fix for a google bug reported by Brandon E.

stamparm · stamparm · commit 0ad8090ad8a9 · 2010-10-01T08:03:39.000Z
diff --git a/doc/THANKS b/doc/THANKS
@@ -68,6 +68,9 @@ Dan Guido <dguido@gmail.com>
     Vulnerability Analysis class at the Polytechnic University of New York,
     http://isisblogs.poly.edu/courses/pentest/
 
+Brandon E. <brandonpoc@gmail.com>
+    for reporting a bug
+
 Adam Faheem <faheem.adam@is.co.za>
     for reporting a few bugs
 
diff --git a/lib/core/convert.py b/lib/core/convert.py
@@ -79,7 +79,7 @@ def sha1hash(string):
 
 def urldecode(string):
     result = None
-    
+
     if string:
         result = urllib.unquote_plus(string)
 
@@ -106,3 +106,9 @@ def utf8encode(string):
 
 def utf8decode(string):
     return string.decode("utf-8")
+
+def htmlescape(string):
+    return string.replace('&', '&amp;').replace('<', '&lt;').replace('>', '&gt;').replace('"', '&quot;').replace("'", '&#39;')
+
+def htmlunescape(string):
+    return string.replace('&amp;', '&').replace('&lt;', '<').replace('&gt;', '>').replace('&quot;', '"').replace('&#39;', "'")
diff --git a/lib/utils/google.py b/lib/utils/google.py
@@ -28,6 +28,7 @@
 import urllib2
 
 from lib.core.common import getUnicode
+from lib.core.convert import htmlunescape
 from lib.core.convert import urlencode
 from lib.core.data import conf
 from lib.core.data import kb
@@ -71,7 +72,7 @@ def getTargetUrls(self):
 
         for match in self.__matches:
             if re.search("(.*?)\?(.+)", match, re.I):
-                kb.targetUrls.add(( match, None, None, None ))
+                kb.targetUrls.add(( htmlunescape(match), None, None, None ))
 
     def getCookie(self):
         """
