|Subject:||XPathScript.pm does not escape backslashes which should be escaped.|
FreeBSD 4.8-STABLE; perl v5.8.0 built for i386-freebsd; AxKit 1.6.1 I noticed some irregularities when having ASCII art (between <pre></pre> of course) in a XPS template though. To be more precise, I get a "500 Internal Server Error" when I try to run a XML file using the template containing the malicious ASCII art. I located the problem: XPathScript.pm eval()s something in the form of "print q| $text |", where $text contains my ASCII art and other HTML. What causes the code to fail is that my ASCII art contains multiple occurrences of \| (a backslash character preceeded by a "|"). While XPathScript does "$text =~ s/\|/\\\|/;" to escape the "|" (as it is used as a delimiter in q||), this substitution fails if there are an odd number of backslashes before the "|". This is because ig $text contains \|, then it will contain \\| after the substitution, which does later not escape the "|" but only the second backslash. Furthermore, if the template contains two backslashes followed by each other, they will be output as only one backslash, because XPathScript.pm does not take care of backslashes escaping themselves. (e.g. it does not replace \ with \\) I think the problem is fixed by simply adding this statement: $text =~ s/\\/\\\\/g; before both occurrences of the line $text =~ s/\|/\\\|/g; That would be adding my statement before the lines 204 and 247. Note: I have NOT stress-tested this fix in any way, I simply let the modified code run on my home box, and it works. I *think* that it should not break anything else, but do not rely on me for this. I have not hacked/looked around in the AxKit internals any more than mentioned here.