From 970306df8c0389ecd943dda13b4ea13a8dd8a0c6 Mon Sep 17 00:00:00 2001
From: Maik2208 <79879510+Maik2208@users.noreply.github.com>
Date: Sat, 4 Nov 2023 00:31:34 +0100
Subject: [PATCH 1/2] Whitespaces enabled in token description

This change allows whitespaces to be used in the token description
---
 xmlapi/tokenregister.cgi | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/xmlapi/tokenregister.cgi b/xmlapi/tokenregister.cgi
index 36b00a3..2fc22fa 100755
--- a/xmlapi/tokenregister.cgi
+++ b/xmlapi/tokenregister.cgi
@@ -14,7 +14,7 @@ if {[info exists sid] && [check_session $sid]} {
     set pairs [split $input &]
     foreach pair $pairs {
       if {0 != [regexp "^desc=(.*)$" $pair dummy val]} {
-        set desc $val
+        set desc [regsub -all "%20" $val " "]
         break
       }
     }

From 4bacc193f9f2657e9f91cf6e211b54a37f3d59f7 Mon Sep 17 00:00:00 2001
From: Jens Maus <mail@jens-maus.de>
Date: Wed, 8 Nov 2023 12:38:25 +0100
Subject: [PATCH 2/2] added more failure proof URL encode conversions for
 description

---
 xmlapi/tokenregister.cgi | 23 ++++++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/xmlapi/tokenregister.cgi b/xmlapi/tokenregister.cgi
index 2fc22fa..26223a7 100755
--- a/xmlapi/tokenregister.cgi
+++ b/xmlapi/tokenregister.cgi
@@ -14,7 +14,28 @@ if {[info exists sid] && [check_session $sid]} {
     set pairs [split $input &]
     foreach pair $pairs {
       if {0 != [regexp "^desc=(.*)$" $pair dummy val]} {
-        set desc [regsub -all "%20" $val " "]
+        set desc $val
+
+        # replace URL encoded parts
+        regsub -all {%20} $desc { } desc
+        regsub -all {%21} $desc {!} desc
+        regsub -all {%23} $desc {#} desc
+        regsub -all {%25} $desc {%} desc
+        regsub -all {%25} $desc {%} desc
+        regsub -all {%2A} $desc  *  desc
+        regsub -all {%2F} $desc {/} desc
+        regsub -all {%3F} $desc {?} desc
+        regsub -all {%5E} $desc {^} desc
+        regsub -all {%3D} $desc {=} desc
+        regsub -all {%2C} $desc {,} desc
+
+        # disable certain invalid chars
+        regsub -all {%3C} $desc {_} desc
+        regsub -all {<}   $desc {_} desc
+        regsub -all {%3E} $desc {_} desc
+        regsub -all {>}   $desc {_} desc
+        regsub -all {%27} $desc {_} desc
+        regsub -all {'}   $desc {_} desc
         break
       }
     }