magento
diff --git a/‎app/code/Magento/Authorizenet/Model/Authorizenet.php
Lines changed: 49 additions & 17 deletions b/‎app/code/Magento/Authorizenet/Model/Authorizenet.php
Lines changed: 49 additions & 17 deletions
diff --git a/‎app/code/Magento/Authorizenet/Model/Directpost.php
Lines changed: 34 additions & 26 deletions b/‎app/code/Magento/Authorizenet/Model/Directpost.php
Lines changed: 34 additions & 26 deletions
diff --git a/‎app/code/Magento/Backend/Block/Widget/Grid.php
Lines changed: 1 addition & 1 deletion b/‎app/code/Magento/Backend/Block/Widget/Grid.php
Lines changed: 1 addition & 1 deletion
diff --git a/‎app/code/Magento/Backend/Block/Widget/Grid/Column/Filter/AbstractFilter.php
Lines changed: 3 additions & 3 deletions b/‎app/code/Magento/Backend/Block/Widget/Grid/Column/Filter/AbstractFilter.php
Lines changed: 3 additions & 3 deletions
diff --git a/‎app/code/Magento/Backend/Test/Unit/Block/Widget/Grid/Column/Filter/TextTest.php
Lines changed: 68 additions & 0 deletions b/‎app/code/Magento/Backend/Test/Unit/Block/Widget/Grid/Column/Filter/TextTest.php
Lines changed: 68 additions & 0 deletions
@@ -5,6 +5,8 @@
  */
 namespace Magento\Authorizenet\Model;
 
+use Magento\Payment\Model\Method\Logger;
+
 /**
  * @SuppressWarnings(PHPMD.TooManyFields)
  * @SuppressWarnings(PHPMD.ExcessiveClassComplexity)
@@ -54,6 +56,8 @@ abstract class Authorizenet extends \Magento\Payment\Model\Method\Cc
 
     const RESPONSE_REASON_CODE_PENDING_REVIEW_DECLINED = 254;
 
+    const PAYMENT_UPDATE_STATUS_CODE_SUCCESS = 'Ok';
+
     /**
      * Transaction fraud state key
      */
@@ -95,6 +99,11 @@ abstract class Authorizenet extends \Magento\Payment\Model\Method\Cc
      */
     protected $transactionDetails = [];
 
+    /**
+     * {@inheritdoc}
+     */
+    protected $_debugReplacePrivateDataKeys = ['merchantAuthentication', 'x_login'];
+
     /**
      * @param \Magento\Framework\Model\Context $context
      * @param \Magento\Framework\Registry $registry
@@ -364,11 +373,11 @@ protected function buildRequest(\Magento\Framework\DataObject $payment)
      */
     protected function postRequest(\Magento\Authorizenet\Model\Request $request)
     {
-        $debugData = ['request' => $request->getData()];
         $result = $this->responseFactory->create();
         $client = new \Magento\Framework\HTTP\ZendClient();
-        $uri = $this->getConfigData('cgi_url');
-        $client->setUri($uri ? $uri : self::CGI_URL);
+        $url = $this->getConfigData('cgi_url') ?: self::CGI_URL;
+        $debugData = ['url' => $url, 'request' => $request->getData()];
+        $client->setUri($url);
         $client->setConfig(['maxredirects' => 0, 'timeout' => 30]);
 
         foreach ($request->getData() as $key => $value) {
@@ -381,21 +390,21 @@ protected function postRequest(\Magento\Authorizenet\Model\Request $request)
 
         try {
             $response = $client->request();
+            $responseBody = $response->getBody();
+            $debugData['response'] = $responseBody;
         } catch (\Exception $e) {
             $result->setXResponseCode(-1)
                 ->setXResponseReasonCode($e->getCode())
                 ->setXResponseReasonText($e->getMessage());
 
-            $debugData['result'] = $result->getData();
-            $this->_debug($debugData);
             throw new \Magento\Framework\Exception\LocalizedException(
                 $this->dataHelper->wrapGatewayError($e->getMessage())
             );
+        } finally {
+            $this->_debug($debugData);
         }
 
