From db526bdbc01487ffbdb0528c3fb655ee35aecafa Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 25 May 2012 09:52:17 +0000
Subject: [PATCH] minor update (tainted values are not checked any more in
 multipleTargets mode)

---
 lib/core/common.py | 27 ++++++++++++++-------------
 1 file changed, 14 insertions(+), 13 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 9c3ea022f..0a5996284 100644
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -539,20 +539,21 @@ def paramToDict(place, parameters=None):
 
                 if condition:
                     testableParameters[parameter] = "=".join(elem[1:])
-                    if testableParameters[parameter].strip(DUMMY_SQL_INJECTION_CHARS) != testableParameters[parameter]\
-                      or re.search(r'\A9{3,}', testableParameters[parameter]) or re.search(DUMMY_USER_INJECTION, testableParameters[parameter]):
-                        warnMsg = "it appears that you have provided tainted parameter values "
-                        warnMsg += "('%s') with most probably leftover " % element
-                        warnMsg += "chars from manual sql injection "
-                        warnMsg += "tests (%s) or non-valid numerical value. " % DUMMY_SQL_INJECTION_CHARS
-                        warnMsg += "Please, always use only valid parameter values "
-                        warnMsg += "so sqlmap could be able to properly run "
-                        logger.warn(warnMsg)
+                    if not conf.multipleTargets:
+                        if testableParameters[parameter].strip(DUMMY_SQL_INJECTION_CHARS) != testableParameters[parameter]\
+                          or re.search(r'\A9{3,}', testableParameters[parameter]) or re.search(DUMMY_USER_INJECTION, testableParameters[parameter]):
+                            warnMsg = "it appears that you have provided tainted parameter values "
+                            warnMsg += "('%s') with most probably leftover " % element
+                            warnMsg += "chars from manual sql injection "
+                            warnMsg += "tests (%s) or non-valid numerical value. " % DUMMY_SQL_INJECTION_CHARS
+                            warnMsg += "Please, always use only valid parameter values "
+                            warnMsg += "so sqlmap could be able to properly run "
+                            logger.warn(warnMsg)
 
-                        message = "Are you sure you want to continue? [y/N] "
-                        test = readInput(message, default="N")
-                        if test[0] not in ("y", "Y"):
-                            raise sqlmapSilentQuitException
+                            message = "Are you sure you want to continue? [y/N] "
+                            test = readInput(message, default="N")
+                            if test[0] not in ("y", "Y"):
+                                raise sqlmapSilentQuitException
 
     else:
         root = ET.XML(parameters)