commit 5298044fa151e4662707f36800cac24c4850d6f6
parent 4a074a6eb5c34989db4806c32c698d086f3984dd
Author: Christian Grothoff <christian@grothoff.org>
Date: Sun, 28 Jun 2026 19:32:12 +0200
bugs
Diffstat:
3 files changed, 23 insertions(+), 18 deletions(-)
diff --git a/src/backend/taler-merchant-httpd_delete-private-token.c b/src/backend/taler-merchant-httpd_delete-private-token.c
@@ -44,10 +44,11 @@ TMH_private_delete_instances_ID_token (const struct TMH_RequestHandler *rh,
MHD_HEADER_KIND,
MHD_HTTP_HEADER_AUTHORIZATION);
/* This was presumably checked before... */
- if (0 !=
- strncmp (tok,
- bearer,
- strlen (bearer)))
+ if ( (NULL == tok) ||
+ (0 !=
+ strncmp (tok,
+ bearer,
+ strlen (bearer))) )
{
GNUNET_break_op (0);
return TALER_MHD_reply_with_ec (connection,
diff --git a/src/backend/taler-merchant-httpd_dispatcher.c b/src/backend/taler-merchant-httpd_dispatcher.c
@@ -887,6 +887,7 @@ determine_handler_group (const char **urlp,
.url_prefix = "/token",
.method = MHD_HTTP_METHOD_DELETE,
.handler = &TMH_private_delete_instances_ID_token,
+ .permission = NULL /* No ACL: anyone can delete any token they have */
},
/* GET /tokenfamilies: */
{
diff --git a/src/backend/taler-merchant-httpd_post-orders-ORDER_ID-refund.c b/src/backend/taler-merchant-httpd_post-orders-ORDER_ID-refund.c
@@ -613,7 +613,7 @@ TMH_post_orders_ID_refund (const struct TMH_RequestHandler *rh,
TALER_MERCHANTDB_preflight (TMH_db);
{
- json_t *contract_terms;
+ json_t *contract_terms = NULL;
uint64_t order_serial;
qs = TALER_MERCHANTDB_lookup_contract_terms (TMH_db,
@@ -629,18 +629,20 @@ TMH_post_orders_ID_refund (const struct TMH_RequestHandler *rh,
GNUNET_break (GNUNET_DB_STATUS_SOFT_ERROR != qs);
/* Always report on hard error as well to enable diagnostics */
GNUNET_break (GNUNET_DB_STATUS_HARD_ERROR == qs);
- return TALER_MHD_reply_with_error (connection,
- MHD_HTTP_INTERNAL_SERVER_ERROR,
- TALER_EC_GENERIC_DB_FETCH_FAILED,
- "contract terms");
+ return TALER_MHD_reply_with_error (
+ connection,
+ MHD_HTTP_INTERNAL_SERVER_ERROR,
+ TALER_EC_GENERIC_DB_FETCH_FAILED,
+ "contract terms");
}
if (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS == qs)
{
- json_decref (contract_terms);
- return TALER_MHD_reply_with_error (connection,
- MHD_HTTP_NOT_FOUND,
- TALER_EC_MERCHANT_GENERIC_ORDER_UNKNOWN,
- hc->infix);
+ GNUNET_break_op (0);
+ return TALER_MHD_reply_with_error (
+ connection,
+ MHD_HTTP_NOT_FOUND,
+ TALER_EC_MERCHANT_GENERIC_ORDER_UNKNOWN,
+ hc->infix);
}
{
struct TALER_PrivateContractHashP h_contract_terms;
@@ -651,10 +653,11 @@ TMH_post_orders_ID_refund (const struct TMH_RequestHandler *rh,
{
GNUNET_break (0);
json_decref (contract_terms);
- return TALER_MHD_reply_with_error (connection,
- MHD_HTTP_INTERNAL_SERVER_ERROR,
- TALER_EC_GENERIC_FAILED_COMPUTE_JSON_HASH,
- NULL);
+ return TALER_MHD_reply_with_error (
+ connection,
+ MHD_HTTP_INTERNAL_SERVER_ERROR,
+ TALER_EC_GENERIC_FAILED_COMPUTE_JSON_HASH,
+ NULL);
}
json_decref (contract_terms);
if (0 != GNUNET_memcmp (&h_contract_terms,
