Minor patch for ws

lib/core/common.py

@@ -2882,33 +2882,31 @@ def urldecode(value, encoding=None, unsafe="%%?&=;+%s" % CUSTOM_INJECTION_MARK_C
     True
     >>> urldecode('AND%201%3E%282%2B3%29%23', convall=False) == 'AND 1>(2%2B3)#'
     True
+    >>> urldecode(b'AND%201%3E%282%2B3%29%23', convall=False) == 'AND 1>(2%2B3)#'
+    True
     """
 
     result = value
 
     if value:
-        try:
+        value = getUnicode(value)
-            # for cases like T%C3%BCrk%C3%A7e
-            value = str(value)
-        except ValueError:
-            pass
-        finally:
-            if convall:
-                result = _urllib.parse.unquote_plus(value) if spaceplus else _urllib.parse.unquote(value)
-            else:
-                result = value
-                charset = set(string.printable) - set(unsafe)
 
-                def _(match):
+        if convall:
-                    char = decodeHex(match.group(1), binary=False)
+            result = _urllib.parse.unquote_plus(value) if spaceplus else _urllib.parse.unquote(value)
-                    return char if char in charset else match.group(0)
+        else:
+            result = value
+            charset = set(string.printable) - set(unsafe)
 
-                if spaceplus:
+            def _(match):
-                    result = result.replace('+', ' ')  # plus sign has a special meaning in URL encoded data (hence the usage of _urllib.parse.unquote_plus in convall case)
+                char = decodeHex(match.group(1), binary=False)
+                return char if char in charset else match.group(0)
 
-                result = re.sub(r"%([0-9a-fA-F]{2})", _, result)
+            if spaceplus:
+                result = result.replace('+', ' ')  # plus sign has a special meaning in URL encoded data (hence the usage of _urllib.parse.unquote_plus in convall case)
 
-            result = getUnicode(result, encoding or UNICODE_ENCODING)
+            result = re.sub(r"%([0-9a-fA-F]{2})", _, result)
+
+        result = getUnicode(result, encoding or UNICODE_ENCODING)
 
     return result
 

lib/core/settings.py

@@ -18,7 +18,7 @@ from lib.core.enums import OS
 from thirdparty.six import unichr as _unichr
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.5.2.6"
+VERSION = "1.5.2.7"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

lib/request/connect.py

@@ -498,8 +498,6 @@ class Connect(object):
             if six.PY2:
                 url = getBytes(url)  # Note: Python3 requires text while Python2 has problems when mixing text with binary POST
 
-            post = getBytes(post)
-
             if webSocket:
                 ws = websocket.WebSocket()
                 ws.settimeout(WEBSOCKET_INITIAL_TIMEOUT if kb.webSocketRecvCount is None else timeout)
@@ -543,6 +541,8 @@ class Connect(object):
 
                 logger.log(CUSTOM_LOGGING.TRAFFIC_OUT, requestMsg)
             else:
+                post = getBytes(post)
+
                 if target and cmdLineOptions.method or method and method not in (HTTPMETHOD.GET, HTTPMETHOD.POST):
                     req = MethodRequest(url, post, headers)
                     req.set_method(cmdLineOptions.method or method)