Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit e98b81f

Browse files
stamparmstamparm
committed
another update
1 parent d5e7a8d commit e98b81f

2 files changed

Lines changed: 29 additions & 31 deletions

File tree

plugins/dbms/firebird/syntax.py

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,6 @@
77
See the file 'doc/COPYING' for copying permission
88
"""
99

10-
from lib.core.data import kb
1110
from lib.core.common import isDBMSVersionAtLeast
1211
from lib.core.exception import sqlmapSyntaxException
1312

plugins/dbms/sqlite/syntax.py

Lines changed: 29 additions & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@
77
See the file 'doc/COPYING' for copying permission
88
"""
99

10+
from lib.core.common import isDBMSVersionAtLeast
1011
from lib.core.exception import sqlmapSyntaxException
1112

1213
from plugins.generic.syntax import Syntax as GenericSyntax
@@ -17,36 +18,34 @@ def __init__(self):
1718

1819
@staticmethod
1920
def unescape(expression, quote=True):
20-
# The following is not supported on SQLite 2
21-
return expression
22-
23-
if quote:
24-
expression = expression.replace("'", "''")
25-
while True:
26-
index = expression.find("''")
27-
if index == -1:
28-
break
29-
30-
firstIndex = index + 2
31-
index = expression[firstIndex:].find("''")
32-
33-
if index == -1:
34-
raise sqlmapSyntaxException, "Unenclosed ' in '%s'" % expression.replace("''", "'")
35-
36-
lastIndex = firstIndex + index
37-
old = "''%s''" % expression[firstIndex:lastIndex]
38-
unescaped = ""
39-
40-
for i in range(firstIndex, lastIndex):
41-
unescaped += "X'%x'" % ord(expression[i])
42-
if i < lastIndex - 1:
43-
unescaped += "||"
44-
45-
#unescaped += ")"
46-
expression = expression.replace(old, unescaped)
47-
expression = expression.replace("''", "'")
48-
else:
49-
expression = "||".join("X'%x" % ord(c) for c in expression)
21+
if isDBMSVersionAtLeast('3'):
22+
if quote:
23+
expression = expression.replace("'", "''")
24+
while True:
25+
index = expression.find("''")
26+
if index == -1:
27+
break
28+
29+
firstIndex = index + 2
30+
index = expression[firstIndex:].find("''")
31+
32+
if index == -1:
33+
raise sqlmapSyntaxException, "Unenclosed ' in '%s'" % expression.replace("''", "'")
34+
35+
lastIndex = firstIndex + index
36+
old = "''%s''" % expression[firstIndex:lastIndex]
37+
unescaped = ""
38+
39+
for i in range(firstIndex, lastIndex):
40+
unescaped += "X'%x'" % ord(expression[i])
41+
if i < lastIndex - 1:
42+
unescaped += "||"
43+
44+
#unescaped += ")"
45+
expression = expression.replace(old, unescaped)
46+
expression = expression.replace("''", "'")
47+
else:
48+
expression = "||".join("X'%x" % ord(c) for c in expression)
5049

5150
return expression
5251

0 commit comments

Comments
 (0)