From 07a85874feeab583f528d8acd7e8c47bdd9485fe Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 16 Jul 2012 11:07:47 +0200
Subject: [PATCH] Implementation for Issue #92

---
 lib/core/optiondict.py | 4 +++-
 lib/core/unescaper.py  | 3 ++-
 lib/parse/cmdline.py   | 4 ++++
 sqlmap.conf            | 4 ++++
 4 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py
index b0ae2065d..fbedd93cb 100644
--- a/lib/core/optiondict.py
+++ b/lib/core/optiondict.py
@@ -63,7 +63,9 @@ optDict = {
                                "dbms":              "string",
                                "os":                "string",
                                "invalidBignum":     "boolean",
-                               "invalidLogical":     "boolean",
+                               "invalidLogical":    "boolean",
+                               "noCast":            "boolean",
+                               "noUnescape":        "boolean",
                                "prefix":            "string",
                                "suffix":            "string",
                                "skip":              "string",
diff --git a/lib/core/unescaper.py b/lib/core/unescaper.py
index 4b1438874..ae8529f19 100644
--- a/lib/core/unescaper.py
+++ b/lib/core/unescaper.py
@@ -6,13 +6,14 @@ See the file 'doc/COPYING' for copying permission
 """
 
 from lib.core.common import Backend
+from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.datatype import AttribDict
 from lib.core.settings import EXCLUDE_UNESCAPE
 
 class Unescaper(AttribDict):
     def unescape(self, expression, quote=True, dbms=None):
-        if not kb.unescape:
+        if not kb.unescape or conf.noUnescape:
             return expression
 
         if expression is None:
diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
index 11d5f39dd..d55d41d06 100644
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -209,6 +209,10 @@ def cmdLineParser():
                              action="store_true",
                              help="Turn off payload casting mechanism")
 
+        injection.add_option("--no-unescape", dest="noUnescape",
+                             action="store_true",
+                             help="Turn off string unescaping mechanism")
+
         injection.add_option("--prefix", dest="prefix",
                              help="Injection payload prefix string")
 
diff --git a/sqlmap.conf b/sqlmap.conf
index e86d1d5ab..82c02cc30 100644
--- a/sqlmap.conf
+++ b/sqlmap.conf
@@ -207,6 +207,10 @@ invalidLogical = False
 # Valid: True or False
 noCast = False
 
+# Turn off string unescaping mechanism
+# Valid: True or False
+noUnescape = False
+
 # Injection payload prefix string.
 prefix =