Check currency amounts received from server.
This commit is contained in:
levlam
parent
fb6f478e6b
commit
e40fbde299
|
|
@ -4893,6 +4893,10 @@ unique_ptr<MessageContent> get_action_message_content(Td *td, tl_object_ptr<tele
|
|||
reply_in_dialog_id = DialogId();
|
||||
reply_to_message_id = MessageId();
|
||||
}
|
||||
if (action->total_amount_ <= 0 || !check_currency_amount(action->total_amount_)) {
|
||||
LOG(ERROR) << "Receive invalid total amount " << action->total_amount_;
|
||||
action->total_amount_ = 0;
|
||||
}
|
||||
return td::make_unique<MessagePaymentSuccessful>(
|
||||
reply_in_dialog_id, reply_to_message_id, std::move(action->currency_), action->total_amount_,
|
||||
std::move(action->invoice_slug_), action->recurring_used_, action->recurring_init_);
|
||||
|
|
@ -4903,6 +4907,10 @@ unique_ptr<MessageContent> get_action_message_content(Td *td, tl_object_ptr<tele
|
|||
break;
|
||||
}
|
||||
auto action = move_tl_object_as<telegram_api::messageActionPaymentSentMe>(action_ptr);
|
||||
if (action->total_amount_ <= 0 || !check_currency_amount(action->total_amount_)) {
|
||||
LOG(ERROR) << "Receive invalid total amount " << action->total_amount_;
|
||||
action->total_amount_ = 0;
|
||||
}
|
||||
auto result = td::make_unique<MessagePaymentSuccessful>(DialogId(), MessageId(), std::move(action->currency_),
|
||||
action->total_amount_, action->payload_.as_slice().str(),
|
||||
action->recurring_used_, action->recurring_init_);
|
||||
|
|
@ -5019,6 +5027,10 @@ unique_ptr<MessageContent> get_action_message_content(Td *td, tl_object_ptr<tele
|
|||
}
|
||||
case telegram_api::messageActionGiftPremium::ID: {
|
||||
auto action = move_tl_object_as<telegram_api::messageActionGiftPremium>(action_ptr);
|
||||
if (action->amount_ <= 0 || !check_currency_amount(action->amount_)) {
|
||||
LOG(ERROR) << "Receive invalid premium gift price " << action->amount_;
|
||||
action->amount_ = 0;
|
||||
}
|
||||
return td::make_unique<MessageGiftPremium>(std::move(action->currency_), action->amount_, action->months_);
|
||||
}
|
||||
default:
|
||||
|
|
|
|||
|
|
@ -163,6 +163,10 @@ class SetBotPreCheckoutAnswerQuery final : public Td::ResultHandler {
|
|||
static tl_object_ptr<td_api::labeledPricePart> convert_labeled_price(
|
||||
tl_object_ptr<telegram_api::labeledPrice> labeled_price) {
|
||||
CHECK(labeled_price != nullptr);
|
||||
if (!check_currency_amount(labeled_price->amount_)) {
|
||||
LOG(ERROR) << "Receive invalid labeled price amount " << labeled_price->amount_;
|
||||
labeled_price->amount_ = (labeled_price->amount_ < 0 ? -1 : 1) * (static_cast<int64>(1) << 40);
|
||||
}
|
||||
return make_tl_object<td_api::labeledPricePart>(std::move(labeled_price->label_), labeled_price->amount_);
|
||||
}
|
||||
|
||||
|
|
@ -188,8 +192,18 @@ static tl_object_ptr<td_api::invoice> convert_invoice(tl_object_ptr<telegram_api
|
|||
need_shipping_address = true;
|
||||
}
|
||||
|
||||
if (invoice->max_tip_amount_ < 0 || !check_currency_amount(invoice->max_tip_amount_)) {
|
||||
LOG(ERROR) << "Receive invalid maximum tip amount " << invoice->max_tip_amount_;
|
||||
invoice->max_tip_amount_ = 0;
|
||||
}
|
||||
td::remove_if(invoice->suggested_tip_amounts_,
|
||||
[](int64 amount) { return amount < 0 || !check_currency_amount(amount); });
|
||||
