Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit c34f6e2

Browse files
committed
Minor fix for --eval (urldecoded values should be used inside evaluation)
1 parent b6f7da6 commit c34f6e2

2 files changed

Lines changed: 3 additions & 1 deletion

File tree

lib/core/common.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2025,7 +2025,7 @@ def urldecode(value, encoding=None, unsafe="%%&=;+%s" % CUSTOM_INJECTION_MARK_CH
20252025
pass
20262026
finally:
20272027
if convall:
2028-
result = urllib.unquote_plus(value)
2028+
result = urllib.unquote_plus(value) if plusspace else urllib.unquote(value)
20292029
else:
20302030
def _(match):
20312031
charset = reduce(lambda x, y: x.replace(y, ""), unsafe, string.printable)

lib/request/connect.py

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,7 @@
3636
from lib.core.common import stdev
3737
from lib.core.common import wasLastResponseDelayed
3838
from lib.core.common import unicodeencode
39+
from lib.core.common import urldecode
3940
from lib.core.common import urlencode
4041
from lib.core.data import conf
4142
from lib.core.data import kb
@@ -716,6 +717,7 @@ def _randomizeParameter(paramString, randomParameter):
716717
for part in item.split(delimiter):
717718
if '=' in part:
718719
name, value = part.split('=', 1)
720+
value = urldecode(value, convall=True, plusspace=(item==post and kb.postSpaceToPlus))
719721
evaluateCode("%s=%s" % (name, repr(value)), variables)
720722

721723
originals.update(variables)

0 commit comments

Comments
 (0)