From 4ce3abc56d42e1c554dfc2e1df17f297bc1ab93e Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Fri, 15 Jan 2010 17:42:46 +0000
Subject: [PATCH] Minor adjustments

---
 lib/core/common.py                  | 32 ++++++++++++++++-------------
 lib/techniques/inband/union/test.py |  5 ++---
 lib/utils/resume.py                 |  8 ++++----
 3 files changed, 24 insertions(+), 21 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 884ada6c4..d31f8ba19 100644
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -840,7 +840,7 @@ def directoryPath(path):
     else:
         retVal = ntpath.dirname(path)
     return retVal
-    
+
 def normalizePath(path):
     retVal = None
     if path.find('/') != -1:
@@ -850,18 +850,22 @@ def normalizePath(path):
     return retVal
 
 def safeStringFormat(formatStr, params):
-    index = 0
-    count = 0
-    
     retVal = formatStr.replace('%d', '%s')
-    
-    while index !=- 1:
-        index = retVal.find('%s')
-        if index != -1:
-            if count < len(params):
-                retVal = retVal[:index] + str(params[count]) + retVal[index+2:]
-            else:
-                raise sqlmapNoneDataException, "wrong number of parameters during string formatting"
-            count += 1
-            
+
+    if isinstance(params, str):
+        retVal = retVal.replace("%s", params)
+    else:
+        count = 0
+        index = 0
+
+        while index != -1:
+            index = retVal.find('%s')
+
+            if index != -1:
+                if count < len(params):
+                    retVal = retVal[:index] + str(params[count]) + retVal[index+2:]
+                else:
+                    raise sqlmapNoneDataException, "wrong number of parameters during string formatting"
+                count += 1
+
     return retVal
diff --git a/lib/techniques/inband/union/test.py b/lib/techniques/inband/union/test.py
index 67d616b97..414f8bc05 100644
--- a/lib/techniques/inband/union/test.py
+++ b/lib/techniques/inband/union/test.py
@@ -24,7 +24,6 @@ Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 
 from lib.core.agent import agent
 from lib.core.common import randomStr
-from lib.core.common import safeStringFormat
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
@@ -122,7 +121,7 @@ def __forgeUserFriendlyValue(payload):
     value = ""
 
     if kb.injPlace == "GET":
-        value = safeStringFormat("%s?%s", (conf.url, payload))
+        value = "%s?%s" % (conf.url, payload)
     elif kb.injPlace == "POST":
         value  = "URL:\t'%s'" % conf.url
         value += "\nPOST:\t'%s'\n" % payload
@@ -203,7 +202,7 @@ def unionTest():
         technique = "NULL bruteforcing"
 
     infoMsg  = "testing inband sql injection on parameter "
-    infoMsg += safeStringFormat("'%s' with %s technique", (kb.injParameter, technique))
+    infoMsg += "'%s' with %s technique" % (kb.injParameter, technique)
     logger.info(infoMsg)
 
     value   = ""
diff --git a/lib/utils/resume.py b/lib/utils/resume.py
index ffb5a5868..42b63e6ff 100644
--- a/lib/utils/resume.py
+++ b/lib/utils/resume.py
@@ -75,7 +75,7 @@ def queryOutputLength(expression, payload):
     if output:
         return 0, output, regExpr
 
-    dataToSessionFile(safeStringFormat("[%s][%s][%s][%s][", (conf.url, kb.injPlace, conf.parameters[kb.injPlace], lengthExpr)))
+    dataToSessionFile("[%s][%s][%s][%s][" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], lengthExpr))
 
     lengthExprUnescaped = unescaper.unescape(lengthExpr)
     count, length       = bisection(payload, lengthExprUnescaped)
@@ -145,7 +145,7 @@ def resume(expression, payload):
         infoMsg += "%s" % resumedValue.split("\n")[0]
         logger.info(infoMsg)
 
-        dataToSessionFile(safeStringFormat("[%s][%s][%s][%s][%s]\n", (conf.url, kb.injPlace, conf.parameters[kb.injPlace], expression, resumedValue)))
+        dataToSessionFile("[%s][%s][%s][%s][%s]\n" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], expression, resumedValue))
 
         return resumedValue
     elif len(resumedValue) < int(length):
@@ -153,7 +153,7 @@ def resume(expression, payload):
         infoMsg += "%s..." % resumedValue.split("\n")[0]
         logger.info(infoMsg)
 
-        dataToSessionFile(safeStringFormat("[%s][%s][%s][%s][%s", (conf.url, kb.injPlace, conf.parameters[kb.injPlace], expression, resumedValue)))
+        dataToSessionFile("[%s][%s][%s][%s][%s" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], expression, resumedValue))
 
         if select:
             newExpr = expression.replace(regExpr, safeStringFormat(substringQuery, (regExpr, len(resumedValue) + 1, int(length))), 1)
@@ -176,6 +176,6 @@ def resume(expression, payload):
 
             return None
 
-        return safeStringFormat("%s%s", (resumedValue, finalValue))
+        return "%s%s" % (resumedValue, finalValue)
 
     return None