Updated to fix issue 222. The filtering prevented percent characters in the URL which impacted URL encoded characters. They are now permitted.

An additional filtering function was added: has_valid_base_chars?(). Wherever possible this function should not be used and instead specific ones should be employed. git-svn-id: https://beef.googlecode.com/svn/trunk@719 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
2011-01-26 07:03:55 +00:00
parent 4be0f5e29a
commit 7e65b30b4a
2 changed files with 9 additions and 3 deletions
--- a/lib/filter/base.rb
+++ b/lib/filter/base.rb
@@ -83,6 +83,13 @@ module BeEF
      not (str =~ /[^\w\d\s()-.,;:_\/!\302\256]/).nil? # \302\256 is the (r) character 
    end  

+    # check for valid base details chars
+    # this is for basic flitering where possible all specific filters must be implemented
+    def self.has_valid_base_chars?(str)
+      return false if not is_non_empty_string?(str)
+      (str =~ /[^\302\256[:print:]]/).nil? # \302\256 is the (r) character 
+    end  
+
  end
  
 end
--- a/lib/filter/command.rb
+++ b/lib/filter/command.rb
@@ -33,14 +33,13 @@ module BeEF
    # check if valid command module datastore value
    def self.is_valid_command_module_datastore_param?(str)
      return false if BeEF::Filter.has_null?(str)
-      return BeEF::Filter.has_valid_key_chars?(str)     
-      true  
+      has_valid_base_chars?(str)
    end

    # check for word and some punc chars
    def self.has_valid_key_chars?(str)
      return false if not BeEF::Filter.is_non_empty_string?(str)
-      (str =~ /[^\w\d\s()-.,;_\302\256]/).nil? # \302\256 is the (r) character 
+      has_valid_base_chars?(str)
    end

    # check for word and underscore chars