The bug is caused by careless use of input as regex's in at least two places.
The following can hide the problem, but I don't know if it's a proper fix:
-------------- cut here ------------- 8< -----------------------
--- CGI.pm.orig 2006-12-05 06:52:37.000000000 -0500
+++ CGI.pm 2007-02-20 12:43:25.000000000 -0500
@@ -2632,7 +2632,8 @@
my $uri = $rewrite && $request_uri ? $request_uri : $script_name;
$uri =~ s/\?.*$//; # remove
query string
- $uri =~ s/$path$// if defined $path; # remove path
+ my $path_re = quotemeta($path);
+ $uri =~ s/$path_re$// if defined $path; # remove
path
if ($full) {
my $protocol = $self->protocol();
@@ -2768,8 +2769,9 @@
my $raw_path_info = $ENV{PATH_INFO} || '';
my $uri = $ENV{REQUEST_URI} || '';
- if ($raw_script_name =~ m/$raw_path_info$/) {
- $raw_script_name =~ s/$raw_path_info$//;
+ my $raw_path_info_re = quotemeta($raw_path_info);
+ if ($raw_script_name =~ m/$raw_path_info_re$/) {
+ $raw_script_name =~ s/$raw_path_info_re$//;
}
my @uri_double_slashes = $uri =~ m^(/{2,}?)^g;
-------------- cut here ------------- 8< -----------------------
Regards,
--
Ambrose Li <[EMAIL PROTECTED]>
Chinese Cultural Centre of Greater Toronto
+1 416 292 9293 http://www.cccgt.org/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
