Fix for cases when parameter name is urlencoded

2025-01-23 15:54:24 +03:00 · 2014-09-12 13:29:30 +02:00 · 2014-09-12 13:29:30 +02:00 · 637d3cbaf7
commit 637d3cbaf7
parent ae8c12c9c3
2 changed files with 4 additions and 1 deletions
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@ -19,6 +19,7 @@ from lib.core.common import safeSQLIdentificatorNaming
 from lib.core.common import singleTimeWarnMessage
 from lib.core.common import splitFields
 from lib.core.common import unArrayizeValue
+from lib.core.common import urlencode
 from lib.core.common import zeroDepthSearch
 from lib.core.data import conf
 from lib.core.data import kb
@ -153,6 +154,8 @@ class Agent(object):
            retVal = paramString.replace(origValue, self.addPayloadDelimiters(newValue))
        else:
            retVal = re.sub(r"(\A|\b)%s=%s" % (re.escape(parameter), re.escape(origValue)), "%s=%s" % (parameter, self.addPayloadDelimiters(newValue.replace("\\", "\\\\"))), paramString)
+            if retVal == paramString and urlencode(parameter) != parameter:
+                retVal = re.sub(r"(\A|\b)%s=%s" % (re.escape(urlencode(parameter)), re.escape(origValue)), "%s=%s" % (urlencode(parameter), self.addPayloadDelimiters(newValue.replace("\\", "\\\\"))), paramString)

        return retVal

--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -549,7 +549,7 @@ def paramToDict(place, parameters=None):
        parts = element.split("=")

        if len(parts) >= 2:
-            parameter = parts[0].replace(" ", "")
+            parameter = urldecode(parts[0].replace(" ", ""))

            if conf.paramDel and conf.paramDel == '\n':
                parts[-1] = parts[-1].rstrip()