few updates

2025-02-03 05:04:11 +03:00 · 2011-02-25 09:35:24 +00:00 · 2011-02-25 09:35:24 +00:00 · 2bbbc9a41e
commit 2bbbc9a41e
parent aa88361ab1
2 changed files with 11 additions and 11 deletions
--- a/extra/keepalive/keepalive.py
+++ b/extra/keepalive/keepalive.py
@ -325,18 +325,15 @@ class HTTPConnection(httplib.HTTPConnection):
        else:
            raise CannotSendHeader()

-        for header in self._headers:
-            self._headers[header] = unicodeToSafeHTMLValue(self._headers[header])
-
        for header in ['Host', 'Accept-Encoding']:
            if header in self._headers:
                str = '%s: %s' % (header, self._headers[header])
-                self._output(str)
+                self._output(unicodeToSafeHTMLValue(str))
                del self._headers[header]

        for header, value in self._headers.items():
            str = '%s: %s' % (header, value)
-            self._output(str)
+            self._output(unicodeToSafeHTMLValue(str))

        self._send_output()

--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -2395,13 +2395,16 @@ def removeReflectiveValues(content, payload):
    (e.g. ?search=sql injection ---> ...value="sql%20injection")
    """

-    payload = payload.replace(PAYLOAD_DELIMITER, '')
+    retVal = content

-    regex = filterStringValue(payload, r'[A-Za-z0-9]', r'[^\s]+')
-    retVal = re.sub(regex, REFLECTED_VALUE_MARKER, content)
+    if all([content, payload]):
+        payload = payload.replace(PAYLOAD_DELIMITER, '')

-    if retVal != content:
-        warnMsg = "reflective value found and filtered out"
-        logger.warn(warnMsg)
+        regex = filterStringValue(payload, r'[A-Za-z0-9]', r'[^\s]+')
+        retVal = re.sub(regex, REFLECTED_VALUE_MARKER, content)
+
+        if retVal != content:
+            debugMsg = "reflective value found and filtered out"
+            logger.debug(debugMsg)

    return retVal