From 1e22ff45de74e35062e2e4f1d0d8f35e45e2d148 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 28 Mar 2011 16:14:08 +0000 Subject: [PATCH] minor update regarding testing of GET parameters if --data and/or --forms is used --- lib/controller/controller.py | 11 ++++++++++- lib/core/dump.py | 2 +- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/lib/controller/controller.py b/lib/controller/controller.py index 7422f0d6a..952860f97 100644 --- a/lib/controller/controller.py +++ b/lib/controller/controller.py @@ -299,7 +299,13 @@ def start(): # Do a little prioritization reorder of a testable parameter list parameters = conf.parameters.keys() - for place in (PLACE.URI, PLACE.POST, PLACE.GET): + # Order of testing list (last to first) + if conf.forms or conf.data: + orderList = (PLACE.URI, PLACE.GET, PLACE.POST) + else: + orderList = (PLACE.URI, PLACE.POST, PLACE.GET) + + for place in orderList: if place in parameters: parameters.remove(place) parameters.insert(0, place) @@ -314,6 +320,9 @@ def start(): # Test Cookie header only if --level >= 2 condition |= (place == PLACE.COOKIE and conf.level < 2) + # Test GET parameter in case --data and/or --forms used only if --level >= 3 + condition |= (place == PLACE.GET and (conf.data or conf.forms) and conf.level < 3) + condition &= not (place == PLACE.UA and intersect(USER_AGENT_ALIASES, conf.testParameter)) condition &= not (place == PLACE.REFERER and intersect(REFERER_ALIASES, conf.testParameter)) diff --git a/lib/core/dump.py b/lib/core/dump.py index 9d321bace..1ede3c472 100644 --- a/lib/core/dump.py +++ b/lib/core/dump.py @@ -111,7 +111,7 @@ class Dump: if Backend.getIdentifiedDbms() in (DBMS.ORACLE): warnMsg = "on %s you have to use switch '--current-user' to " % Backend.getIdentifiedDbms() - warnMsg += "retrieve schema name which can be used " + warnMsg += "retrieve current schema name which can be used " warnMsg += "as an equivalent to database name (-D) in further runs" logger.warning(warnMsg)