From 6304fe4c19c8fec196dcea952544e2a63bd6b475 Mon Sep 17 00:00:00 2001
From: erwanlr <erwan.lr@gmail.com>
Date: Wed, 20 Mar 2019 08:41:39 +0000
Subject: [PATCH] Fixes #1318

---
 lib/wpscan/target/platform/wordpress/custom_directories.rb  | 2 +-
 .../wordpress/custom_directories/relative_two_sub_dir.html  | 6 ++++++
 .../target/platform/wordpress/custom_directories.rb         | 4 ++--
 3 files changed, 9 insertions(+), 3 deletions(-)
 create mode 100644 spec/fixtures/target/platform/wordpress/custom_directories/relative_two_sub_dir.html

diff --git a/lib/wpscan/target/platform/wordpress/custom_directories.rb b/lib/wpscan/target/platform/wordpress/custom_directories.rb
index 0aba4577..17be3d49 100644
--- a/lib/wpscan/target/platform/wordpress/custom_directories.rb
+++ b/lib/wpscan/target/platform/wordpress/custom_directories.rb
@@ -15,7 +15,7 @@ module WPScan
         def content_dir
           unless @content_dir
             escaped_url = Regexp.escape(url).gsub(/https?/i, 'https?')
-            pattern     = %r{#{escaped_url}([^\/]+)\/(?:themes|plugins|uploads|cache)\/}i
+            pattern     = %r{#{escaped_url}([\w\s\-\/]+)\/(?:themes|plugins|uploads|cache)\/}i
 
             in_scope_urls(homepage_res) do |url|
               return @content_dir = Regexp.last_match[1] if url.match(pattern)
diff --git a/spec/fixtures/target/platform/wordpress/custom_directories/relative_two_sub_dir.html b/spec/fixtures/target/platform/wordpress/custom_directories/relative_two_sub_dir.html
new file mode 100644
index 00000000..872d5736
--- /dev/null
+++ b/spec/fixtures/target/platform/wordpress/custom_directories/relative_two_sub_dir.html
@@ -0,0 +1,6 @@
+<link rel='https://api.w.org/' href='https://ex.lo/wp-json/' />
+<link rel="EditURI" type="application/rsd+xml" title="RSD" href="https://ex.lo/cms/xmlrpc.php?rsd" />
+<link rel="wlwmanifest" type="application/wlwmanifest+xml" href="https://ex.lo/cms/wp-includes/wlwmanifest.xml" />
+
+<link rel="shortcut icon" href="//ex.lo/cms/wp-content/uploads/2011/10/favicon.ico">
+<link rel="apple-touch-icon-precomposed" href="//ex.lo/cms/wp-content/uploads/2011/10/favicon.ico">
diff --git a/spec/shared_examples/target/platform/wordpress/custom_directories.rb b/spec/shared_examples/target/platform/wordpress/custom_directories.rb
index 9d4cfe67..d08d03a5 100644
--- a/spec/shared_examples/target/platform/wordpress/custom_directories.rb
+++ b/spec/shared_examples/target/platform/wordpress/custom_directories.rb
@@ -5,7 +5,7 @@ shared_examples 'WordPress::CustomDirectories' do
     {
       default: 'wp-content', https: 'wp-content', custom_w_spaces: 'custom content spaces',
       relative_one: 'wp-content', relative_two: 'wp-content', cache: 'wp-content',
-      in_raw_js: 'wp-content', with_sub_dir: 'app'
+      in_raw_js: 'wp-content', with_sub_dir: 'app', relative_two_sub_dir: 'cms/wp-content'
     }.each do |file, expected|
       it "returns #{expected} for #{file}.html" do
         stub_request(:get, target.url).to_return(body: File.read(fixtures.join("#{file}.html")))
@@ -47,7 +47,7 @@ shared_examples 'WordPress::CustomDirectories' do
   end
 
   describe '#sub_dir' do
-    { default: false, with_sub_dir: 'wp' }.each do |file, expected|
+    { default: false, with_sub_dir: 'wp', relative_two_sub_dir: 'cms' }.each do |file, expected|
       it "returns #{expected} for #{file}.html" do
         fixture = File.join(fixtures, "#{file}.html")