lukechilds
/
btc-rpc-explorer
mirror of https://github.com/lukechilds/btc-rpc-explorer.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Stronger validation of rpc commands against blacklist. Fixes #33

fix-133-memory-crash
Dan Janosik 7 years ago
parent
c085aa002f
commit
9b5c8a31aa
1 changed files with 3 additions and 3 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      routes/baseActionsRouter.js

6
routes/baseActionsRouter.js
View File

@ -493,7 +493,7 @@ router.post("/rpc-terminal", function(req, res) {
}
}
var params = req.body.cmd.split(" ");
var params = req.body.cmd.trim().split(/\s+/);
var cmd = params.shift();
var parsedParams = [];
@ -506,7 +506,7 @@ router.post("/rpc-terminal", function(req, res) {
}
});
if (env.rpcBlacklist.includes(cmd)) {
if (env.rpcBlacklist.includes(cmd.toLowerCase())) {
res.write("Sorry, that RPC command is blacklisted. If this is your server, you may allow this command by removing it from the 'rpcBlacklist' setting in env.js.", function() {
res.end();
});
@ -599,7 +599,7 @@ router.get("/rpc-browser", function(req, res) {
res.locals.argValues = argValues;
if (env.rpcBlacklist.includes(req.query.method)) {
if (env.rpcBlacklist.includes(req.query.method.toLowerCase())) {
res.locals.methodResult = "Sorry, that RPC command is blacklisted. If this is your server, you may allow this command by removing it from the 'rpcBlacklist' setting in env.js.";
res.render("browser");

Write Preview
Loading…
Cancel
Save