feat(settings): migrate Export Private Key modal + fix outside-click secret leak
Phase 2 (first security modal), presentation-only + the review's one finding. Migration: struct-form BlurFloat overlay (was legacy positional); full i18n (reusing export_private_key / key_export_private_warning / key_export_private_key / select_address / key_export_fetching / export / copy / close, plus one new key_export_failed); DialogWarningHeader; centered DialogActionFooter (Export + Close) + a Copy TactileButton; async UX (export_in_progress_ spinner, export_error_ line). The exported key stays in the char[256] buffer shown via a read-only InputTextMultiline (deliberately NOT AddressCopyField, which would copy the secret into a lingering std::string). exportPrivateKey is untouched. Security fix (found by the adversarial review): the 0a "outside-click/Esc wipe" via the Begin-returns-false early-return was UNREACHABLE — BeginOverlayDialog clears show_export_key_ mid-frame but still returns true, so an outside-click/Esc dismiss left the exported spending key un-wiped in export_result_. Add the in-body `if (!show_export_key_)` teardown before EndOverlayDialog (the proven import-dialog pattern), which is the real wipe point for every dismiss path. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -470,6 +470,7 @@
|
||||
"keep": "유지",
|
||||
"keep_daemon": "데몬 계속 실행",
|
||||
"key_export_click_retrieve": "지갑에서 키를 가져오려면 클릭",
|
||||
"key_export_failed": "키를 내보내지 못했습니다. 지갑 잠금을 해제하고(암호화된 경우) 다시 시도하세요.",
|
||||
"key_export_fetching": "지갑에서 키를 가져오는 중...",
|
||||
"key_export_private_key": "개인 키:",
|
||||
"key_export_private_warning": "이 키를 비밀로 유지하세요! 이 키를 가진 사람은 누구나 자금을 사용할 수 있습니다. 온라인이나 신뢰할 수 없는 사람과 공유하지 마세요.",
|
||||
|
||||
Reference in New Issue
Block a user