From: Dominik Csapak <d.csapak@proxmox.com>
Date: Tue, 30 May 2023 11:56:25 +0000 (+0200)
Subject: fix regression in api/html (bootstrap) viewer
X-Git-Url: https://git.proxmox.com/?p=pve-http-server.git;a=commitdiff_plain;h=d0f4b94507c6215bb4082bffd6f3b3a69c31e9a0

fix regression in api/html (bootstrap) viewer

Since v5.13, URI::Escape handles the 'unsafe characters' parameter
differently than before, i.e., enforcing what is documented [0]:

 The set is specified as a string that can be used in a regular
 expression character class (between [ ]).

So, the leading/trailing [] were never supposed to be there.

Note that since v5.15 we could also pass a qr// regex object.

[0]: https://github.com/libwww-perl/URI/commit/1a4ed66802f26c15cccd66c0b5d489cf9f3e3ba4

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
 [ T: Add details and mention regex objects ]
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---

diff --git a/src/PVE/APIServer/Formatter/Bootstrap.pm b/src/PVE/APIServer/Formatter/Bootstrap.pm
index e67554a..001ad2b 100644
--- a/src/PVE/APIServer/Formatter/Bootstrap.pm
+++ b/src/PVE/APIServer/Formatter/Bootstrap.pm
@@ -167,7 +167,7 @@ sub el {
 
     foreach my $attr (keys %param)  {
 	next if $skip->{$attr};
-	my $v = $noescape->{$attr} ? $param{$attr} : uri_escape_utf8($param{$attr},"[^\/\ A-Za-z0-9\-\._~]");
+	my $v = $noescape->{$attr} ? $param{$attr} : uri_escape_utf8($param{$attr}, "^\/\ A-Za-z0-9\-\._~");
 	next if !defined($v);
 	if ($boolattr->{$attr}) {
 	    $html .= " $attr" if $v;