Am 15.11.24 um 16:17 schrieb Dominik Csapak:
> if the base image (parent) of an image contains whitespace in it's path
> (e.g. a space), the current untainting would not match and it would seem
> there was no parent.
do we really want all spaces like newline too? Those sometimes can cause odd
things when printing to CLI or the like, so maybe just add space explicitly?
Like with: /^([ \S]+)$/
>
> Fix that by adapting the untaint regex
>
> Signed-off-by: Dominik Csapak <d.csa...@proxmox.com>
> ---
> src/PVE/Storage/Plugin.pm | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/PVE/Storage/Plugin.pm b/src/PVE/Storage/Plugin.pm
> index eed764d..761783f 100644
> --- a/src/PVE/Storage/Plugin.pm
> +++ b/src/PVE/Storage/Plugin.pm
> @@ -1031,7 +1031,7 @@ sub file_size_info {
> ($format) = ($format =~ /^(\S+)$/); # untaint
> die "format '$format' includes whitespace\n" if !defined($format);
> if (defined($parent)) {
> - ($parent) = ($parent =~ /^(\S+)$/); # untaint
> + ($parent) = ($parent =~ /^(.*)$/); # untaint
> }
> return wantarray ? ($size, $format, $used, $parent, $st->ctime) : $size;
> }
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