if (invoice->suggested_tip_amounts_.size() > 4) {
|
||||
invoice->suggested_tip_amounts_.resize(4);
|
||||
}
|
||||
|
||||
return make_tl_object<td_api::invoice>(std::move(invoice->currency_), std::move(labeled_prices),
|
||||
invoice->max_tip_amount_, vector<int64>(invoice->suggested_tip_amounts_),
|
||||
invoice->max_tip_amount_, std::move(invoice->suggested_tip_amounts_),
|
||||
std::move(invoice->recurring_terms_url_), is_test, need_name,
|
||||
need_phone_number, need_email_address, need_shipping_address,
|
||||
send_phone_number_to_provider, send_email_address_to_provider, is_flexible);
|
||||
|
|
@ -554,6 +568,10 @@ class GetPaymentReceiptQuery final : public Td::ResultHandler {
|
|||
return on_error(Status::Error(500, "Receive invalid seller identifier"));
|
||||
}
|
||||
auto photo = get_web_document_photo(td_->file_manager_.get(), std::move(payment_receipt->photo_), dialog_id_);
|
||||
if (payment_receipt->tip_amount_ < 0 || !check_currency_amount(payment_receipt->tip_amount_)) {
|
||||
LOG(ERROR) << "Receive invalid tip amount " << payment_receipt->tip_amount_;
|
||||
payment_receipt->tip_amount_ = 0;
|
||||
}
|
||||
|
||||
promise_.set_value(make_tl_object<td_api::paymentReceipt>(
|
||||
payment_receipt->title_, get_product_description_object(payment_receipt->description_),
|
||||
|
|
@ -758,6 +776,10 @@ InputInvoice get_input_invoice(tl_object_ptr<telegram_api::messageMediaInvoice>
|
|||
// result.payload = string();
|
||||
// result.provider_token = string();
|
||||
// result.provider_data = string();
|
||||
if (message_invoice->total_amount_ <= 0 || !check_currency_amount(message_invoice->total_amount_)) {
|
||||
LOG(ERROR) << "Receive invalid total amount " << message_invoice->total_amount_;
|
||||
message_invoice->total_amount_ = 0;
|
||||
}
|
||||
result.total_amount = message_invoice->total_amount_;
|
||||
if ((message_invoice->flags_ & telegram_api::messageMediaInvoice::RECEIPT_MSG_ID_MASK) != 0) {
|
||||
result.receipt_message_id = MessageId(ServerMessageId(message_invoice->receipt_msg_id_));
|
||||
|
|
@ -782,6 +804,10 @@ InputInvoice get_input_invoice(tl_object_ptr<telegram_api::botInlineMessageMedia
|
|||
// result.payload = string();
|
||||
// result.provider_token = string();
|
||||
// result.provider_data = string();
|
||||
if (message_invoice->total_amount_ <= 0 || !check_currency_amount(message_invoice->total_amount_)) {
|
||||
LOG(ERROR) << "Receive invalid total amount " << message_invoice->total_amount_;
|
||||
message_invoice->total_amount_ = 0;
|
||||
}
|
||||
result.total_amount = message_invoice->total_amount_;
|
||||
// result.receipt_message_id = MessageId();
|
||||
return result;
|
||||
|
|
@ -854,10 +880,10 @@ Result<InputInvoice> process_input_message_invoice(
|
|||
if (!clean_input_string(price->label_)) {
|
||||
return Status::Error(400, "Invoice price label must be encoded in UTF-8");
|
||||
}
|
||||
result.invoice.price_parts.emplace_back(std::move(price->label_), price->amount_);
|
||||
if (!check_currency_amount(price->amount_)) {
|
||||
return Status::Error(400, "Too big amount of the currency specified");
|
||||
}
|
||||
result.invoice.price_parts.emplace_back(std::move(price->label_), price->amount_);
|
||||
total_amount += price->amount_;
|
||||
}
|
||||
if (total_amount <= 0) {
|
||||
|
|
