/** * Load transaction details * * @param \Magento\Authorizenet\Model\Authorizenet $context * @param string $transactionId * @return \Magento\Framework\Simplexml\Element * @throws \Magento\Framework\Exception\LocalizedException */ protected function loadTransactionDetails(Authorizenet $context, $transactionId) { $requestBody = $this->getRequestBody($context->getConfigData('login'), $context->getConfigData('trans_key'), $transactionId); /** @var \Magento\Framework\HTTP\ZendClient $client */ $client = $this->httpClientFactory->create(); $url = $context->getConfigData('cgi_url_td') ?: self::CGI_URL_TD; $client->setUri($url); $client->setConfig(['timeout' => self::CONNECTION_TIMEOUT]); $client->setHeaders(['Content-Type: text/xml']); $client->setMethod(\Zend_Http_Client::POST); $client->setRawData($requestBody); $debugData = ['url' => $url, 'request' => $this->removePrivateDataFromXml($requestBody)]; try { $responseBody = $client->request()->getBody(); if (!$this->xmlSecurityHelper->scan($responseBody)) { $this->logger->critical('Attempt loading of external XML entities in response from Authorizenet.'); throw new \Exception(); } $debugData['response'] = $responseBody; libxml_use_internal_errors(true); $responseXmlDocument = new Element($responseBody); libxml_use_internal_errors(false); } catch (\Exception $e) { throw new LocalizedException(__('Unable to get transaction details. Try again later.')); } finally { $context->debugData($debugData); } if (!isset($responseXmlDocument->messages->resultCode) || $responseXmlDocument->messages->resultCode != static::PAYMENT_UPDATE_STATUS_CODE_SUCCESS) { throw new LocalizedException(__('Unable to get transaction details. Try again later.')); } $this->transactionDetails[$transactionId] = $responseXmlDocument; return $responseXmlDocument; }
/** * Converts rules xml document to description=>message dictionary * * @param string $rulesString * @return array * @throws LocalizedException */ private function getFraudRulesDictionary($rulesString) { $rules = []; if (!$this->xmlSecurity->scan($rulesString)) { return $rules; } try { $rulesXml = new \SimpleXMLElement($rulesString); foreach ($rulesXml->{'rule'} as $rule) { $rules[(string) $rule->{'ruleDescription'}] = (string) $rule->{'triggeredMessage'}; } } catch (\Exception $e) { } finally { libxml_use_internal_errors(false); } return $rules; }
/** * Parse XML string and return XML document object or false * * @param string $xmlContent * @param string $customSimplexml * @return \SimpleXMLElement|bool * @throws LocalizedException * * @api */ public function parseXml($xmlContent, $customSimplexml = 'SimpleXMLElement') { if (!$this->xmlSecurity->scan($xmlContent)) { throw new LocalizedException(__('Security validation of XML document has been failed.')); } $xmlElement = simplexml_load_string($xmlContent, $customSimplexml); return $xmlElement; }
/** * Run test scan method * * @param string $xmlContent * @param bool $expectedResult * * @dataProvider dataProviderTestScan */ public function testScan($xmlContent, $expectedResult) { $this->assertEquals($expectedResult, $this->security->scan($xmlContent)); }