diff --git a/lib/controller/controller.py b/lib/controller/controller.py index 51706b61f..21b8b6db9 100644 --- a/lib/controller/controller.py +++ b/lib/controller/controller.py @@ -27,6 +27,8 @@ from lib.core.common import paramToDict from lib.core.common import parseTargetUrl from lib.core.common import readInput from lib.core.common import showHttpErrorCodes +from lib.core.convert import urlencode +from lib.core.convert import urldecode from lib.core.data import conf from lib.core.data import kb from lib.core.data import logger @@ -205,7 +207,7 @@ def start(): message += "\nCookie: %s" % conf.cookie if conf.data: - message += "\nPOST data: %s" % repr(conf.data) if conf.data else "" + message += "\nPOST data: %s" % urlencode(conf.data) if conf.data else "" if conf.forms: if conf.method == HTTPMETHOD.GET and targetUrl.find("?") == -1: @@ -216,8 +218,8 @@ def start(): if not test or test[0] in ("y", "Y"): if conf.method == HTTPMETHOD.POST: - message = "Edit POST data [default: %s]: " % (conf.data if conf.data else "") - conf.data = readInput(message, default=conf.data) + message = "Edit POST data [default: %s]%s: " % (urlencode(conf.data) if conf.data else "", " (Warning: blank fields detected)" if conf.data and '=&' in conf.data else "") + conf.data = urldecode(readInput(message, default=conf.data)) elif conf.method == HTTPMETHOD.GET: if conf.url.find("?") > -1: diff --git a/lib/core/convert.py b/lib/core/convert.py index 70acf8297..f34e37c5a 100644 --- a/lib/core/convert.py +++ b/lib/core/convert.py @@ -19,6 +19,7 @@ import struct import urllib from lib.core.data import conf +from lib.core.settings import UNICODE_ENCODING def base64decode(value): return value.decode("base64") @@ -62,17 +63,21 @@ def sha1hash(value): else: return sha.new(value).hexdigest() -def urldecode(value): +def urldecode(value, encoding=None): result = None if value: try: # for cases like T%C3%BCrk%C3%A7e value = str(value) - result = utf8decode(urllib.unquote_plus(value)) except ValueError: + pass + finally: result = urllib.unquote_plus(value) + if isinstance(result, str): + result = unicode(result, encoding or UNICODE_ENCODING, errors="replace") + return result def urlencode(value, safe=":/?%&=", convall=False): diff --git a/lib/core/option.py b/lib/core/option.py index 2131c00c9..892141202 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -446,9 +446,9 @@ def __findPageForms(): if forms: for form in forms: request = form.click() - url = urldecode(request.get_full_url()) + url = urldecode(request.get_full_url(), kb.pageEncoding) method = request.get_method() - data = urldecode(getUnicode(request.get_data(), kb.pageEncoding)) if request.has_data() else None + data = urldecode(request.get_data(), kb.pageEncoding) if request.has_data() else None target = (url, method, data, conf.cookie) kb.targetUrls.add(target) kb.formNames.append(target)