From d4746d56c0c45b8721da36bc19b2bdaba5d7d094 Mon Sep 17 00:00:00 2001
From: Mark Friedenbach <mark@blockstream.io>
Date: Thu, 16 Oct 2014 16:16:29 -0700
Subject: Add a SECURE style flag for ThreadSafeMessageBox, which indicates
 that the message contains sensitive information. This keeps the message from
 being output to the debug log by bitcoind. Fixes a possible security risk
 when starting bitcoind in server mode without the 'rpcpassword' option
 configured, resulting in the "suggested" password being output to the debug
 log.

---
 src/qt/bitcoingui.cpp | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'src/qt/bitcoingui.cpp')

diff --git a/src/qt/bitcoingui.cpp b/src/qt/bitcoingui.cpp
index 8a945606dc..9d6d07a56b 100644
--- a/src/qt/bitcoingui.cpp
+++ b/src/qt/bitcoingui.cpp
@@ -992,6 +992,9 @@ void BitcoinGUI::showProgress(const QString &title, int nProgress)
 static bool ThreadSafeMessageBox(BitcoinGUI *gui, const std::string& message, const std::string& caption, unsigned int style)
 {
     bool modal = (style & CClientUIInterface::MODAL);
+    // The SECURE flag has no effect in the Qt GUI.
+    // bool secure = (style & CClientUIInterface::SECURE);
+    style &= ~CClientUIInterface::SECURE;
     bool ret = false;
     // In case of modal message, use blocking connection to wait for user to click a button
     QMetaObject::invokeMethod(gui, "message",
-- 
cgit v1.2.3