> > > > > + my $v = PVE::Tools::encode_text(@$lxc_opt[1]); > > > > why do you call PVE::Tools::encode_text() here? > > because this is an unvalidated, user provided value that is printed to the > shell/terminal
IMHO that is not really dangerous > (we do the same for the description). because we store them in this format, so the file content is exactly what is printed. > I can't think of anything really dangerous atm, but you can at least hide > stuff (for example, lines or parts of lines) using terminal escape sequences. Ah. but only root can add those lines? _______________________________________________ pve-devel mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
