[pve-devel] [PATCH pve-common] Fix 3560: gui/notes: escape % symbol when encoding

Dylan Whyte d.whyte at proxmox.com
Fri Nov 12 09:43:52 CET 2021


bump.

Noticed while doing some testing that this was never reviewed/applied.

On 8/6/21 3:22 PM, Dylan Whyte wrote:
> This prevents cases in which a string containing a percent character is
> inadvertently utf-8 decoded before being displayed in notes.
>
> Signed-off-by: Dylan Whyte <d.whyte at proxmox.com>
> ---
>   src/PVE/Tools.pm | 4 ++--
>   1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/src/PVE/Tools.pm b/src/PVE/Tools.pm
> index 807bc03..b8d6dc9 100644
> --- a/src/PVE/Tools.pm
> +++ b/src/PVE/Tools.pm
> @@ -1200,8 +1200,8 @@ sub upid_normalize_status_type {
>   sub encode_text {
>       my ($text) = @_;
>   
> -    # all control and hi-bit characters, and ':'
> -    my $unsafe = "^\x20-\x39\x3b-\x7e";
> +    # all control and hi-bit characters, ':', and '%'
> +    my $unsafe = "\x00-\x1f\x25\x3a\x7f-\xff";
>       return uri_escape(Encode::encode("utf8", $text), $unsafe);
>   }
>   




More information about the pve-devel mailing list