sqlmap/lib/core/unescaper.py

#!/usr/bin/env python

"""
$Id$

Copyright (c) 2006-2011 sqlmap developers (http://sqlmap.sourceforge.net/)
See the file 'doc/COPYING' for copying permission
"""

from lib.core.common import Backend
from lib.core.datatype import advancedDict
from lib.core.settings import EXCLUDE_UNESCAPE

class Unescaper(advancedDict):
    def unescape(self, expression, quote=True, dbms=None):
        if expression is None:
            return expression

        for exclude in EXCLUDE_UNESCAPE:
            if exclude in expression:
                return expression

        identifiedDbms = Backend.getIdentifiedDbms()

        if dbms is not None:
            return self[dbms](expression, quote=quote)
        elif identifiedDbms is not None:
            return self[identifiedDbms](expression, quote=quote)
        else:
            return expression

unescaper = Unescaper()
After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`#!/usr/bin/env python`

			`"""`
propsets.. 2008-10-15 19:56:32 +04:00			$Id$
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
update of copyright string (until year) 2011-04-15 16:33:18 +04:00			`Copyright (c) 2006-2011 sqlmap developers (http://sqlmap.sourceforge.net/)`
sorry, cosmetics 2010-10-15 03:18:29 +04:00			`See the file 'doc/COPYING' for copying permission`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`"""`

refactoring (class names should always be Capital cased) 2011-01-28 19:36:09 +03:00			`from lib.core.common import Backend`
code refactoring 2010-12-09 19:49:02 +03:00			`from lib.core.datatype import advancedDict`
Code cleanup 2011-02-07 01:32:44 +03:00			`from lib.core.settings import EXCLUDE_UNESCAPE`
code refactoring 2010-12-09 19:49:02 +03:00
			`class Unescaper(advancedDict):`
Fixed previous bug in getErrorParsedDBMSes() call in detection phase. Added minor support to escape quotes in UNION payloads during detection phase. 2011-01-12 02:47:32 +03:00			`def unescape(self, expression, quote=True, dbms=None):`
Code cleanup 2011-02-07 01:32:44 +03:00			`if expression is None:`
			`return expression`

			`for exclude in EXCLUDE_UNESCAPE:`
			`if exclude in expression:`
			`return expression`

refactoring (class names should always be Capital cased) 2011-01-28 19:36:09 +03:00			`identifiedDbms = Backend.getIdentifiedDbms()`
Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS. Minor bug fixes thanks to previous refactoring too. 2011-01-13 20:36:54 +03:00
Code cleanup 2011-02-07 01:32:44 +03:00			`if dbms is not None:`
Minor adjustment 2011-01-12 02:56:04 +03:00			`return self[dbms](expression, quote=quote)`
Centralization of unescape() 2011-01-21 00:55:13 +03:00			`elif identifiedDbms is not None:`
			`return self[identifiedDbms](expression, quote=quote)`
Code refactoring and cosmetics 2011-01-07 18:41:09 +03:00			`else:`
			`return expression`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
			`unescaper = Unescaper()`