From 76b7e3517d4616d6400bf0d7c94ffcb1e30794cf Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sun, 27 Mar 2011 07:58:15 +0000 Subject: [PATCH] minor update --- lib/core/option.py | 9 --------- lib/core/settings.py | 2 ++ plugins/generic/enumeration.py | 21 ++++++++++++++++++--- 3 files changed, 20 insertions(+), 12 deletions(-) diff --git a/lib/core/option.py b/lib/core/option.py index 9ce70338e..2682374dc 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -1096,15 +1096,6 @@ def __cleanupOptions(): else: conf.testParameter = [] - if conf.db: - conf.db = conf.db.replace(" ", "") - - if conf.tbl: - conf.tbl = conf.tbl.replace(" ", "") - - if conf.col: - conf.col = conf.col.replace(" ", "") - if conf.user: conf.user = conf.user.replace(" ", "") diff --git a/lib/core/settings.py b/lib/core/settings.py index 844cb6300..9c60adccc 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -278,3 +278,5 @@ URLENCODE_FAILSAFE_CHARS = '()|,' # maximum length of urlencoded value after which failsafe procedure takes away URLENCODE_CHAR_LIMIT = 4000 + +DEFAULT_MSSQL_SCHEMA = 'dbo' \ No newline at end of file diff --git a/plugins/generic/enumeration.py b/plugins/generic/enumeration.py index 994943a17..095c575bf 100644 --- a/plugins/generic/enumeration.py +++ b/plugins/generic/enumeration.py @@ -52,6 +52,7 @@ from lib.core.exception import sqlmapUserQuitException from lib.core.session import setOs from lib.core.settings import CONCAT_ROW_DELIMITER from lib.core.settings import CONCAT_VALUE_DELIMITER +from lib.core.settings import DEFAULT_MSSQL_SCHEMA from lib.core.settings import SQL_STATEMENTS from lib.core.shell import autoCompletion from lib.core.unescaper import unescaper @@ -908,7 +909,7 @@ class Enumeration: if not conf.db: conf.db, conf.tbl = conf.tbl.split(".") elif Backend.getIdentifiedDbms() == DBMS.MSSQL: - conf.tbl = "dbo.%s" % conf.tbl + conf.tbl = "%s.%s" % (DEFAULT_MSSQL_SCHEMA, conf.tbl) self.forceDbmsEnum() @@ -1209,7 +1210,7 @@ class Enumeration: def __safeSQLIdentificatorNaming(self, value): """ - Returns an safe representation of SQL identificator name + Returns a safe representation of SQL identificator name """ retVal = value if isinstance(value, basestring): @@ -1223,6 +1224,20 @@ class Enumeration: retVal = ".".join(parts) return retVal + def __unsafeSQLIdentificatorNaming(self, value): + """ + Extracts identificator's name from it's safe SQL representation + """ + retVal = value + if isinstance(value, basestring): + if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.ACCESS): + retVal = value.replace("`", "") + elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.ORACLE, DBMS.PGSQL): + retVal = value.replace("\"", "") + if Backend.getIdentifiedDbms() == DBMS.MSSQL: + retVal = retVal.lstrip("%s." % DEFAULT_MSSQL_SCHEMA) + return retVal + def dumpTable(self): if not conf.tbl and not conf.col: errMsg = "missing table parameter" @@ -1241,7 +1256,7 @@ class Enumeration: if not conf.db: conf.db, conf.tbl = conf.tbl.split(".") elif Backend.getIdentifiedDbms() == DBMS.MSSQL: - conf.tbl = "dbo.%s" % conf.tbl + conf.tbl = "%s.%s" % (DEFAULT_MSSQL_SCHEMA, conf.tbl) self.forceDbmsEnum()