From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id A67B97F30D for ; Fri, 12 Nov 2021 09:43:53 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 97EEC16097 for ; Fri, 12 Nov 2021 09:43:53 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 2CB1F16089 for ; Fri, 12 Nov 2021 09:43:53 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id EF70143667 for ; Fri, 12 Nov 2021 09:43:52 +0100 (CET) To: pve-devel@lists.proxmox.com References: <20210806132224.2069916-1-d.whyte@proxmox.com> From: Dylan Whyte Message-ID: Date: Fri, 12 Nov 2021 09:43:52 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.14.0 MIME-Version: 1.0 In-Reply-To: <20210806132224.2069916-1-d.whyte@proxmox.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US X-SPAM-LEVEL: Spam detection results: 0 AWL 2.211 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment NICE_REPLY_A -3.449 Looks like a legit reply (A) SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [tools.pm] Subject: Re: [pve-devel] [PATCH pve-common] Fix 3560: gui/notes: escape % symbol when encoding X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Nov 2021 08:43:53 -0000 bump. Noticed while doing some testing that this was never reviewed/applied. On 8/6/21 3:22 PM, Dylan Whyte wrote: > This prevents cases in which a string containing a percent character is > inadvertently utf-8 decoded before being displayed in notes. > > Signed-off-by: Dylan Whyte > --- > src/PVE/Tools.pm | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/src/PVE/Tools.pm b/src/PVE/Tools.pm > index 807bc03..b8d6dc9 100644 > --- a/src/PVE/Tools.pm > +++ b/src/PVE/Tools.pm > @@ -1200,8 +1200,8 @@ sub upid_normalize_status_type { > sub encode_text { > my ($text) = @_; > > - # all control and hi-bit characters, and ':' > - my $unsafe = "^\x20-\x39\x3b-\x7e"; > + # all control and hi-bit characters, ':', and '%' > + my $unsafe = "\x00-\x1f\x25\x3a\x7f-\xff"; > return uri_escape(Encode::encode("utf8", $text), $unsafe); > } >