diff --git a/lib/core/convert.py b/lib/core/convert.py index e13070ab7..6ebb54c71 100644 --- a/lib/core/convert.py +++ b/lib/core/convert.py @@ -153,7 +153,7 @@ def safecharencode(value): for char in SAFE_ENCODE_SLASH_REPLACEMENTS: retVal = retVal.replace(char, repr(char).strip('\'')) - retVal = reduce(lambda x, y: x + (y if (y in string.printable or ord(y) > 255) else '\%02x' % ord(y)), retVal, unicode()) + retVal = reduce(lambda x, y: x + (y if (y in string.printable or ord(y) > 255) else '\\x%02x' % ord(y)), retVal, unicode()) elif isinstance(value, list): for i in xrange(len(value)): @@ -173,7 +173,7 @@ def safechardecode(value): while True: match = regex.search(retVal) if match: - retVal = retVal.replace(match.group("result"), binascii.unhexlify(match.group("result").lstrip('\\'))) + retVal = retVal.replace(match.group("result"), binascii.unhexlify(match.group("result").lstrip('\\x'))) else: break diff --git a/lib/core/settings.py b/lib/core/settings.py index b217d1f95..8d221e62d 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -306,7 +306,7 @@ MAX_INT = sys.maxint IGNORE_PARAMETERS = ("__VIEWSTATE", "__EVENTARGUMENT", "__EVENTTARGET", "__EVENTVALIDATION", "ASPSESSIONID", "ASP.NET_SESSIONID", "JSESSIONID", "CFID", "CFTOKEN") # Regex used for recognition of hex encoded characters -HEX_ENCODED_CHAR_REGEX = r"(?P\\[0-9A-Fa-f]{2})" +HEX_ENCODED_CHAR_REGEX = r"(?P\\x[0-9A-Fa-f]{2})" # Raw chars that will be safe encoded to their slash (\) representations (e.g. newline to \n) SAFE_ENCODE_SLASH_REPLACEMENTS = "\\\t\n\r\x0b\x0c"