Filter added for browser plugins for #179

git-svn-id: https://beef.googlecode.com/svn/trunk@657 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
2011-01-03 02:46:26 +00:00
parent 285094384f
commit db29962c4b
2 changed files with 1 additions and 5 deletions
--- a/lib/filter/init.rb
+++ b/lib/filter/init.rb
@@ -58,10 +58,8 @@ module BeEF
    # verify the browser_plugins string is valid
    def self.is_valid_browser_plugins?(str)
      return false if not BeEF::Filter.is_non_empty_string?(str)
-      return false if BeEF::Filter.has_non_printable_char?(str)
      return false if str.length > 255  
-      puts "TODO filter browser plugins: issue 179"
-      true
+      return (str =~ /[^\w\d\s()-.,;_\302\256]/).nil? # \302\256 is the (r) character
    end

  end
--- a/lib/server/inithandler.rb
+++ b/lib/server/inithandler.rb
@@ -77,7 +77,6 @@ module BeEF
      
      # get and store the browser plugins
      browser_plugins = get_param(request.query, 'BrowserPlugins')
-      #TODO: add filters - is_valid_browser_plugins is only a stub
      raise WEBrick::HTTPStatus::BadRequest, "Invalid browser plugins" if not Filter.is_valid_browser_plugins?(browser_plugins)
      BD.set(session_id, 'BrowserPlugins', browser_plugins)
      
@@ -100,7 +99,6 @@ module BeEF
    # returns a selected parameter from the query string.
    def get_param(query, key)
      return nil if query[key].nil?
-      
      b64_param = query[key]
      raise WEBrick::HTTPStatus::BadRequest, "Invalid init base64 value" if Filter.has_non_printable_char?(b64_param)
      escaped_param = CGI.unescapeHTML(b64_param)