updated and renamed sanitizeCookie to urlEncodeCookieValues because of it's different nature than before

2024-11-22 09:36:35 +03:00 · 2010-01-15 11:44:05 +00:00 · 2010-01-15 11:44:05 +00:00 · f5c422efb4
commit f5c422efb4
parent 505647b00f
2 changed files with 10 additions and 9 deletions
--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -39,6 +39,7 @@ from lib.core.data import logger
 from lib.core.data import paths
 from lib.core.data import queries
 from lib.core.data import temp
+from lib.core.convert import urlencode
 from lib.core.exception import sqlmapFilePathException
 from lib.core.settings import IS_WIN
 from lib.core.settings import SQL_STATEMENTS
@ -810,7 +811,7 @@ def searchEnvPath(fileName):

    return result

-def sanitizeCookie(cookieStr, warn=False):
+def urlEncodeCookieValues(cookieStr, warn=False):
    if cookieStr:
        result = ""
        changed = False
@ -818,16 +819,16 @@ def sanitizeCookie(cookieStr, warn=False):
            index = part.find('=') + 1
            if index > 0:
                name = part[:index - 1].strip()
-                value = part[index:].replace(",","%2C").replace(";","%3B").replace(" ","%20")
+                value = urlencode(part[index:], convall=True)
                if value != part[index:]:
                    changed = True
-                result += ";%s=%s" % (name, value)
+                result += "; %s=%s" % (name, value)
            elif part.strip().lower() != "secure":
-                result += "%s%s" % ("%3B", part.replace(",","%2C").replace(";","%3B").replace(" ","%20"))
+                result += "%s%s" % ("%3B", urlencode(part, convall=True))
            else:
-                result += ";secure"
-        if result.startswith(';'):
-            result = result[1:]
+                result += "; secure"
+        if result.startswith('; '):
+            result = result[2:]
        elif result.startswith('%3B'):
            result = result[3:]
        if changed and warn:
--- a/lib/request/basic.py
+++ b/lib/request/basic.py
@ -29,7 +29,7 @@ import StringIO
 import zlib

 from lib.core.common import directoryPath
-from lib.core.common import sanitizeCookie
+from lib.core.common import urlEncodeCookieValues
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.parse.headers import headersParser
@ -46,7 +46,7 @@ def forgeHeaders(cookie, ua):
    for header, value in conf.httpHeaders:
        if cookie and header == "Cookie":
            if conf.cookieUrlencode:
-                cookie = sanitizeCookie(cookie)
+                cookie = urlEncodeCookieValues(cookie)

            headers[header] = cookie
        elif ua and header == "User-Agent":