bug fixed (there was a huge problem with space containing identifiers - fixed and tested for MySQL)

2025-03-03 19:55:47 +03:00 · 2011-03-25 21:22:06 +00:00 · 2011-03-25 21:22:06 +00:00 · 48c4460e2c
commit 48c4460e2c
parent 6c6133e8aa
1 changed files with 20 additions and 5 deletions
--- a/plugins/generic/enumeration.py
+++ b/plugins/generic/enumeration.py
@ -930,6 +930,10 @@ class Enumeration:
            logger.error(errMsg)
            bruteForce = True

+        if Backend.getIdentifiedDbms() == DBMS.MYSQL:
+            conf.tbl = self.__safeMySQLIdentificatorNaming(conf.tbl)
+            conf.db = self.__safeMySQLIdentificatorNaming(conf.db)
+
        if bruteForce:
            resumeAvailable = False

@ -1002,7 +1006,8 @@ class Enumeration:

                for columnData in value:
                    name = columnData[0]
-
+                    if Backend.getIdentifiedDbms() == DBMS.MYSQL:
+                        name = self.__safeMySQLIdentificatorNaming(name)
                    if len(columnData) == 1:
                        columns[name] = ""
                    else:
@ -1077,6 +1082,9 @@ class Enumeration:
                query = agent.limitQuery(index, query, field)
                column = inject.getValue(query, inband=False, error=False)

+                if Backend.getIdentifiedDbms() == DBMS.MYSQL:
+                    column = self.__safeMySQLIdentificatorNaming(column)
+
                if not onlyColNames:
                    if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
                        query = rootQuery.blind.query2 % (conf.tbl, column, conf.db)
@ -1200,6 +1208,15 @@ class Enumeration:

        return entries, lengths

+    def __safeMySQLIdentificatorNaming(self, value):
+        """
+        Returns an safe representation of identificator name for MySQL
+        """
+        retVal = value
+        if isinstance(value, basestring) and any(filter(lambda x: x in value, ['-', ' '])) and '`' not in value:
+            retVal = "`%s`" % value
+        return retVal
+
    def dumpTable(self):
        if not conf.tbl and not conf.col:
            errMsg = "missing table parameter"
@ -1233,10 +1250,8 @@ class Enumeration:
        rootQuery = queries[Backend.getIdentifiedDbms()].dump_table

        if Backend.getIdentifiedDbms() == DBMS.MYSQL:
-            if '-' in conf.tbl:
-                conf.tbl = "`%s`" % conf.tbl
-            if '-' in conf.db:
-                conf.db = "`%s`" % conf.db
+            conf.tbl = self.__safeMySQLIdentificatorNaming(conf.tbl)
+            conf.db = self.__safeMySQLIdentificatorNaming(conf.db)

        if conf.col:
            colList = conf.col.split(",")