@ -1243,6 +1269,9 @@ void answer_shipping_query(Td *td, int64 shipping_query_id,
|
|||
if (!clean_input_string(price_part->label_)) {
|
||||
return promise.set_error(Status::Error(400, "Shipping option price part label must be encoded in UTF-8"));
|
||||
}
|
||||
if (!check_currency_amount(price_part->amount_)) {
|
||||
return promise.set_error(Status::Error(400, "Too big amount of the currency specified"));
|
||||
}
|
||||
|
||||
prices.push_back(make_tl_object<telegram_api::labeledPrice>(std::move(price_part->label_), price_part->amount_));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -16,6 +16,7 @@
|
|||
#include "td/telegram/Global.h"
|
||||
#include "td/telegram/JsonValue.h"
|
||||
#include "td/telegram/MessageEntity.h"
|
||||
#include "td/telegram/Payments.h"
|
||||
#include "td/telegram/Td.h"
|
||||
#include "td/telegram/telegram_api.h"
|
||||
#include "td/telegram/UpdatesManager.h"
|
||||
|
|
@ -89,6 +90,9 @@ static Result<tl_object_ptr<telegram_api::InputStorePaymentPurpose>> get_input_s
|
|||
auto p = static_cast<const td_api::storePaymentPurposeGiftedPremium *>(purpose.get());
|
||||
UserId user_id(p->user_id_);
|
||||
TRY_RESULT(input_user, td->contacts_manager_->get_input_user(user_id));
|
||||
if (p->amount_ <= 0 || !check_currency_amount(p->amount_)) {
|
||||
return Status::Error(400, "Invalid amount of the currency specified");
|
||||
}
|
||||
return make_tl_object<telegram_api::inputStorePaymentGiftPremium>(std::move(input_user), p->currency_,
|
||||
p->amount_);
|
||||
}
|
||||
|
|
@ -128,7 +132,7 @@ class GetPremiumPromoQuery final : public Td::ResultHandler {
|
|||
return on_error(Status::Error(500, "Receive wrong number of videos"));
|
||||
}
|
||||
|
||||
if (promo->monthly_amount_ < 0 || promo->monthly_amount_ > 9999'9999'9999) {
|
||||
if (promo->monthly_amount_ < 0 || !check_currency_amount(promo->monthly_amount_)) {
|
||||
return on_error(Status::Error(500, "Receive invalid monthly amount"));
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@
|
|||
#include "td/telegram/PremiumGiftOption.h"
|
||||
|
||||
#include "td/telegram/LinkManager.h"
|
||||
#include "td/telegram/Payments.h"
|
||||
|
||||
#include "td/utils/common.h"
|
||||
|
||||
|
|
@ -21,6 +22,10 @@ PremiumGiftOption::PremiumGiftOption(telegram_api::object_ptr<telegram_api::prem
|
|||
, amount_(option->amount_)
|
||||
, bot_url_(std::move(option->bot_url_))
|
||||
, store_product_(std::move(option->store_product_)) {
|
||||
if (amount_ <= 0 || !check_currency_amount(amount_)) {
|
||||
LOG(ERROR) << "Receive invalid premium gift option amount " << amount_;
|
||||
amount_ = static_cast<int64>(1) << 40;
|
||||
}
|
||||
}
|
||||
|
||||
double PremiumGiftOption::get_monthly_price() const {
|
||||
|
|
|
|||
|
|
@ -3368,6 +3368,8 @@ void UpdatesManager::on_update(tl_object_ptr<telegram_api::updateBotPrecheckoutQ
|
|||
UserId user_id(update->user_id_);
|
||||
if (!user_id.is_valid()) {
|
||||
LOG(ERROR) << "Receive pre-checkout query from invalid " << user_id;
|
||||
} else if (update->total_amount_ <= 0 || !check_currency_amount(update->total_amount_)) {
|
||||
LOG(ERROR) << "Receive pre-checkout query with invalid total amount " << update->total_amount_;
|
||||
} else {
|
||||
send_closure(
|
||||
G()->td(), &Td::send_update,
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user