commit ab75d520470409f2862865ad47c55ee3fc20348e
parent d54e23b49c5df2c3d2a4e8dc9fd39e38f3a3faac
Author: n0tr1v <n0tr1v@protonmail.com>
Date: Fri, 15 Dec 2023 01:08:39 -0500
validate withdraw address format
Diffstat:
1 file changed, 5 insertions(+), 0 deletions(-)
diff --git a/pkg/web/handlers/handlers.go b/pkg/web/handlers/handlers.go
@@ -13,6 +13,7 @@ import (
hutils "dkforest/pkg/web/handlers/utils"
"encoding/base64"
"fmt"
+ "github.com/asaskevich/govalidator"
humanize "github.com/dustin/go-humanize"
"github.com/labstack/echo"
wallet1 "github.com/monero-ecosystem/go-monero-rpc-client/wallet"
@@ -824,6 +825,10 @@ func PokerHomeHandler(c echo.Context) error {
data.Error = "invalid xmr address"
return c.Render(http.StatusOK, "poker", data)
}
+ if !govalidator.Matches(data.WithdrawAddress, `^[478][0-9AB][123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz]{93}$`) {
+ data.Error = "invalid xmr address"
+ return c.Render(http.StatusOK, "poker", data)
+ }
if data.WithdrawAddress == authUser.PokerXmrSubAddress {
data.Error = "cannot withdraw to the deposit address"
return c.Render(http.StatusOK, "poker", data)
