Xero - beautiful accounting software

Xero Developer Help Center

Xero Developer Community

Community > Partner Program >

Bug: Invoice number with # symbol not html encoded for Payment Service

Started by Veridian Dynamics -   in Partner Program

We have a Partner Application payment service which uses a Custom Payment URL.
Xero does a GET request to the service passing the short code and invoice number in the query string parameters.
We just experienced a bug with one of our customers who had created an invoice with the invoice number 'INV#0004'. It appears that the Xero code does not html encode the hash symbol and just inserts it in the query string, so subsequently our service does not receive the entire invoice number.

One solution is to ensure you HTML encode all Invoice numbers prior to making the Get request to a Payment Service.
Another solution would be to prevent users from using any special characters in the invoice number, or just limit them to the 4 unreserved URI characters: http://tools.ietf.org/html/rfc3986#section-2.3

Our solution for the moment if we come across it is to tell our customers to change their invoice numbers to remove the hash symbol.

Sorry for the hassle with this. Yes, this seems to be an issue at the moment and the work around you suggested should be fine. We are looking into this and will try to get it fixed soon.
Than you for letting us know and nice spotting.

Srikrishna Tadinada (Community Manager)  

Has there been any updates on this issue? We are encountering the same problem. It is not just the hash symbol but the parameters are not url encoded at all. We don't have the luxury of asking all customers to change their invoice numbering scheme. Some have agreed but others aren't going to which means they can't use the payment services feature of Xero.

I believe this needs to be addressed as a priority.

Reeve Vaughan  

Any progress on this issue? We have customers who are experiencing the same problems.

Steven Webb