diff --git a/lib/core/dump.py b/lib/core/dump.py
index 199237749..6705fff0f 100644
--- a/lib/core/dump.py
+++ b/lib/core/dump.py
@@ -5,12 +5,11 @@ Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission
"""
+import cgi
import codecs
import os
import threading
-from xml.dom.minidom import getDOMImplementation
-
from lib.core.common import Backend
from lib.core.common import dataToDumpFile
from lib.core.common import dataToStdout
@@ -442,8 +441,11 @@ class Dump(object):
rtable = replication.createTable(table, cols)
elif conf.dumpFormat == DUMP_FORMAT.HTML:
- documentNode = getDOMImplementation().createDocument(None, "table", None)
- tableNode = documentNode.documentElement
+ dataToDumpFile(dumpFP, "\n\n\n")
+ dataToDumpFile(dumpFP, "\n" % UNICODE_ENCODING)
+ dataToDumpFile(dumpFP, "%s\n" % ("%s%s" % ("%s." % db if METADB_SUFFIX not in db else "", table)))
+ dataToDumpFile(dumpFP, HTML_DUMP_CSS_STYLE)
+ dataToDumpFile(dumpFP, "\n\n\n\n\n\n")
if count == 1:
self._write("[1 entry]")
@@ -452,14 +454,6 @@ class Dump(object):
self._write(separator)
- if conf.dumpFormat == DUMP_FORMAT.HTML:
- headNode = documentNode.createElement("thead")
- rowNode = documentNode.createElement("tr")
- tableNode.appendChild(headNode)
- headNode.appendChild(rowNode)
- bodyNode = documentNode.createElement("tbody")
- tableNode.appendChild(bodyNode)
-
for column in columns:
if column != "__infos__":
info = tableValues[column]
@@ -477,12 +471,13 @@ class Dump(object):
else:
dataToDumpFile(dumpFP, "%s%s" % (safeCSValue(column), conf.csvDel))
elif conf.dumpFormat == DUMP_FORMAT.HTML:
- entryNode = documentNode.createElement("td")
- rowNode.appendChild(entryNode)
- entryNode.appendChild(documentNode.createTextNode(column))
+ dataToDumpFile(dumpFP, "| %s | " % cgi.escape(column).encode("ascii", "xmlcharrefreplace"))
field += 1
+ if conf.dumpFormat == DUMP_FORMAT.HTML:
+ dataToDumpFile(dumpFP, "\n
\n\n\n")
+
self._write("|\n%s" % separator)
if conf.dumpFormat == DUMP_FORMAT.CSV:
@@ -503,8 +498,7 @@ class Dump(object):
values = []
if conf.dumpFormat == DUMP_FORMAT.HTML:
- rowNode = documentNode.createElement("tr")
- bodyNode.appendChild(rowNode)
+ dataToDumpFile(dumpFP, "")
for column in columns:
if column != "__infos__":
@@ -547,9 +541,7 @@ class Dump(object):
else:
dataToDumpFile(dumpFP, "%s%s" % (safeCSValue(value), conf.csvDel))
elif conf.dumpFormat == DUMP_FORMAT.HTML:
- entryNode = documentNode.createElement("td")
- rowNode.appendChild(entryNode)
- entryNode.appendChild(documentNode.createTextNode(value))
+ dataToDumpFile(dumpFP, "| %s | " % cgi.escape(value).encode("ascii", "xmlcharrefreplace"))
field += 1
@@ -560,6 +552,8 @@ class Dump(object):
pass
elif conf.dumpFormat == DUMP_FORMAT.CSV:
dataToDumpFile(dumpFP, "\n")
+ elif conf.dumpFormat == DUMP_FORMAT.HTML:
+ dataToDumpFile(dumpFP, "
\n")
self._write("|", console=console)
@@ -571,13 +565,7 @@ class Dump(object):
elif conf.dumpFormat in (DUMP_FORMAT.CSV, DUMP_FORMAT.HTML):
if conf.dumpFormat == DUMP_FORMAT.HTML:
- dataToDumpFile(dumpFP, "\n\n\n")
- dataToDumpFile(dumpFP, "\n" % UNICODE_ENCODING)
- dataToDumpFile(dumpFP, "%s\n" % ("%s%s" % ("%s." % db if METADB_SUFFIX not in db else "", table)))
- dataToDumpFile(dumpFP, HTML_DUMP_CSS_STYLE)
- dataToDumpFile(dumpFP, "\n\n")
- dataToDumpFile(dumpFP, tableNode.toxml())
- dataToDumpFile(dumpFP, "\n")
+ dataToDumpFile(dumpFP, "\n
\n\n")
else:
dataToDumpFile(dumpFP, "\n")
dumpFP.close()
diff --git a/lib/core/settings.py b/lib/core/settings.py
index e7f02bd48..e72a2ab7c 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -591,4 +591,7 @@ tr:nth-child(even) {
td{
font-size:10px;
}
+th{
+ font-size:10px;
+}
"""