Sunday, June 7, 2009

Script Package (Magento v Updated

There are some changes in Magento over the past few months, and my old patch package for v 1.2 was obsolete. I applied my code changes for temporary-CCV-storage-plus-wipe to the latest version of Magento (v as of this writing) and prepared a zip file (see below).

This patch allows the CCV field to be saved in encrypted form (using the saved CC payment method), and then you can wipe the sensitive payment information from the order after you process the payment information by hand.

In addition to the changes I discusses in earlier posts, I made one change two changes in the behavior. Instead of completely wiping payment information from Sales Quotes, I now delete the encrypted CC info field and leave the other payment info as is. This is the same thing I do for the Sales Orders and I think it makes more sense this way. In addition card expiration date & month is also removed for security.

Here is a link to the package for your download:
(MD5 76d70e6fad356ed2fc5da6a6ab455ccd)

To use this, copy the files over your existing development Magento installation (assuming your installation resides in "store") and run the included SQL script for your database. You will need to clear your configuration cache in the admin dashboard for changes to take effect!

In addition, the change will only affect new orders; old orders still will not have any CCV information. So after you implement changes, create a new order with CC information and verify that the information is being stored / removed as expected.

If you have not carefully reviewed the code, you are nuts to just plunk this down on a production server. Check to make sure it works in a development environment, and read some of my previous posts to see the limitations.

No comments: