From 15c7e64e93329d27eb3a1964c922e2bc19eb9920 Mon Sep 17 00:00:00 2001
From: bcoles <bcoles@gmail.com>
Date: Wed, 1 May 2013 17:47:00 +0930
Subject: [PATCH] Fix bug with module image result rendering in admin UI

---
 .../media/javascript/ui/panel/common.js       | 24 ++++++++++++-------
 1 file changed, 15 insertions(+), 9 deletions(-)

diff --git a/extensions/admin_ui/media/javascript/ui/panel/common.js b/extensions/admin_ui/media/javascript/ui/panel/common.js
index 1727e17b8..594237c78 100644
--- a/extensions/admin_ui/media/javascript/ui/panel/common.js
+++ b/extensions/admin_ui/media/javascript/ui/panel/common.js
@@ -249,18 +249,24 @@ function genExistingExploitPanel(panel, command_id, zombie, sb) {
 							html = String.format("<div style='color:#385F95;text-align:right;'>{0}</div>", value);
 							html += '<p>';
 							for(index in record.data.data) {
-								result = record.data.data[index];
+								result = $jEncoder.encoder.encodeForHTML(record.data.data[index]).replace(/&lt;br&gt;/g,'<br>');
 								index = index.toString().replace('_', ' ');
-								//Check if the data is the image parameter and that it's a base64 encoded png.
-                                if ($jEncoder.encoder.encodeForHTML(result).replace(/&lt;br&gt;/g,'<br>').substring(0,28) == "image=data:image/png;base64,") {
-                                	//Lets display the image. // Does this introduce issues? Or, does the encoding keep this sound?
-                                	html += String.format('<img src="{0}" /><br>', $jEncoder.encoder.encodeForHTML(result).replace(/&lt;br&gt;/g,'<br>').substring(6));
-                                } else {
-	                                //output escape everything, but allow the <br> tag for better rendering.
-									html += String.format('<b>{0}</b>: {1}<br>', index, $jEncoder.encoder.encodeForHTML(result).replace(/&lt;br&gt;/g,'<br>'));
+								// Check if the data is the image parameter and that it's a base64 encoded png.
+								if (result.substring(0,28) == "image=data:image/png;base64,") {
+									// Lets display the image
+									try {
+										base64_data = window.atob(result.substring(29,result.length));
+										html += String.format('<img src="{0}" /><br>', result.substring(6));
+									} catch(e) {
+										beef.debug("Received invalid base64 encoded image string: "+e.toString());
+										html += String.format('<b>{0}</b>: {1}<br>', index, result);
+									}
+								} else {
+									// output escape everything, but allow the <br> tag for better rendering.
+									html += String.format('<b>{0}</b>: {1}<br>', index, result);
 								}
 							}
-							
+
 							html += '</p>';
 							return html;
 						}