[pve-devel] [PATCH http-server] fix regression in api/html (bootstrap) viewer
Dominik Csapak
d.csapak at proxmox.com
Tue May 30 13:56:25 CEST 2023
recent versions of URI::Escape seem to handle the 'unsafe characters'
parameter differently than before, enforcing what is documented:
The set is specified as a string that can be used in a regular
expression character class (between [ ]).
so the leading/trailing [] were never supposed to be there.
Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
---
src/PVE/APIServer/Formatter/Bootstrap.pm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/PVE/APIServer/Formatter/Bootstrap.pm b/src/PVE/APIServer/Formatter/Bootstrap.pm
index e67554a..001ad2b 100644
--- a/src/PVE/APIServer/Formatter/Bootstrap.pm
+++ b/src/PVE/APIServer/Formatter/Bootstrap.pm
@@ -167,7 +167,7 @@ sub el {
foreach my $attr (keys %param) {
next if $skip->{$attr};
- my $v = $noescape->{$attr} ? $param{$attr} : uri_escape_utf8($param{$attr},"[^\/\ A-Za-z0-9\-\._~]");
+ my $v = $noescape->{$attr} ? $param{$attr} : uri_escape_utf8($param{$attr}, "^\/\ A-Za-z0-9\-\._~");
next if !defined($v);
if ($boolattr->{$attr}) {
$html .= " $attr" if $v;
--
2.30.2
More information about the pve-devel
mailing list