rpc: prevent backupwallet method (#298)

tpruvot · Sep 3, 2018 · f93b3df · f93b3df · phm87 · Sep 3, 2018
1 parent 1da40e5
commit f93b3df
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/web/yaamp/core/rpc/easybitcoin.php b/web/yaamp/core/rpc/easybitcoin.php
@@ -135,7 +135,7 @@ function __call($method, $params)
 		// The ID should be unique for each call
 		$this->id++;
 
-		if (stripos($method, 'dump') !== false) {
+		if (stripos($method, 'dump') !== false || stripos($method, 'backupwallet') !== false) {
 			$this->error = "$method method is not authorized!";
 			return FALSE;
 		}

diff --git a/web/yaamp/core/rpc/wallet-rpc.php b/web/yaamp/core/rpc/wallet-rpc.php
@@ -55,7 +55,7 @@ function __construct($userOrCoin, $pw='', $host='localhost', $port=8332, $url=nu
 
 	function __call($method, $params)
 	{
-		if (stripos($method, "dump") !== false) {
+		if (stripos($method, "dump") !== false || stripos($method, "backupwallet") !== false) {
 			$this->error = "$method not authorized!";
 			debuglog("$method rpc method is not authorized!");
 			return false;