-        $responseBody = $response->getBody();
         $r = explode(self::RESPONSE_DELIM_CHAR, $responseBody);
-
         if ($r) {
             $result->setXResponseCode((int)str_replace('"', '', $r[0]))
                 ->setXResponseReasonCode((int)str_replace('"', '', $r[2]))
@@ -413,10 +422,6 @@ protected function postRequest(\Magento\Authorizenet\Model\Request $request)
                 __('Something went wrong in the payment gateway.')
             );
         }
-
-        $debugData['result'] = $result->getData();
-        $this->_debug($debugData);
-
         return $result;
     }
 
@@ -473,24 +478,35 @@ protected function loadTransactionDetails($transactionId)
         );
 
         $client = new \Magento\Framework\HTTP\ZendClient();
-        $uri = $this->getConfigData('cgi_url_td');
-        $client->setUri($uri ? $uri : self::CGI_URL_TD);
+        $url = $this->getConfigData('cgi_url_td') ?: self::CGI_URL_TD;
+        $client->setUri($url);
         $client->setConfig(['timeout' => 45]);
         $client->setHeaders(['Content-Type: text/xml']);
         $client->setMethod(\Zend_Http_Client::POST);
         $client->setRawData($requestBody);
 
-        $debugData = ['request' => $requestBody];
+        $debugData = ['url' => $url, 'request' => $this->removePrivateDataFromXml($requestBody)];
 
         try {
             $responseBody = $client->request()->getBody();
-            $debugData['result'] = $responseBody;
-            $this->_debug($debugData);
+            $debugData['response'] = $responseBody;
             libxml_use_internal_errors(true);
             $responseXmlDocument = new \Magento\Framework\Simplexml\Element($responseBody);
             libxml_use_internal_errors(false);
         } catch (\Exception $e) {
-            throw new \Magento\Framework\Exception\LocalizedException(__('Payment updating error.'));
+            throw new \Magento\Framework\Exception\LocalizedException(
+                __('Unable to get transaction details. Try again later.')
+            );
+        } finally {
+            $this->_debug($debugData);
+        }
+
+        if (!isset($responseXmlDocument->messages->resultCode)
+            || $responseXmlDocument->messages->resultCode != static::PAYMENT_UPDATE_STATUS_CODE_SUCCESS
+        ) {
+            throw new \Magento\Framework\Exception\LocalizedException(
+                __('Unable to get transaction details. Try again later.')
+            );
         }
 
         $this->transactionDetails[$transactionId] = $responseXmlDocument;
@@ -509,4 +525,20 @@ protected function getTransactionDetails($transactionId)
             ? $this->transactionDetails[$transactionId]
             : $this->loadTransactionDetails($transactionId);
     }
+
+    /**
+     * Remove nodes with private data from XML string
+     *
+     * Uses values from $_debugReplacePrivateDataKeys property
+     *
+     * @param string $xml
+     * @return string
+     */
+    protected function removePrivateDataFromXml($xml)
+    {
+        foreach ($this->getDebugReplacePrivateDataKeys() as $key) {
+            $xml = preg_replace(sprintf('~(?<=<%s>).*?(?=</%s>)~', $key, $key), Logger::DEBUG_KEYS_MASK, $xml);
+        }
+        return $xml;
+    }
 }
@@ -726,17 +726,21 @@ protected function processOrder(\Magento\Sales\Model\Order $order)
      */
     protected function processPaymentFraudStatus(\Magento\Sales\Model\Order\Payment $payment)
     {
-        $fraudDetailsResponse = $payment->getMethodInstance()
-            ->fetchTransactionFraudDetails($this->getResponse()->getXTransId());
-        $fraudData = $fraudDetailsResponse->getData();
+        try {
+            $fraudDetailsResponse = $payment->getMethodInstance()
+                ->fetchTransactionFraudDetails($this->getResponse()->getXTransId());
+            $fraudData = $fraudDetailsResponse->getData();
 
-        if (empty($fraudData)) {
-            $payment->setIsFraudDetected(false);
-            return $this;
-        }
+            if (empty($fraudData)) {
+                $payment->setIsFraudDetected(false);
+                return $this;
+            }
 
