Fix misuse of flags in re.sub() calls

The 4th argument of re.sub() is maximum number of substitutions, not flags.
sqlmapproject · jwilk · Apr 14, 2017 · Apr 14, 2017 · bfe5d1145288aff72dd2f49e0ac5f34f2297d605
commit bfe5d1145288aff72dd2f49e0ac5f34f2297d605
diff --git a/lib/request/connect.py b/lib/request/connect.py
@@ -310,8 +310,8 @@ def getPage(**kwargs):
 
             elif target:
                 if conf.forceSSL and urlparse.urlparse(url).scheme != "https":
-                    url = re.sub("\Ahttp:", "https:", url, re.I)
-                    url = re.sub(":80/", ":443/", url, re.I)
+                    url = re.compile("\Ahttp:", re.I).sub("https:", url)
+                    url = re.sub(":80/", ":443/", url)
 
                 if PLACE.GET in conf.parameters and not get:
                     get = conf.parameters[PLACE.GET]

diff --git a/lib/techniques/union/use.py b/lib/techniques/union/use.py
@@ -226,7 +226,7 @@ def unionUse(expression, unpack=True, dump=False):
 
     if expressionFieldsList and len(expressionFieldsList) > 1 and "ORDER BY" in expression.upper():
         # Removed ORDER BY clause because UNION does not play well with it
-        expression = re.sub("\s*ORDER BY\s+[\w,]+", "", expression, re.I)
+        expression = re.compile("\s*ORDER BY\s+[\w,]+", re.I).sub("", expression)
         debugMsg = "stripping ORDER BY clause from statement because "
         debugMsg += "it does not play well with UNION query SQL injection"
         singleTimeDebugMessage(debugMsg)