payment session
				if ( preg_match('/1\.[0-9]*\.[0-9]*/', WOOCOMMERCE_VERSION )){
					unset($_SESSION['order_awaiting_payment']);
				} else {
					unset( $woocommerce->session->order_awaiting_payment );
				}

				// Return thank you redirect
				#$redirect = add_query_arg('key', $order->order_key, add_query_arg('order', $order_id, get_permalink(get_option('woocommerce_thanks_page_id'))));
				$order_received_endpoint = get_option( 'woocommerce_checkout_order_received_endpoint' );
				$redirect = add_query_arg( array(
						'key' => $order->order_key,
						'order' => $order_id
					), get_permalink( get_option('woocommerce_checkout_page_id') ) . $order_received_endpoint
				);
				return array(
					'result' 	=> 'success',
					'redirect'	=> $redirect
				);

			} else {

				$this->send_debugging_email( "AUTHORIZE.NET ERROR:\nresponse_code:" . $response['response_code'] . "\nresponse_reasib_text:" .$response['response_reason_text'] );

				$cancelNote = __('Authorize.net payment failed', 'woocommerce') . ' (Response Code: ' . $response['response_code'] . '). ' . __('Payment wast rejected due to an error', 'woocommerce') . ': "' . $response['response_reason_text'] . '". ';

				$order->add_order_note( $cancelNote );

				#$woocommerce->add_error(__('Payment error', 'woocommerce') . ': ' . $response['response_reason_text'] . '');
				wc_add_notice( __('Payment error', 'woocommerce') . ': ' . $response['response_reason_text'], 'error' );

			}

		} catch(Exception $e) {
			$woocommerce->add_error(__('Connection error:', 'woothemes') . ': "' . $e->getMessage() . '"');
			return;
		}

	}