sqlmap/lib/core/unescaper.py

#!/usr/bin/env python

"""
Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""

from lib.core.common import Backend
from lib.core.datatype import AttribDict
from lib.core.settings import EXCLUDE_UNESCAPE

class Unescaper(AttribDict):
    def escape(self, expression, quote=True, dbms=None):
        if expression is None:
            return expression

        for exclude in EXCLUDE_UNESCAPE:
            if exclude in expression:
                return expression

        identifiedDbms = Backend.getIdentifiedDbms()

        if dbms is not None:
            return self[dbms](expression, quote=quote)
        elif identifiedDbms is not None:
            return self[identifiedDbms](expression, quote=quote)
        else:
            return expression

unescaper = Unescaper()
Last preparations for DREI 2019-05-08 13:47:52 +03:00			`#!/usr/bin/env python`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
			`"""`
update_copyright_year() 2019-01-05 23:38:52 +03:00			`Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)`
Replacing doc/COPYING to LICENSE 2017-10-11 15:50:46 +03:00			`See the file 'LICENSE' for copying permission`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`"""`

refactoring (class names should always be Capital cased) 2011-01-28 19:36:09 +03:00			`from lib.core.common import Backend`
few fixes and minor cosmetics 2011-07-08 10:02:31 +04:00			`from lib.core.datatype import AttribDict`
Code cleanup 2011-02-07 01:32:44 +03:00			`from lib.core.settings import EXCLUDE_UNESCAPE`
code refactoring 2010-12-09 19:49:02 +03:00
few fixes and minor cosmetics 2011-07-08 10:02:31 +04:00			`class Unescaper(AttribDict):`
Unescaping is renamed to escaping 2013-01-18 18:40:37 +04:00			`def escape(self, expression, quote=True, dbms=None):`
Code cleanup 2011-02-07 01:32:44 +03:00			`if expression is None:`
			`return expression`

			`for exclude in EXCLUDE_UNESCAPE:`
			`if exclude in expression:`
			`return expression`

refactoring (class names should always be Capital cased) 2011-01-28 19:36:09 +03:00			`identifiedDbms = Backend.getIdentifiedDbms()`
Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS. Minor bug fixes thanks to previous refactoring too. 2011-01-13 20:36:54 +03:00
Code cleanup 2011-02-07 01:32:44 +03:00			`if dbms is not None:`
Minor adjustment 2011-01-12 02:56:04 +03:00			`return self[dbms](expression, quote=quote)`
Centralization of unescape() 2011-01-21 00:55:13 +03:00			`elif identifiedDbms is not None:`
			`return self[identifiedDbms](expression, quote=quote)`
Code refactoring and cosmetics 2011-01-07 18:41:09 +03:00			`else:`
			`return expression`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
			`unescaper = Unescaper()`