[pve-devel] [PATCH v2 10/10] HTTPServer.pm: improve baseuri matching

Dietmar Maurer dietmar at proxmox.com
Tue Jan 10 17:06:07 CET 2017


Signed-off-by: Dietmar Maurer <dietmar at proxmox.com>
---
 PVE/HTTPServer.pm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/PVE/HTTPServer.pm b/PVE/HTTPServer.pm
index 10263e9..0697ae2 100755
--- a/PVE/HTTPServer.pm
+++ b/PVE/HTTPServer.pm
@@ -982,7 +982,7 @@ sub handle_request {
 	# we re-enable timeout in response()
 	$reqstate->{hdl}->timeout(0);
 
-	if ($path =~ m!$baseuri!) {
+	if ($path =~ m/^\Q$baseuri\E/) {
 	    $self->handle_api2_request($reqstate, $auth, $method, $path);
 	    return;
 	}
@@ -1258,7 +1258,7 @@ sub unshift_read_header {
 		    }
 		    $self->handle_spice_proxy_request($reqstate, $connect_str, $vmid, $node, $port);
 		    return;
-		} elsif ($path =~ m!$baseuri!) {
+		} elsif ($path =~ m/^\Q$baseuri\E/) {
 		    my $token = $r->header('CSRFPreventionToken');
 		    my $cookie = $r->header('Cookie');
 		    my $ticket = extract_auth_cookie($cookie, $self->{cookie_name});
-- 
2.1.4



More information about the pve-devel mailing list