From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id C434F1FF153 for ; Mon, 22 Jun 2026 13:25:16 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 9D88082AB; Mon, 22 Jun 2026 13:25:16 +0200 (CEST) Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 Date: Mon, 22 Jun 2026 13:24:39 +0200 Message-Id: Subject: Re: [PATCH pmg-api/pmg-docs/pmg-gui v3 0/5] tracking-center: make input-base configurable To: "Stoiko Ivanov" , From: "Max R. Carrara" X-Mailer: aerc 0.18.2-0-ge037c095a049 References: <20260612174145.1190233-1-s.ivanov@proxmox.com> In-Reply-To: <20260612174145.1190233-1-s.ivanov@proxmox.com> X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1782127469847 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.080 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: BTQXUII3VUBWUAQ4OJOSPGXPGTP74L3B X-Message-ID-Hash: BTQXUII3VUBWUAQ4OJOSPGXPGTP74L3B X-MailFrom: m.carrara@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox Mail Gateway development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: On Fri Jun 12, 2026 at 7:40 PM CEST, Stoiko Ivanov wrote: > v2->v3: > * pmg-api patch 2: change the validation from a regex to a validation sub > to sanitize the path and prevent curdir and parentdir as well as > consecutive slashes > > Thanks big-time to Max for checking the series so quickly and for the > valuable feedback and insight into SectionConfig! I decided to not > implement some of the suggestions (as talked off-list): > * root-only vs. root_only - as this is not a user-facing/api parameter, > left it in snake_case to not have to quote it. > * I left the maximal directory depth at 6, as we can very easily extend i= t > if someone requests it, while restricting after having this public woul= d > be backwards incompatible > * pmg currently does not have a concept of api-permissions and not > showing/modifying elements where an user has no permissions - > implementing this would expand the scope of this small patch series too > much (PVE has this in access-control [0]). > * the docs for pmg.conf get generated automatically based on the property > descriptions - see [1]. > > > [0] https://git.proxmox.com/?p=3Dpve-access-control.git;a=3Dblob;f=3Dsrc/= PVE/RPCEnvironment.pm;h=3D7591aa9ed414f4e70b66bc6c40cb054bd2e8231c;hb=3D5cc= d07d9302562b73374d331b63d25b04b86766c#l178 > [1] https://git.proxmox.com/?p=3Dpmg-docs.git;a=3Dblob;f=3Dpmg-doc-genera= tor.mk.in;h=3De9253c4a84b0d545021259b68c2051b6697a11f5;hb=3Db3a0fb7f942001a= 26d2386e5d1ee47be2b9eaf0b#l51 > v2: > https://lore.proxmox.com/pmg-devel/DJ5IDD9OR8HE.ENMUIGWPW37U@proxmox.com/= T/#t > > [...] Many thanks for the refresh and the kind words! Everything LGTM -- the patches look neat, and a quick smoke-test confirmed that the new format added in patch #2 actually does validate the provided path as expected. Specifically, tried to get it to break and did not succeed. Nicely done! One thing I'd suggest for future regexes is to make use of the /x and /xx modifiers [0], since they really help making regexes much more readable. Definitely not an issue in this series IMO -- just wanted to mention it, since people less familiar with Perl may have a hard time parsing certain REs. Great work -- since everything's resolved and I couldn't break it, consider: Tested-by: Max R. Carrara Reviewed-by: Max R. Carrara [0] https://perldoc.perl.org/perlre#/x-and-/xx