[pve-devel] [PATCH v3 pve-manager 01/23] pvesr: add pve storage replication tool
Dietmar Maurer
dietmar at proxmox.com
Wed May 31 12:25:18 CEST 2017
> > +my $read_state = sub {
> > +
> > + return {} if ! -e $state_path;
> > +
> > + my $raw = PVE::Tools::file_get_contents($state_path);
> > +
> > + return {} if $raw eq '';
> > +
> > + return decode_json($raw);
> JSON::decode will not untaint the raw text, so we get problems with the
> last_sync, which we use many times in the code with open3.
> I would use a regex to untaint the $raw here, because it is much easier
> then doing this all over the code.
Please can you send a patch (code is already committed)?
More information about the pve-devel
mailing list