-        $payment->setIsFraudDetected(true);
-        $payment->setAdditionalInformation('fraud_details', $fraudData);
+            $payment->setIsFraudDetected(true);
+            $payment->setAdditionalInformation('fraud_details', $fraudData);
+        } catch (\Exception $e) {
+            //this request is optional
+        }
 
         return $this;
     }
@@ -749,23 +753,27 @@ protected function processPaymentFraudStatus(\Magento\Sales\Model\Order\Payment
      */
     protected function addStatusComment(\Magento\Sales\Model\Order\Payment $payment)
     {
-        $transactionId = $this->getResponse()->getXTransId();
-        $data = $payment->getMethodInstance()->getTransactionDetails($transactionId);
-        $transactionStatus = (string)$data->transaction->transactionStatus;
-        $fdsFilterAction = (string)$data->transaction->FDSFilterAction;
-
-        if ($payment->getIsTransactionPending()) {
-            $message = 'Amount of %1 is pending approval on the gateway.<br/>'
-                . 'Transaction "%2" status is "%3".<br/>'
-                . 'Transaction FDS Filter Action is "%4"';
-            $message = __(
-                $message,
-                $payment->getOrder()->getBaseCurrency()->formatTxt($this->getResponse()->getXAmount()),
-                $transactionId,
-                $this->dataHelper->getTransactionStatusLabel($transactionStatus),
-                $this->dataHelper->getFdsFilterActionLabel($fdsFilterAction)
-            );
-            $payment->getOrder()->addStatusHistoryComment($message);
+        try {
+            $transactionId = $this->getResponse()->getXTransId();
+            $data = $payment->getMethodInstance()->getTransactionDetails($transactionId);
+            $transactionStatus = (string)$data->transaction->transactionStatus;
+            $fdsFilterAction = (string)$data->transaction->FDSFilterAction;
+
+            if ($payment->getIsTransactionPending()) {
+                $message = 'Amount of %1 is pending approval on the gateway.<br/>'
+                    . 'Transaction "%2" status is "%3".<br/>'
+                    . 'Transaction FDS Filter Action is "%4"';
+                $message = __(
+                    $message,
+                    $payment->getOrder()->getBaseCurrency()->formatTxt($this->getResponse()->getXAmount()),
+                    $transactionId,
+                    $this->dataHelper->getTransactionStatusLabel($transactionStatus),
+                    $this->dataHelper->getFdsFilterActionLabel($fdsFilterAction)
+                );
+                $payment->getOrder()->addStatusHistoryComment($message);
+            }
+        } catch (\Exception $e) {
+            //this request is optional
         }
         return $this;
     }
 
@@ -760,7 +760,7 @@ public function setSaveParametersInSession($flag)
      */
     public function getJsObjectName()
     {
-        return $this->getId() . 'JsObject';
+        return preg_replace("~[^a-z0-9_]*~i", '', $this->getId()) . 'JsObject';
     }
 
     /**
 
@@ -67,7 +67,7 @@ public function getColumn()
      */
     protected function _getHtmlName()
     {
-        return $this->getColumn()->getId();
+        return $this->escapeHtml($this->getColumn()->getId());
     }
 
     /**
@@ -77,7 +77,7 @@ protected function _getHtmlName()
      */
     protected function _getHtmlId()
     {
-        return $this->getColumn()->getHtmlId();
+        return $this->escapeHtml($this->getColumn()->getHtmlId());
     }
 
     /**
@@ -88,7 +88,7 @@ protected function _getHtmlId()
      */
     public function getEscapedValue($index = null)
     {
-        return htmlspecialchars((string)$this->getValue($index));
+        return $this->escapeHtml((string)$this->getValue($index));
     }
 
