From a27f50ed1d587a583915877ed6c45a472e3fc9f5 Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Tue, 10 Jul 2012 01:37:16 +0100
Subject: [PATCH] added conf.unescape global variable to control whether or not
 the injected statements should be unescaped

---
 lib/core/common.py | 4 +++-
 lib/core/option.py | 1 +
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 1d5aeeb11..757a1acae 100644
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -1548,8 +1548,10 @@ def getSQLSnippet(dbms, sfile, **variables):
     Returns content of SQL snippet located inside 'procs/' directory
     """
 
-    if os.path.exists(sfile):
+    if sfile.endswith('.sql') and os.path.exists(sfile):
         filename = sfile
+    elif not sfile.endswith('.sql') and os.path.exists("%s.sql" % sfile):
+        filename = "%s.sql" % sfile
     else:
         filename = os.path.join(paths.SQLMAP_PROCS_PATH, DBMS_DIRECTORY_DICT[dbms], sfile if sfile.endswith('.sql') else "%s.sql" % sfile)
         checkFile(filename)
diff --git a/lib/core/option.py b/lib/core/option.py
index d161d7747..684874ee2 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -1402,6 +1402,7 @@ def __setConfAttributes():
     conf.tests = []
     conf.trafficFP = None
     conf.wFileType = None
+    conf.unescape = True
 
 def __setKnowledgeBaseAttributes(flushAll=True):
     """