PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 12:41:30 +00:00
Code Issues Projects Releases Wiki Activity

update regarding safe character output together with a small fix for newlines

Browse Source
This commit is contained in:
Miroslav Stampar
2011-04-14 09:31:45 +00:00
parent 5dfb55effc
commit 04986be4b9
5 changed files with 16 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
lib/request/inject.py
View File

@@ -27,7 +27,7 @@ from lib.core.common import randomInt
from lib.core.common import readInput
from lib.core.common import replaceNewlineTabs
from lib.core.common import safeStringFormat
from lib.core.convert import safehexencode
from lib.core.convert import safecharencode
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
@@ -388,7 +388,7 @@ def __goInband(expression, expected=None, sort=True, resumeValue=True, unpack=Tr
return data
def getValue(expression, blind=True, inband=True, error=True, time=True, fromUser=False, expected=None, batch=False, unpack=True, sort=True, resumeValue=True, charsetType=None, firstChar=None, lastChar=None, dump=False, suppressOutput=None, expectingNone=False, safeHexEncode=True):
def getValue(expression, blind=True, inband=True, error=True, time=True, fromUser=False, expected=None, batch=False, unpack=True, sort=True, resumeValue=True, charsetType=None, firstChar=None, lastChar=None, dump=False, suppressOutput=None, expectingNone=False, safeCharEncode=True):
"""
Called each time sqlmap inject a SQL query on the SQL injection
affected parameter. It can call a function to retrieve the output
@@ -494,8 +494,8 @@ def getValue(expression, blind=True, inband=True, error=True, time=True, fromUse
elif value == [None]:
value = None
if safeHexEncode:
value = safehexencode(value)
if safeCharEncode:
value = safecharencode(value)
return value