7676from lib .core .settings import LARGE_CHUNK_TRIM_MARKER
7777from lib .core .settings import PAYLOAD_DELIMITER
7878from lib .core .settings import PERMISSION_DENIED_REGEX
79+ from lib .core .settings import PLAIN_TEXT_CONTENT_TYPE
7980from lib .core .settings import UNENCODED_ORIGINAL_VALUE
8081from lib .core .settings import URI_HTTP_HEADER
8182from lib .core .settings import WARN_TIME_STDEV
@@ -586,7 +587,7 @@ def queryPage(value=None, place=None, content=False, getRatioValue=False, silent
586587 pageLength = None
587588 uri = None
588589 code = None
589- skipUrlEncode = conf . skipUrlEncode
590+ urlEncodePost = None
590591
591592 if not place :
592593 place = kb .injection .place or PLACE .GET
@@ -597,11 +598,16 @@ def queryPage(value=None, place=None, content=False, getRatioValue=False, silent
597598 payload = agent .extractPayload (value )
598599 threadData = getCurrentThreadData ()
599600
600- if skipUrlEncode is None and conf .httpHeaders :
601+ if conf .httpHeaders :
601602 headers = dict (conf .httpHeaders )
602- _ = max (headers [_ ] if _ .upper () == HTTP_HEADER .CONTENT_TYPE .upper () else None for _ in headers .keys ())
603- if _ and "urlencoded" not in _ :
604- skipUrlEncode = True
603+ contentType = max (headers [_ ] if _ .upper () == HTTP_HEADER .CONTENT_TYPE .upper () else None for _ in headers .keys ())
604+ urlEncodePost = contentType and "urlencoded" in contentType
605+
606+ if conf .skipUrlEncode and urlEncodePost :
607+ urlEncodePost = False
608+ conf .httpHeaders = [_ for _ in conf .httpHeaders if _ [1 ] != contentType ]
609+ contentType = POST_HINT_CONTENT_TYPES .get (kb .postHint , PLAIN_TEXT_CONTENT_TYPE )
610+ conf .httpHeaders .append ((HTTP_HEADER .CONTENT_TYPE , contentType ))
605611
606612 if payload :
607613 if kb .tamperFunctions :
@@ -628,8 +634,8 @@ def queryPage(value=None, place=None, content=False, getRatioValue=False, silent
628634 payload = json .dumps (payload )[1 :- 1 ]
629635 value = agent .replacePayload (value , payload )
630636 else :
631- if not skipUrlEncode and place in ( PLACE . GET , PLACE . POST , PLACE . COOKIE , PLACE . URI ):
632- # GET, POST, URI and Cookie payload needs to be throughly URL encoded
637+ # GET, POST, URI and Cookie payload needs to be throughly URL encoded
638+ if place in ( PLACE . GET , PLACE . URI , PLACE . COOKIE ) and not conf . skipUrlEncode or place in ( PLACE . POST ,) and urlEncodePost :
633639 payload = urlencode (payload , '%' , False , place != PLACE .URI )
634640 value = agent .replacePayload (value , payload )
635641
@@ -745,13 +751,13 @@ def _randomizeParameter(paramString, randomParameter):
745751 else :
746752 get += "%s%s=%s" % (delimiter , name , value )
747753
748- if not skipUrlEncode :
754+ if not conf . skipUrlEncode :
749755 get = urlencode (get , limit = True )
750756
751757 if post is not None :
752- if place not in PLACE .POST , PLACE .CUSTOM_POST ) and '%' in getattr (post , UNENCODED_ORIGINAL_VALUE , "" ):
758+ if place not in PLACE .POST , PLACE .CUSTOM_POST ) and hasattr (post , UNENCODED_ORIGINAL_VALUE ):
753759 post = getattr (post , UNENCODED_ORIGINAL_VALUE )
754- elif not skipUrlEncode and kb . postHint not in POST_HINT_CONTENT_TYPES . keys () :
760+ elif urlEncodePost :
755761 post = urlencode (post , spaceplus = kb .postSpaceToPlus )
756762
757763 if timeBasedCompare :
0 commit comments