From 4fa24ec70491f5159efaf014030a889fe2969fd9 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 21 Nov 2011 17:39:18 +0000
Subject: [PATCH] minor improvement

---
 lib/parse/cmdline.py   |  2 +-
 lib/request/connect.py | 18 ++++++++++--------
 sqlmap.conf            |  2 +-
 3 files changed, 12 insertions(+), 10 deletions(-)

diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
index 6b108a428..f6492a935 100644
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -141,7 +141,7 @@ def cmdLineParser():
                            help="Test requests between two visits to a given safe url")
 
         request.add_option("--eval", dest="evalCode",
-                           help="Evaluate provided Python code before the request (e.g. \"import hashlib;id2=hashlib.md5(str(id)).hexdigest()\")")
+                           help="Evaluate provided Python code before the request (e.g. \"import hashlib;id2=hashlib.md5(id).hexdigest()\")")
 
         # Optimization options
         optimization = OptionGroup(parser, "Optimization", "These "
diff --git a/lib/request/connect.py b/lib/request/connect.py
index 00a07b51c..d1d8baa96 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -605,13 +605,15 @@ class Connect:
                             cookie = _randomizeParameter(cookie, randomParameter)
 
         if conf.evalCode:
+            delimiter = conf.pDel or "&"
             variables = {}
             originals = {}
 
-            if get:
-                executeCode(get.replace("&", ";"), variables)
-            if post:
-                executeCode(post.replace("&", ";"), variables)
+            for item in filter(None, (get, post)):
+                for part in item.split(delimiter):
+                    if '=' in part:
+                        name, value = part.split('=', 1)
+                        executeCode("%s='%s'" % (name, value), variables)
 
             originals.update(variables)
             executeCode(conf.evalCode, variables)
@@ -621,13 +623,13 @@ class Connect:
                     if isinstance(value, (basestring, int)):
                         value = unicode(value)
                         if '%s=' % name in (get or ""):
-                            get = re.sub("(%s=)([^&]+)" % name, "\g<1>%s" % value, get)
+                            get = re.sub("((\A|\W)%s=)([^%s]+)" % (name, delimiter), "\g<1>%s" % value, get)
                         elif '%s=' % name in (post or ""):
-                            post = re.sub("(%s=)([^&]+)" % name, "\g<1>%s" % value, post)
+                            post = re.sub("((\A|\W)%s=)([^%s]+)" % (name, delimiter), "\g<1>%s" % value, post)
                         elif post:
-                            post += "&%s=%s" % (name, value)
+                            post += "%s%s=%s" % (delimiter, name, value)
                         else:
-                            get += "&%s=%s" % (name, value)
+                            get += "%s%s=%s" % (delimiter, name, value)
                 
         get = urlencode(get, limit=True)
         if post and place != PLACE.POST and hasattr(post, UNENCODED_ORIGINAL_VALUE):
diff --git a/sqlmap.conf b/sqlmap.conf
index f34607eeb..2021df5b8 100644
--- a/sqlmap.conf
+++ b/sqlmap.conf
@@ -131,7 +131,7 @@ safUrl =
 saFreq = 0
 
 # Evaluate provided Python code before the request
-# Example: import hashlib;id2=hashlib.md5(str(id)).hexdigest()
+# Example: import hashlib;id2=hashlib.md5(id).hexdigest()
 evalCode =