qt: rpc console, filtered commands replaced with '(…)' may execute unintended actions when recalled from history #907
Description
Is there an existing issue for this?
- I have searched the existing issues
Current behaviour
In the Qt rpc console, when a command is filtered for privacy (historyFilter) it's parameters are replaced with (…)
For example:
createwallet "testwallet"
recalled as: createwallet(…)
If this filtered command is later recalled from command history (ArrowUp+Enter), it executes literally, creating or
executing an unintended command such as createwallet(…)
This will then create a wallet named …
Expected behaviour
Filtered commands should not execute unintended actions when recalled from history.
Instead of replacing parameters with (…), consider:
- Replacing with a harmless command like help("createwallet") or
- Replacing with a console only command that will not be executed
Steps to reproduce
- Open the rpc console
- Run createwallet "test"
- Press Arrow-Up
- Press enter
A new wallet named "…" is created.
Relevant log output
No response
How did you obtain Bitcoin Core
Compiled from source
What version of Bitcoin Core are you using?
30.0 or master@f54ffb4b patched with #901
createwallet is not added to historyFilter on master yet
Operating system and version
Windows 11
Machine specifications
No response