Implementation for Issue #92

stamparm · stamparm · commit 07a85874feea · 2012-07-16T11:07:47.000+02:00
diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py
@@ -63,7 +63,9 @@
                                "dbms":              "string",
                                "os":                "string",
                                "invalidBignum":     "boolean",
-                               "invalidLogical":     "boolean",
+                               "invalidLogical":    "boolean",
+                               "noCast":            "boolean",
+                               "noUnescape":        "boolean",
                                "prefix":            "string",
                                "suffix":            "string",
                                "skip":              "string",
diff --git a/lib/core/unescaper.py b/lib/core/unescaper.py
@@ -6,13 +6,14 @@
 """
 
 from lib.core.common import Backend
+from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.datatype import AttribDict
 from lib.core.settings import EXCLUDE_UNESCAPE
 
 class Unescaper(AttribDict):
     def unescape(self, expression, quote=True, dbms=None):
-        if not kb.unescape:
+        if not kb.unescape or conf.noUnescape:
             return expression
 
         if expression is None:
diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
@@ -209,6 +209,10 @@ def cmdLineParser():
                              action="store_true",
                              help="Turn off payload casting mechanism")
 
+        injection.add_option("--no-unescape", dest="noUnescape",
+                             action="store_true",
+                             help="Turn off string unescaping mechanism")
+
         injection.add_option("--prefix", dest="prefix",
                              help="Injection payload prefix string")
 
diff --git a/sqlmap.conf b/sqlmap.conf
@@ -207,6 +207,10 @@ invalidLogical = False
 # Valid: True or False
 noCast = False
 
+# Turn off string unescaping mechanism
+# Valid: True or False
+noUnescape = False
+
 # Injection payload prefix string.
 prefix = 
 
