upload API: safer filename handling

Replace possibly-dangerous characters in uploaded filenames
with underscores, this includes spaces, colons, commas,
equal signs and any byte >= 128. Previously only spaces were
turned into underscores.

Also shell_quote the destination for scp.

Use '--' for some shell commands for safety.

Use brackets around the scp destination for ipv6 support.

PVE/API2/Storage/Status.pm

@@ -341,7 +341,7 @@ __PACKAGE__->register_method ({
 
 	chomp $filename;
 	$filename =~ s/^.*[\/\\]//;
-	$filename =~ s/\s/_/g;
+	$filename =~ s/[;:,=\s\x80-\xff]/_/g;
 
 	my $path;
 
@@ -373,7 +373,7 @@ __PACKAGE__->register_method ({
 
 	    my @ssh_options = ('-o', 'BatchMode=yes');
 
-	    my @remcmd = ('/usr/bin/ssh', @ssh_options, $remip);
+	    my @remcmd = ('/usr/bin/ssh', @ssh_options, $remip, '--');
 
 	    eval { 
 		# activate remote storage
@@ -382,14 +382,14 @@ __PACKAGE__->register_method ({
 	    };
 	    die "can't activate storage '$param->{storage}' on node '$node'\n" if $@;
 
- 	    PVE::Tools::run_command([@remcmd, '/bin/mkdir', '-p', $dirname],
+	    PVE::Tools::run_command([@remcmd, '/bin/mkdir', '-p', '--', PVE::Tools::shell_quote($dirname)],
 				    errmsg => "mkdir failed");
  
-	    $cmd = ['/usr/bin/scp', @ssh_options, $tmpfilename, "$remip:$dest"];
+	    $cmd = ['/usr/bin/scp', @ssh_options, '--', $tmpfilename, "[$remip]:" . PVE::Tools::shell_quote($dest)];
 	} else {
 	    PVE::Storage::activate_storage($cfg, $param->{storage});
 	    File::Path::make_path($dirname);
-	    $cmd = ['cp', $tmpfilename, $dest];
+	    $cmd = ['cp', '--', $tmpfilename, $dest];
 	}
 
 	my $worker = sub  {