2019-05-08 13:47:52 +03:00
|
|
|
#!/usr/bin/env python
|
2008-10-15 19:38:22 +04:00
|
|
|
|
|
|
|
"""
|
2020-01-01 15:25:15 +03:00
|
|
|
Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)
|
2017-10-11 15:50:46 +03:00
|
|
|
See the file 'LICENSE' for copying permission
|
2008-10-15 19:38:22 +04:00
|
|
|
"""
|
|
|
|
|
2011-01-28 19:36:09 +03:00
|
|
|
from lib.core.common import Backend
|
2011-07-08 10:02:31 +04:00
|
|
|
from lib.core.datatype import AttribDict
|
2011-02-07 01:32:44 +03:00
|
|
|
from lib.core.settings import EXCLUDE_UNESCAPE
|
2010-12-09 19:49:02 +03:00
|
|
|
|
2011-07-08 10:02:31 +04:00
|
|
|
class Unescaper(AttribDict):
|
2013-01-18 18:40:37 +04:00
|
|
|
def escape(self, expression, quote=True, dbms=None):
|
2011-02-07 01:32:44 +03:00
|
|
|
if expression is None:
|
|
|
|
return expression
|
|
|
|
|
|
|
|
for exclude in EXCLUDE_UNESCAPE:
|
|
|
|
if exclude in expression:
|
|
|
|
return expression
|
|
|
|
|
2011-01-28 19:36:09 +03:00
|
|
|
identifiedDbms = Backend.getIdentifiedDbms()
|
2011-01-13 20:36:54 +03:00
|
|
|
|
2011-02-07 01:32:44 +03:00
|
|
|
if dbms is not None:
|
2020-02-02 16:51:24 +03:00
|
|
|
retVal = self[dbms](expression, quote=quote)
|
2011-01-21 00:55:13 +03:00
|
|
|
elif identifiedDbms is not None:
|
2020-02-02 16:51:24 +03:00
|
|
|
retVal = self[identifiedDbms](expression, quote=quote)
|
2011-01-07 18:41:09 +03:00
|
|
|
else:
|
2020-02-02 16:51:24 +03:00
|
|
|
retVal = expression
|
|
|
|
|
|
|
|
# e.g. inference comparison for '
|
|
|
|
retVal = retVal.replace("'''", "''''")
|
|
|
|
|
|
|
|
return retVal
|
2008-10-15 19:38:22 +04:00
|
|
|
|
|
|
|
unescaper = Unescaper()
|