[pve-devel] [PATCH common] fix #5486: tools: encode_text: add '%' to list of encoded characters

From: Dominik Csapak <d.csapak@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH common] fix #5486: tools: encode_text: add '%' to list of encoded characters
Date: Tue, 28 May 2024 13:10:02 +0200	[thread overview]
Message-ID: <20240528111002.2655756-1-d.csapak@proxmox.com> (raw)

all text that is going through encode_text will at a later point be
decoded by 'decode_text'. The latter is decoding all percent encoded
characters, even those not originally encoded by 'encode_text'.

This means, to preserve the original data, we first have to at least
percent encode the '%' itself, otherwise it's impossible to properly
store e.g. '%20' there.

It would get saved as '%20' directly, but on the next read, it gets
decoded to ' ', which is not the original data. instead we have to save
it as '%2520', which gets then correctly decoded to '%20' again

This is especially important for the vm/ct/node description, as there
users can store external links, which already include percent encoded
characters.

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
---
AFAICS, we only use this for comment fields + first/lastname in
access-control, so we should be ok here
 src/PVE/Tools.pm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/PVE/Tools.pm b/src/PVE/Tools.pm
index 766c809..59cc5c9 100644
--- a/src/PVE/Tools.pm
+++ b/src/PVE/Tools.pm
@@ -1246,8 +1246,8 @@ sub upid_normalize_status_type {
 sub encode_text {
     my ($text) = @_;
 
-    # all control and hi-bit characters, and ':'
-    my $unsafe = "^\x20-\x39\x3b-\x7e";
+    # all control and hi-bit characters, ':' and '%'
+    my $unsafe = "^\x20-\x24\x26-\x39\x3b-\x7e";
     return uri_escape(Encode::encode("utf8", $text), $unsafe);
 }
 
-- 
2.39.2



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

