regex escaping when using variables

lib/environment.rb

@@ -40,7 +40,8 @@ begin
 rescue LoadError => e
   puts "[ERROR] #{e}"
 
-  if missing_gem = e.to_s[%r{ -- ([^\s]+)}, 1]
+  missing_gem = e.to_s[%r{ -- ([^\s]+)}, 1]
+  if missing_gem
     puts "[TIP] Try to run 'gem install #{missing_gem}' or 'gem install --user-install #{missing_gem}'. If you still get an error, Please see README file or https://github.com/wpscanteam/wpscan"
   end
   exit(1)

lib/wpscan/modules/malwares.rb

@@ -53,7 +53,8 @@ module Malwares
     malwares_file_path || DATA_DIR + '/malwares.txt'
   end
 
-  def self.malware_pattern(url)
-    %r{<(?:script|iframe).* src=(?:"|')(#{url}[^"']*)(?:"|')[^>]*>}i
+  def self.malware_pattern(url_regex)
+    # no need to escape regex here, because malware.txt contains regex
+    %r{<(?:script|iframe).* src=(?:"|')(#{url_regex}[^"']*)(?:"|')[^>]*>}i
   end
 end

lib/wpscan/wp_detector.rb

@@ -54,7 +54,7 @@ class WpDetector
     regex2        = %r{\\?/}
     regex3        = %r{\\?/([^/\\"']+)\\?(?:/|"|')}
     # Custom wp-content dir is now used in this regex
-    names = response.body.scan(/#{regex1}#{wp_content_dir}#{regex2}#{type}#{regex3}/i)
+    names = response.body.scan(/#{regex1}#{Regexp.escape(wp_content_dir)}#{regex2}#{Regexp.escape(type)}#{regex3}/i)
 
     names.flatten!
     names.uniq!

lib/wpscan/wp_target.rb

@@ -93,10 +93,10 @@ class WpTarget
       # Only use the path because domain can be text or an ip
       uri_path = @uri.path
 
-      if index_body[/#{uri_path}\/wp-content\/(?:themes|plugins)\//i]
+      if index_body[/#{Regexp.escape(uri_path)}\/wp-content\/(?:themes|plugins)\//i]
         @wp_content_dir = "wp-content"
       else
-        @wp_content_dir = index_body[/(?:href|src)\s*=\s*(?:"|').+#{uri_path}([^"']+)\/(?:themes|plugins)\/.*(?:"|')/i, 1]
+        @wp_content_dir = index_body[/(?:href|src)\s*=\s*(?:"|').+#{Regexp.escape(uri_path)}([^"']+)\/(?:themes|plugins)\/.*(?:"|')/i, 1]
       end
     end
     @wp_content_dir