From ba2c06c9dcd8445678dd3317362e4e181cdc2a66 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 8 Jul 2011 09:01:32 +0000 Subject: [PATCH] quick fix --- lib/core/convert.py | 4 ++-- lib/request/connect.py | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/core/convert.py b/lib/core/convert.py index 97fd678a0..c08b0d942 100644 --- a/lib/core/convert.py +++ b/lib/core/convert.py @@ -89,7 +89,7 @@ def urldecode(value, encoding=None): return result -def urlencode(value, safe="%&=", convall=False, limit=False): +def urlencode(value, safe="%&=", convall=False, limit=False, failsafe=True): if conf.direct or PLACE.SOAP in conf.paramDict: return value @@ -104,7 +104,7 @@ def urlencode(value, safe="%&=", convall=False, limit=False): # corner case when character % really needs to be # encoded (when not representing url encoded char) - if all(map(lambda x: '%' in x, [safe, value])): + if failsafe and all(map(lambda x: '%' in x, [safe, value])): value = re.sub("%(?![0-9a-fA-F]{2})", "%25", value, re.DOTALL | re.IGNORECASE) while True: diff --git a/lib/request/connect.py b/lib/request/connect.py index 716be2106..3db667fa2 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -529,7 +529,7 @@ class Connect: # throughly without safe chars (especially & and =) # addendum: as we support url encoding in tampering # functions therefore we need to use % as a safe char - payload = urlencode(payload, "%", False, True) + payload = urlencode(payload, "%", False, True, not kb.tamperFunctions) value = agent.replacePayload(value, payload) elif place == PLACE.SOAP: # payloads in SOAP should have chars > and < replaced