sqlmapproject
diff --git a/‎extra/safe2bin/safe2bin.py‎
Lines changed: 3 additions & 1 deletion b/‎extra/safe2bin/safe2bin.py‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎lib/controller/checks.py‎
Lines changed: 1 addition & 1 deletion b/‎lib/controller/checks.py‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎lib/core/common.py‎
Lines changed: 39 additions & 37 deletions b/‎lib/core/common.py‎
Lines changed: 39 additions & 37 deletions
diff --git a/‎lib/core/compat.py‎
Lines changed: 4 additions & 0 deletions b/‎lib/core/compat.py‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎lib/core/convert.py‎
Lines changed: 27 additions & 25 deletions b/‎lib/core/convert.py‎
Lines changed: 27 additions & 25 deletions
diff --git a/‎lib/core/option.py‎
Lines changed: 2 additions & 1 deletion b/‎lib/core/option.py‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎lib/core/settings.py‎
Lines changed: 3 additions & 3 deletions b/‎lib/core/settings.py‎
Lines changed: 3 additions & 3 deletions
@@ -64,7 +64,9 @@ def safecharencode(value):
             for char in SAFE_ENCODE_SLASH_REPLACEMENTS:
                 retVal = retVal.replace(char, repr(char).strip('\''))
 
-            retVal = reduce(lambda x, y: x + (y if (y in string.printable or isinstance(value, text_type) and ord(y) >= 160) else '\\x%02x' % ord(y)), retVal, type(value)())
+            for char in set(retVal):
+                if not (char in string.printable or isinstance(value, text_type) and ord(char) >= 160):
+                    retVal = retVal.replace(char, '\\x%02x' % ord(char))
 
             retVal = retVal.replace(SLASH_MARKER, "\\\\")
             retVal = retVal.replace(HEX_ENCODED_PREFIX_MARKER, HEX_ENCODED_PREFIX)
 
@@ -1377,7 +1377,7 @@ def checkWaf():
     conf.timeout = IDS_WAF_CHECK_TIMEOUT
 
     try:
-        retVal = Request.queryPage(place=place, value=value, getRatioValue=True, noteResponseTime=False, silent=True, disableTampering=True)[1] < IDS_WAF_CHECK_RATIO
+        retVal = (Request.queryPage(place=place, value=value, getRatioValue=True, noteResponseTime=False, silent=True, disableTampering=True)[1] or 0) < IDS_WAF_CHECK_RATIO
     except SqlmapConnectionException:
         retVal = True
     finally:
 
@@ -11,6 +11,7 @@
 import contextlib
 import copy
 import distutils
+import functools
 import getpass
 import hashlib
 import inspect
@@ -1849,7 +1850,7 @@ def safeFilepathEncode(filepath):
 
     retVal = filepath
 
-    if filepath and isinstance(filepath, six.text_type):
+    if filepath and six.PY2 and isinstance(filepath, six.text_type):
         retVal = filepath.encode(sys.getfilesystemencoding() or UNICODE_ENCODING)
 
     return retVal
@@ -1929,8 +1930,8 @@ def getFilteredPageContent(page, onlyText=True, split=" "):
     Returns filtered page content without script, style and/or comments
     or all HTML tags
 
-    >>> getFilteredPageContent(u'<html><title>foobar</title><body>test</body></html>')
-    u'foobar test'
+    >>> getFilteredPageContent(u'<html><title>foobar</title><body>test</body></html>') == "foobar test"
+    True
     """
 
     retVal = page
@@ -1947,8 +1948,8 @@ def getPageWordSet(page):
     """
     Returns word set used in page content
 
-    >>> sorted(getPageWordSet(u'<html><title>foobar</title><body>test</body></html>'))
-    [u'foobar', u'test']
+    >>> sorted(getPageWordSet(u'<html><title>foobar</title><body>test</body></html>')) == [u'foobar', u'test']
+    True
     """
 
     retVal = set()
@@ -2459,13 +2460,13 @@ def decodeHex(value):
     True
     """
 
-    return bytes.fromhex(value) if hasattr(bytes, "fromhex") else value.decode("hex")
+    return bytes.fromhex(getUnicode(value)) if hasattr(bytes, "fromhex") else value.decode("hex")
 
 def getBytes(value, encoding=UNICODE_ENCODING, errors="strict"):
     """
     Returns byte representation of provided Unicode value
 
