From 28d4cff0ed2d4438da4bbf2d4ca0465715603af5 Mon Sep 17 00:00:00 2001
From: Gregory Maxwell <greg@xiph.org>
Date: Sun, 8 Feb 2015 00:59:58 +0000
Subject: Sanitize command strings before logging them.

Normally bitcoin core does not display any network originated strings without
 sanitizing or hex encoding.  This wasn't done for strcommand in many places.

This could be used to play havoc with a terminal displaying the logs,
 especially with printtoconsole in use.

Thanks to Evil-Knievel for reporting this issue.
---
 src/rpcserver.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/rpcserver.cpp')

diff --git a/src/rpcserver.cpp b/src/rpcserver.cpp
index 823b1fcf2..20e9252d7 100644
--- a/src/rpcserver.cpp
+++ b/src/rpcserver.cpp
@@ -849,7 +849,7 @@ void JSONRequest::parse(const Value& valRequest)
         throw JSONRPCError(RPC_INVALID_REQUEST, "Method must be a string");
     strMethod = valMethod.get_str();
     if (strMethod != "getblocktemplate")
-        LogPrint("rpc", "ThreadRPCServer method=%s\n", strMethod);
+        LogPrint("rpc", "ThreadRPCServer method=%s\n", SanitizeString(strMethod));
 
     // Parse params
     Value valParams = find_value(request, "params");
-- 
cgit v1.2.3