Major bug fix in multipartpost and minor adjustments elsewhere

bdamele · bdamele · commit 10521b68ebf6 · 2010-05-28T23:12:20.000Z
diff --git a/lib/contrib/multipartpost.py b/lib/contrib/multipartpost.py
@@ -74,32 +74,34 @@ def http_request(self, request):
             request.add_data(data)
         return request
 
-    def multipart_encode(vars, files, boundary = None, buffer = None):
+    def multipart_encode(vars, files, boundary = None, buf = None):
         if boundary is None:
             boundary = mimetools.choose_boundary()
 
-        if buffer is None:
-            buffer = ''
+        if buf is None:
+            buf = ''
 
-        for(key, value) in vars:
-            buffer += '--%s\r\n' % boundary
-            buffer += 'Content-Disposition: form-data; name="%s"' % key
-            buffer += '\r\n\r\n' + value + '\r\n'
+        for (key, value) in vars:
+            buf += '--%s\r\n' % boundary
+            buf += 'Content-Disposition: form-data; name="%s"' % key
+            buf += '\r\n\r\n' + value + '\r\n'
 
-        for(key, fd) in files:
+        for (key, fd) in files:
             file_size = os.fstat(fd.fileno())[stat.ST_SIZE]
             filename = fd.name.split('/')[-1]
             contenttype = mimetypes.guess_type(filename)[0] or 'application/octet-stream'
-            buffer += '--%s\r\n' % boundary
-            buffer += 'Content-Disposition: form-data; name="%s"; filename="%s"\r\n' % (key, filename)
-            buffer += 'Content-Type: %s\r\n' % contenttype
-            # buffer += 'Content-Length: %s\r\n' % file_size
+            buf += '--%s\r\n' % boundary
+            buf += 'Content-Disposition: form-data; name="%s"; filename="%s"\r\n' % (key, filename)
+            buf += 'Content-Type: %s\r\n' % contenttype
+            # buf += 'Content-Length: %s\r\n' % file_size
             fd.seek(0)
-            buffer += '\r\n' + fd.read() + '\r\n'
 
-        buffer += '--%s--\r\n\r\n' % boundary
+            buf = str(buf)
+            buf += '\r\n%s\r\n' % fd.read()
 
-        return boundary, buffer
+        buf += '--%s--\r\n\r\n' % boundary
+
+        return boundary, buf
 
     multipart_encode = Callable(multipart_encode)
 
diff --git a/lib/core/common.py b/lib/core/common.py
@@ -377,9 +377,9 @@ def dataToOutFile(data):
     if not data:
         return "No data retrieved"
 
-    rFile     = filePathToString(conf.rFile)
+    rFile = filePathToString(conf.rFile)
     rFilePath = "%s%s%s" % (conf.filePath, os.sep, rFile)
-    rFileFP   = codecs.open(rFilePath, "wb", conf.dataEncoding)
+    rFileFP = codecs.open(rFilePath, "wb", conf.dataEncoding)
 
     rFileFP.write(data)
     rFileFP.flush()
diff --git a/lib/parse/configfile.py b/lib/parse/configfile.py
@@ -72,8 +72,9 @@ def configFileParser(configFile):
     logger.debug(debugMsg)
 
     checkFile(configFile)
+    configFP = codecs.open(configFile, "rb", conf.dataEncoding)
     config = UnicodeRawConfigParser()
-    config.readfp(codecs.open(configFile, "rb", conf.dataEncoding))
+    config.readfp(configFP)
 
     if not config.has_section("Target"):
         raise NoSectionError, "Target in the configuration file is mandatory"
diff --git a/lib/takeover/web.py b/lib/takeover/web.py
@@ -22,6 +22,7 @@
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
+import codecs
 import os
 import posixpath
 import re
@@ -82,13 +83,15 @@ def webBackdoorRunCmd(self, cmd):
         return output
 
     def webFileUpload(self, fileToUpload, destFileName, directory):
-        inputFile = open(fileToUpload, "r")
-        retVal = self.__webFileStreamUpload(inputFile, destFileName, directory)
-        inputFile.close()
+        inputFP = codecs.open(fileToUpload, "rb")
+        retVal = self.__webFileStreamUpload(inputFP, destFileName, directory)
+        inputFP.close()
+
         return retVal
 
     def __webFileStreamUpload(self, stream, destFileName, directory):
-        stream.seek(0) #rewind        
+        stream.seek(0) # Rewind
+
         if self.webApi in ("php", "asp"):
             multipartParams = {
                                 "upload":    "1",
diff --git a/sqlmap.py b/sqlmap.py
@@ -32,7 +32,8 @@
 
 warnings.filterwarnings(action="ignore", message=".*was already imported", category=UserWarning)
 
-sys.stdout = codecs.getwriter(locale.getpreferredencoding())(sys.stdout)
+# NOTE: This breaks SQL shell and OS shell history and TAB functionalities
+#sys.stdout = codecs.getwriter(locale.getpreferredencoding())(sys.stdout)
 
 try:
     import psyco
