Orders containing + sign may fail transaction validation

I've contacted DPS about this - as of #1928460: Correctly encode XML data for communication with DPS we are (IMO) correctly encoding for the XML, but their response makes it seem that they do urldecode on the input as well. Will update when I hear back on the correct way of avoiding conflict.

Email reply from MK @ DPS -

Thank you for your email. For some reason, the code behind the payment page ignores some special characters. HTML encoding should let pass almost all special character, however if our code does not like it, it will either return as empty space or question mark.

Not 100% comfortable with this though - either we can't trust the order reference and email to come back as submitted, or we have to start patching it ad-hoc to replace occurences of + with , and add new "special characters" as we discover them.

Perhaps email / order reference aren't the right values to be comparing, but this is likely to affect all submitted values. I'll ask DPS to respond here.

For now, please note that order references and email addresses containing a + sign may cause transactions to fail validation.

This issue is matched by similar behaviour in the DPS PxPay module for Ubercart: #1929668: Orders containing + sign may fail transaction validation.

Feh, let's just bypass validation on the email. Feel free to re-open if you find a way to sneak the wrong email through an order ;)

https://drupal.org/commitlog/commit/35798/06fc47f1b2fc9e81772e55738860cf...