qt: rpc console, filtered commands replaced with ‘(…)’ may execute unintended actions when recalled from history #907

issue waketraindev openend this issue on October 25, 2025
  1. waketraindev commented at 12:40 pm on October 25, 2025: contributor

    Is there an existing issue for this?

    • I have searched the existing issues

    Current behaviour

    In the Qt rpc console, when a command is filtered for privacy (historyFilter) it’s parameters are replaced with (…)

    For example:

    0createwallet "testwallet"
1
2recalled as: createwallet(…)

    If this filtered command is later recalled from command history (ArrowUp+Enter), it executes literally, creating or executing an unintended command such as createwallet(…)

    This will then create a wallet named

    Expected behaviour

    Filtered commands should not execute unintended actions when recalled from history.

    Instead of replacing parameters with (…), consider:

    • Replacing with a harmless command like help(“createwallet”) or
    • Replacing with a console only command that will not be executed

    Steps to reproduce

    1. Open the rpc console
    2. Run createwallet “test”
    3. Press Arrow-Up
    4. Press enter

    A new wallet named “…” is created.

    Relevant log output

    No response

    How did you obtain Bitcoin Core

    Compiled from source

    What version of Bitcoin Core are you using?

    30.0 or master

    Operating system and version

    Windows 11

    Machine specifications

    No response

  2. waketraindev closed this on Oct 27, 2025


waketraindev

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin-core/gui. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2025-11-07 18:20 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me