Disable storable encoding for client

Clever things can live in Storable payloads that can essentially be remote execution.
Disable that for now.

perl-xCAT/xCAT/Client.pm

@@ -261,11 +261,14 @@ if (ref($request) eq 'HASH') { # the request is an array, not pure XML
   }
 
   my $msg;
-  my $encode = "storable";
-  my $straightprint=0;
-  if ($ENV{XCATXMLTRACE} or $ENV{XCATXMLWARNING}) { $encode="xml"; }
+  my $encode = "xml";
+  #storable encoding is unsafe, carry on with the unsafe xml scheme
+  #perhaps one day will support faster schemes
+  #my $encode = "storable";
+  #my $straightprint=0;
+  #if ($ENV{XCATXMLTRACE} or $ENV{XCATXMLWARNING}) { $encode="xml"; }
   if (ref($request) eq 'HASH') { # the request is an array, not pure XML
-    print $client "xcatencoding: $encode\n";
+    #print $client "xcatencoding: $encode\n";
     my $encok=<$client>;
     send_request($request,$client,$encode);
   } else { #XML

xCAT-server/sbin/xcatd

@@ -2055,15 +2055,17 @@ sub service_connection {
     while (1) {
       unless ($clientsel->can_read(15)) { last; } #don't let an unresponsive client hold us up
       my $line = <$sock>; # grab one line, check for mode...
-      if ($line and $line =~ /^xcatencoding: (.*)/) {
-        unless ($supported_encodes{$1}) {
-            print $sock "Unsupported encoding $1\n";
-            last;
-        }
-        print $sock "Encoding accepted\n";
-        $globalencode=$1;
-        $line = "";
-      }
+      #Commenting out, could be a remote exceution path
+      #consider sereal one day
+      #if ($line and $line =~ /^xcatencoding: (.*)/) {
+      #  unless ($supported_encodes{$1}) {
+      #      print $sock "Unsupported encoding $1\n";
+      #      last;
+      #  }
+      #  print $sock "Encoding accepted\n";
+      #  $globalencode=$1;
+      #  $line = "";
+      #}
       $req = get_request($sock,$globalencode,$line);
       unless ($req) { last; }
       { #TODO: find closing brace..