From: "Fabian Grünbichler" <f.gruenbichler@proxmox.com>
To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Subject: [pve-devel] applied: [PATCH common] fix #5486: tools: encode_text: add '%' to list of encoded characters
Date: Thu, 04 Jul 2024 10:58:16 +0200 [thread overview]
Message-ID: <172008349683.63060.7373969550523363330@yuna.proxmox.com> (raw)
In-Reply-To: <20240528111002.2655756-1-d.csapak@proxmox.com>
Quoting Dominik Csapak (2024-05-28 13:10:02)
> all text that is going through encode_text will at a later point be
> decoded by 'decode_text'. The latter is decoding all percent encoded
> characters, even those not originally encoded by 'encode_text'.
>
> This means, to preserve the original data, we first have to at least
> percent encode the '%' itself, otherwise it's impossible to properly
> store e.g. '%20' there.
>
> It would get saved as '%20' directly, but on the next read, it gets
> decoded to ' ', which is not the original data. instead we have to save
> it as '%2520', which gets then correctly decoded to '%20' again
>
> This is especially important for the vm/ct/node description, as there
> users can store external links, which already include percent encoded
> characters.
>
> Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
> ---
> AFAICS, we only use this for comment fields + first/lastname in
> access-control, so we should be ok here
and also for the worker ID for download-from-url workers, which should be fine
as well.
> src/PVE/Tools.pm | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/src/PVE/Tools.pm b/src/PVE/Tools.pm
> index 766c809..59cc5c9 100644
> --- a/src/PVE/Tools.pm
> +++ b/src/PVE/Tools.pm
> @@ -1246,8 +1246,8 @@ sub upid_normalize_status_type {
> sub encode_text {
> my ($text) = @_;
>
> - # all control and hi-bit characters, and ':'
> - my $unsafe = "^\x20-\x39\x3b-\x7e";
> + # all control and hi-bit characters, ':' and '%'
> + my $unsafe = "^\x20-\x24\x26-\x39\x3b-\x7e";
> return uri_escape(Encode::encode("utf8", $text), $unsafe);
> }
>
> --
> 2.39.2
>
>
>
> _______________________________________________
> pve-devel mailing list
> pve-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>
>
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
prev parent reply other threads:[~2024-07-04 8:58 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-28 11:10 [pve-devel] " Dominik Csapak
2024-07-04 8:58 ` Fabian Grünbichler [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=172008349683.63060.7373969550523363330@yuna.proxmox.com \
--to=f.gruenbichler@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox