[pve-devel] [PATCH pve-common] Fix 3560: gui/notes: escape % symbol when encoding
Dylan Whyte
d.whyte at proxmox.com
Fri Nov 12 09:43:52 CET 2021
bump.
Noticed while doing some testing that this was never reviewed/applied.
On 8/6/21 3:22 PM, Dylan Whyte wrote:
> This prevents cases in which a string containing a percent character is
> inadvertently utf-8 decoded before being displayed in notes.
>
> Signed-off-by: Dylan Whyte <d.whyte at proxmox.com>
> ---
> src/PVE/Tools.pm | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/src/PVE/Tools.pm b/src/PVE/Tools.pm
> index 807bc03..b8d6dc9 100644
> --- a/src/PVE/Tools.pm
> +++ b/src/PVE/Tools.pm
> @@ -1200,8 +1200,8 @@ sub upid_normalize_status_type {
> sub encode_text {
> my ($text) = @_;
>
> - # all control and hi-bit characters, and ':'
> - my $unsafe = "^\x20-\x39\x3b-\x7e";
> + # all control and hi-bit characters, ':', and '%'
> + my $unsafe = "\x00-\x1f\x25\x3a\x7f-\xff";
> return uri_escape(Encode::encode("utf8", $text), $unsafe);
> }
>
More information about the pve-devel
mailing list