Package: libxml-rsslite-perl
Version: 0.11-1
Severity: normal
File: /usr/share/perl5/XML/RSSLite.pm
The file below run as "perl bar.pl" gets an error
Unmatched [ in regex; marked by <-- HERE in m/![ <-- HERE CDATA[/ at
/usr/share/perl5/XML/RSSLite.pm line 266.
I suspect the parsing somehow lets "CDATA[" get in as a tag to be
matched, or skipped. I know rsslite doesn't handle cdata, but I think a
little quoting can protect it against evil tags (or apparent tags). I
got some joy from the diff below.
I struck this at a feed
http://rss.weather.com.au/sa/adelaide
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i586)
Kernel: Linux 2.6.22-1-486
Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/dash
Versions of packages libxml-rsslite-perl depends on:
ii perl 5.8.8-10 Larry Wall's Practical Extraction
libxml-rsslite-perl recommends no packages.
-- no debconf information
use strict;
use XML::RSSLite;
my %feed;
my $xml = '<?xml version="1.0"?>
<rss version="2.0">
<channel>
<item>
<description>
<![CDATA[
<b>something bold</b> <br />
]]>
</description>
</item>
</channel>
</rss>
';
parseRSS(\%feed, \$xml);
print $feed{'item'}->{'link'};
--- RSSLite.pm 2007-09-23 10:17:09.000000000 +1000
+++ RSSLite.pm.new 2007-09-23 10:12:02.000000000 +1000
@@ -263,7 +263,7 @@
#$str =~ s%(>?)\s*<%$1<%g;
#XXX #$str =~ s%(?:^|(?<=>))\s*(?:(?=<)|\z)%%g
- my $qr = [EMAIL PROTECTED]('|', keys %{$inhash})]}};
+ my $qr = [EMAIL PROTECTED]('|', map {quotemeta} keys %{$inhash})]}};
$content =~ s%<($qr)\s*(?:[^>]*?)?(?:/|>.*?</\1)>%%sg;
$inhash->{'<>'} = $content if $content =~ /\S/;
