Fixes #1444

2019-12-28 13:10:57 +00:00
parent 82d5af926f
commit 15cb99977b
3 changed files with 6 additions and 11 deletions
--- a/app/models/wp_item.rb
+++ b/app/models/wp_item.rb
@@ -23,7 +23,7 @@ module WPScan
      # @option opts [ Hash ]   :version_detection The options to use when looking for the version
      # @option opts [ String ] :url The URL of the item
      def initialize(slug, blog, opts = {})
-        @slug  = URI.decode(slug)
+        @slug  = Addressable::URI.unencode(slug)
        @blog  = blog
        @uri   = Addressable::URI.parse(opts[:url]) if opts[:url]

@@ -83,11 +83,6 @@ module WPScan
                      end
      end

-      # URI.encode is preferered over Addressable::URI.encode as it will encode
-      # leading # character:
-      # URI.encode('#t#') => %23t%23
-      # Addressable::URI.encode('#t#') => #t%23
-      #
      # @param [ String ] path Optional path to merge with the uri
      #
      # @return [ String ]
@@ -95,7 +90,7 @@ module WPScan
        return unless @uri
        return @uri.to_s unless path

-        @uri.join(URI.encode(path)).to_s
+        @uri.join(Addressable::URI.encode(path)).to_s
      end

      # @return [ Boolean ]
@@ -166,7 +161,7 @@ module WPScan
      # @return [ Typhoeus::Response ]
      def head_and_get(path, codes = [200], params = {})
        final_path = +@path_from_blog
-        final_path << URI.encode(path) unless path.nil?
+        final_path << path unless path.nil?

        blog.head_and_get(final_path, codes, params)
      end
--- a/lib/wpscan/target/platform/wordpress/custom_directories.rb
+++ b/lib/wpscan/target/platform/wordpress/custom_directories.rb
@@ -71,7 +71,7 @@ module WPScan
        #
        # @return [ String ]
        def plugin_url(slug)
-          plugins_uri.join("#{URI.encode(slug)}/").to_s
+          plugins_uri.join("#{Addressable::URI.encode(slug)}/").to_s
        end

        # @return [ String ]
@@ -93,7 +93,7 @@ module WPScan
        #
        # @return [ String ]
        def theme_url(slug)
-          themes_uri.join("#{URI.encode(slug)}/").to_s
+          themes_uri.join("#{Addressable::URI.encode(slug)}/").to_s
        end

        # @return [ String, False ] String of the sub_dir found, false otherwise
--- a/spec/app/models/wp_item_spec.rb
+++ b/spec/app/models/wp_item_spec.rb
@@ -46,7 +46,7 @@ describe WPScan::Model::WpItem do
      end

      it 'encodes the path' do
-        expect(wp_item.url('#t#')).to eql "#{item_url}%23t%23"
+        expect(wp_item.url('#t#')).to eql "#{item_url}#t%23"
        expect(wp_item.url('t .txt')).to eql "#{item_url}t%20.txt"
      end
    end