fix regression in api/html (bootstrap) viewer

Since v5.13, URI::Escape handles the 'unsafe characters' parameter
differently than before, i.e., enforcing what is documented [0]:

 The set is specified as a string that can be used in a regular
 expression character class (between [ ]).

So, the leading/trailing [] were never supposed to be there.

Note that since v5.15 we could also pass a qr// regex object.

[0]: https://github.com/libwww-perl/URI/commit/1a4ed66802f26c15cccd66c0b5d489cf9f3e3ba4

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
 [ T: Add details and mention regex objects ]
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>

diff --git a/src/PVE/APIServer/Formatter/Bootstrap.pm b/src/PVE/APIServer/Formatter/Bootstrap.pm
index e67554a1140758cdafe85bb92cd8b522827421b3..001ad2b7f71e9cecc8bdf609bbdaf08ceecff960 100644 (file)
--- a/src/PVE/APIServer/Formatter/Bootstrap.pm
+++ b/src/PVE/APIServer/Formatter/Bootstrap.pm
@@ -167,7 +167,7 @@ sub el {
 
     foreach my $attr (keys %param)  {
        next if $skip->{$attr};
-       my $v = $noescape->{$attr} ? $param{$attr} : uri_escape_utf8($param{$attr},"[^\/\ A-Za-z0-9\-\._~]");
+       my $v = $noescape->{$attr} ? $param{$attr} : uri_escape_utf8($param{$attr}, "^\/\ A-Za-z0-9\-\._~");
        next if !defined($v);
        if ($boolattr->{$attr}) {
            $html .= " $attr" if $v;