all lists on lists.proxmox.com
 help / color / mirror / Atom feed
* [pve-devel] [PATCH http-server] fix regression in api/html (bootstrap) viewer
@ 2023-05-30 11:56 Dominik Csapak
  2023-05-30 12:43 ` [pve-devel] applied: " Thomas Lamprecht
  0 siblings, 1 reply; 2+ messages in thread
From: Dominik Csapak @ 2023-05-30 11:56 UTC (permalink / raw)
  To: pve-devel

recent versions of URI::Escape seem to handle the 'unsafe characters'
parameter differently than before, enforcing what is documented:

 The set is specified as a string that can be used in a regular
 expression character class (between [ ]).

so the leading/trailing [] were never supposed to be there.

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
---
 src/PVE/APIServer/Formatter/Bootstrap.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/PVE/APIServer/Formatter/Bootstrap.pm b/src/PVE/APIServer/Formatter/Bootstrap.pm
index e67554a..001ad2b 100644
--- a/src/PVE/APIServer/Formatter/Bootstrap.pm
+++ b/src/PVE/APIServer/Formatter/Bootstrap.pm
@@ -167,7 +167,7 @@ sub el {
 
     foreach my $attr (keys %param)  {
 	next if $skip->{$attr};
-	my $v = $noescape->{$attr} ? $param{$attr} : uri_escape_utf8($param{$attr},"[^\/\ A-Za-z0-9\-\._~]");
+	my $v = $noescape->{$attr} ? $param{$attr} : uri_escape_utf8($param{$attr}, "^\/\ A-Za-z0-9\-\._~");
 	next if !defined($v);
 	if ($boolattr->{$attr}) {
 	    $html .= " $attr" if $v;
-- 
2.30.2





^ permalink raw reply	[flat|nested] 2+ messages in thread

* [pve-devel] applied: [PATCH http-server] fix regression in api/html (bootstrap) viewer
  2023-05-30 11:56 [pve-devel] [PATCH http-server] fix regression in api/html (bootstrap) viewer Dominik Csapak
@ 2023-05-30 12:43 ` Thomas Lamprecht
  0 siblings, 0 replies; 2+ messages in thread
From: Thomas Lamprecht @ 2023-05-30 12:43 UTC (permalink / raw)
  To: Proxmox VE development discussion, Dominik Csapak

Am 30/05/2023 um 13:56 schrieb Dominik Csapak:
> recent versions of URI::Escape seem to handle the 'unsafe characters'
> parameter differently than before, enforcing what is documented:
> 
>  The set is specified as a string that can be used in a regular
>  expression character class (between [ ]).
> 
> so the leading/trailing [] were never supposed to be there.


Since liburi-perl 5.15 we could also use a qr// regex object [0], maybe that
would be a bit more explicit here; Debian Bookworm has already 5.17 available.

[0]: https://github.com/libwww-perl/URI/commit/a3f96169b002e1fa747713654edfa9f528d17cbb

> 
> Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
> ---
>  src/PVE/APIServer/Formatter/Bootstrap.pm | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
>

Anyhow, we don't have to touch this often and its for a dev/debug features, so
for now:

applied, with commit message amended with referencing the commit that broke
our usage and the possibility of regex objects, thanks!




^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2023-05-30 12:44 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-05-30 11:56 [pve-devel] [PATCH http-server] fix regression in api/html (bootstrap) viewer Dominik Csapak
2023-05-30 12:43 ` [pve-devel] applied: " Thomas Lamprecht

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal