From dabbcf9e23ebfbcb9e88cf4aa6e2433298966bbb Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 20 Oct 2010 08:50:05 +0000 Subject: [PATCH] fix for that 'Subquery returns more than 1 row' --- lib/request/inject.py | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/lib/request/inject.py b/lib/request/inject.py index 0d0a60001..fc5e1064e 100644 --- a/lib/request/inject.py +++ b/lib/request/inject.py @@ -348,17 +348,16 @@ def __goError(expression, resumeValue=True): if output and ( expected is None or ( expected == "int" and output.isdigit() ) ): return output - - if kb.misc.testedDbms != "MySQL": - if kb.dbmsDetected: - _, _, _, _, _, _, fieldToCastStr = agent.getFields(expression) - nulledCastedField = agent.nullAndCastField(fieldToCastStr) - expressionReplaced = expression.replace(fieldToCastStr, nulledCastedField, 1) - expressionUnescaped = unescaper.unescape(expressionReplaced) - else: - expressionUnescaped = unescaper.unescape(expression) - else: #temporary (have to find out what's wrong with that "Subquery with more than 1 row") - expressionUnescaped = unescaper.unescape(expression) + + if kb.dbmsDetected: + _, _, _, _, _, _, fieldToCastStr = agent.getFields(expression) + nulledCastedField = agent.nullAndCastField(fieldToCastStr) + if kb.dbms == "MySQL": + nulledCastedField = nulledCastedField.replace("CHAR(10000)", "CHAR(255)") #fix for that 'Subquery returns more than 1 row' + expressionReplaced = expression.replace(fieldToCastStr, nulledCastedField, 1) + expressionUnescaped = unescaper.unescape(expressionReplaced) + else: + expressionUnescaped = unescaper.unescape(expression) debugMsg = "query: %s" % expressionUnescaped logger.debug(debugMsg)