[pve-devel] [PATCH pve-common] Fix 3560: gui/notes: escape % symbol when encoding

[pve-devel] [PATCH pve-common] Fix 3560: gui/notes: escape % symbol when encoding

[Dylan Whyte]

This prevents cases in which a string containing a percent character is
inadvertently utf-8 decoded before being displayed in notes.

Signed-off-by: Dylan Whyte <d.whyte@proxmox.com>
---
 src/PVE/Tools.pm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/PVE/Tools.pm b/src/PVE/Tools.pm
index 807bc03..b8d6dc9 100644
--- a/src/PVE/Tools.pm
+++ b/src/PVE/Tools.pm
@@ -1200,8 +1200,8 @@ sub upid_normalize_status_type {
 sub encode_text {
     my ($text) = @_;
 
-    # all control and hi-bit characters, and ':'
-    my $unsafe = "^\x20-\x39\x3b-\x7e";
+    # all control and hi-bit characters, ':', and '%'
+    my $unsafe = "\x00-\x1f\x25\x3a\x7f-\xff";
     return uri_escape(Encode::encode("utf8", $text), $unsafe);
 }
 
-- 
2.30.2

Re: [pve-devel] [PATCH pve-common] Fix 3560: gui/notes: escape % symbol when encoding

[Dylan Whyte]

bump.

Noticed while doing some testing that this was never reviewed/applied.

On 8/6/21 3:22 PM, Dylan Whyte wrote:
> This prevents cases in which a string containing a percent character is
> inadvertently utf-8 decoded before being displayed in notes.
>
> Signed-off-by: Dylan Whyte <d.whyte@proxmox.com>
> ---
>   src/PVE/Tools.pm | 4 ++--
>   1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/src/PVE/Tools.pm b/src/PVE/Tools.pm
> index 807bc03..b8d6dc9 100644
> --- a/src/PVE/Tools.pm
> +++ b/src/PVE/Tools.pm
> @@ -1200,8 +1200,8 @@ sub upid_normalize_status_type {
>   sub encode_text {
>       my ($text) = @_;
>   
> -    # all control and hi-bit characters, and ':'
> -    my $unsafe = "^\x20-\x39\x3b-\x7e";
> +    # all control and hi-bit characters, ':', and '%'
> +    my $unsafe = "\x00-\x1f\x25\x3a\x7f-\xff";
>       return uri_escape(Encode::encode("utf8", $text), $unsafe);
>   }
>