sqlmap/tamper/doubleencode.py

#!/usr/bin/env python

"""
$Id$

Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
See the file 'doc/COPYING' for copying permission
"""

import re

from lib.core.convert import urlencode
from lib.core.exception import sqlmapUnsupportedFeatureException

"""
Tampering value -> urlencode(value) (e.g., SELECT%20FIELD%20FROM%20TABLE -> SELECT%25%20FIELD%25%20FROM%25%20TABLE)
"""
def tamper(place, value):
    if value:
        if place != "URI":
            value = urlencode(value)
        else:
            raise sqlmapUnsupportedFeatureException, "can't use tampering module '%s' with 'URI' type injections" % __name__

    return value
forgot to put "#!/usr/bin/env python" 2010-10-14 18:05:05 +04:00			`#!/usr/bin/env python`

large commit with copyright header modifications 2010-10-14 18:41:14 +04:00			`"""`
			$Id$

			`Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)`
sorry, cosmetics 2010-10-15 03:18:29 +04:00			`See the file 'doc/COPYING' for copying permission`
large commit with copyright header modifications 2010-10-14 18:41:14 +04:00			`"""`
introducing new style for copyright header 2010-10-14 18:02:43 +04:00
one more tampering module 2010-10-13 18:29:53 +04:00			`import re`

			`from lib.core.convert import urlencode`
minor update 2010-10-13 18:37:11 +04:00			`from lib.core.exception import sqlmapUnsupportedFeatureException`
one more tampering module 2010-10-13 18:29:53 +04:00
			`"""`
minor update 2010-10-14 10:20:32 +04:00			`Tampering value -> urlencode(value) (e.g., SELECT%20FIELD%20FROM%20TABLE -> SELECT%25%20FIELD%25%20FROM%25%20TABLE)`
one more tampering module 2010-10-13 18:29:53 +04:00			`"""`
			`def tamper(place, value):`
			`if value:`
minor update 2010-10-13 18:37:11 +04:00			`if place != "URI":`
			`value = urlencode(value)`
			`else:`
update 2010-10-14 00:59:06 +04:00			`raise sqlmapUnsupportedFeatureException, "can't use tampering module '%s' with 'URI' type injections" % __name__`
introducing new style for copyright header 2010-10-14 18:02:43 +04:00
one more tampering module 2010-10-13 18:29:53 +04:00			`return value`