LBRYFoundation/LBRY-Vault
1
0
Fork 0
mirror of https://github.com/LBRYFoundation/LBRY-Vault.git synced 2025-08-31 01:11:35 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #2086 from alexander255/master

Browse source 
Properly handle invalid payment request URLs
This commit is contained in:
ThomasV 2016-12-22 06:06:16 +01:00 committed by GitHub
commit 426cd6dd60
1 changed files with 29 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

39
lib/paymentrequest.py
View file

@ -67,31 +67,48 @@ PR_PAID = 3 # send and propagated
def get_payment_request(url): def get_payment_request(url):
u = urlparse.urlparse(url) u = urlparse.urlparse(url)
if u.scheme in ['http', 'https']: if u.scheme in ['http', 'https']:
response = requests.request('GET', url, headers=REQUEST_HEADERS) try:
data = response.content response = requests.request('GET', url, headers=REQUEST_HEADERS)
print_error('fetched payment request', url, len(data)) response.raise_for_status()
# Guard against `bitcoin:`-URIs with invalid payment request URLs
if "Content-Type" not in response.headers \
or response.headers["Content-Type"] != "application/bitcoin-paymentrequest":
data = None
error = "payment URL not pointing to a payment request handling server"
else:
data = response.content
print_error('fetched payment request', url, len(response.content))
except requests.exceptions.RequestException:
data = None
error = "payment URL not pointing to a valid server"
elif u.scheme == 'file': elif u.scheme == 'file':
with open(u.path, 'r') as f: try:
data = f.read() with open(u.path, 'r') as f:
data = f.read()
except IOError:
data = None
error = "payment URL not pointing to a valid file"
else: else:
raise BaseException("unknown scheme", url) raise BaseException("unknown scheme", url)
pr = PaymentRequest(data) pr = PaymentRequest(data, error)
return pr return pr
class PaymentRequest: class PaymentRequest:
def __init__(self, data): def __init__(self, data, error=None):
self.raw = data self.raw = data
self.error = error
self.parse(data) self.parse(data)
self.requestor = None # known after verify self.requestor = None # known after verify
self.tx = None self.tx = None
self.error = None
def __str__(self): def __str__(self):
return self.raw return self.raw
def parse(self, r): def parse(self, r):
if self.error:
return
self.id = bitcoin.sha256(r)[0:16].encode('hex') self.id = bitcoin.sha256(r)[0:16].encode('hex')
try: try:
self.data = pb2.PaymentRequest() self.data = pb2.PaymentRequest()
@ -113,15 +130,17 @@ class PaymentRequest:
#return self.get_outputs() != [(TYPE_ADDRESS, self.get_requestor(), self.get_amount())] #return self.get_outputs() != [(TYPE_ADDRESS, self.get_requestor(), self.get_amount())]
def verify(self, contacts): def verify(self, contacts):
if self.error:
return False
if not self.raw: if not self.raw:
self.error = "Empty request" self.error = "Empty request"
return return False
pr = pb2.PaymentRequest() pr = pb2.PaymentRequest()
try: try:
pr.ParseFromString(self.raw) pr.ParseFromString(self.raw)
except: except:
self.error = "Error: Cannot parse payment request" self.error = "Error: Cannot parse payment request"
return return False
if not pr.signature: if not pr.signature:
# the address will be dispayed as requestor # the address will be dispayed as requestor
self.requestor = None self.requestor = None