On 6/12/19 2:35 PM, Wolfgang Bumiller wrote:
On Wed, Jun 12, 2019 at 01:48:57PM +0200, Thomas Lamprecht wrote:
On 6/12/19 1:12 PM, Wolfgang Bumiller wrote:
On Tue, Jun 11, 2019 at 06:02:22AM +0200, Thomas Lamprecht wrote:
+
+ char *val = _get_property_value(tmp, prop, prop_len);
+ if (val == NULL) {
+ g_free(tmp);
+ goto ret;
+ }
+
+ g_string_append_printf(str,"\"%u\": { \"%s\": \"%s\"\n }",
vmid, prop, val);
Should we not sanity-check the value for double quotes here?
we normally do not have any here, but we can have in theory..
Maybe do the warn-and-ignore approach for now? and if we really
need it directly go to a libjson approach..
Sounds good to me. In the backend there shouldn't be double quotes after
all, just the documented regex you posted in the comment/commit message
doesn't reflect that as it just matches (.+) for the value.
just fyi, a user can put double quotes into the 'args' property
but i guess this is a field we won't extract with this method
also, theoretically a user can put a double quote into a bind mount path...
_______________________________________________
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
