From db29962c4b32160895a1665c295446cbb673ec12 Mon Sep 17 00:00:00 2001 From: "scotty.b.brown@gmail.com" Date: Mon, 3 Jan 2011 02:46:26 +0000 Subject: [PATCH] Filter added for browser plugins for #179 git-svn-id: https://beef.googlecode.com/svn/trunk@657 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9 --- lib/filter/init.rb | 4 +--- lib/server/inithandler.rb | 2 -- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/lib/filter/init.rb b/lib/filter/init.rb index b2dafac6e..49a939507 100644 --- a/lib/filter/init.rb +++ b/lib/filter/init.rb @@ -58,10 +58,8 @@ module BeEF # verify the browser_plugins string is valid def self.is_valid_browser_plugins?(str) return false if not BeEF::Filter.is_non_empty_string?(str) - return false if BeEF::Filter.has_non_printable_char?(str) return false if str.length > 255 - puts "TODO filter browser plugins: issue 179" - true + return (str =~ /[^\w\d\s()-.,;_\302\256]/).nil? # \302\256 is the (r) character end end diff --git a/lib/server/inithandler.rb b/lib/server/inithandler.rb index 69e21cfd1..4d82a233e 100644 --- a/lib/server/inithandler.rb +++ b/lib/server/inithandler.rb @@ -77,7 +77,6 @@ module BeEF # get and store the browser plugins browser_plugins = get_param(request.query, 'BrowserPlugins') - #TODO: add filters - is_valid_browser_plugins is only a stub raise WEBrick::HTTPStatus::BadRequest, "Invalid browser plugins" if not Filter.is_valid_browser_plugins?(browser_plugins) BD.set(session_id, 'BrowserPlugins', browser_plugins) @@ -100,7 +99,6 @@ module BeEF # returns a selected parameter from the query string. def get_param(query, key) return nil if query[key].nil? - b64_param = query[key] raise WEBrick::HTTPStatus::BadRequest, "Invalid init base64 value" if Filter.has_non_printable_char?(b64_param) escaped_param = CGI.unescapeHTML(b64_param)