Fix potential DDOS on get rate

2025-12-18 22:44:29 +01:00 · 2018-07-30 22:45:28 +09:00
parent 3b3a18bbbc
commit 6401af00fe
1 changed files with 5 additions and 5 deletions
--- a/BTCPayServer/Controllers/RateController.cs
+++ b/BTCPayServer/Controllers/RateController.cs
@@ -120,19 +120,19 @@ namespace BTCPayServer.Controllers
            {
                currencyPairs = "";
                var supportedMethods = store.GetSupportedPaymentMethods(_NetworkProvider);
-                var currencyCodes = supportedMethods.Where(method => !string.IsNullOrEmpty(method.PaymentId.CryptoCode))
-                    .Select(method => method.PaymentId.CryptoCode).Distinct();
+                var currencyCodes = supportedMethods.Select(method => method.PaymentId.CryptoCode).Distinct();
                var defaultCrypto = store.GetDefaultCrypto(_NetworkProvider);

+                StringBuilder currencyPairsBuilder = new StringBuilder();
                foreach (var currencyCode in currencyCodes)
                {
                    if (!string.IsNullOrEmpty(currencyPairs))
                    {
-                        currencyPairs += ",";
+                        currencyPairsBuilder.Append(",");
                    }
-                    currencyPairs += $"{defaultCrypto}_{currencyCode}";
+                    currencyPairsBuilder.Append($"{defaultCrypto}_{currencyCode}");
                }
-
+                currencyPairs = currencyPairsBuilder.ToString();

                if (string.IsNullOrEmpty(currencyPairs))
                {