Stripe Receipt Information Pass-through returning code in email from stripe

[Anonymous]

Hi,

The information that passes through from EME into the payment processor, that gets passed as the line item, is coming through as code in the email that goes to the customer from Stripe. It’s basically that the quotes around the event name are turning into code. For example, here is a returned line item in an email that was forwarded from a customer:

Booking for 'Fab Faux'

Can the quotes just be removed from the information that passes through in the eme_payments.php file on line 375 and 848? I am going to try removing the quotes from mine and hope it fixes it, but wanted to make sure it got into the next round of fixes if that indeed would solve the problem.

[Franky]

So the quotes are turned into html-entities. Is that email coming from Stripe? Because I believe this is a bug in Stripe then … they should fix that of course 🙂
But I’ll check it out here as well.

[Anonymous]

Yes (and I realize it automatically fixed it here, but you got me 😉

Yes, the email comes from Stripe, but there is no way for us to fix that on our end – that part of the email is not customizable (I was hoping, but unfortunately… I have a ticket in with them as well because I am assuming it’s something with how their system is rendering it).

I figured the easiest way to deal with it more efficiently, regardless, would be to just get rid of the quotes in the initial communication, which are unnecessary anyway. 🙂

[Franky]

Could you try it this would solve it:
in eme_payments.php, function eme_stripe_form:
change
eme_esc_html => esc_js
and
data-description=’$name’ => data-description=\”$name\”

eme_esc_html is correct, but seems to encode too much for stripe …

[Anonymous]

Now it’s showing:

Booking for \’Fab Faux\’

In the payment screen. (For some reason I don’t get any emails from Stripe when it’s in testing mode so I don’t know what they are returning until I hear from her when it’s live)

[Franky]

Well … isn’t stripe the difficult one?
I’ll just remmove the single quotes there …

[Anonymous]

So… this is what they came back with:

I did some digging and was able to find the source of the problem. The statement descriptor needs to be a plain text. So if you go to your ‘Payments’ tab on your Dashboard, and click on any given payments, you will see the ‘Statement Descriptor’ reads (Booking for 'Fab Faux'). If you scroll down to the ‘Events’ tab and click on the data, it will pull up the codes in the API for that payment. Scroll down to the ‘Descriptor’ line, and it reads (Booking for 'Fab Faux'), so you need to apply to the API whatever you wish but in text form. For example, if you want for it to read just your company name just write out your business name with out coding it.

It sounds like they aren’t going to change anything on their end and want whatever goes through to be passed through with plain text (I’m going to still press them to change this for the future – if every other payment system does it, then it is just stupid that theirs doesn’t).

However, I now have a way to see if it’s passing through as the HTML entity – as he pointed me to where I can look at that on the back end of stripe while testing. So if we want to try anything else we can and I can see what it returns. It looks like the last one I submitted, that had the \’ still went through as html entities :-\ So I guess getting rid of the quotes altogether is the best idea. Do you have a suggestion for me to do that?

[Anonymous]

It didn’t look like that last message posted right so… Going to try again… Sorry if it posts twice.

So… this is what they came back with:

I did some digging and was able to find the source of the problem. The statement descriptor needs to be a plain text. So if you go to your ‘Payments’ tab on your Dashboard, and click on any given payments, you will see the ‘Statement Descriptor’ reads (Booking for 'Fab Faux'). If you scroll down to the ‘Events’ tab and click on the data, it will pull up the codes in the API for that payment. Scroll down to the ‘Descriptor’ line, and it reads (Booking for 'Fab Faux'), so you need to apply to the API whatever you wish but in text form. For example, if you want for it to read just your company name just write out your business name with out coding it.

It sounds like they aren’t going to change anything on their end and want whatever goes through to be passed through with plain text (I’m going to still press them to change this for the future – if every other payment system does it, then it is just stupid that theirs doesn’t).