     /**
 
@@ -0,0 +1,68 @@
+<?php
+/**
+ * Copyright © 2015 Magento. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+namespace Magento\Backend\Test\Unit\Block\Widget\Grid\Column\Filter;
+
+use Magento\Framework\TestFramework\Unit\Helper\ObjectManager as ObjectManagerHelper;
+
+class TextTest extends \PHPUnit_Framework_TestCase
+{
+    /** @var \Magento\Backend\Block\Widget\Grid\Column\Filter\Text*/
+    protected $block;
+
+    /** @var ObjectManagerHelper */
+    protected $objectManagerHelper;
+
+    /** @var \Magento\Backend\Block\Context|\PHPUnit_Framework_MockObject_MockObject */
+    protected $context;
+
+    /** @var \Magento\Framework\DB\Helper|\PHPUnit_Framework_MockObject_MockObject */
+    protected $helper;
+
+    /** @var \Magento\Framework\Escaper|\PHPUnit_Framework_MockObject_MockObject */
+    protected $escaper;
+
+    protected function setUp()
+    {
+        $this->context = $this->getMockBuilder('Magento\Backend\Block\Context')
+            ->setMethods(['getEscaper'])
+            ->disableOriginalConstructor()
+            ->getMock();
+        $this->escaper = $this->getMock('Magento\Framework\Escaper', ['escapeHtml'], [], '', false);
+        $this->helper = $this->getMock('Magento\Framework\DB\Helper', [], [], '', false);
+
+        $this->context->expects($this->once())->method('getEscaper')->willReturn($this->escaper);
+
+        $this->objectManagerHelper = new ObjectManagerHelper($this);
+        $this->block = $this->objectManagerHelper->getObject(
+            'Magento\Backend\Block\Widget\Grid\Column\Filter\Text',
+            [
+                'context' => $this->context,
+                'resourceHelper' => $this->helper
+            ]
+        );
+    }
+
+    public function testGetHtml()
+    {
+        $resultHtml = '<input type="text" name="escapedHtml" ' .
+            'id="escapedHtml" value="escapedHtml" ' .
+            'class="input-text admin__control-text no-changes" data-ui-id="filter-escapedhtml"  />';
+
+        $column = $this->getMockBuilder('Magento\Backend\Block\Widget\Grid\Column')
+            ->setMethods(['getId', 'getHtmlId'])
+            ->disableOriginalConstructor()
+            ->getMock();
+
+        $this->block->setColumn($column);
+
+        $this->escaper->expects($this->any())->method('escapeHtml')->willReturn('escapedHtml');
+        $column->expects($this->any())->method('getId')->willReturn('id');
+        $column->expects($this->once())->method('getHtmlId')->willReturn('htmlId');
+
+        $this->assertEquals($resultHtml, $this->block->getHtml());
+    }
+}
Original file line number	Diff line number	Diff line change
`@@ -760,7 +760,7 @@ public function setSaveParametersInSession($flag)`
`760`	`760`	`*/`
`761`	`761`	`public function getJsObjectName()`
`762`	`762`	`{`
`763`		`- return $this->getId() . 'JsObject';`
	`763`	`+ return preg_replace("~[^a-z0-9_]*~i", '', $this->getId()) . 'JsObject';`
`764`	`764`	`}`
`765`	`765`
`766`	`766`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -67,7 +67,7 @@ public function getColumn()`
`67`	`67`	`*/`
`68`	`68`	`protected function _getHtmlName()`
`69`	`69`	`{`
`70`		`- return $this->getColumn()->getId();`
	`70`	`+ return $this->escapeHtml($this->getColumn()->getId());`
`71`	`71`	`}`
`72`	`72`
`73`	`73`	`/**`
`@@ -77,7 +77,7 @@ protected function _getHtmlName()`
`77`	`77`	`*/`
`78`	`78`	`protected function _getHtmlId()`
`79`	`79`	`{`
`80`		`- return $this->getColumn()->getHtmlId();`
	`80`	`+ return $this->escapeHtml($this->getColumn()->getHtmlId());`
`81`	`81`	`}`
`82`	`82`
`83`	`83`	`/**`
`@@ -88,7 +88,7 @@ protected function _getHtmlId()`
`88`	`88`	`*/`
`89`	`89`	`public function getEscapedValue($index = null)`
`90`	`90`	`{`
`91`		`- return htmlspecialchars((string)$this->getValue($index));`
	`91`	`+ return $this->escapeHtml((string)$this->getValue($index));`
`92`	`92`	`}`
`93`	`93`
`94`	`94`	`/**`