From: Dietmar Maurer <dietmar@proxmox.com>
Date: Mon, 6 Aug 2018 11:36:23 +0000 (+0200)
Subject: render_bytes: avoid untaint by simply change the sprintf call
X-Git-Url: https://git.proxmox.com/?p=pve-common.git;a=commitdiff_plain;h=3496d4bf4d69213e9f211b64d63a54a63c9e5b16;hp=a91ee28fe5abd92080260d66078f88d05ff4f4f0

render_bytes: avoid untaint by simply change the sprintf call

There is no need to untaint if we do it this way (no idea why).
---

diff --git a/src/PVE/CLIFormatter.pm b/src/PVE/CLIFormatter.pm
index 2c10318..4702180 100644
--- a/src/PVE/CLIFormatter.pm
+++ b/src/PVE/CLIFormatter.pm
@@ -69,9 +69,6 @@ PVE::JSONSchema::register_renderer(
 sub render_bytes {
     my ($value) = @_;
 
-    return $value if $value !~ m/^(\d+)$/;
-    $value = int($1); # untaint for sprintf
-
     my @units = qw(B KiB MiB GiB TiB PiB);
 
     my $max_unit = 0;
@@ -79,8 +76,8 @@ sub render_bytes {
         $max_unit = int(log($value)/log(1024));
         $value /= 1024**($max_unit);
     }
-
-    return sprintf "%.2f $units[$max_unit]", $value;
+    my $unit = $units[$max_unit];
+    return sprintf "%.2f $unit", $value;
 }
 
 PVE::JSONSchema::register_renderer('bytes', \&render_bytes);