Description:
------------
Open the Status Page of FPM, for example:
http://my.server.ip/status-php-fpm?json&full&testparam=\a\b\c

Take the "json" output of it and validate it -> it will fail because any backslash is not escaped in the "request uri" property.

According to http://json.org/string.gif every unicode character is allowed in a string but no " or \ or a control character. They have to be escaped.
The same problem may occur with the "script" property.

Regarding XML output: the text nodes of <request-uri> and <script> should be wrapped in CDATA sections.

This erroneous behavior applies to every request not only the ones to the status page, for example a request to http://my.server.ip/mywebsite/something?path=foo\bar will make the status page to produce invalid output.

Expected result:
----------------
"processes":[
{
  "pid":2432,
  "state":"Idle",
  "start time":1425579888,
  "start since":1039595,
  "requests":1523,
  "request duration":614,
  "request method":"GET",
  "request uri":"/php-status?json&full&testparam=\\a\\b\\c",
  "content length":0,
  "user":"-",
  "script":"-",
  "last request cpu":0.00,
  "last request memory":262144
},
...

Actual result:
--------------
"processes":[
{
  "pid":2432,
  "state":"Idle",
  "start time":1425579888,
  "start since":1039595,
  "requests":1523,
  "request duration":614,
  "request method":"GET",
  "request uri":"/php-status?json&full&testparam=\a\b\c",
  "content length":0,
  "user":"-",
  "script":"-",
  "last request cpu":0.00,
  "last request memory":262144
},
...