commit 5a838bfb359b78cbef8ad3fcd1f6dffd13f897d2
parent 0f66ec87f8613795effdf11cc27db7b2f2ba71e4
Author: Christian Grothoff <christian@grothoff.org>
Date: Wed, 16 Jun 2021 23:15:18 +0200
fix #6904
Diffstat:
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/src/backend/taler-merchant-httpd_private-post-orders.c b/src/backend/taler-merchant-httpd_private-post-orders.c
@@ -980,7 +980,15 @@ patch_order (struct MHD_Connection *connection,
"merchant_pub",
GNUNET_JSON_from_data_auto (
&hc->instance->merchant_pub)));
- /* FIXME: #6904: transform 'true' in $forgettable into random salts! */
+ if (GNUNET_OK !=
+ TALER_JSON_contract_seed_forgettable (order))
+ {
+ return TALER_MHD_reply_with_error (
+ connection,
+ MHD_HTTP_BAD_REQUEST,
+ TALER_EC_GENERIC_JSON_INVALID,
+ "could not compute hash of order due to bogus forgettable fields");
+ }
/* sanity check result */
{
struct GNUNET_HashCode hc;
