alvsgithub
diff --git a/‎extra/shutils/_sqlmap.py‎
Lines changed: 1 addition & 1 deletion b/‎extra/shutils/_sqlmap.py‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎lib/core/agent.py‎
Lines changed: 2 additions & 2 deletions b/‎lib/core/agent.py‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎lib/core/common.py‎
Lines changed: 3 additions & 4 deletions b/‎lib/core/common.py‎
Lines changed: 3 additions & 4 deletions
diff --git a/‎lib/core/dicts.py‎
Lines changed: 3 additions & 2 deletions b/‎lib/core/dicts.py‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎lib/core/optiondict.py‎
Lines changed: 1 addition & 1 deletion b/‎lib/core/optiondict.py‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎lib/core/settings.py‎
Lines changed: 1 addition & 4 deletions b/‎lib/core/settings.py‎
Lines changed: 1 addition & 4 deletions
diff --git a/‎lib/core/unescaper.py‎
Lines changed: 2 additions & 2 deletions b/‎lib/core/unescaper.py‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎lib/parse/cmdline.py‎
Lines changed: 2 additions & 2 deletions b/‎lib/parse/cmdline.py‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎lib/takeover/udf.py‎
Lines changed: 2 additions & 2 deletions b/‎lib/takeover/udf.py‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎lib/techniques/blind/inference.py‎
Lines changed: 5 additions & 5 deletions b/‎lib/techniques/blind/inference.py‎
Lines changed: 5 additions & 5 deletions
@@ -55,7 +55,7 @@
   '(--invalid-bignum)'--invalid-bignum'[Use big numbers for invalidating values]' \
   '(--invalid-logical)'--invalid-logical'[Use logical operations for invalidating values]' \
   '(--no-cast)'--no-cast'[Turn off payload casting mechanism]' \
-  '(--no-unescape)'--no-unescape'[Turn off string unescaping mechanism]' \
+  '(--no-escape)'--no-unescape'[Turn off string escaping mechanism]' \
   '(--prefix)'--prefix=-'[Injection payload prefix string]:PREFIX' \
   '(--suffix)'--suffix=-'[Injection payload suffix string]:SUFFIX' \
   '(--skip)'--skip=-'[Skip testing for given parameter(s)]:SKIP' \
 
@@ -157,7 +157,7 @@ def prefixQuery(self, expression, prefix=None, where=None, clause=None):
             return self.payloadDirect(expression)
 
         expression = self.cleanupPayload(expression)
-        expression = unescaper.unescape(expression)
+        expression = unescaper.escape(expression)
         query = None
 
         if where is None and kb.technique and kb.technique in kb.injection.data:
@@ -917,7 +917,7 @@ def forgeQueryOutputLength(self, expression):
         else:
             lengthExpr = lengthQuery % expression
 
-        return unescaper.unescape(lengthExpr)
+        return unescaper.escape(lengthExpr)
 
     def forgeCaseStatement(self, expression):
         """
 
@@ -54,7 +54,7 @@
 from lib.core.convert import utf8encode
 from lib.core.decorators import cachedmethod
 from lib.core.dicts import DBMS_DICT
-from lib.core.dicts import DEPRECATED_HINTS
+from lib.core.dicts import DEPRECATED_OPTIONS
 from lib.core.dicts import SQL_STATEMENTS
 from lib.core.enums import ADJUST_TIME_DELAY
 from lib.core.enums import CHARSET_TYPE
@@ -84,7 +84,6 @@
 from lib.core.settings import DEFAULT_COOKIE_DELIMITER
 from lib.core.settings import DEFAULT_GET_POST_DELIMITER
 from lib.core.settings import DEFAULT_MSSQL_SCHEMA
-from lib.core.settings import DEPRECATED_OPTIONS
 from lib.core.settings import DESCRIPTION
 from lib.core.settings import DUMMY_SQL_INJECTION_CHARS
 from lib.core.settings import DUMMY_USER_INJECTION
@@ -3055,8 +3054,8 @@ def checkDeprecatedOptions(args):
     for _ in args:
         if _ in DEPRECATED_OPTIONS:
             errMsg = "switch/option '%s' is deprecated" % _
-            if _ in DEPRECATED_HINTS:
-                errMsg += " (hint: %s)" % DEPRECATED_HINTS[_]
+            if DEPRECATED_OPTIONS[_]:
+                errMsg += " (hint: %s)" % DEPRECATED_OPTIONS[_]
             raise SqlmapSyntaxException(errMsg)
 
 def evaluateCode(code, variables=None):
 
@@ -202,9 +202,10 @@
                                 POST_HINT.XML: "application/xml",
                           }
 
-DEPRECATED_HINTS = {
+DEPRECATED_OPTIONS = {
                         "--replicate": "use '--dump-format=SQLITE' instead",
-                   }
+                        "--no-unescape": "use '--no-escape' instead",
+                     }
 
 DUMP_DATA_PREPROCESS = {
                             DBMS.ORACLE: {"XMLTYPE": "(%s).getStringVal()"},  # Reference: https://www.tibcommunity.com/docs/DOC-3643
 
@@ -65,7 +65,7 @@
                                "invalidBignum":     "boolean",
                                "invalidLogical":    "boolean",
                                "noCast":            "boolean",
-                               "noUnescape":        "boolean",
+                               "noEscape":          "boolean",
                                "prefix":            "string",
                                "suffix":            "string",
                                "skip":              "string",
 
@@ -278,7 +278,7 @@
 # Maximum length used for retrieving data over MSSQL error based payload due to trimming problems with longer result strings
 MSSQL_ERROR_CHUNK_LENGTH = 100
 
