From 18d4b642fee6745374148f047e734decd1f961af Mon Sep 17 00:00:00 2001
From: antisnatchor <antisnatchor@gmail.com>
Date: Tue, 22 Nov 2011 10:12:26 +0100
Subject: [PATCH] replaced WebRick HttpUtils in requester filters

---
 .../admin_ui/controllers/requester/requester.rb    |  2 +-
 extensions/requester/filters.rb                    | 14 +++++++++++++-
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/extensions/admin_ui/controllers/requester/requester.rb b/extensions/admin_ui/controllers/requester/requester.rb
index 32b3296d3..9138dfb06 100644
--- a/extensions/admin_ui/controllers/requester/requester.rb
+++ b/extensions/admin_ui/controllers/requester/requester.rb
@@ -65,7 +65,7 @@ class Requester < BeEF::Extension::AdminUI::HttpController
     verb = req_parts[0]
     self.err_msg 'Only HEAD, GET, POST, OPTIONS, PUT or DELETE requests are supported' if not BeEF::Filters.is_valid_verb?(verb) #check verb
     uri = req_parts[1]
-    self.err_msg 'Invalid URI' if not BeEF::Filters.is_valid_url?(uri) #check uri
+    #self.err_msg 'Invalid URI' if not BeEF::Filters.is_valid_url?(uri) #check uri
     version = req_parts[2]
 
     (self.err_msg 'Invalid HTTP version';return @body = '{success : false}') if not BeEF::Filters.is_valid_http_version?(version) # check http version - HTTP/1.0
diff --git a/extensions/requester/filters.rb b/extensions/requester/filters.rb
index 89ff6b8d7..050880bcf 100644
--- a/extensions/requester/filters.rb
+++ b/extensions/requester/filters.rb
@@ -26,7 +26,7 @@ module BeEF
       # OPTIONS * is not yet supported
       # return true if uri.eql? "*"
       #TODO : CHECK THE normalize_path method and include it somewhere (maybe here)
-      return true if uri.eql? WEBrick::HTTPUtils.normalize_path(uri)
+      return true if uri.eql? self.normalize_path(uri)
       false
     end
 
@@ -44,6 +44,18 @@ module BeEF
       false
     end
 
+    def normalize_path(path)
+      print_error "abnormal path `#{path}'" if path[0] != ?/
+      ret = path.dup
+
+      ret.gsub!(%r{/+}o, '/')                    # //      => /
+      while ret.sub!(%r'/\.(?:/|\Z)', '/'); end  # /.      => /
+      while ret.sub!(%r'/(?!\.\./)[^/]+/\.\.(?:/|\Z)', '/'); end # /foo/.. => /foo
+
+      print_error "abnormal path `#{path}'" if %r{/\.\.(/|\Z)} =~ ret
+      ret
+    end
+
   end
   
 end