diff --git a/lib/core/settings.py b/lib/core/settings.py index 0fa57c650..7e97029c0 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -18,7 +18,7 @@ from lib.core.enums import OS from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.3.5.156" +VERSION = "1.3.5.157" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/unescaper.py b/lib/core/unescaper.py index e95378b15..ece7e1240 100644 --- a/lib/core/unescaper.py +++ b/lib/core/unescaper.py @@ -12,9 +12,6 @@ from lib.core.settings import EXCLUDE_UNESCAPE class Unescaper(AttribDict): def escape(self, expression, quote=True, dbms=None): - if conf.noEscape: - return expression - if expression is None: return expression diff --git a/plugins/generic/syntax.py b/plugins/generic/syntax.py index ccbeb4b69..b4e916104 100644 --- a/plugins/generic/syntax.py +++ b/plugins/generic/syntax.py @@ -7,6 +7,8 @@ See the file 'LICENSE' for copying permission import re +from lib.core.convert import getBytes +from lib.core.data import conf from lib.core.exception import SqlmapUndefinedMethod class Syntax(object): @@ -23,9 +25,14 @@ class Syntax(object): if quote: for item in re.findall(r"'[^']*'+", expression): - _ = item[1:-1] - if _: - retVal = retVal.replace(item, escaper(_)) + original = item[1:-1] + if original: + replacement = escaper(original) if not conf.noEscape else original + + if replacement != original: + retVal = retVal.replace(item, replacement) + elif len(original) != len(getBytes(original)) and "n'%s'" % original not in retVal: + retVal = retVal.replace("'%s'" % original, "n'%s'" % original) else: retVal = escaper(expression)