> On June 15, 2016 at 3:54 PM Dietmar Maurer wrote:
>
>
> > >
> > > > + my $v =
> > > > PVE::Tools::encode_text(@$lxc_opt[1]);
> > >
> > > why do you call PVE::Tools::encode_text() here?
> >
> > because this is an unvalidated, user provided value that is printe
> >
> > > + my $v = PVE::Tools::encode_text(@$lxc_opt[1]);
> >
> > why do you call PVE::Tools::encode_text() here?
>
> because this is an unvalidated, user provided value that is printed to the
> shell/terminal
IMHO that is not really dangerous
> (we do the same for the
comments inline
> Dietmar Maurer hat am 15. Juni 2016 um 12:27
> geschrieben:
>
>
> comments inline
>
> ...
> > diff --git a/src/PVE/CLI/pct.pm b/src/PVE/CLI/pct.pm
> > index ca87229..748ace3 100755
> > --- a/src/PVE/CLI/pct.pm
> > +++ b/src/PVE/CLI/pct.pm
> > @@ -542,12 +542,22 @@ our $cmdde
comments inline
...
> diff --git a/src/PVE/CLI/pct.pm b/src/PVE/CLI/pct.pm
> index ca87229..748ace3 100755
> --- a/src/PVE/CLI/pct.pm
> +++ b/src/PVE/CLI/pct.pm
> @@ -542,12 +542,22 @@ our $cmddef = {
> my $config = shift;
> foreach my $k (sort (keys %$config))
this makes the "pct config" output more complete, the object
returned by the API path contains the lxc options as parsed
by our config parser, e.g.:
"lxc" : [
[
"lxc.cap.keep",
"sys_time"
],
[
"lxc.cap.drop",
"abc"
],
[
