From d175decdfc84e198cff7852cea3ea26fd37fca9d Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sat, 22 Sep 2012 20:59:40 +0200
Subject: [PATCH] Fix for an Issue #190

---
 lib/core/common.py     | 24 ------------------------
 lib/core/optiondict.py |  1 -
 lib/parse/cmdline.py   |  4 ----
 lib/request/connect.py | 18 +++++++-----------
 sqlmap.conf            |  4 ----
 5 files changed, 7 insertions(+), 44 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 76e1f53f5..d9fd5b377 100644
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -1301,30 +1301,6 @@ def searchEnvPath(filename):
 
     return retVal
 
-def urlEncodeCookieValues(cookieStr):
-    if cookieStr:
-        retVal = ""
-
-        for part in cookieStr.split(';'):
-            index = part.find('=') + 1
-            if index > 0:
-                name = part[:index - 1].strip()
-                value = urlencode(part[index:], convall=True)
-                retVal += "; %s=%s" % (name, value)
-            elif part.strip().lower() != "secure":
-                retVal += "%s%s" % ("%3B", urlencode(part, convall=True))
-            else:
-                retVal += "; secure"
-
-        if retVal.startswith('; '):
-            retVal = retVal[2:]
-        elif retVal.startswith('%3B'):
-            retVal = retVal[3:]
-
-        return retVal
-    else:
-        return None
-
 def directoryPath(filepath):
     """
     Returns directory path for a given filepath
diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py
index 8f01c867c..d0ef803c5 100644
--- a/lib/core/optiondict.py
+++ b/lib/core/optiondict.py
@@ -25,7 +25,6 @@ optDict = {
                                "pDel":              "string",
                                "cookie":            "string",
                                "loadCookies":       "string",
-                               "cookieUrlencode":   "boolean",
                                "dropSetCookie":     "boolean",
                                "agent":             "string",
                                "randomAgent":       "boolean",
diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
index 13907f505..17262efbe 100644
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -80,10 +80,6 @@ def cmdLineParser():
         request.add_option("--load-cookies", dest="loadCookies",
                            help="File containing cookies in Netscape/wget format")
 
-        request.add_option("--cookie-urlencode", dest="cookieUrlencode",
-                             action="store_true",
-                             help="URL Encode generated cookie injections")
-
         request.add_option("--drop-set-cookie", dest="dropSetCookie",
                            action="store_true",
                            help="Ignore Set-Cookie header from response")
diff --git a/lib/request/connect.py b/lib/request/connect.py
index 64840f8f1..cf85dd165 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -32,7 +32,6 @@ from lib.core.common import readInput
 from lib.core.common import removeReflectiveValues
 from lib.core.common import singleTimeWarnMessage
 from lib.core.common import stdev
-from lib.core.common import urlEncodeCookieValues
 from lib.core.common import wasLastRequestDelayed
 from lib.core.common import unicodeencode
 from lib.core.common import urlencode
@@ -577,7 +576,13 @@ class Connect:
 
             logger.log(CUSTOM_LOGGING.PAYLOAD, safecharencode(payload))
 
-            if place in (PLACE.GET, PLACE.POST, PLACE.URI, PLACE.CUSTOM_POST):
+            if place == PLACE.SOAP:
+                # payloads in SOAP should have chars > and < replaced
+                # with their HTML encoded counterparts
+                payload = payload.replace('>', "&gt;").replace('<', "&lt;")
+                value = agent.replacePayload(value, payload)
+
+            else:
                 # payloads in GET and/or POST need to be urlencoded
                 # throughly without safe chars (especially & and =)
                 # addendum: as we support url encoding in tampering
@@ -586,18 +591,9 @@ class Connect:
                     payload = urlencode(payload, '%', False, True) if place not in (PLACE.POST, PLACE.CUSTOM_POST) and not skipUrlEncode else payload
                     value = agent.replacePayload(value, payload)
 
-            elif place == PLACE.SOAP:
-                # payloads in SOAP should have chars > and < replaced
-                # with their HTML encoded counterparts
-                payload = payload.replace('>', "&gt;").replace('<', "&lt;")
-                value = agent.replacePayload(value, payload)
-
         if place:
             value = agent.removePayloadDelimiters(value)
 
-            if place == PLACE.COOKIE and conf.cookieUrlencode:
-                value = urlEncodeCookieValues(value)
-
         if conf.checkPayload:
             checkPayload(value)
 
diff --git a/sqlmap.conf b/sqlmap.conf
index 0abfe363f..1db37a192 100644
--- a/sqlmap.conf
+++ b/sqlmap.conf
@@ -45,10 +45,6 @@ cookie =
 # File containing cookies in Netscape/wget format
 loadCookies = 
 
-# URL-encode generated cookie injections.
-# Valid: True or False
-cookieUrlencode = False
-
 # Ignore Set-Cookie header from response
 # Valid: True or False
 dropSetCookie = False