From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 229A11FF13F for ; Thu, 26 Mar 2026 14:49:24 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 8F2C013E8A; Thu, 26 Mar 2026 14:49:46 +0100 (CET) From: Robert Obkircher To: pbs-devel@lists.proxmox.com Subject: [PATCH v1 proxmox-backup] www: percent-encode maintenance mode message to allow commas Date: Thu, 26 Mar 2026 14:46:57 +0100 Message-ID: <20260326134854.176430-1-r.obkircher@proxmox.com> X-Mailer: git-send-email 2.47.3 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1774532903925 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.067 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: SAE3GFAQARMTPF4BIWPFPQWYDS3DCSFM X-Message-ID-Hash: SAE3GFAQARMTPF4BIWPFPQWYDS3DCSFM X-MailFrom: r.obkircher@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox Backup Server development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Commas and equal signs caused problems because the maintenance mode message is stored in a property string. With a comma and no quotes (e.g. 'a,b'), the backend failed to update datastore.cfg because 'read-only,message=a,b' couldn't be re-parsed. Adding a quote triggered the correct escape logic in the backend, but then the frontend displayed the mode and message incorrectly. It also cut off everything after the first equal sign and silently stripped backslashes. Percent encoding was chosen because MaintenanceMode::check already decoded the message. Previously, this potentially caused the error message to differ from what was displayed in the web UI. Signed-off-by: Robert Obkircher --- I'm not sure if this is a good idea or if we should simply forbid those characters. I also tried changing ElementSerializer::serialize_str to quote like ElementSerializeSeq, but that wouldn't be sufficient because the parser in the frontend would still split by comma and parse something like 'read-only,message="a,b"' as type 'b"' and message '"a'. www/Utils.js | 6 +++++- www/window/MaintenanceOptions.js | 5 ++--- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/www/Utils.js b/www/Utils.js index fc9a5916..5e1ee0c6 100644 --- a/www/Utils.js +++ b/www/Utils.js @@ -800,7 +800,11 @@ Ext.define('PBS.Utils', { ([m, msg], pair) => { const [key, value] = pair.split('='); if (key === 'message') { - return [m, value.replace(/^"(.*)"$/, '$1').replace(/\\"/g, '"')]; + try { + return [m, decodeURIComponent(value)]; + } catch { + return [m, value]; + } } else { return [value ?? key, msg]; } diff --git a/www/window/MaintenanceOptions.js b/www/window/MaintenanceOptions.js index 9a735e5e..e9740843 100644 --- a/www/window/MaintenanceOptions.js +++ b/www/window/MaintenanceOptions.js @@ -39,9 +39,8 @@ Ext.define('PBS.window.MaintenanceOptions', { if (values.delete === 'maintenance-type') { values.delete = 'maintenance-mode'; } else if (values['maintenance-type']) { - const message = (values['maintenance-msg'] ?? '') - .replaceAll('\\', '') - .replaceAll('"', '\\"'); + // property string values can't contain symbols like commas and equal signs + const message = encodeURIComponent(values['maintenance-msg'] ?? ''); const maybe_message = values['maintenance-msg'] ? `,message="${message}"` : ''; values['maintenance-mode'] = `type=${values['maintenance-type']}${maybe_message}`; } -- 2.47.3