From 01e83cb4a04526fcde0cebf8848ba4740e2d3a45 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 8 Feb 2021 11:18:27 +0100 Subject: [PATCH] Minor patch for ws --- lib/core/common.py | 34 ++++++++++++++++------------------ lib/core/settings.py | 2 +- lib/request/connect.py | 4 ++-- 3 files changed, 19 insertions(+), 21 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index caa7421a5..53eca1f05 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -2882,33 +2882,31 @@ def urldecode(value, encoding=None, unsafe="%%?&=;+%s" % CUSTOM_INJECTION_MARK_C True >>> urldecode('AND%201%3E%282%2B3%29%23', convall=False) == 'AND 1>(2%2B3)#' True + >>> urldecode(b'AND%201%3E%282%2B3%29%23', convall=False) == 'AND 1>(2%2B3)#' + True """ result = value if value: - try: - # for cases like T%C3%BCrk%C3%A7e - value = str(value) - except ValueError: - pass - finally: - if convall: - result = _urllib.parse.unquote_plus(value) if spaceplus else _urllib.parse.unquote(value) - else: - result = value - charset = set(string.printable) - set(unsafe) + value = getUnicode(value) - def _(match): - char = decodeHex(match.group(1), binary=False) - return char if char in charset else match.group(0) + if convall: + result = _urllib.parse.unquote_plus(value) if spaceplus else _urllib.parse.unquote(value) + else: + result = value + charset = set(string.printable) - set(unsafe) - if spaceplus: - result = result.replace('+', ' ') # plus sign has a special meaning in URL encoded data (hence the usage of _urllib.parse.unquote_plus in convall case) + def _(match): + char = decodeHex(match.group(1), binary=False) + return char if char in charset else match.group(0) - result = re.sub(r"%([0-9a-fA-F]{2})", _, result) + if spaceplus: + result = result.replace('+', ' ') # plus sign has a special meaning in URL encoded data (hence the usage of _urllib.parse.unquote_plus in convall case) - result = getUnicode(result, encoding or UNICODE_ENCODING) + result = re.sub(r"%([0-9a-fA-F]{2})", _, result) + + result = getUnicode(result, encoding or UNICODE_ENCODING) return result diff --git a/lib/core/settings.py b/lib/core/settings.py index 9e59643ef..e33209eed 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -18,7 +18,7 @@ from lib.core.enums import OS from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.2.6" +VERSION = "1.5.2.7" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/connect.py b/lib/request/connect.py index bf4bc1257..67eaf12a1 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -498,8 +498,6 @@ class Connect(object): if six.PY2: url = getBytes(url) # Note: Python3 requires text while Python2 has problems when mixing text with binary POST - post = getBytes(post) - if webSocket: ws = websocket.WebSocket() ws.settimeout(WEBSOCKET_INITIAL_TIMEOUT if kb.webSocketRecvCount is None else timeout) @@ -543,6 +541,8 @@ class Connect(object): logger.log(CUSTOM_LOGGING.TRAFFIC_OUT, requestMsg) else: + post = getBytes(post) + if target and cmdLineOptions.method or method and method not in (HTTPMETHOD.GET, HTTPMETHOD.POST): req = MethodRequest(url, post, headers) req.set_method(cmdLineOptions.method or method)