Unescaping is renamed to escaping

2025-12-06 20:51:31 +00:00 · 2013-01-18 15:40:37 +01:00
parent c717de9c9d
commit 601eb1e49a
37 changed files with 51 additions and 287 deletions
--- a/plugins/dbms/postgresql/syntax.py
+++ b/plugins/dbms/postgresql/syntax.py
@@ -13,7 +13,7 @@ class Syntax(GenericSyntax):
        GenericSyntax.__init__(self)

    @staticmethod
-    def unescape(expression, quote=True):
+    def escape(expression, quote=True):
        """
        Note: PostgreSQL has a general problem with concenation operator (||) precedence (hence the parentheses enclosing)
              e.g. SELECT 1 WHERE 'a'!='a'||'b' will trigger error ("argument of WHERE must be type boolean, not type text")
@@ -40,27 +40,3 @@ class Syntax(GenericSyntax):
            expression = "(%s)" % "||".join("CHR(%d)" % ord(c) for c in expression)

        return expression
-
-    @staticmethod
-    def escape(expression):
-        while True:
-            index = expression.find("CHR(")
-            if index == -1:
-                break
-
-            firstIndex = index
-            index = expression[firstIndex:].find("))")
-
-            if index == -1:
-                raise SqlmapSyntaxException("Unenclosed ) in '%s'" % expression)
-
-            lastIndex = firstIndex + index + 1
-            old = expression[firstIndex:lastIndex]
-            oldUpper = old.upper()
-            oldUpper = oldUpper.replace("CHR(", "").replace(")", "")
-            oldUpper = oldUpper.split("||")
-
-            escaped = "'%s'" % "".join(chr(int(char)) for char in oldUpper)
-            expression = expression.replace(old, escaped)
-
-        return expression