-# Do not unescape the injected statement if it contains any of the following SQL words
+# Do not escape the injected statement if it contains any of the following SQL keywords
 EXCLUDE_UNESCAPE = ("WAITFOR DELAY ", " INTO DUMPFILE ", " INTO OUTFILE ", "CREATE ", "BULK ", "EXEC ", "RECONFIGURE ", "DECLARE ", "'%s'" % CHAR_INFERENCE_MARK)
 
 # Mark used for replacement of reflected values
@@ -308,9 +308,6 @@
 # Maximum integer value
 MAX_INT = sys.maxint
 
-# List of deprecated options
-DEPRECATED_OPTIONS = ("--replicate",)
-
 # Parameters to be ignored in detection phase (upper case)
 IGNORE_PARAMETERS = ("__VIEWSTATE", "__VIEWSTATEENCRYPTED", "__EVENTARGUMENT", "__EVENTTARGET", "__EVENTVALIDATION", "ASPSESSIONID", "ASP.NET_SESSIONID", "JSESSIONID", "CFID", "CFTOKEN")
 
 
@@ -11,8 +11,8 @@
 from lib.core.settings import EXCLUDE_UNESCAPE
 
 class Unescaper(AttribDict):
-    def unescape(self, expression, quote=True, dbms=None):
-        if conf.noUnescape:
+    def escape(self, expression, quote=True, dbms=None):
+        if conf.noEscape:
             return expression
 
         if expression is None:
 
@@ -209,9 +209,9 @@ def cmdLineParser():
                              action="store_true",
                              help="Turn off payload casting mechanism")
 
-        injection.add_option("--no-unescape", dest="noUnescape",
+        injection.add_option("--no-escape", dest="noEscape",
                              action="store_true",
-                             help="Turn off string unescaping mechanism")
+                             help="Turn off string escaping mechanism")
 
         injection.add_option("--prefix", dest="prefix",
                              help="Injection payload prefix string")
 
@@ -84,7 +84,7 @@ def udfExecCmd(self, cmd, silent=False, udfName=None):
         if udfName is None:
             udfName = "sys_exec"
 
-        cmd = unescaper.unescape(self.udfForgeCmd(cmd))
+        cmd = unescaper.escape(self.udfForgeCmd(cmd))
 
         return inject.goStacked("SELECT %s(%s)" % (udfName, cmd), silent)
 
@@ -103,7 +103,7 @@ def udfEvalCmd(self, cmd, first=None, last=None, udfName=None):
 
                 output = new_output
         else:
-            cmd = unescaper.unescape(self.udfForgeCmd(cmd))
+            cmd = unescaper.escape(self.udfForgeCmd(cmd))
 
             inject.goStacked("INSERT INTO %s(%s) VALUES (%s(%s))" % (self.cmdTblName, self.tblField, udfName, cmd))
             output = unArrayizeValue(inject.getValue("SELECT %s FROM %s" % (self.tblField, self.cmdTblName), resumeValue=False, firstChar=first, lastChar=last, safeCharEncode=False))
 
@@ -107,9 +107,9 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
             _, _, _, _, _, _, fieldToCastStr, _ = agent.getFields(expression)
             nulledCastedField = agent.nullAndCastField(fieldToCastStr)
             expressionReplaced = expression.replace(fieldToCastStr, nulledCastedField, 1)
-            expressionUnescaped = unescaper.unescape(expressionReplaced)
+            expressionUnescaped = unescaper.escape(expressionReplaced)
         else:
-            expressionUnescaped = unescaper.unescape(expression)
+            expressionUnescaped = unescaper.escape(expression)
 
         if length and isinstance(length, basestring) and length.isdigit():
             length = int(length)
@@ -234,7 +234,7 @@ def getChar(idx, charTbl=None, continuousOrder=True, expand=charsetType is None,
                 else:
                     # e.g.: ... > '%c' -> ... > ORD(..)
                     markingValue = "'%s'" % CHAR_INFERENCE_MARK
-                    unescapedCharValue = unescaper.unescape("'%s'" % decodeIntToUnicode(posValue))
+                    unescapedCharValue = unescaper.escape("'%s'" % decodeIntToUnicode(posValue))
                     forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx)).replace(markingValue, unescapedCharValue)
 
                 result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare, raise404=False)
@@ -461,7 +461,7 @@ def blindThread():
                     # it via equal against the query output
                     if commonValue is not None:
                         # One-shot query containing equals commonValue
-                        testValue = unescaper.unescape("'%s'" % commonValue) if "'" not in commonValue else unescaper.unescape("%s" % commonValue, quote=False)
+                        testValue = unescaper.escape("'%s'" % commonValue) if "'" not in commonValue else unescaper.escape("%s" % commonValue, quote=False)
                         query = agent.prefixQuery(safeStringFormat("AND (%s) = %s", (expressionUnescaped, testValue)))
                         query = agent.suffixQuery(query)
                         result = Request.queryPage(agent.payload(newValue=query), timeBasedCompare=timeBasedCompare, raise404=False)
@@ -483,7 +483,7 @@ def blindThread():
                     if commonPattern is not None:
                         # Substring-query containing equals commonPattern
                         subquery = queries[Backend.getIdentifiedDbms()].substring.query % (expressionUnescaped, 1, len(commonPattern))
-                        testValue = unescaper.unescape("'%s'" % commonPattern) if "'" not in commonPattern else unescaper.unescape("%s" % commonPattern, quote=False)
+                        testValue = unescaper.escape("'%s'" % commonPattern) if "'" not in commonPattern else unescaper.escape("%s" % commonPattern, quote=False)
                         query = agent.prefixQuery(safeStringFormat("AND (%s) = %s", (subquery, testValue)))
                         query = agent.suffixQuery(query)
                         result = Request.queryPage(agent.payload(newValue=query), timeBasedCompare=timeBasedCompare, raise404=False)