Merchant Gateways should have the ability to inject HTML content into the add/edit payment account forms presented throughout the system (similar to how Nonmerchant Gateways currently work).

This will allow Merchant Gateways the ability to bypass Blesta as the API requester, passing that responsibility onto the browser client (and subsequently bypassing all PCI-compliance requirements).

MerchantCcOffSite and MerchantAchOffSite interfaces will need to be updated (and all interfacing callers) to allow the following data substitutions:

MerchantCcOffSite:

• card_number => card_last4

MerchantAchOffSite:

• account_number => account_last4
• routing_number => (void)

Thus, two new methods should be added, one each to MerchantCc and MerchantAch (yes, MerchantCc and MerchantAch – not offsite) respectively:

• buildStoreCc(void)
• buildStoreAch(void)

-------

Additionally, Merchant Gateways should be able to set a 'gateway_error' form field, that, when POST is displayed to the client. This allows the gateway that is bypassing Blesta to still provide error feedback as if it passed through Blesta.