However, I now have a way to see if it’s passing through as the HTML entity – as he pointed me to where I can look at that on the back end of stripe while testing. So if we want to try anything else we can and I can see what it returns. It looks like the last one I submitted, that had the \’ still went through as html entities :-\ So I guess getting rid of the quotes altogether is the best idea. Do you have a suggestion for me to do that?

[Anonymous]

And the html entities still didn’t show right (was hoping the code would help with that – oh well)

[Franky]

Ok, let’s try this:
in the function eme_stripe_form set:

$name = sprintf(__("Booking for '%s'",'events-made-easy'),esc_js($event['event_name']));

and

data-description='$name' => data-description=\"$name\"

That way the quotes around the name stay, and the name is still sanitized if needed.

[Anonymous]

So with this, it’s just “Booking for” in the popup payment form (the name is blank), and then it’s STILL passing the html entities in the backend for the description. 🙁 Is there somewhere else that might be passing that data?

[Franky]

That really means that they don’t like single quotes (in fact, I do consider it a bug), as I don’t even encode them specifically anymore …
The way I have it in the code for stripe is this now:

$name = eme_esc_html(sprintf(__("Booking for '%s'",'events-made-easy'),$event['event_name']));
$name = preg_replace('/\'/', '', $name);

[Anonymous]

Argh – yeah I figured. I am pressing Stripe to look into it and fix it, and told them all the cool kids are doing it ;P

I’ll have to take a look at this in a bit – working on some other client work right now.

Thank you so much for your help, it’s always appreciated!

[Anonymous]

I got very excited with this one, because in the pop-up form, it showed properly with the single quotes and everything. But in the backend of Stripe, it’s still showing the HTML entity for the quotes. 🙁

I also got an email from them where they are saying that the plugin code is sending through the html entities, because “why would our system convert it to html?” well, that IS the question isn’t it? I told him I’m looking at the code and the HTML entities definitely aren’t in the plugin code, and that we’ve changed it multiple times and no matter what it always comes through the same way in their dashboard…

[Anonymous]

Ah – so… that changed the form popup, but the part that is sending through to the system is down on 849 where it is setting the $booking_descr variable… I just removed the quotes from that and it had an effect.

I looked up “esc_attr” and it looks like that function converts to HTML so that might be what’s doing it?

[Anonymous]

Okay – I got it to successfully send through with single quotes! Line 849:

$booking_descr = sprintf(__("Booking for '%s'",'events-made-easy'),$event['event_name']);

Also, the last code you sent for line 375 seemed to work for the form.

I’ll have the client confirm that it comes through in email properly that way.

[Anonymous]

Stripe helped get me a copy of the receipt delivered to my email and it looks like it’s coming through perfectly with this code.

[Franky]

Hi,

could you send me all the changes you did here? I’ll verify …

[Anonymous]

Yes —-

Line 375 (and 376) are now (this and the following line seem to pass the quotes and name through to display on the form properly):

      $name = eme_esc_html(sprintf(__("Booking for '%s'",'events-made-easy'),$event['event_name']));
       $name = preg_replace('/\'/', '', $name);

Line 401 (I don’t know if this is necessary – I didn’t test it without, but since it was working I left it):

data-description='$name' => data-description=\"$name\"

Line 849 (this successfully sent through the quotes to the backend and then to the email):

$booking_descr = sprintf(__("Booking for '%s'",'events-made-easy'),$event['event_name']);

[Franky]

The way I see it, the only thing needed is the change on line 849 (and I think I never mentioned that one yet …).
So can you revert to the standard file and just change line 849 to read:

$booking_descr = sprintf(__("Booking for '%s'",'events-made-easy'),$event['event_name']);

Now I *completely* missed that line but indeed esc_attr is not needed there. I’ll remove it from the code this evening!

[Anonymous]

Yep! I just got a chance to test it out, and it looks like that’s the only line that needs to be changed. Everything else works perfectly. 🙂 Thank you so much for your help!

[Author]

Posts