assume all parameters are utf8 encoded

Previously, we called decode_utf8_parameters(), which only encoded some parameters. This was just an optimization, and it turend out to be error prone (for example passwords also contain utf8 parameters).
2025-05-02 12:38:22 +00:00 · 2017-05-02 09:58:53 +02:00 · 2017-05-02 09:58:53 +02:00 · 256da58194
commit 256da58194
parent e8ae1f090b
1 changed files with 5 additions and 1 deletions
--- a/PVE/APIServer/AnyEvent.pm
+++ b/PVE/APIServer/AnyEvent.pm
@ -29,6 +29,7 @@ use AnyEvent::IO;
 use AnyEvent::HTTP;
 use Fcntl ();
 use Compress::Zlib;
+use Encode;
 use PVE::SafeSyslog;
 use PVE::INotify;
 use PVE::Tools;
@ -617,6 +618,7 @@ sub proxy_request {
 }

 # return arrays as \0 separated strings (like CGI.pm)
+# assume data is UTF8 encoded
 sub decode_urlencoded {
    my ($data) = @_;

@ -631,6 +633,8 @@ sub decode_urlencoded {
 	$v =~s/\+/ /g;
 	$v =~ s/%([0-9a-fA-F][0-9a-fA-F])/chr(hex($1))/eg;

+	$v = Encode::decode('utf8', $v);
+
 	if (defined(my $old = $res->{$k})) {
 	    $res->{$k} = "$old\0$v";
 	} else {
@ -655,7 +659,7 @@ sub extract_params {
 	$params->{$k} = $query_params->{$k};
    }

-    return PVE::Tools::decode_utf8_parameters($params);
+    return $params;
 }

 sub handle_api2_request {