Trivial updates

doc/THANKS.md

@@ -202,7 +202,7 @@ Tate Hansen, <tate(at)clearnetsec.com>
 Mario Heiderich, <mario.heiderich(at)gmail.com>
 Christian Matthies, <ch0012(at)gmail.com>
 Lars H. Strojny, <lars(at)strojny.net>
-* for their great tool PHPIDS included in sqlmap tree as a set of rules for testing payloads against IDS detection, http://php-ids.org
+* for their great tool PHPIDS included in sqlmap tree as a set of rules for testing payloads against IDS detection, https://github.com/PHPIDS/PHPIDS
 
 Kristian Erik Hermansen, <kristian.hermansen(at)gmail.com>
 * for reporting a bug

lib/core/agent.py

@@ -995,7 +995,7 @@ class Agent(object):
                 limitedQuery = limitedQuery.replace("SELECT ", (limitStr % 1), 1)
 
                 if " ORDER BY " not in fromFrom:
-                    # Reference: http://vorg.ca/626-the-MS-SQL-equivalent-to-MySQLs-limit-command
+                    # Reference: https://web.archive.org/web/20150218053955/http://vorg.ca/626-the-MS-SQL-equivalent-to-MySQLs-limit-command
                     if " WHERE " in limitedQuery:
                         limitedQuery = "%s AND %s " % (limitedQuery, self.nullAndCastField(uniqueField or field))
                     else:

lib/core/settings.py

@@ -18,7 +18,7 @@ from lib.core.enums import OS
 from thirdparty import six
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.3.5.73"
+VERSION = "1.3.5.74"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

lib/request/basic.py

@@ -243,7 +243,11 @@ def checkCharEncoding(encoding, warn=True):
 def getHeuristicCharEncoding(page):
     """
     Returns page encoding charset detected by usage of heuristics
-    Reference: http://chardet.feedparser.org/docs/
+
+    Reference: https://chardet.readthedocs.io/en/latest/usage.html
+
+    >>> getHeuristicCharEncoding(b"<html></html>")
+    'ascii'
     """
 
     key = hash(page)
@@ -259,6 +263,9 @@ def getHeuristicCharEncoding(page):
 def decodePage(page, contentEncoding, contentType):
     """
     Decode compressed/charset HTTP response
+
+    >>> getText(decodePage(b"<html>foo&amp;bar</html>", None, "text/html; charset=utf-8"))
+    '<html>foo&bar</html>'
     """
 
     if not page or (conf.nullConnection and len(page) < 2):

lib/utils/hash.py

@@ -16,7 +16,7 @@ _multiprocessing = None
 try:
     import multiprocessing
 
-    # problems on FreeBSD (Reference: http://www.eggheadcafe.com/microsoft/Python/35880259/multiprocessing-on-freebsd.aspx)
+    # problems on FreeBSD (Reference: https://web.archive.org/web/20110710041353/http://www.eggheadcafe.com/microsoft/Python/35880259/multiprocessing-on-freebsd.aspx)
     _ = multiprocessing.Queue()
 
     # problems with ctypes (Reference: https://github.com/sqlmapproject/sqlmap/issues/2952)
@@ -98,7 +98,7 @@ from thirdparty.six.moves import queue as _queue
 def mysql_passwd(password, uppercase=True):
     """
     Reference(s):
-        http://csl.sublevel3.org/mysql-password-function/
+        https://web.archive.org/web/20120215205312/http://csl.sublevel3.org/mysql-password-function/
 
     >>> mysql_passwd(password='testpass', uppercase=True)
     '*00E247AC5F9AF26AE0194B41E1E769DEE1429A29'
@@ -113,8 +113,8 @@ def mysql_passwd(password, uppercase=True):
 def mysql_old_passwd(password, uppercase=True):  # prior to version '4.1'
     """
     Reference(s):
-        http://www.sfr-fresh.com/unix/privat/tpop3d-1.5.5.tar.gz:a/tpop3d-1.5.5/password.c
-        http://voidnetwork.org/5ynL0rd/darkc0de/python_script/darkMySQLi.html
+        https://web.archive.org/web/20091205000600/http://www.sfr-fresh.com/unix/privat/tpop3d-1.5.5.tar.gz:a/tpop3d-1.5.5/password.c
+        https://github.com/pwnieexpress/pwn_plug_sources/blob/master/src/darkmysqli/DarkMySQLi.py
 
     >>> mysql_old_passwd(password='testpass', uppercase=True)
     '7DCDA0D57290B453'

plugins/dbms/mssqlserver/filesystem.py

@@ -96,7 +96,7 @@ class Filesystem(GenericFilesystem):
         logger.debug("loading the content of file '%s' into support table" % rFile)
         inject.goStacked("BULK INSERT %s FROM '%s' WITH (CODEPAGE='RAW', FIELDTERMINATOR='%s', ROWTERMINATOR='%s')" % (txtTbl, rFile, randomStr(10), randomStr(10)), silent=True)
 
-        # Reference: http://support.microsoft.com/kb/104829
+        # Reference: https://web.archive.org/web/20120211184457/http://support.microsoft.com/kb/104829
         binToHexQuery = """DECLARE @charset VARCHAR(16)
         DECLARE @counter INT
         DECLARE @hexstr VARCHAR(4096)

thirdparty/gprof2dot/gprof2dot.py

@@ -1039,7 +1039,7 @@ class CallgrindParser(LineParser):
     """Parser for valgrind's callgrind tool.
 
     See also:
-    - http://valgrind.org/docs/manual/cl-Format.html
+    - https://web.archive.org/web/20190415231603/http://valgrind.org/docs/manual/cl-Format.html
     """
 
     _call_re = re.compile(r'^calls=\s*(\d+)\s+((\d+|\+\d+|-\d+|\*)\s+)+$')