Hello everyone,
Working through a problem with my friend George Schlossnagle, we uncovered a problem
in uri_escape, both the version that comes with 5.6.0 and 5.6.1. It makes the
following escape rule problematic:
my $escape_rule = '^a-zA-Z0-9\/_\\.';
It fails in 5.6.1 but works in 5.6.0.
However, if you change it to
my $escape_rule = '^a-zA-Z0-9/_\\.';
Then it works in 5.6.0 but fails in 5.6.1.
George uncovered the following lines. Forgive me as I paste from our im conversation
to save time.
[16:22] muntoh: I'm guessing stronglythe problem is in this line of URI::Escape
[16:23] muntoh: $subst{$patn} =
eval "sub {\$_[0] =~ s/([$patn])/\$escapes{\$1}/g; }";
[16:24] muntoh: so, he creates ana nonymous function block which does the substitution
by eval'ing a sub routine defintiion.
[16:25] muntoh: if you have a bare '/' in $patn, that will likely break the regex. I
think
[16:26] muntoh: yep
[16:33] muntoh: URI::Escape changed in perl;-5.6.1 to allow for that. But it
re-breaks it.
[16:33] muntoh: unless (exists $subst{$patn}) {
# Because we can't compile the regex we fake it with a cached sub
(my $tmp = $patn) =~ s,/,\\/,g;
$subst{$patn} =
eval "sub {\$_[0] =~ s/([$tmp])/\$escapes{\$1}/g; }";
[...]
[16:46] muntoh: we talked it over here and think it may be safe. someone should just
fix URI::Escape
[16:47] muntoh: if you want to submit a patch, I think what he wants is (my $tmp =
$patn) =~ s,/,[^\]\\/,g;
Hope this helps,
Paul