-    >>> getBytes(getUnicode("foo\x01\x83\xffbar")) == b"foo\x01\x83\xffbar"
+    >>> getBytes(getUnicode(b"foo\\x01\\x83\\xffbar")) == b"foo\\x01\\x83\\xffbar"
     True
     """
 
@@ -2488,9 +2489,9 @@ def getOrds(value):
     """
     Returns ORD(...) representation of provided string value
 
-    >>> getOrds(u'fo\xf6bar')
+    >>> getOrds(u'fo\\xf6bar')
     [102, 111, 246, 98, 97, 114]
-    >>> getOrds(b"fo\xc3\xb6bar")
+    >>> getOrds(b"fo\\xc3\\xb6bar")
     [102, 111, 195, 182, 98, 97, 114]
     """
 
@@ -2642,8 +2643,8 @@ def extractErrorMessage(page):
     """
     Returns reported error message from page if it founds one
 
-    >>> extractErrorMessage(u'<html><title>Test</title>\\n<b>Warning</b>: oci_parse() [function.oci-parse]: ORA-01756: quoted string not properly terminated<br><p>Only a test page</p></html>')
-    u'oci_parse() [function.oci-parse]: ORA-01756: quoted string not properly terminated'
+    >>> extractErrorMessage(u'<html><title>Test</title>\\n<b>Warning</b>: oci_parse() [function.oci-parse]: ORA-01756: quoted string not properly terminated<br><p>Only a test page</p></html>') == u'oci_parse() [function.oci-parse]: ORA-01756: quoted string not properly terminated'
+    True
     """
 
     retVal = None
@@ -2716,10 +2717,10 @@ def urldecode(value, encoding=None, unsafe="%%&=;+%s" % CUSTOM_INJECTION_MARK_CH
     """
     URL decodes given value
 
-    >>> urldecode('AND%201%3E%282%2B3%29%23', convall=True)
-    u'AND 1>(2+3)#'
-    >>> urldecode('AND%201%3E%282%2B3%29%23', convall=False)
-    u'AND 1>(2%2B3)#'
+    >>> urldecode('AND%201%3E%282%2B3%29%23', convall=True) == 'AND 1>(2+3)#'
+    True
+    >>> urldecode('AND%201%3E%282%2B3%29%23', convall=False) == 'AND 1>(2%2B3)#'
+    True
     """
 
     result = value
@@ -2738,7 +2739,7 @@ def urldecode(value, encoding=None, unsafe="%%&=;+%s" % CUSTOM_INJECTION_MARK_CH
                 charset = set(string.printable) - set(unsafe)
 
                 def _(match):
-                    char = chr(ord(match.group(1).decode("hex")))
+                    char = getUnicode(decodeHex(match.group(1)))
                     return char if char in charset else match.group(0)
 
                 if spaceplus:
@@ -3020,13 +3021,15 @@ def findDynamicContent(firstPage, secondPage):
                 prefix = prefix[-DYNAMICITY_BOUNDARY_LENGTH:]
                 suffix = suffix[:DYNAMICITY_BOUNDARY_LENGTH]
 
-                infix = max(re.search(r"(?s)%s(.+)%s" % (re.escape(prefix), re.escape(suffix)), _) for _ in (firstPage, secondPage)).group(1)
-
-                if infix[0].isalnum():
-                    prefix = trimAlphaNum(prefix)
-
-                if infix[-1].isalnum():
-                    suffix = trimAlphaNum(suffix)
+                for _ in (firstPage, secondPage):
+                    match = re.search(r"(?s)%s(.+)%s" % (re.escape(prefix), re.escape(suffix)), _)
+                    if match:
+                        infix = match.group(1)
+                        if infix[0].isalnum():
+                            prefix = trimAlphaNum(prefix)
+                        if infix[-1].isalnum():
+                            suffix = trimAlphaNum(suffix)
+                        break
 
             kb.dynamicMarkings.append((prefix if prefix else None, suffix if suffix else None))
 
@@ -3557,7 +3560,7 @@ def getLatestRevision():
     req = _urllib.request.Request(url="https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/lib/core/settings.py")
 
     try:
-        content = _urllib.request.urlopen(req).read()
+        content = getUnicode(_urllib.request.urlopen(req).read())
         retVal = extractRegexResult(r"VERSION\s*=\s*[\"'](?P<result>[\d.]+)", content)
     except:
         pass
@@ -4423,12 +4426,8 @@ def serializeObject(object_):
     """
     Serializes given object
 
