From 38a6747eff4d8202c7a7a9b65f1c54f7341d7c6e Mon Sep 17 00:00:00 2001
From: ThomasV <thomasv@gitorious>
Date: Fri, 6 Jun 2014 07:48:08 +0200
Subject: [PATCH] fix: sanitize outputs

---
 gui/qt/main_window.py | 16 ++++++++++++++--
 gui/qt/paytoedit.py   | 25 ++++++++-----------------
 lib/paymentrequest.py |  3 ---
 lib/wallet.py         |  2 +-
 4 files changed, 23 insertions(+), 23 deletions(-)

diff --git a/gui/qt/main_window.py b/gui/qt/main_window.py
index e2cb1f09..9620b6c0 100644
--- a/gui/qt/main_window.py
+++ b/gui/qt/main_window.py
@@ -797,10 +797,22 @@ class ElectrumWindow(QMainWindow):
 
         if self.gui_object.payment_request:
             outputs = self.gui_object.payment_request.outputs
-            amount = self.gui_object.payment_request.get_amount()
         else:
             outputs = self.payto_e.get_outputs()
-            amount = sum(map(lambda x:x[1], outputs))
+
+        if not outputs:
+            QMessageBox.warning(self, _('Error'), _('No outputs'), _('OK'))
+            return
+
+        for addr, x in outputs:
+            if addr is None or not bitcoin.is_address(addr):
+                QMessageBox.warning(self, _('Error'), _('Invalid Bitcoin Address'), _('OK'))
+                return
+            if type(x) is not int:
+                QMessageBox.warning(self, _('Error'), _('Invalid Amount'), _('OK'))
+                return
+
+        amount = sum(map(lambda x:x[1], outputs))
 
         try:
             fee = self.fee_e.get_amount()
diff --git a/gui/qt/paytoedit.py b/gui/qt/paytoedit.py
index 1b9ae1b4..6352fb45 100644
--- a/gui/qt/paytoedit.py
+++ b/gui/qt/paytoedit.py
@@ -41,6 +41,7 @@ class PayToEdit(QTextEdit):
         self.setMaximumHeight(27)
         self.c = None
         self.textChanged.connect(self.check_text)
+        self.outputs = []
 
     def lock_amount(self):
         self.amount_edit.setFrozen(True)
@@ -88,8 +89,15 @@ class PayToEdit(QTextEdit):
                 self.payto_address = self.parse_address(lines[0])
             except:
                 pass
+
             if self.payto_address:
                 self.unlock_amount()
+                try:
+                    amount = self.amount_edit.get_amount()
+                except:
+                    amount = None
+
+                self.outputs = [(self.payto_address, amount)]
                 return
 
         for line in lines:
@@ -115,24 +123,7 @@ class PayToEdit(QTextEdit):
             self.unlock_amount()
 
 
-
     def get_outputs(self):
-
-        if self.payto_address:
-            
-            if not bitcoin.is_address(self.payto_address):
-                QMessageBox.warning(self, _('Error'), _('Invalid Bitcoin Address') + ':\n' + self.payto_address, _('OK'))
-                return
-
-            try:
-                amount = self.amount_edit.get_amount()
-            except Exception:
-                QMessageBox.warning(self, _('Error'), _('Invalid Amount'), _('OK'))
-                return
-
-            outputs = [(self.payto_address, amount)]
-            return outputs
-
         return self.outputs
 
 
diff --git a/lib/paymentrequest.py b/lib/paymentrequest.py
index 7c68bc96..d970d499 100644
--- a/lib/paymentrequest.py
+++ b/lib/paymentrequest.py
@@ -57,9 +57,6 @@ class PaymentRequest:
         self.outputs = []
         self.error = ""
 
-    def get_amount(self):
-        return sum(map(lambda x:x[1], self.outputs))
-
 
     def verify(self):
         u = urlparse.urlparse(self.url)
diff --git a/lib/wallet.py b/lib/wallet.py
index d08dc4aa..4664a509 100644
--- a/lib/wallet.py
+++ b/lib/wallet.py
@@ -118,7 +118,7 @@ class WalletStorage:
         with self.lock:
             if value is not None:
                 self.data[key] = value
-            else:
+            elif key in self.data:
                 self.data.pop(key)
             if save: 
                 self.write()