* [pve-devel] [PATCH http-server] fix regression in api/html (bootstrap) viewer
@ 2023-05-30 11:56 Dominik Csapak
2023-05-30 12:43 ` [pve-devel] applied: " Thomas Lamprecht
0 siblings, 1 reply; 2+ messages in thread
From: Dominik Csapak @ 2023-05-30 11:56 UTC (permalink / raw)
To: pve-devel
recent versions of URI::Escape seem to handle the 'unsafe characters'
parameter differently than before, enforcing what is documented:
The set is specified as a string that can be used in a regular
expression character class (between [ ]).
so the leading/trailing [] were never supposed to be there.
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
---
src/PVE/APIServer/Formatter/Bootstrap.pm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/PVE/APIServer/Formatter/Bootstrap.pm b/src/PVE/APIServer/Formatter/Bootstrap.pm
index e67554a..001ad2b 100644
--- a/src/PVE/APIServer/Formatter/Bootstrap.pm
+++ b/src/PVE/APIServer/Formatter/Bootstrap.pm
@@ -167,7 +167,7 @@ sub el {
foreach my $attr (keys %param) {
next if $skip->{$attr};
- my $v = $noescape->{$attr} ? $param{$attr} : uri_escape_utf8($param{$attr},"[^\/\ A-Za-z0-9\-\._~]");
+ my $v = $noescape->{$attr} ? $param{$attr} : uri_escape_utf8($param{$attr}, "^\/\ A-Za-z0-9\-\._~");
next if !defined($v);
if ($boolattr->{$attr}) {
$html .= " $attr" if $v;
--
2.30.2
^ permalink raw reply [flat|nested] 2+ messages in thread
* [pve-devel] applied: [PATCH http-server] fix regression in api/html (bootstrap) viewer
2023-05-30 11:56 [pve-devel] [PATCH http-server] fix regression in api/html (bootstrap) viewer Dominik Csapak
@ 2023-05-30 12:43 ` Thomas Lamprecht
0 siblings, 0 replies; 2+ messages in thread
From: Thomas Lamprecht @ 2023-05-30 12:43 UTC (permalink / raw)
To: Proxmox VE development discussion, Dominik Csapak
Am 30/05/2023 um 13:56 schrieb Dominik Csapak:
> recent versions of URI::Escape seem to handle the 'unsafe characters'
> parameter differently than before, enforcing what is documented:
>
> The set is specified as a string that can be used in a regular
> expression character class (between [ ]).
>
> so the leading/trailing [] were never supposed to be there.
Since liburi-perl 5.15 we could also use a qr// regex object [0], maybe that
would be a bit more explicit here; Debian Bookworm has already 5.17 available.
[0]: https://github.com/libwww-perl/URI/commit/a3f96169b002e1fa747713654edfa9f528d17cbb
>
> Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
> ---
> src/PVE/APIServer/Formatter/Bootstrap.pm | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
>
Anyhow, we don't have to touch this often and its for a dev/debug features, so
for now:
applied, with commit message amended with referencing the commit that broke
our usage and the possibility of regex objects, thanks!
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-05-30 12:44 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-05-30 11:56 [pve-devel] [PATCH http-server] fix regression in api/html (bootstrap) viewer Dominik Csapak
2023-05-30 12:43 ` [pve-devel] applied: " Thomas Lamprecht
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal