fix(ui): validate and clamp dialog input
Tighten input handling across several dialogs so bad/edge input can't produce a doomed request or a confusing display: - app_security: passphrase strength meter now factors character-class diversity — an all-one-class string downgrades one tier so "aaaaaaaa" no longer scores as high as a mixed one. - block_info: clamp the height field to the chain tip and hide/deny "Next" at the tip (was only yielding a raw RPC error). - address_label: trim surrounding whitespace before saving; a whitespace-only label clears it (mirrors clearing the icon). - send_tab: re-clamp the amount when a Max send has its fee bumped in the confirm popup (kept the total within budget) and NUL-terminate the strncpy'd address/memo when a payment URI overwrites the form. - settings_page: reject an empty/whitespace-only lite wallet path before dispatching an unusable open/restore request. - peers_tab: guard ExtractIP against an empty address. - transaction_details: disable "View in explorer" when the configured explorer URL is empty/whitespace so we never open a garbage link. - app: seed-backup "Skip" now requires a second, deliberate click with a fund-loss warning before it dismisses. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -287,6 +287,19 @@ static void evaluateLiteLifecycleRequestFromPageState(App* app) {
|
||||
}
|
||||
} liteSecretScrubber{input};
|
||||
|
||||
// Open/Restore both target a wallet path; reject an empty/whitespace-only one early so we
|
||||
// never dispatch an unusable request (the scrubber above still wipes secrets on this return).
|
||||
if (input.request.operation == wallet::LiteWalletLifecycleOperation::OpenExisting ||
|
||||
input.request.operation == wallet::LiteWalletLifecycleOperation::RestoreFromSeed) {
|
||||
std::string trimmedPath(s_settingsState.lite_wallet_path);
|
||||
const auto first = trimmedPath.find_first_not_of(" \t\r\n");
|
||||
if (first == std::string::npos) {
|
||||
s_settingsState.lite_lifecycle_status = "Enter a wallet path";
|
||||
s_settingsState.lite_lifecycle_summary.clear();
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
// Restore needs a complete 24-word seed; reject early (the scrubber above still wipes the
|
||||
// entered secret on this return path).
|
||||
if (input.request.operation == wallet::LiteWalletLifecycleOperation::RestoreFromSeed) {
|
||||
|
||||
Reference in New Issue
Block a user