some bug fixes

2024-11-22 09:36:35 +03:00 · 2010-10-13 20:54:18 +00:00 · 2010-10-13 20:54:18 +00:00 · 43a3ac2c3a
commit 43a3ac2c3a
parent 1b3b916587
5 changed files with 112 additions and 102 deletions
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@ -526,7 +526,13 @@ def cmdLineParser():
        parser.add_option_group(windows)
        parser.add_option_group(miscellaneous)

-        (args, _) = parser.parse_args([utf8decode(arg) for arg in sys.argv])
+        args = []
+        for arg in sys.argv:
+            try:
+                args.append(utf8decode(arg))
+            except:
+                args.append(unicode(arg, sys.getfilesystemencoding()))
+        (args, _) = parser.parse_args(args)

        if not args.direct and not args.url and not args.list and not args.googleDork and not args.configFile\
            and not args.requestFile and not args.updateAll and not args.smokeTest and not args.liveTest:
--- a/lib/utils/resume.py
+++ b/lib/utils/resume.py
@ -103,7 +103,7 @@ def resume(expression, payload):
    This function can be called to resume part or entire output of a
    SQL injection query output.
    """
-
+    try:
        if "sqlmapfile" in expression or "sqlmapoutput" in expression:
            return None

@ -204,3 +204,7 @@ def resume(expression, payload):
            return "%s%s" % (resumedValue, finalValue)

        return None
+    except:
+        errMsg = "invalid resume value for expression: '%s'" % expression
+        logger.error(errMsg)
+        return None
--- a/tamper/charencode.py
+++ b/tamper/charencode.py
@ -8,6 +8,7 @@ from lib.core.exception import sqlmapUnsupportedFeatureException
 value -> urlencode of nonencoded chars in value
 """
 def tamper(place, value):
+    raise sqlmapUnsupportedFeatureException, "can't use tampering module 'charencode.py' with 'URI' type injections"
    retVal = value
    if value:
        if place != "URI":
--- a/tamper/randomcase.py
+++ b/tamper/randomcase.py
@ -6,7 +6,7 @@ from lib.core.common import randomRange
 from lib.core.exception import sqlmapUnsupportedFeatureException

 """
-value -> random case of chars in value
+value -> chars from value with random case
 """
 def tamper(place, value):
    retVal = value
--- a/tamper/space2comment.py
+++ b/tamper/space2comment.py
@ -10,7 +10,6 @@ def tamper(place, value):
    if value:
        if place != "URI":
            value = urldecode(value)
-        while value.find(" ") > -1:
        value = value.replace(" ", "/**/")
        if place != "URI":
            value = urlencode(value)