URI: 
       tfix: sanitize outputs - electrum - Electrum Bitcoin wallet
  HTML git clone https://git.parazyd.org/electrum
   DIR Log
   DIR Files
   DIR Refs
   DIR Submodules
       ---
   DIR commit 38a6747eff4d8202c7a7a9b65f1c54f7341d7c6e
   DIR parent 0673df9176455303ed749777672bcb52d2f18591
  HTML Author: ThomasV <thomasv@gitorious>
       Date:   Fri,  6 Jun 2014 07:48:08 +0200
       
       fix: sanitize outputs
       
       Diffstat:
         M gui/qt/main_window.py               |      16 ++++++++++++++--
         M gui/qt/paytoedit.py                 |      25 ++++++++-----------------
         M lib/paymentrequest.py               |       3 ---
         M lib/wallet.py                       |       2 +-
       
       4 files changed, 23 insertions(+), 23 deletions(-)
       ---
   DIR diff --git a/gui/qt/main_window.py b/gui/qt/main_window.py
       t@@ -797,10 +797,22 @@ class ElectrumWindow(QMainWindow):
        
                if self.gui_object.payment_request:
                    outputs = self.gui_object.payment_request.outputs
       -            amount = self.gui_object.payment_request.get_amount()
                else:
                    outputs = self.payto_e.get_outputs()
       -            amount = sum(map(lambda x:x[1], outputs))
       +
       +        if not outputs:
       +            QMessageBox.warning(self, _('Error'), _('No outputs'), _('OK'))
       +            return
       +
       +        for addr, x in outputs:
       +            if addr is None or not bitcoin.is_address(addr):
       +                QMessageBox.warning(self, _('Error'), _('Invalid Bitcoin Address'), _('OK'))
       +                return
       +            if type(x) is not int:
       +                QMessageBox.warning(self, _('Error'), _('Invalid Amount'), _('OK'))
       +                return
       +
       +        amount = sum(map(lambda x:x[1], outputs))
        
                try:
                    fee = self.fee_e.get_amount()
   DIR diff --git a/gui/qt/paytoedit.py b/gui/qt/paytoedit.py
       t@@ -41,6 +41,7 @@ class PayToEdit(QTextEdit):
                self.setMaximumHeight(27)
                self.c = None
                self.textChanged.connect(self.check_text)
       +        self.outputs = []
        
            def lock_amount(self):
                self.amount_edit.setFrozen(True)
       t@@ -88,8 +89,15 @@ class PayToEdit(QTextEdit):
                        self.payto_address = self.parse_address(lines[0])
                    except:
                        pass
       +
                    if self.payto_address:
                        self.unlock_amount()
       +                try:
       +                    amount = self.amount_edit.get_amount()
       +                except:
       +                    amount = None
       +
       +                self.outputs = [(self.payto_address, amount)]
                        return
        
                for line in lines:
       t@@ -115,24 +123,7 @@ class PayToEdit(QTextEdit):
                    self.unlock_amount()
        
        
       -
            def get_outputs(self):
       -
       -        if self.payto_address:
       -            
       -            if not bitcoin.is_address(self.payto_address):
       -                QMessageBox.warning(self, _('Error'), _('Invalid Bitcoin Address') + ':\n' + self.payto_address, _('OK'))
       -                return
       -
       -            try:
       -                amount = self.amount_edit.get_amount()
       -            except Exception:
       -                QMessageBox.warning(self, _('Error'), _('Invalid Amount'), _('OK'))
       -                return
       -
       -            outputs = [(self.payto_address, amount)]
       -            return outputs
       -
                return self.outputs
        
        
   DIR diff --git a/lib/paymentrequest.py b/lib/paymentrequest.py
       t@@ -57,9 +57,6 @@ class PaymentRequest:
                self.outputs = []
                self.error = ""
        
       -    def get_amount(self):
       -        return sum(map(lambda x:x[1], self.outputs))
       -
        
            def verify(self):
                u = urlparse.urlparse(self.url)
   DIR diff --git a/lib/wallet.py b/lib/wallet.py
       t@@ -118,7 +118,7 @@ class WalletStorage:
                with self.lock:
                    if value is not None:
                        self.data[key] = value
       -            else:
       +            elif key in self.data:
                        self.data.pop(key)
                    if save: 
                        self.write()