Date: Fri, 29 Mar 2024 11:01:13 +0000 (UTC) Message-ID: <646392734.4115.1711710073571@skald.opmantek.com> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_4114_464407338.1711710073571" ------=_Part_4114_464407338.1711710073571 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
We had a Questions report that when using Discovery on a Windows Open-Au= dIT server and attempting to audit a linux server with a password that cont= ained a percent % character, it wasn't working. The below files will addres= s this issue and be included in 1.8.4.
We use a PHP framework called Code Igniter. The framework was "helpfully= " escaping the form input and hence removing the % symbol even though we ha= d (we thought) disabled this escaping. We have now overridden the default c= lass that performs this function and included an optional value that when s= et and passed to the function does not escape the returned value. This is i= mplemented in the open-audit/code_igniter/application/core/MY_Input.php fil= e so we won't lose this functionality if and when we upgrade the Code Ignit= er framework. Other calls to the function will continue to work as normal b= ecause we have made the option passed to the function optional and set it's= default to what it normally is in the framework.
We now use this function in the Discovery code and hence everything work= s as intended.
As an aside we also found we needed to escape the output in a particular= way on Windows. Using the PHP function 'escapeshellarg' simply removes quo= tes and the percent sign from the returned value - not particularly helpful= .
The files are below. If this issue affects you, you should place them in= to the following places.
c:\xampplite\open= -audit\code_igniter\application\core\MY_Input.php c:\xampplite\open-audit\code_igniter\application\controllers\discovery.php<= /pre>