-    >>> serializeObject([1, 2, 3, ('a', 'b')])
-    'gAJdcQEoSwFLAksDVQFhVQFihnECZS4='
-    >>> serializeObject(None)
-    'gAJOLg=='
-    >>> serializeObject('foobar')
-    'gAJVBmZvb2JhcnEBLg=='
+    >>> type(serializeObject([1, 2, 3, ('a', 'b')])) == six.binary_type
+    True
     """
 
     return base64pickle(object_)
@@ -4668,7 +4667,10 @@ def prioritySortColumns(columns):
     def _(column):
         return column and "id" in column.lower()
 
-    return sorted(sorted(columns, key=len), lambda x, y: -1 if _(x) and not _(y) else 1 if not _(x) and _(y) else 0)
+    if six.PY2:
+        return sorted(sorted(columns, key=len), lambda x, y: -1 if _(x) and not _(y) else 1 if not _(x) and _(y) else 0)
+    else:
+        return sorted(sorted(columns, key=len), key=functools.cmp_to_key(lambda x, y: -1 if _(x) and not _(y) else 1 if not _(x) and _(y) else 0))
 
 def getRequestHeader(request, name):
     """
@@ -4975,25 +4977,25 @@ def safeVariableNaming(value):
     """
     Returns escaped safe-representation of a given variable name that can be used in Python evaluated code
 
-    >>> safeVariableNaming("class.id")
-    'EVAL_636c6173732e6964'
+    >>> safeVariableNaming("class.id") == "EVAL_636c6173732e6964"
+    True
     """
 
     if value in keyword.kwlist or re.search(r"\A[^a-zA-Z]|[^\w]", value):
-        value = "%s%s" % (EVALCODE_ENCODED_PREFIX, value.encode(UNICODE_ENCODING).encode("hex"))
+        value = "%s%s" % (EVALCODE_ENCODED_PREFIX, getUnicode(binascii.hexlify(getBytes(value))))
 
     return value
 
 def unsafeVariableNaming(value):
     """
     Returns unescaped safe-representation of a given variable name
 
-    >>> unsafeVariableNaming("EVAL_636c6173732e6964")
-    u'class.id'
+    >>> unsafeVariableNaming("EVAL_636c6173732e6964") == "class.id"
+    True
     """
 
     if value.startswith(EVALCODE_ENCODED_PREFIX):
-        value = value[len(EVALCODE_ENCODED_PREFIX):].decode("hex").decode(UNICODE_ENCODING)
+        value = getUnicode(decodeHex(value[len(EVALCODE_ENCODED_PREFIX):]))
 
     return value
 
 
@@ -162,6 +162,10 @@ def whseed(self, a=None):
         z = (z + a) % 256 or 1
         self.__whseed(x, y, z)
 
+def patchHeaders(headers):
+    if not hasattr(headers, "headers"):
+        headers.headers = ["%s: %s\r\n" % (header, headers[header]) for header in headers]
+
 # Reference: https://github.com/urllib3/urllib3/blob/master/src/urllib3/filepost.py
 def choose_boundary():
     return uuid.uuid4().hex
 
@@ -11,6 +11,7 @@
     import pickle
 
 import base64
+import binascii
 import json
 import re
 import sys
@@ -24,8 +25,8 @@ def base64decode(value):
     """
     Decodes string value from Base64 to plain format
 
-    >>> base64decode('Zm9vYmFy')
-    'foobar'
+    >>> base64decode('Zm9vYmFy') == b'foobar'
+    True
     """
 
     return base64.b64decode(unicodeencode(value))
@@ -34,8 +35,8 @@ def base64encode(value):
     """
     Encodes string value from plain to Base64 format
 
-    >>> base64encode('foobar')
-    'Zm9vYmFy'
+    >>> base64encode('foobar') == b'Zm9vYmFy'
+    True
     """
 
     return base64.b64encode(unicodeencode(value))
@@ -44,8 +45,8 @@ def base64pickle(value):
     """
     Serializes (with pickle) and encodes to Base64 format supplied (binary) value
 
