From 23cc8b6974fff00e9c4293aa1f9a80ba22ac992c Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 14 Feb 2012 14:08:10 +0000 Subject: [PATCH] minor fix for special cases when parameter value contains html encoded characters --- lib/controller/controller.py | 1 - lib/core/common.py | 5 ++++- lib/core/settings.py | 4 ++++ 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/lib/controller/controller.py b/lib/controller/controller.py index 128f464fb..56b359022 100644 --- a/lib/controller/controller.py +++ b/lib/controller/controller.py @@ -27,7 +27,6 @@ from lib.core.common import getFilteredPageContent from lib.core.common import getPublicTypeMembers from lib.core.common import getUnicode from lib.core.common import intersect -from lib.core.common import paramToDict from lib.core.common import parseTargetUrl from lib.core.common import randomStr from lib.core.common import readInput diff --git a/lib/core/common.py b/lib/core/common.py index 94050ccaa..6a56258a0 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -106,6 +106,8 @@ from lib.core.settings import DEFAULT_MSSQL_SCHEMA from lib.core.settings import DUMP_NEWLINE_MARKER from lib.core.settings import DUMP_CR_MARKER from lib.core.settings import DUMP_TAB_MARKER +from lib.core.settings import PARAMETER_AMP_MARKER +from lib.core.settings import PARAMETER_SEMICOLON_MARKER from lib.core.settings import LARGE_OUTPUT_THRESHOLD from lib.core.settings import ML from lib.core.settings import MIN_TIME_RESPONSES @@ -687,10 +689,11 @@ def paramToDict(place, parameters=None): if place != PLACE.SOAP: parameters = parameters.replace(", ", ",") - + parameters = re.sub(r"&(\w{1,4});", r"%s\g<1>%s" % (PARAMETER_AMP_MARKER, PARAMETER_SEMICOLON_MARKER), parameters) splitParams = parameters.split(conf.pDel or (DEFAULT_COOKIE_DELIMITER if place == PLACE.COOKIE else DEFAULT_GET_POST_DELIMITER)) for element in splitParams: + element = re.sub(r"%s(.+?)%s" % (PARAMETER_AMP_MARKER, PARAMETER_SEMICOLON_MARKER), r"&\g<1>;", element) elem = element.split("=") if len(elem) >= 2: diff --git a/lib/core/settings.py b/lib/core/settings.py index 363984d82..1e4f0a5fe 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -52,6 +52,10 @@ DUMP_CR_MARKER = "__CARRIAGE_RETURN__" DUMP_TAB_MARKER = "__TAB__" DUMP_DEL_MARKER = "__DEL__" +# markers for special cases when parameter values contain html encoded characters +PARAMETER_AMP_MARKER = "__AMP__" +PARAMETER_SEMICOLON_MARKER = "__SEMICOLON__" + URI_QUESTION_MARKER = "__QUESTION_MARK__" PAYLOAD_DELIMITER = "\x00"