commit 0149ec5921c88513ce0bbb53cf0d8f2fa52cce13 parent ec234105a5bfb9415e9f54ac10090556a908c4ff Author: ThomasV <thomasv@gitorious> Date: Wed, 7 May 2014 18:20:17 +0200 sanitize payment request code Diffstat:
| M | lib/paymentrequest.py | | | 18 | +++++++++++++----- |
1 file changed, 13 insertions(+), 5 deletions(-)
diff --git a/lib/paymentrequest.py b/lib/paymentrequest.py @@ -65,13 +65,21 @@ class PaymentRequest: u = urlparse.urlparse(self.url) self.domain = u.netloc - connection = httplib.HTTPConnection(u.netloc) if u.scheme == 'http' else httplib.HTTPSConnection(u.netloc) - connection.request("GET",u.geturl(), headers=REQUEST_HEADERS) - resp = connection.getresponse() + try: + connection = httplib.HTTPConnection(u.netloc) if u.scheme == 'http' else httplib.HTTPSConnection(u.netloc) + connection.request("GET",u.geturl(), headers=REQUEST_HEADERS) + resp = connection.getresponse() + except: + self.error = "cannot read url" + return - r = resp.read() paymntreq = paymentrequest_pb2.PaymentRequest() - paymntreq.ParseFromString(r) + try: + r = resp.read() + paymntreq.ParseFromString(r) + except: + self.error = "cannot parse payment request" + return sig = paymntreq.signature if not sig: