From 66d6e52d1323eb0d303aeb070744994d19e0e619 Mon Sep 17 00:00:00 2001 From: "Wladimir J. van der Laan" Date: Sat, 9 Jan 2021 09:00:08 +0100 Subject: [PATCH] Merge #20741: doc: Update 'Secure string handling' 7117d7503f39f06b74c84777ec4db5d456a8086f Update 'Secure string handling' (Prayank) Pull request description: - Add information about possible path traversal attack - [wallet_name](https://bitcoincore.org/en/doc/0.20.0/rpc/wallet/createwallet/) (string): _The name for the new wallet. If this is a 'path', the wallet will be created at the 'path' location._ Fixes https://github.com/bitcoin/bitcoin/issues/20128 (Not really fixing it but workaround) This PR is an alternative to https://github.com/bitcoin/bitcoin/pull/20393 ACKs for top commit: michaelfolkson: ACK 7117d7503f39f06b74c84777ec4db5d456a8086f RiccardoMasutti: ACK https://github.com/bitcoin/bitcoin/commit/7117d7503f39f06b74c84777ec4db5d456a8086f benthecarman: ACK 7117d7503f39f06b74c84777ec4db5d456a8086f Tree-SHA512: 0d6c4f8db5feba848bbb583e87a99e6c4b655deaa2b566164e2632acc1aabf470d4626d2dc4b82c4997effc30d9b474d860d0e0d3e896648c5cc9bfdb623da6d --- doc/JSON-RPC-interface.md | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/doc/JSON-RPC-interface.md b/doc/JSON-RPC-interface.md index 4e7ca3f642..f220d78f02 100644 --- a/doc/JSON-RPC-interface.md +++ b/doc/JSON-RPC-interface.md @@ -88,13 +88,14 @@ RPC interface will be abused. - **Secure string handling:** The RPC interface does not guarantee any escaping of data beyond what's necessary to encode it as JSON, although it does usually provide serialized data using a hex - representation of the bytes. If you use RPC data in your programs or - provide its data to other programs, you must ensure any problem - strings are properly escaped. For example, multiple websites have - been manipulated because they displayed decoded hex strings that - included HTML `