MCPcopy Index your code
hub / github.com/sqlmapproject/sqlmap / urlencode

Function urlencode

lib/core/common.py:2981–3040  ·  view source on GitHub ↗

URL encodes given value >>> urlencode('AND 1>(2+3)#') 'AND%201%3E%282%2B3%29%23' >>> urlencode("AND COUNT(SELECT name FROM users WHERE name LIKE '%DBA%')>0") 'AND%20COUNT%28SELECT%20name%20FROM%20users%20WHERE%20name%20LIKE%20%27%25DBA%25%27%29%3E0' >>> urlencode("AND COUNT

(value, safe="%&=-_", convall=False, limit=False, spaceplus=False)

Source from the content-addressed store, hash-verified

2979 return result
2980
2981def urlencode(value, safe="%&=-_", convall=False, limit=False, spaceplus=False):
2982 """
2983 URL encodes given value
2984
2985 >>> urlencode('AND 1>(2+3)#')
2986 'AND%201%3E%282%2B3%29%23'
2987 >>> urlencode("AND COUNT(SELECT name FROM users WHERE name LIKE '%DBA%')>0")
2988 'AND%20COUNT%28SELECT%20name%20FROM%20users%20WHERE%20name%20LIKE%20%27%25DBA%25%27%29%3E0'
2989 >>> urlencode("AND COUNT(SELECT name FROM users WHERE name LIKE '%_SYSTEM%')>0")
2990 'AND%20COUNT%28SELECT%20name%20FROM%20users%20WHERE%20name%20LIKE%20%27%25_SYSTEM%25%27%29%3E0'
2991 >>> urlencode("SELECT NAME FROM TABLE WHERE VALUE LIKE '%SOME%BEGIN%'")
2992 'SELECT%20NAME%20FROM%20TABLE%20WHERE%20VALUE%20LIKE%20%27%25SOME%25BEGIN%25%27'
2993 """
2994
2995 if conf.get("direct"):
2996 return value
2997
2998 count = 0
2999 result = None if value is None else ""
3000
3001 if value:
3002 value = re.sub(r"\b[$\w]+=", lambda match: match.group(0).replace('$', DOLLAR_MARKER), value)
3003
3004 if Backend.isDbms(DBMS.MSSQL) and not kb.tamperFunctions and any(ord(_) > 255 for _ in value):
3005 warnMsg = "if you experience problems with "
3006 warnMsg += "non-ASCII identifier names "
3007 warnMsg += "you are advised to rerun with '--tamper=charunicodeencode'"
3008 singleTimeWarnMessage(warnMsg)
3009
3010 if convall or safe is None:
3011 safe = ""
3012
3013 # corner case when character % really needs to be
3014 # encoded (when not representing URL encoded char)
3015 # except in cases when tampering scripts are used
3016 if all('%' in _ for _ in (safe, value)) and not kb.tamperFunctions:
3017 value = re.sub(r"(?i)\bLIKE\s+'[^']+'", lambda match: match.group(0).replace('%', "%25"), value)
3018 value = re.sub(r"%(?![0-9a-fA-F]{2})", "%25", value)
3019
3020 while True:
3021 result = _urllib.parse.quote(getBytes(value), safe)
3022
3023 if limit and len(result) > URLENCODE_CHAR_LIMIT:
3024 if count >= len(URLENCODE_FAILSAFE_CHARS):
3025 break
3026
3027 while count < len(URLENCODE_FAILSAFE_CHARS):
3028 safe += URLENCODE_FAILSAFE_CHARS[count]
3029 count += 1
3030 if safe[-1] in value:
3031 break
3032 else:
3033 break
3034
3035 if spaceplus:
3036 result = result.replace(_urllib.parse.quote(' '), '+')
3037
3038 result = result.replace(DOLLAR_MARKER, '$')

Callers 7

_searchFunction · 0.90
startFunction · 0.90
getPageMethod · 0.90
queryPageMethod · 0.90
_adjustParameterMethod · 0.90
payloadMethod · 0.90
parseTargetUrlFunction · 0.70

Calls 5

getBytesFunction · 0.90
isDbmsMethod · 0.80
singleTimeWarnMessageFunction · 0.70
getMethod · 0.45
replaceMethod · 0.45

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…