anders/Wallet
1
0
Fork 0
Code Issues Projects Releases Packages Wiki Activity

paypro: not necessary, but check merchant data in verifyPaymentRequest.

Browse source
This commit is contained in:
Christopher Jeffrey 2014-08-05 12:49:50 -07:00 committed by Manuel Araoz
commit 21196f8b22
1 changed files with 25 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

25
js/models/core/Wallet.js
View file

@ -1290,6 +1290,31 @@ Wallet.prototype.verifyPaymentRequest = function(ntxid) {
// data. We should not sign this transaction proposal! // data. We should not sign this transaction proposal!
return false; return false;
} }
// Checking the merchant data itself isn't technically
// necessary as long as we check the transaction, but
// we can do it for good measure.
var ro = txp.merchant.pr.pd.outputs[i];
// Actual value
var av = new Buffer(8);
av[0] = (ro.amount.low >> 0) & 0xff;
av[1] = (ro.amount.low >> 8) & 0xff;
av[2] = (ro.amount.low >> 16) & 0xff;
av[3] = (ro.amount.low >> 24) & 0xff;
av[4] = (ro.amount.high >> 0) & 0xff;
av[5] = (ro.amount.high >> 8) & 0xff;
av[6] = (ro.amount.high >> 16) & 0xff;
av[7] = (ro.amount.high >> 24) & 0xff;
// Actual script
var as = new Buffer(ro.script.buffer, 'hex')
.slice(ro.script.offset, ro.script.limit);
if (av.toString('hex') !== ev.toString('hex')
|| as.toString('hex') !== es.toString('hex')) {
return false;
}
} }
return true; return true;