Fixed handling of parameter names containing non-ASCII characters.

stasinopoulos · stasinopoulos · commit 725f647e2c06 · 2025-12-11T08:41:24.000+02:00
diff --git a/doc/CHANGELOG.md b/doc/CHANGELOG.md
@@ -1,5 +1,6 @@
 ## Version 4.1 (TBA)
 * Fixed: Multiple bug-fixes regarding several reported unhandled exceptions.
+* Fixed: Handling of parameter names containing non-ASCII characters.
 * Fixed: Handling of non-ASCII characters in URLs to ensure proper request encoding.
 * Revised: Refactored with improved page decompression and safer HTTP response handling.
 * Revised: Refactored OS looping to respect user-specified targets or automatically iterate over supported OSes if none are specified or detected.
diff --git a/src/core/injections/controller/controller.py b/src/core/injections/controller/controller.py
@@ -545,7 +545,7 @@ def is_valid_param_name(name):
     name = name.strip()
     if not name:
       return False
-    return bool(re.match(r'^[a-zA-Z0-9._\-\[\]]+$', name))
+    return bool(re.match(r'^[\w._\-\[\]]+$', name, re.UNICODE))
 
   """
   Define the check parameter based on the data type (POST, GET, COOKIE).
diff --git a/src/utils/settings.py b/src/utils/settings.py
@@ -261,7 +261,7 @@ def sys_argv_errors():
 DESCRIPTION = "The command injection exploiter"
 AUTHOR  = "Anastasios Stasinopoulos"
 VERSION_NUM = "4.1"
-REVISION = "124"
+REVISION = "125"
 STABLE_RELEASE = False
 VERSION = "v"
 if STABLE_RELEASE:
