PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 12:41:30 +00:00
Code Issues Projects Releases Wiki Activity

Patch for an Issue #360

Browse Source
This commit is contained in:
Miroslav Stampar
2013-01-19 18:06:36 +01:00
parent 11e27f07e0
commit bb6b89fe93
4 changed files with 25 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
lib/core/common.py
View File

@@ -1959,7 +1959,7 @@ def findMultipartPostBoundary(post):
return retVal
def urldecode(value, encoding=None, unsafe="%%&=;+%s" % CUSTOM_INJECTION_MARK_CHAR, convall=False):
def urldecode(value, encoding=None, unsafe="%%&=;+%s" % CUSTOM_INJECTION_MARK_CHAR, convall=False, plusspace=True):
result = value
if value:
@@ -1977,14 +1977,16 @@ def urldecode(value, encoding=None, unsafe="%%&=;+%s" % CUSTOM_INJECTION_MARK_CH
char = chr(ord(match.group(1).decode("hex")))
return char if char in charset else match.group(0)
result = re.sub("%([0-9a-fA-F]{2})", _, value)
result = result.replace("+", " ") # plus sign has a special meaning in url encoded data (hence the usage of urllib.unquote_plus in convall case)
if plusspace:
result = result.replace("+", " ") # plus sign has a special meaning in url encoded data (hence the usage of urllib.unquote_plus in convall case)
if isinstance(result, str):
result = unicode(result, encoding or UNICODE_ENCODING, "replace")
return result
def urlencode(value, safe="%&=", convall=False, limit=False):
def urlencode(value, safe="%&=", convall=False, limit=False, spaceplus=False):
if conf.direct:
return value
@@ -2016,6 +2018,9 @@ def urlencode(value, safe="%&=", convall=False, limit=False):
else:
break
if spaceplus:
result = result.replace(urllib.quote(' '), '+')
return result
def runningAsAdmin():
@@ -2996,7 +3001,7 @@ def findPageForms(content, url, raise_=False, addToTargets=False):
url = urldecode(request.get_full_url(), kb.pageEncoding)
method = request.get_method()
data = request.get_data() if request.has_data() else None
data = urldecode(data, kb.pageEncoding) if data and urlencode(DEFAULT_GET_POST_DELIMITER, None) not in data else data
data = urldecode(data, kb.pageEncoding, plusspace=False)
if not data and method and method.upper() == HTTPMETHOD.POST:
debugMsg = "invalid POST form with blank data detected"