sqlmap/lib/core/unescaper.py

36 lines
988 B
Python
Raw Permalink Normal View History

2019-05-08 13:47:52 +03:00
#!/usr/bin/env python
2008-10-15 19:38:22 +04:00
"""
2022-01-03 13:30:34 +03:00
Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
2017-10-11 15:50:46 +03:00
See the file 'LICENSE' for copying permission
2008-10-15 19:38:22 +04:00
"""
from lib.core.common import Backend
2011-07-08 10:02:31 +04:00
from lib.core.datatype import AttribDict
2011-02-07 01:32:44 +03:00
from lib.core.settings import EXCLUDE_UNESCAPE
2010-12-09 19:49:02 +03:00
2011-07-08 10:02:31 +04:00
class Unescaper(AttribDict):
2013-01-18 18:40:37 +04:00
def escape(self, expression, quote=True, dbms=None):
2011-02-07 01:32:44 +03:00
if expression is None:
return expression
for exclude in EXCLUDE_UNESCAPE:
if exclude in expression:
return expression
identifiedDbms = Backend.getIdentifiedDbms()
2011-02-07 01:32:44 +03:00
if dbms is not None:
2020-02-02 16:51:24 +03:00
retVal = self[dbms](expression, quote=quote)
2020-03-02 14:43:12 +03:00
elif identifiedDbms is not None and identifiedDbms in self:
2020-02-02 16:51:24 +03:00
retVal = self[identifiedDbms](expression, quote=quote)
2011-01-07 18:41:09 +03:00
else:
2020-02-02 16:51:24 +03:00
retVal = expression
# e.g. inference comparison for '
retVal = retVal.replace("'''", "''''")
return retVal
2008-10-15 19:38:22 +04:00
unescaper = Unescaper()