assume all parameters are utf8 encoded

Previously, we called decode_utf8_parameters(), which only encoded
some parameters. This was just an optimization, and it turend out to
be error prone (for example passwords also contain utf8 parameters).

diff --git a/PVE/APIServer/AnyEvent.pm b/PVE/APIServer/AnyEvent.pm
index 99a97652a03e4c73380d3bf4d2dc1a4b95e17fa3..b2d58c5542aa52330af2931610d5aa204bf4f001 100755 (executable)
--- a/PVE/APIServer/AnyEvent.pm
+++ b/PVE/APIServer/AnyEvent.pm
@@ -29,6 +29,7 @@ use AnyEvent::IO;
 use AnyEvent::HTTP;
 use Fcntl ();
 use Compress::Zlib;
+use Encode;
 use PVE::SafeSyslog;
 use PVE::INotify;
 use PVE::Tools;
@@ -617,6 +618,7 @@ sub proxy_request {
 }
 
 # return arrays as \0 separated strings (like CGI.pm)
+# assume data is UTF8 encoded
 sub decode_urlencoded {
     my ($data) = @_;
 
@@ -631,6 +633,8 @@ sub decode_urlencoded {
        $v =~s/\+/ /g;
        $v =~ s/%([0-9a-fA-F][0-9a-fA-F])/chr(hex($1))/eg;
 
+       $v = Encode::decode('utf8', $v);
+
        if (defined(my $old = $res->{$k})) {
            $res->{$k} = "$old\0$v";
        } else {
@@ -655,7 +659,7 @@ sub extract_params {
        $params->{$k} = $query_params->{$k};
     }
 
-    return PVE::Tools::decode_utf8_parameters($params);
+    return $params;
 }
 
 sub handle_api2_request {