Fix for #264 - new issue will be raised to correct the lax filter introduced in this commit

git-svn-id: https://beef.googlecode.com/svn/trunk@724 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9

lib/filter/base.rb

@@ -89,6 +89,12 @@ module BeEF
       return false if not is_non_empty_string?(str)
       (str =~ /[^\302\256[:print:]]/).nil? # \302\256 is the (r) character 
     end  
+    
+    # verbose filter
+    def self.has_valid_verbose_details_chars?(str)
+      return false if not is_non_empty_string?(str)
+      (str =~ /[^\w\d\s{}()-.,;:&_=\/!\302\256]/).nil? # \302\256 is the (r) character 
+    end
 
   end
   

lib/filter/command.rb

@@ -34,7 +34,7 @@ module BeEF
     # check if valid command module datastore value
     def self.is_valid_command_module_datastore_param?(str)
       return false if has_null?(str)
-      return false if not has_valid_base_chars?(str)
+      return false if not has_valid_verbose_details_chars?(str)
       true
     end
 

lib/modules/command.rb

@@ -105,7 +105,7 @@ module BeEF
       @datastore = {'http_headers' => {}} # init the datastore
       
       # get, check and add the http_params to the datastore
-      http_params.keys.each {|http_params_key|
+      http_params.keys.each { |http_params_key|
         raise WEBrick::HTTPStatus::BadRequest, "http_params_key is invalid" if not BeEF::Filter.is_valid_command_module_datastore_key?(http_params_key)
         http_params_value = Erubis::XmlHelper.escape_xml(http_params[http_params_key])
         raise WEBrick::HTTPStatus::BadRequest, "http_params_value is invalid" if not BeEF::Filter.is_valid_command_module_datastore_param?(http_params_value)