diff options
| -rw-r--r-- | prog/ž/app.html | 19 | ||||
| -rw-r--r-- | prog/ž/index.php | 3 |
2 files changed, 14 insertions, 8 deletions
diff --git a/prog/ž/app.html b/prog/ž/app.html index 544db56..6502e5f 100644 --- a/prog/ž/app.html +++ b/prog/ž/app.html @@ -242,10 +242,10 @@ async function paynow () { let sender = await sec1_from_pubkey(await pubkey_from_string("me")); let rcpt = await sec1_from_pubkey(window.recipient); let amount32 = new Uint8Array(4); - amount32[3] = amount.value % 256; - amount32[2] = (amount.value >> 8) % 256; - amount32[1] = (amount.value >> 16) % 256; - amount32[0] = (amount.value >> 24) % 256; + amount32[3] = eval(amount.value) % 256; + amount32[2] = (eval(amount.value) >> 8) % 256; + amount32[1] = (eval(amount.value) >> 16) % 256; + amount32[0] = (eval(amount.value) >> 24) % 256; amount.value = ""; let comm = new TextEncoder().encode(comment.value); let comm256 = new Uint8Array(256); @@ -309,12 +309,12 @@ async function pubkey_from_string (s) { return false; } async function paypossible () { - if (amount.value == "") { - console.log("paypossible: empty amount field"); + if (!eval(amount.value)) { + console.log("paypossible: invalid amount field"); pay.disabled = true; return; } - if (!(Number(amount.value) <= 4294967296 && Number(amount.value) >= 0)) { + if (!(Number(eval(amount.value)) <= 4294967296 && Number(eval(amount.value)) >= 0)) { console.log("paypossible: amount invalid"); pay.disabled = true; return; @@ -324,6 +324,11 @@ async function paypossible () { pay.disabled = true; return; } + if (sec1.value.length < 1) { + console.log("paypossible: bad sec1 pubkey -- too short"); + pay.disabled = true; + return; + } window.recipient = await pubkey_from_string(sec1.value); if (recipient == false) { console.log("paypossible: recipient pubkey bad"); diff --git a/prog/ž/index.php b/prog/ž/index.php index 5b46ce1..dc2a2f5 100644 --- a/prog/ž/index.php +++ b/prog/ž/index.php @@ -299,11 +299,12 @@ switch ($_REQUEST["e"] . "-" . $_SERVER["REQUEST_METHOD"]) { @$balances[$tx->recipient] += $tx->amount; } response(200); - foreach ($balances as $key => $value) // do not trust balances provided by this API, since they + foreach ($balances as $key => $value) { // do not trust balances provided by this API, since they $packed = pack("q", $value); // are cast to machine dependent int by php if (pack("Q", 123) === pack("P", 123)) // machine is little endian $packed = strrev($packed); echo $key . $packed; + } break; default: response(400, "unknown endpoint or method not allowed", TEXT); |