diff --git a/lib/contrib/multipartpost.py b/lib/contrib/multipartpost.py index 806ba1c81..f17504ff7 100644 --- a/lib/contrib/multipartpost.py +++ b/lib/contrib/multipartpost.py @@ -74,32 +74,34 @@ class MultipartPostHandler(urllib2.BaseHandler): request.add_data(data) return request - def multipart_encode(vars, files, boundary = None, buffer = None): + def multipart_encode(vars, files, boundary = None, buf = None): if boundary is None: boundary = mimetools.choose_boundary() - if buffer is None: - buffer = '' + if buf is None: + buf = '' - for(key, value) in vars: - buffer += '--%s\r\n' % boundary - buffer += 'Content-Disposition: form-data; name="%s"' % key - buffer += '\r\n\r\n' + value + '\r\n' + for (key, value) in vars: + buf += '--%s\r\n' % boundary + buf += 'Content-Disposition: form-data; name="%s"' % key + buf += '\r\n\r\n' + value + '\r\n' - for(key, fd) in files: + for (key, fd) in files: file_size = os.fstat(fd.fileno())[stat.ST_SIZE] filename = fd.name.split('/')[-1] contenttype = mimetypes.guess_type(filename)[0] or 'application/octet-stream' - buffer += '--%s\r\n' % boundary - buffer += 'Content-Disposition: form-data; name="%s"; filename="%s"\r\n' % (key, filename) - buffer += 'Content-Type: %s\r\n' % contenttype - # buffer += 'Content-Length: %s\r\n' % file_size + buf += '--%s\r\n' % boundary + buf += 'Content-Disposition: form-data; name="%s"; filename="%s"\r\n' % (key, filename) + buf += 'Content-Type: %s\r\n' % contenttype + # buf += 'Content-Length: %s\r\n' % file_size fd.seek(0) - buffer += '\r\n' + fd.read() + '\r\n' - buffer += '--%s--\r\n\r\n' % boundary + buf = str(buf) + buf += '\r\n%s\r\n' % fd.read() - return boundary, buffer + buf += '--%s--\r\n\r\n' % boundary + + return boundary, buf multipart_encode = Callable(multipart_encode) diff --git a/lib/core/common.py b/lib/core/common.py index be30a2597..d5cbd0a93 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -377,9 +377,9 @@ def dataToOutFile(data): if not data: return "No data retrieved" - rFile = filePathToString(conf.rFile) + rFile = filePathToString(conf.rFile) rFilePath = "%s%s%s" % (conf.filePath, os.sep, rFile) - rFileFP = codecs.open(rFilePath, "wb", conf.dataEncoding) + rFileFP = codecs.open(rFilePath, "wb", conf.dataEncoding) rFileFP.write(data) rFileFP.flush() diff --git a/lib/parse/configfile.py b/lib/parse/configfile.py index 7c1320840..4c0b5b855 100644 --- a/lib/parse/configfile.py +++ b/lib/parse/configfile.py @@ -72,8 +72,9 @@ def configFileParser(configFile): logger.debug(debugMsg) checkFile(configFile) + configFP = codecs.open(configFile, "rb", conf.dataEncoding) config = UnicodeRawConfigParser() - config.readfp(codecs.open(configFile, "rb", conf.dataEncoding)) + config.readfp(configFP) if not config.has_section("Target"): raise NoSectionError, "Target in the configuration file is mandatory" diff --git a/lib/takeover/web.py b/lib/takeover/web.py index db5fa995c..6fece8ffe 100644 --- a/lib/takeover/web.py +++ b/lib/takeover/web.py @@ -22,6 +22,7 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA """ +import codecs import os import posixpath import re @@ -82,13 +83,15 @@ class Web: return output def webFileUpload(self, fileToUpload, destFileName, directory): - inputFile = open(fileToUpload, "r") - retVal = self.__webFileStreamUpload(inputFile, destFileName, directory) - inputFile.close() + inputFP = codecs.open(fileToUpload, "rb") + retVal = self.__webFileStreamUpload(inputFP, destFileName, directory) + inputFP.close() + return retVal def __webFileStreamUpload(self, stream, destFileName, directory): - stream.seek(0) #rewind + stream.seek(0) # Rewind + if self.webApi in ("php", "asp"): multipartParams = { "upload": "1", diff --git a/sqlmap.py b/sqlmap.py index 453d96a97..f47773ec2 100755 --- a/sqlmap.py +++ b/sqlmap.py @@ -32,7 +32,8 @@ import warnings warnings.filterwarnings(action="ignore", message=".*was already imported", category=UserWarning) -sys.stdout = codecs.getwriter(locale.getpreferredencoding())(sys.stdout) +# NOTE: This breaks SQL shell and OS shell history and TAB functionalities +#sys.stdout = codecs.getwriter(locale.getpreferredencoding())(sys.stdout) try: import psyco