Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit b5dd4d4

Browse files
bdamelebdamele
committed
Minor bug fix for Microsoft Access case expressions (like --common-tables) in UNION query SQL injection
1 parent 02bfd05 commit b5dd4d4

3 files changed

Lines changed: 6 additions & 6 deletions

File tree

doc/THANKS

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -82,7 +82,7 @@ Pierre Chifflier <[email protected]> and Mark Hymers <[email protected]>
8282
Debian project repository
8383

8484
Chris Clements <[email protected]>
85-
for reporting a minor bug
85+
for reporting a couple of bugs
8686

8787
Andreas Constantinides <[email protected]>
8888
for reporting a minor bug

lib/core/agent.py

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -283,7 +283,7 @@ def nullAndCastField(self, field):
283283
if Backend.isDbms(DBMS.SQLITE):
284284
return field
285285

286-
if field.startswith("(CASE"):
286+
if field.startswith("(CASE") or field.startswith("(IIF"):
287287
nulledCastedField = field
288288
else:
289289
nulledCastedField = (queries[Backend.getIdentifiedDbms()].cast.query % field) if not conf.noCast else field
@@ -327,7 +327,7 @@ def nullCastConcatFields(self, fields):
327327
if not Backend.getDbms():
328328
return fields
329329

330-
if fields.startswith("(CASE") or fields.startswith("SUBSTR") or fields.startswith("MID("):
330+
if fields.startswith("(CASE") or fields.startswith("(IIF") or fields.startswith("SUBSTR") or fields.startswith("MID("):
331331
nulledCastedConcatFields = fields
332332
else:
333333
fields = fields.replace(", ", ",")
@@ -598,7 +598,7 @@ def forgeInbandQuery(self, query, position, count, comment, prefix, suffix, char
598598
inbandQuery += query[conditionIndex:]
599599

600600
if Backend.getIdentifiedDbms() in FROM_TABLE:
601-
if " FROM " not in inbandQuery or "(CASE " in inbandQuery:
601+
if " FROM " not in inbandQuery or "(CASE " in inbandQuery or "(IIF" in inbandQuery:
602602
inbandQuery += FROM_TABLE[Backend.getIdentifiedDbms()]
603603

604604
if intoRegExp:
@@ -748,7 +748,7 @@ def forgeCaseStatement(self, expression):
748748
if Backend.getIdentifiedDbms() is not None and hasattr(queries[Backend.getIdentifiedDbms()], "case"):
749749
caseExpression = queries[Backend.getIdentifiedDbms()].case.query % expression
750750

751-
if Backend.getIdentifiedDbms() in FROM_TABLE and not caseExpression.upper().endswith(FROM_TABLE[Backend.getIdentifiedDbms()]):
751+
if "(IIF" not in caseExpression and Backend.getIdentifiedDbms() in FROM_TABLE and not caseExpression.upper().endswith(FROM_TABLE[Backend.getIdentifiedDbms()]):
752752
caseExpression += FROM_TABLE[Backend.getIdentifiedDbms()]
753753

754754
return caseExpression

xml/queries.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -356,7 +356,7 @@
356356
<comment query="%00"/>
357357
<timedelay/>
358358
<substring query="MID((%s),%d,%d)"/>
359-
<case query="IIF(%s,1,0)"/>
359+
<case query="SELECT (IIF(%s,1,0))"/>
360360
<banner/>
361361
<!--CURRENTUSER() is not available outside the MS Access query tool itself-->
362362
<current_user/>

0 commit comments

Comments
 (0)