From 13a3a68d54a94f35e9fa7b4f430120a750cc7f0e Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Wed, 30 Sep 2020 14:42:11 -0400
Subject: [PATCH] Validate and trim spaces on WM pointer

Ref T773
---
 database.go | 22 ++++++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

diff --git a/database.go b/database.go
index 5977a7d..54939fe 100644
--- a/database.go
+++ b/database.go
@@ -907,10 +907,24 @@ func (db *datastore) UpdateCollection(c *SubmittedCollection, alias string) erro
 
 	// Update Monetization value
 	if c.Monetization != nil {
-		_, err = db.Exec("INSERT INTO collectionattributes (collection_id, attribute, value) VALUES (?, ?, ?) ON DUPLICATE KEY UPDATE value = ?", collID, "monetization_pointer", *c.Monetization, *c.Monetization)
-		if err != nil {
-			log.Error("Unable to insert monetization_pointer value: %v", err)
-			return err
+		skipUpdate := false
+		if *c.Monetization != "" {
+			// Strip away any excess spaces
+			trimmed := strings.TrimSpace(*c.Monetization)
+			// Only update value when it starts with "$", per spec: https://paymentpointers.org
+			if strings.HasPrefix(trimmed, "$") {
+				c.Monetization = &trimmed
+			} else {
+				// Value appears invalid, so don't update
+				skipUpdate = true
+			}
+		}
+		if !skipUpdate {
+			_, err = db.Exec("INSERT INTO collectionattributes (collection_id, attribute, value) VALUES (?, ?, ?) ON DUPLICATE KEY UPDATE value = ?", collID, "monetization_pointer", *c.Monetization, *c.Monetization)
+			if err != nil {
+				log.Error("Unable to insert monetization_pointer value: %v", err)
+				return err
+			}
 		}
 	}