Sanitize field values before generating the form fields

yuichiro · Nov 18, 2013 · 2fa1899 · 2fa1899
1 parent 281848e
commit 2fa1899
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 0 deletions.
diff --git a/lib/active_merchant/billing/integrations/payu_in/helper.rb b/lib/active_merchant/billing/integrations/payu_in/helper.rb
@@ -49,6 +49,7 @@ def initialize(order, account, options = {})
           end
 
           def form_fields
+            sanitize_fields
             @fields.merge(mappings[:checksum] => generate_checksum)
           end
 
@@ -61,6 +62,12 @@ def generate_checksum
             PayuIn.checksum(@fields["key"], @options[:credential2], checksum_payload_items )
           end
 
+          def sanitize_fields
+            ['address1', 'address2', 'city', 'state', 'country', 'productinfo', 'email', 'phone'].each do |field|
+              @fields[field].gsub!(/[^a-zA-Z0-9\-_@\/\s.]/, '') if @fields[field]
+            end
+          end
+
         end
 
       end

diff --git a/test/unit/integrations/helpers/payu_in_helper_test.rb b/test/unit/integrations/helpers/payu_in_helper_test.rb
@@ -63,4 +63,12 @@ def test_add_checksum_method
     assert_equal Digest::SHA512.hexdigest(['merchant_id', *fields, 'secret_key'].join("|")), @helper.form_fields["hash"]
   end
 
+  def test_sanitize_fields_in_form_fields
+    @helper.description '{[Valid Description!]}'
+    @helper.form_fields
+
+    assert_equal 'Valid Description', @helper.fields['productinfo']
+    assert_nil @helper.fields['email']
+  end
+
 end