Skip to content

Commit 387020e

Browse files
stamparmstamparm
committed
Better yet for sqlmapproject#4633 
1 parent 732b967 commit 387020e

2 files changed

Lines changed: 5 additions & 22 deletions

File tree

lib/core/settings.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@
1818
from thirdparty.six import unichr as _unichr
1919

2020
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
21-
VERSION = "1.5.4.5"
21+
VERSION = "1.5.4.6"
2222
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
2323
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
2424
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

plugins/dbms/sqlite/syntax.py

Lines changed: 4 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -5,35 +5,18 @@
55
See the file 'LICENSE' for copying permission
66
"""
77

8-
import binascii
9-
10-
from lib.core.common import isDBMSVersionAtLeast
11-
from lib.core.convert import getBytes
12-
from lib.core.convert import getUnicode
8+
from lib.core.convert import getOrds
139
from plugins.generic.syntax import Syntax as GenericSyntax
1410

1511
class Syntax(GenericSyntax):
1612
@staticmethod
1713
def escape(expression, quote=True):
1814
"""
19-
>>> from lib.core.common import Backend
20-
>>> Backend.setVersion('2')
21-
['2']
22-
>>> Syntax.escape("SELECT 'abcdefgh' FROM foobar") == "SELECT 'abcdefgh' FROM foobar"
23-
True
24-
>>> Backend.setVersion('3')
25-
['3']
26-
>>> Syntax.escape("SELECT 'abcdefgh' FROM foobar") == "SELECT CAST(X'6162636465666768' AS TEXT) FROM foobar"
15+
>>> Syntax.escape("SELECT 'abcdefgh' FROM foobar") == "SELECT CHAR(97,98,99,100,101,102,103,104) FROM foobar"
2716
True
2817
"""
2918

3019
def escaper(value):
31-
# Reference: http://stackoverflow.com/questions/3444335/how-do-i-quote-a-utf-8-string-literal-in-sqlite3
32-
return "CAST(X'%s' AS TEXT)" % getUnicode(binascii.hexlify(getBytes(value)))
33-
34-
retVal = expression
35-
36-
if isDBMSVersionAtLeast('3'):
37-
retVal = Syntax._escape(expression, quote, escaper)
20+
return "CHAR(%s)" % ','.join("%d" % _ for _ in getOrds(value))
3821

39-
return retVal
22+
return Syntax._escape(expression, quote, escaper)

0 commit comments

Comments
 (0)