Bug: & and > inside verbatim tags are not escaped properly
in sub putBackVerbatim in lib/TWiki.pm, this code:
$val =~ s/</</g;
$val =~ s/</>/g;
needs to be changed to:
$val =~ s/&/&/g;
$val =~ s/</</g;
$val =~ s/>/>/g;
(please view the raw text of this bug to see the code snippets correctly, since verbatim tags aren't sufficient due to the very bug I am reporting!)
Test case
These should render as 4 single characters:
&
<
>
<
These should render exactly as they appear inside the verbatim tags, as 4 strings of 4-5 character each, not as single characters:
&
<
>
<
Updated to add: well, whatever version of TWiki is running on this server seems to have fixed the bug already, although I did not find it when I searched the bug reports... cool, no work needed. But, the fix above is really easy for existing
TWikiRelease01Feb2003 users to apply without having to do a full upgrade ...
Environment
TWiki version: |
TWikiRelease01Feb2003 |
TWiki plugins: |
|
Server OS: |
Solaris 8 |
Web server: |
Apache 1.3 |
Perl version: |
5.8.0 |
Client OS: |
|
Web Browser: |
|
--
OwenNichols - 27 Aug 2004
Follow up
Fix record
it's in
VerbatimShouldEscapeHtmlEntities