improved sanitization, merchantId no longer required.

README.md

@@ -127,6 +127,8 @@ $config->merchantReturnURLBase = ...;
 
 $bluem = new Bluem($config);
 ```
+If parts of the Bluem object are not instantiated correctly, the instantiation might throw an exception.
+
 
 ## General concept
 

examples/initialization.php

@@ -31,20 +31,25 @@
 $bluem_config->test_accessToken = "";                // The access token to communicate with Bluem, for the test environment.
 $bluem_config->production_accessToken = "" ;         // The access token to communicate with Bluem, for the production environment.
 
-$bluem_config->merchantID = "" ;                     // the PRODUCTION merchant ID, to be  found on the contract you
-// have with the bank for receiving direct debit mandates.
-// required for eMandates prod environment
-// NOTE that MerchantID for test environment is set automatically to a valid test value
-
 $bluem_config->expectedReturnStatus = "success" ;    // What status would you like to get back for a TEST transaction or status request? Possible values: none, success, cancelled, expired, failure, open, pending
-$bluem_config->eMandateReason = "eMandateReason" ;   // Brief description of the debt collection at the time of issue
-$bluem_config->localInstrumentCode = "B2B" ;         // Choose type of collection: CORE or B2B
 $bluem_config->merchantReturnURLBase = "https://website.com";  // URL to return to after finishing the process
 
+// NOTE: THE FOLLOWING SETTINGS APPLY FOR IDIN ONLY
+// If you do not use iDIN, instantiating this is NOT necessary.
 // If you are using iDIN next to other services, you can set a specific iDIN BrandID here:
 $bluem_config->IDINBrandID = "";
 // if not set, the default brandID will be used.
 
+// NOTE: THE FOLLOWING SETTINGS APPLY FOR EMANDATES ONLY. 
+// If you do not use eMandates, instantiating this is NOT necessary.
+$bluem_config->merchantID = "" ;                     // the PRODUCTION merchant ID, to be  found on the contract you
+// have with the bank for receiving direct debit mandates.
+// required for eMandates prod environment
+// NOTE that MerchantID for test evironment is set automatically to a valid test value
+$bluem_config->eMandateReason = "eMandateReason" ;   // Brief description of the debt collection at the time of issue
+$bluem_config->localInstrumentCode = "B2B" ;         // Choose type of collection: CORE or B2B
+
+
 /** 
  * Initialize 
  **/

src/Bluem.php

@@ -47,7 +47,7 @@
     define("BLUEM_ENVIRONMENT_ACCEPTANCE", "acc");
 }
 if (!defined("BLUEM_STATIC_MERCHANT_ID")) {
-    define("BLUEM_STATIC_MERCHANT_ID", "0020009469");
+    define("BLUEM_STATIC_MERCHANT_ID", "0020000387");
 }
 if (!defined("BLUEM_LOCAL_DATE_FORMAT")) {
     define("BLUEM_LOCAL_DATE_FORMAT", "Y-m-d\TH:i:s");
@@ -88,7 +88,7 @@ public function __construct($_config = null)
         $_config = $this->_validateBrandID($_config);
 
         // secondary values, possibly automatically inferred/defaulting
-        $_config = $this->_validateMerchantID($_config);
+        $_config = $this->_validateMerchantIDAndSelectAccessToken($_config);
         $_config = $this->_validateThanksPage($_config);
         $_config = $this->_validateExpectedReturnStatus($_config);
         $_config = $this->_validateEMandateReason($_config);
@@ -516,6 +516,42 @@ public function PerformRequest(BluemRequest $transaction_request)
                         } catch (\Throwable $th) {
                             return new ErrorBluemResponse("Error: Could not create Bluem Response object. More details: " . $th->getMessage());
                         }
+                        echo $transaction_request->transaction_code;
+                        var_dump($response);
+                        if ($response->attributes()['type'].''  === "ErrorResponse") {
+                            switch ($transaction_request->transaction_code) {
+                                case 'SRX':
+                                case 'SUD':
+                                    $errmsg = $response->EMandateErrorResponse->Error->ErrorMessage."";
+                                case 'TRX':