-    >>> base64pickle('foobar')
-    'gAJVBmZvb2JhcnEBLg=='
+    >>> base64unpickle(base64pickle([1, 2, 3])) == [1, 2, 3]
+    True
     """
 
     retVal = None
@@ -68,8 +69,8 @@ def base64unpickle(value):
     """
     Decodes value from Base64 to plain format and deserializes (with pickle) its content
 
-    >>> base64unpickle('gAJVBmZvb2JhcnEBLg==')
-    'foobar'
+    >>> type(base64unpickle('gAJjX19idWlsdGluX18Kb2JqZWN0CnEBKYFxAi4=')) == object
+    True
     """
 
     retVal = None
@@ -85,8 +86,8 @@ def hexdecode(value):
     """
     Decodes string value from hex to plain format
 
-    >>> hexdecode('666f6f626172')
-    'foobar'
+    >>> hexdecode('666f6f626172') == b'foobar'
+    True
     """
 
     value = value.lower()
@@ -103,25 +104,21 @@ def hexencode(value, encoding=None):
     """
     Encodes string value from plain to hex format
 
-    >>> hexencode('foobar')
-    '666f6f626172'
+    >>> hexencode('foobar') == b'666f6f626172'
+    True
     """
 
     retVal = unicodeencode(value, encoding)
-
-    if six.PY2:
-        retVal = retVal.encode("hex")
-    else:
-        retVal = retVal.hex()
+    retVal = binascii.hexlify(retVal)
 
     return retVal
 
 def unicodeencode(value, encoding=None):
     """
     Returns 8-bit string representation of the supplied unicode value
 
-    >>> unicodeencode(u'foobar')
-    'foobar'
+    >>> unicodeencode(u'foobar') == b'foobar'
+    True
     """
 
     retVal = value
@@ -138,8 +135,8 @@ def utf8encode(value):
     """
     Returns 8-bit string representation of the supplied UTF-8 value
 
-    >>> utf8encode(u'foobar')
-    'foobar'
+    >>> utf8encode(u'foobar') == b'foobar'
+    True
     """
 
     return unicodeencode(value, "utf-8")
@@ -148,11 +145,16 @@ def utf8decode(value):
     """
     Returns UTF-8 representation of the supplied 8-bit string representation
 
-    >>> utf8decode('foobar')
+    >>> utf8decode(b'foobar')
     u'foobar'
     """
 
-    return value.decode("utf-8")
+    retVal = value
+
+    if isinstance(value, six.binary_type):
+        retVal = value.decode("utf-8")
+
+    return retVal
 
 def htmlunescape(value):
     """
@@ -217,8 +219,8 @@ def dejsonize(data):
     """
     Returns JSON deserialized data
 
-    >>> dejsonize('{\\n    "foo": "bar"\\n}')
-    {u'foo': u'bar'}
+    >>> dejsonize('{\\n    "foo": "bar"\\n}') == {u'foo': u'bar'}
+    True
     """
 
     return json.loads(data)
@@ -1765,7 +1765,8 @@ class _(six.text_type):
         conf.string = decodeStringEscape(conf.string)
 
     if conf.getAll:
-        map(lambda _: conf.__setitem__(_, True), WIZARD.ALL)
+        for _ in WIZARD.ALL:
+            conf.__setitem__(_, True)
 
     if conf.noCast:
         for _ in list(DUMP_REPLACEMENTS.keys()):
 
@@ -17,7 +17,7 @@
 from lib.core.enums import OS
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.3.5.3"
+VERSION = "1.3.5.4"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
@@ -839,8 +839,8 @@
 def _reversible(ex):
     if isinstance(ex, UnicodeDecodeError):
         if INVALID_UNICODE_PRIVATE_AREA:
-            return ("".join(unichr(int('000f00%2x' % ord(_), 16)) for _ in ex.object[ex.start:ex.end]), ex.end)
+            return (u"".join(unichr(int('000f00%2x' % (_ if isinstance(_, int) else ord(_)), 16)) for _ in ex.object[ex.start:ex.end]), ex.end)
         else:
-            return ("".join(INVALID_UNICODE_CHAR_FORMAT % ord(_) for _ in ex.object[ex.start:ex.end]).decode(UNICODE_ENCODING), ex.end)
+            return (u"".join(INVALID_UNICODE_CHAR_FORMAT % (_ if isinstance(_, int) else ord(_)) for _ in ex.object[ex.start:ex.end]), ex.end)
 
 codecs.register_error("reversible", _reversible)