Minor drei update

2025-12-06 12:41:30 +00:00 · 2019-05-02 12:39:16 +02:00
parent 7d9cd0c079
commit 2791ea51ea
15 changed files with 84 additions and 44 deletions
--- a/plugins/dbms/hsqldb/syntax.py
+++ b/plugins/dbms/hsqldb/syntax.py
@@ -5,6 +5,7 @@ Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """

+from lib.core.common import getOrds
 from lib.core.compat import xrange
 from plugins.generic.syntax import Syntax as GenericSyntax

@@ -12,11 +13,11 @@ class Syntax(GenericSyntax):
    @staticmethod
    def escape(expression, quote=True):
        """
-        >>> Syntax.escape("SELECT 'abcdefgh' FROM foobar")
-        'SELECT CHAR(97)||CHAR(98)||CHAR(99)||CHAR(100)||CHAR(101)||CHAR(102)||CHAR(103)||CHAR(104) FROM foobar'
+        >>> Syntax.escape("SELECT 'abcdefgh' FROM foobar") == "SELECT CHAR(97)||CHAR(98)||CHAR(99)||CHAR(100)||CHAR(101)||CHAR(102)||CHAR(103)||CHAR(104) FROM foobar"
+        True
        """

        def escaper(value):
-            return "||".join("CHAR(%d)" % ord(value[i]) for i in xrange(len(value)))
+            return "||".join("CHAR(%d)" % _ for _ in getOrds(value))

        return Syntax._escape(expression, quote, escaper)