Fixes #2786

2024-11-25 19:13:48 +03:00 · 2017-11-19 02:51:29 +01:00 · 2017-11-19 02:51:29 +01:00 · ec83837342
commit ec83837342
parent 2333903b68
3 changed files with 9 additions and 11 deletions
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
 from lib.core.enums import OS

 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.1.11.23"
+VERSION = "1.1.11.24"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@ -796,7 +796,7 @@ class Connect(object):
        raise404 = place != PLACE.URI if raise404 is None else raise404
        method = method or conf.method

-        pushValue(kb.postUrlEncode)
+        postUrlEncode = kb.postUrlEncode

        value = agent.adjustLateValues(value)
        payload = agent.extractPayload(value)
@ -806,8 +806,8 @@ class Connect(object):
            headers = OrderedDict(conf.httpHeaders)
            contentType = max(headers[_] if _.upper() == HTTP_HEADER.CONTENT_TYPE.upper() else None for _ in headers.keys())

-            if (kb.postHint or conf.skipUrlEncode) and kb.postUrlEncode:
-                kb.postUrlEncode = False
+            if (kb.postHint or conf.skipUrlEncode) and postUrlEncode:
+                postUrlEncode = False
                conf.httpHeaders = [_ for _ in conf.httpHeaders if _[1] != contentType]
                contentType = POST_HINT_CONTENT_TYPES.get(kb.postHint, PLAIN_TEXT_CONTENT_TYPE)
                conf.httpHeaders.append((HTTP_HEADER.CONTENT_TYPE, contentType))
@ -851,7 +851,7 @@ class Connect(object):
                value = agent.replacePayload(value, payload)
            else:
                # GET, POST, URI and Cookie payload needs to be thoroughly URL encoded
-                if (place in (PLACE.GET, PLACE.URI, PLACE.COOKIE) or place == PLACE.CUSTOM_HEADER and value.split(',')[0] == HTTP_HEADER.COOKIE) and not conf.skipUrlEncode or place in (PLACE.POST, PLACE.CUSTOM_POST) and kb.postUrlEncode:
+                if (place in (PLACE.GET, PLACE.URI, PLACE.COOKIE) or place == PLACE.CUSTOM_HEADER and value.split(',')[0] == HTTP_HEADER.COOKIE) and not conf.skipUrlEncode or place in (PLACE.POST, PLACE.CUSTOM_POST) and postUrlEncode:
                    skip = False

                    if place == PLACE.COOKIE or place == PLACE.CUSTOM_HEADER and value.split(',')[0] == HTTP_HEADER.COOKIE:
@ -864,7 +864,7 @@ class Connect(object):
                    if not skip:
                        payload = urlencode(payload, '%', False, place != PLACE.URI)  # spaceplus is handled down below
                        value = agent.replacePayload(value, payload)
-                        kb.postUrlEncode = False
+                        postUrlEncode = False

            if conf.hpp:
                if not any(conf.url.lower().endswith(_.lower()) for _ in (WEB_API.ASP, WEB_API.ASPX)):
@ -1151,7 +1151,7 @@ class Connect(object):
        if post is not None:
            if place not in (PLACE.POST, PLACE.CUSTOM_POST) and hasattr(post, UNENCODED_ORIGINAL_VALUE):
                post = getattr(post, UNENCODED_ORIGINAL_VALUE)
-            elif kb.postUrlEncode:
+            elif postUrlEncode:
                post = urlencode(post, spaceplus=kb.postSpaceToPlus)

        if timeBasedCompare and not conf.disableStats:
@ -1248,8 +1248,6 @@ class Connect(object):

        kb.originalCode = kb.originalCode or code

-        kb.postUrlEncode = popValue()
-
        if kb.testMode:
            kb.testQueryCount += 1

--- a/txt/checksum.md5
+++ b/txt/checksum.md5
@ -46,7 +46,7 @@ e1c000db9be27f973569b1a430629037  lib/core/option.py
 760d9df2a27ded29109b390ab202e72d  lib/core/replication.py
 a2466b62e67f8b31736bac4dac590e51  lib/core/revision.py
 02d4762140a72fd44668d3dab5eabda9  lib/core/session.py
-71ad4ba8829df91c6250b0f70116c7cd  lib/core/settings.py
+260554b4e0f00d84cb68da079c04d4b4  lib/core/settings.py
 35bffbad762eb9e03db9e93b1c991103  lib/core/shell.py
 a59ec28371ae067a6fdd8f810edbee3d  lib/core/subprocessng.py
 d5a04d672a18f78deb2839c3745ff83c  lib/core/target.py
@ -68,7 +68,7 @@ d8d9bcf9e7107a5e2cf2dd10f115ac28  lib/parse/payloads.py
 d2f13a0e2fef5273d419d06e516122e1  lib/request/basicauthhandler.py
 9ef264b5c0f9e7989b8c2ab91d40400d  lib/request/basic.py
 28348595147a731677c8bef470c6f57a  lib/request/comparison.py
-4015dee29a0d2bfc7820e828bfe96b91  lib/request/connect.py
+28aa66ecdd5c03513829cb73a47658e4  lib/request/connect.py
 ad6f76839408d827abfcdc57813f8518  lib/request/direct.py
 4853bd0d523646315607a6a9a4c0b745  lib/request/dns.py
 effa0c3e4efceaf4932855e8e6677bf7  lib/request/httpshandler.py