garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixes #1444

Browse Source
This commit is contained in:
erwanlr
2019-12-28 13:10:57 +00:00
parent 82d5af926f
commit 15cb99977b
3 changed files with 6 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
app/models/wp_item.rb
View File

@@ -23,7 +23,7 @@ module WPScan
# @option opts [ Hash ] :version_detection The options to use when looking for the version # @option opts [ Hash ] :version_detection The options to use when looking for the version
# @option opts [ String ] :url The URL of the item # @option opts [ String ] :url The URL of the item
def initialize(slug, blog, opts = {}) def initialize(slug, blog, opts = {})
@slug = URI.decode(slug) @slug = Addressable::URI.unencode(slug)
@blog = blog @blog = blog
@uri = Addressable::URI.parse(opts[:url]) if opts[:url] @uri = Addressable::URI.parse(opts[:url]) if opts[:url]
@@ -83,11 +83,6 @@ module WPScan
end end
end end
# URI.encode is preferered over Addressable::URI.encode as it will encode
# leading # character:
# URI.encode('#t#') => %23t%23
# Addressable::URI.encode('#t#') => #t%23
#
# @param [ String ] path Optional path to merge with the uri # @param [ String ] path Optional path to merge with the uri
# #
# @return [ String ] # @return [ String ]
@@ -95,7 +90,7 @@ module WPScan
return unless @uri return unless @uri
return @uri.to_s unless path return @uri.to_s unless path
@uri.join(URI.encode(path)).to_s @uri.join(Addressable::URI.encode(path)).to_s
end end
# @return [ Boolean ] # @return [ Boolean ]
@@ -166,7 +161,7 @@ module WPScan
# @return [ Typhoeus::Response ] # @return [ Typhoeus::Response ]
def head_and_get(path, codes = [200], params = {}) def head_and_get(path, codes = [200], params = {})
final_path = +@path_from_blog final_path = +@path_from_blog
final_path << URI.encode(path) unless path.nil? final_path << path unless path.nil?
blog.head_and_get(final_path, codes, params) blog.head_and_get(final_path, codes, params)
end end

4
lib/wpscan/target/platform/wordpress/custom_directories.rb
View File

@@ -71,7 +71,7 @@ module WPScan
# #
# @return [ String ] # @return [ String ]
def plugin_url(slug) def plugin_url(slug)
plugins_uri.join("#{URI.encode(slug)}/").to_s plugins_uri.join("#{Addressable::URI.encode(slug)}/").to_s
end end
# @return [ String ] # @return [ String ]
@@ -93,7 +93,7 @@ module WPScan
# #
# @return [ String ] # @return [ String ]
def theme_url(slug) def theme_url(slug)
themes_uri.join("#{URI.encode(slug)}/").to_s themes_uri.join("#{Addressable::URI.encode(slug)}/").to_s
end end
# @return [ String, False ] String of the sub_dir found, false otherwise # @return [ String, False ] String of the sub_dir found, false otherwise

2
spec/app/models/wp_item_spec.rb
View File

@@ -46,7 +46,7 @@ describe WPScan::Model::WpItem do
end end
it 'encodes the path' do it 'encodes the path' do
expect(wp_item.url('#t#')).to eql "#{item_url}%23t%23" expect(wp_item.url('#t#')).to eql "#{item_url}#t%23"
expect(wp_item.url('t .txt')).to eql "#{item_url}t%20.txt" expect(wp_item.url('t .txt')).to eql "#{item_url}t%20.txt"
end end
end end