comments inline > Dietmar Maurer <[email protected]> hat am 15. Juni 2016 um 12:27 > geschrieben: > > > comments inline > > ... > > diff --git a/src/PVE/CLI/pct.pm b/src/PVE/CLI/pct.pm > > index ca87229..748ace3 100755 > > --- a/src/PVE/CLI/pct.pm > > +++ b/src/PVE/CLI/pct.pm > > @@ -542,12 +542,22 @@ our $cmddef = { > > my $config = shift; > > foreach my $k (sort (keys %$config)) { > > next if $k eq 'digest'; > > + next if $k eq 'lxc'; > > my $v = $config->{$k}; > > if ($k eq 'description') { > > $v = PVE::Tools::encode_text($v); > > } > > print "$k: $v\n"; > > } > > + if (defined($config->{'lxc'})) { > > + my $lxc_list = $config->{'lxc'}; > > + foreach my $lxc_opt (@$lxc_list) { > > + if (@$lxc_opt == 2) { > > why is above test required? AFAIK we always do: > > push @{$conf->{lxc}}, [$key, $value];
in case this is ever changed? erring on the side of caution, but can be dropped... > > > + my $v = PVE::Tools::encode_text(@$lxc_opt[1]); > > why do you call PVE::Tools::encode_text() here? because this is an unvalidated, user provided value that is printed to the shell/terminal (we do the same for the description). I can't think of anything really dangerous atm, but you can at least hide stuff (for example, lines or parts of lines) using terminal escape sequences. _______________________________________________ pve-devel mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
