From c83f468a37dfeb1c51a9dceb485218755f96dce6 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 23 Jan 2013 15:34:20 +0100
Subject: [PATCH] Trivial changes

---
 plugins/generic/search.py |  6 ++++--
 xml/queries.xml           | 16 ++++++++--------
 2 files changed, 12 insertions(+), 10 deletions(-)

diff --git a/plugins/generic/search.py b/plugins/generic/search.py
index 2546ffa3d..495707479 100644
--- a/plugins/generic/search.py
+++ b/plugins/generic/search.py
@@ -160,7 +160,6 @@ class Search:
         rootQuery = queries[Backend.getIdentifiedDbms()].search_table
         tblCond = rootQuery.inband.condition
         dbCond = rootQuery.inband.condition2
-        whereDbsQuery = ""
         tblConsider, tblCondParam = self.likeOrExact("table")
 
         for tbl in tblList:
@@ -175,7 +174,7 @@ class Search:
                 infoMsg += "s like"
             infoMsg += " '%s'" % unsafeSQLIdentificatorNaming(tbl)
 
-            if conf.db and conf.db != CURRENT_DB:
+            if dbCond and conf.db and conf.db != CURRENT_DB:
                 _ = conf.db.split(",")
                 whereDbsQuery = " AND (" + " OR ".join("%s = '%s'" % (dbCond, unsafeSQLIdentificatorNaming(db)) for db in _) + ")"
                 infoMsg += " for database%s '%s'" % ("s" if len(_) > 1 else "", ", ".join(db for db in _))
@@ -183,6 +182,8 @@ class Search:
                 whereDbsQuery = "".join(" AND '%s' != %s" % (unsafeSQLIdentificatorNaming(db), dbCond) for db in self.excludeDbsList)
                 infoMsg2 = "skipping system database%s '%s'" % ("s" if len(self.excludeDbsList) > 1 else "", ", ".join(db for db in self.excludeDbsList))
                 logger.info(infoMsg2)
+            else:
+                whereDbsQuery = ""
 
             logger.info(infoMsg)
 
@@ -191,6 +192,7 @@ class Search:
 
             if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:
                 query = rootQuery.inband.query
+
                 query = query % (tblQuery + whereDbsQuery)
                 values = inject.getValue(query, blind=False, time=False)
 
diff --git a/xml/queries.xml b/xml/queries.xml
index f8260a6e0..3a1b19f1b 100644
--- a/xml/queries.xml
+++ b/xml/queries.xml
@@ -190,16 +190,16 @@
             <blind query="SELECT MIN(%s) FROM %s WHERE CONVERT(NVARCHAR(4000),%s)>'%s'" query2="SELECT MAX(%s) FROM %s WHERE CONVERT(NVARCHAR(4000),%s) LIKE '%s'" count="SELECT LTRIM(STR(COUNT(*))) FROM %s" count2="SELECT LTRIM(STR(COUNT(DISTINCT(%s)))) FROM %s"/>
         </dump_table>
         <search_db>
-            <inband query="SELECT name FROM master..sysdatabases WHERE %s" condition="name"/>
-            <blind query="SELECT name FROM master..sysdatabases WHERE %s" count="SELECT LTRIM(STR(COUNT(name))) FROM master..sysdatabases WHERE %s" condition="name"/>
+            <inband query="SELECT name FROM master..sysdatabases WHERE " condition="name"/>
+            <blind query="SELECT name FROM master..sysdatabases WHERE " count="SELECT LTRIM(STR(COUNT(name))) FROM master..sysdatabases WHERE " condition="name"/>
         </search_db>
         <search_table>
-            <inband query="SELECT name FROM %s..sysobjects WHERE %s..sysobjects.xtype IN ('u','v') AND %s" condition="name" condition2="name"/>
-            <blind query="SELECT name FROM %s..sysobjects WHERE %s..sysobjects.xtype IN ('u','v') AND %s" count="SELECT LTRIM(STR(COUNT(name))) FROM %s..sysobjects WHERE %s..sysobjects.xtype IN ('u','v')" condition="name" condition2="name"/>
+            <inband query="SELECT name FROM %s..sysobjects WHERE %s..sysobjects.xtype IN ('u','v') AND " condition="name" condition2="name"/>
+            <blind query="SELECT name FROM %s..sysobjects WHERE %s..sysobjects.xtype IN ('u','v') " count="SELECT LTRIM(STR(COUNT(name))) FROM %s..sysobjects WHERE %s..sysobjects.xtype IN ('u','v')" condition="name" condition2="name"/>
         </search_table>
         <search_column>
-            <inband query="SELECT %s..sysobjects.name FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.xtype in ('u','v')" condition="[DB]..syscolumns.name" condition2="[DB]..sysobjects.name"/>
-            <blind query="SELECT %s..sysobjects.name FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id  AND %s..sysobjects.xtype in ('u','v')" count="SELECT COUNT(%s..sysobjects.name) FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id  AND %s..sysobjects.xtype in ('u','v')" condition="[DB]..syscolumns.name" condition2="[DB]..sysobjects.name"/>
+            <inband query="SELECT %s..sysobjects.name FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.xtype IN ('u','v')" condition="[DB]..syscolumns.name" condition2="[DB]..sysobjects.name"/>
+            <blind query="SELECT %s..sysobjects.name FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.xtype IN ('u','v')" count="SELECT COUNT(%s..sysobjects.name) FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.xtype IN ('u','v')" condition="[DB]..syscolumns.name" condition2="[DB]..sysobjects.name"/>
         </search_column>
     </dbms>
 
@@ -543,11 +543,11 @@
             <blind query="SELECT MIN(%s) FROM %s WHERE CONVERT(NVARCHAR(4000),%s)>'%s'" query2="SELECT MAX(%s) FROM %s WHERE CONVERT(NVARCHAR(4000),%s) LIKE '%s'" count="SELECT COUNT(*) FROM %s" count2="SELECT COUNT(*) FROM (SELECT DISTINCT %s FROM %s) AS value_table"/>
         </dump_table>
         <search_db>
-            <inband query="SELECT name FROM master..sysdatabases WHERE %s" condition="name"/>
+            <inband query="SELECT name FROM master..sysdatabases WHERE " condition="name"/>
             <blind/>
         </search_db>
         <search_table>
-            <inband query="SELECT name FROM %s..sysobjects WHERE type IN ('U') AND %s" condition="name" condition2="name"/>
+            <inband query="SELECT name FROM %s..sysobjects WHERE type IN ('U') AND " condition="name" condition2="name"/>
             <blind/>
         </search_table>
         <search_column>