diff --git a/doc/THANKS b/doc/THANKS index 00a2f9164..52037e867 100644 --- a/doc/THANKS +++ b/doc/THANKS @@ -639,6 +639,9 @@ ragos shiftzwei for reporting a couple of bugs +smith + for reporting a minor bug + Stuffe for reporting a minor bug and a feature request diff --git a/lib/core/option.py b/lib/core/option.py index faff2c4d9..ebad2b6c2 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -104,6 +104,7 @@ from lib.core.settings import LOCALHOST from lib.core.settings import MAX_NUMBER_OF_THREADS from lib.core.settings import PARAMETER_SPLITTING_REGEX from lib.core.settings import TIME_DELAY_CANDIDATES +from lib.core.settings import UNION_CHAR_REGEX from lib.core.settings import UNKNOWN_DBMS_VERSION from lib.core.settings import WEBSCARAB_SPLITTER from lib.core.update import update @@ -1811,6 +1812,10 @@ def __basicOptionValidation(): errMsg = "value for --time-sec option must be an integer greater than 0" raise sqlmapSyntaxException, errMsg + if conf.uChar and not re.match(UNION_CHAR_REGEX, conf.uChar): + errMsg = "value for --union-char option must be an alpha-numeric value (e.g. 1)" + raise sqlmapSyntaxException, errMsg + if isinstance(conf.uCols, basestring): if not conf.uCols.isdigit() and ("-" not in conf.uCols or len(conf.uCols.split("-")) != 2): errMsg = "value for --union-cols must be a range with hyphon " diff --git a/lib/core/settings.py b/lib/core/settings.py index 4c5c7fe33..1f56cfae9 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -397,3 +397,6 @@ MAX_TIME_REVALIDATION_STEPS = 5 # Characters that can be used to split parameter values in provided command line (e.g. in --tamper) PARAMETER_SPLITTING_REGEX = r'[,|;]' + +# Regular expression describing possible union char value (e.g. used in --union-char) +UNION_CHAR_REGEX = r'\A\w+\Z'