- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
AIM x_delim_char and Magento
Magento 1.9.x uses a multi-character x_delim_char value, (~), when it submits AIM requests. It appears that this is a violation of the specโthe documentation clearly states that it should be a single characterโbut it's always worked. Until very recently, that is. Using the testing API this morning (https://test.authorize.net/gateway/transact.dll) I see that responses are coming back using only the first character of the given x_delim_char value (a left paranthesis in this case). The production API seems to be unchanged.
I suppose this is a question for the Magento community as much as the AuthNet community, but a change like this could affect many thousands of sites.
Anyone else seeing this?
โ01-22-2019 09:45 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We started seeing this same problem on our site running Magento 1.7.0.2 this afternoon. But, this is our production site and it's using the non-testing API (https://secure2.authorize.net/gateway/transact.dll).
โ01-22-2019 04:44 PM - edited โ01-22-2019 04:52 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm seeing this too in Magento 1.9.
Replacing: const RESPONSE_DELIM_CHAR = '(~)';
With: const RESPONSE_DELIM_CHAR = '*';
Or any other single supported character seems to resolve this issue. Is it safe to assume production authorize.net will start responding similarly and break all Magento 1.9 installs soon?
โ01-22-2019 04:55 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We just hotfixed this. This change to the delimiter will affect many Magento 1 and Magento 2 sites, as neither has gotten away from SIM/DirectPost. The documentation clearly states that:
The SIM API is deprecated. It will only receive critical security
updates. We recommend Accept Hosted instead of SIM for new
integrations.
So where's the bulletin from authorize.net on this critical security update, because merchants will certainly want an explanation.
โ01-22-2019 04:59 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This change impacted our site, fortunately it was rolled back a few minutes ago and is now working again. As for the character change, just wanted to confirm that line 69 in authorizenet.php is where the change should be made?
Thanks for any help.
โ01-22-2019 06:42 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, the quick and dirty fix is to change line 59 of app/code/core/Mage/Paygate/Model/Authorizenet.php.
For those who don't realize it, please note that editing the core like this is bad practice. The next time you upgrade Magento, you'll need to reapply the fix. The safer solution would be to create a module that overrides the Mage_Paygate_Model_Authorizenet class and replaces the RESPONSE_DELIM_CHAR constant there.
โ01-23-2019 06:21 AM