+                                case 'TRS':
+                                    $errmsg = $response->EMandateTransactionErrorResponse->Error->ErrorMessage."";
+                                case 'PSU':
+                                case 'PSX':
+                                    $errmsg = $response->EPaymentErrorResponse->Error->ErrorMessage."";
+                                case 'PTS':
+                                case 'PTX':
+                                    $errmsg = $response->EPaymentTransactionErrorResponse->Error->ErrorMessage."";
+                                case 'ITX':
+                                case 'ITX':
+                                    $errmsg = $response->EIdentityTransactionErrorResponse->Error->ErrorMessage."";
+                                case 'ISU':
+                                case 'ISX':
+                                    $errmsg = $response->EIdentityErrorResponse->Error->ErrorMessage."";
+                                case 'INS':
+                                case 'INX':
+                                    $errmsg = $response->EIBANNameCheckErrorResponse->Error->ErrorMessage."";
+                                default:
+                                    throw new Exception("Invalid transaction type requested");
+                                }
+                            // $response = $this->fabricateErrorResponseObject($transaction_request->transaction_code, $http_response->getBody());
+                            // var_dump($response);
+                            return new ErrorBluemResponse("Error: " . ($errmsg));
+                            exit;
+                        }
+
+
+                        var_dump($response);
                         if (!$response->Status()) {
                             return new ErrorBluemResponse("Error: " . ($response->Error->ErrorMessage));
                         }
@@ -903,8 +939,12 @@ private function _validateProduction_accessToken($_config)
         return $_config;
     }
 
-    private function _validateMerchantID($_config)
+    private function _validateMerchantIDAndSelectAccessToken($_config)
     {
+        if (!isset($_config->merchantId) || is_null($_config->merchantId)) {
+            $_config->merchantId = "";
+        }
+
         if ($_config->environment === BLUEM_ENVIRONMENT_PRODUCTION) {
             $_config->accessToken = $_config->production_accessToken;
         // @todo consider throwing an exception if these tokens are missing.

src/Requests/BluemRequest.php

@@ -402,6 +402,25 @@ public function RequestType()
         return '';
     }
 
+
+    /**
+     * Perform sanitization of the description element
+     *
+     * @param String $description
+     * @return void
+     */
+    protected function _sanitizeDescription(String $description) {
+        // filter based on full list of invalid chars for description based on XSD
+        // Wel toegestaan: -0-9a-zA-ZéëïôóöüúÉËÏÔÓÖÜÚ€ ()+,.@&=%"'/:;?$
+        $description = preg_replace(
+            '/[^-0-9a-zA-ZéëïôóöüúÉËÏÔÓÖÜÚ€\ \(\)+,\.@&=%\"\'\/:;\?\$]/',
+            '',
+            $description
+        );
+        $description = substr($description, 0, 128); // max 128 characters
+        return $description;
+    }
+
     /*
     <DebtorAdditionalData>
     <EmailAddress>{0,1}</EmailAddress>

src/Requests/IdentityBluemRequest.php

@@ -45,8 +45,9 @@ public function __construct(
         }
 
         $this->requestCategory = $this->getRequestCategoryElement($requestCategory);
+        $this->description = $this->_sanitizeDescription($description);
+
 
-        $this->description = $description;
         $this->debtorReference = $debtorReference;
         $this->debtorReturnURL = $debtorReturnURL;
 

src/Requests/PaymentBluemRequest.php

@@ -38,7 +38,7 @@ public function __construct(
             $this->brandID = $config->brandID;
         }
 
-        $this->description = $description;
+        $this->description = $this->_sanitizeDescription($description);
 
         //  Default Currency EUR
         if (is_null($currency)) {