From 97c06854a4965932687ca82e39188ed106aed796 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 15 Feb 2013 16:48:58 +0100
Subject: [PATCH 1/8] Minor fixes

---
 lib/core/dump.py             |  4 ++--
 plugins/generic/databases.py | 10 +++++-----
 plugins/generic/entries.py   | 10 +++++-----
 plugins/generic/search.py    |  2 +-
 4 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/lib/core/dump.py b/lib/core/dump.py
index 1d46e22c7..85c00b886 100644
--- a/lib/core/dump.py
+++ b/lib/core/dump.py
@@ -579,9 +579,9 @@ class Dump(object):
 
         for column in dbColumnsDict.keys():
             if colConsider == "1":
-                colConsiderStr = "s like '" + column + "' were"
+                colConsiderStr = "s like '%s' were" % unsafeSQLIdentificatorNaming(column)
             else:
-                colConsiderStr = " '%s' was" % column
+                colConsiderStr = " '%s' was" % unsafeSQLIdentificatorNaming(column)
 
             msg = "Column%s found in the " % colConsiderStr
             msg += "following databases:"
diff --git a/plugins/generic/databases.py b/plugins/generic/databases.py
index edba26c2e..c37fad3b3 100644
--- a/plugins/generic/databases.py
+++ b/plugins/generic/databases.py
@@ -247,7 +247,7 @@ class Databases:
                 return tableExists(paths.COMMON_TABLES)
 
         infoMsg = "fetching tables for database"
-        infoMsg += "%s: '%s'" % ("s" if len(dbs) > 1 else "", ", ".join(db if isinstance(db, basestring) else db[0] for db in sorted(dbs)))
+        infoMsg += "%s: '%s'" % ("s" if len(dbs) > 1 else "", ", ".join(unsafeSQLIdentificatorNaming(unArrayizeValue(db)) for db in sorted(dbs)))
         logger.info(infoMsg)
 
         rootQuery = queries[Backend.getIdentifiedDbms()].tables
@@ -261,7 +261,7 @@ class Databases:
                     query += " WHERE %s" % condition
 
                     if conf.excludeSysDbs:
-                        infoMsg = "skipping system database%s '%s'" % ("s" if len(self.excludeDbsList) > 1 else "", ", ".join(db for db in self.excludeDbsList))
+                        infoMsg = "skipping system database%s '%s'" % ("s" if len(self.excludeDbsList) > 1 else "", ", ".join(unsafeSQLIdentificatorNaming(db) for db in self.excludeDbsList))
                         logger.info(infoMsg)
                         query += " IN (%s)" % ",".join("'%s'" % unsafeSQLIdentificatorNaming(db) for db in sorted(dbs) if db not in self.excludeDbsList)
                     else:
@@ -290,7 +290,7 @@ class Databases:
         if not kb.data.cachedTables and isInferenceAvailable() and not conf.direct:
             for db in dbs:
                 if conf.excludeSysDbs and db in self.excludeDbsList:
-                    infoMsg = "skipping system database '%s'" % db
+                    infoMsg = "skipping system database '%s'" % unsafeSQLIdentificatorNaming(db)
                     logger.info(infoMsg)
 
                     continue
@@ -569,7 +569,7 @@ class Databases:
                    and conf.db in kb.data.cachedColumns and tbl in \
                    kb.data.cachedColumns[conf.db]:
                     infoMsg = "fetched tables' columns on "
-                    infoMsg += "database '%s'" % conf.db
+                    infoMsg += "database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
                     logger.info(infoMsg)
 
                     return {conf.db: kb.data.cachedColumns[conf.db]}
@@ -692,7 +692,7 @@ class Databases:
 
         if not kb.data.cachedColumns:
             warnMsg = "unable to retrieve column names for "
-            warnMsg += ("table '%s' " % tblList[0]) if len(tblList) == 1 else "any table "
+            warnMsg += ("table '%s' " % unsafeSQLIdentificatorNaming(unArrayizeValue(tblList))) if len(tblList) == 1 else "any table "
             warnMsg += "in database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
             logger.warn(warnMsg)
 
diff --git a/plugins/generic/entries.py b/plugins/generic/entries.py
index 1db68a1d7..f675fb8c1 100644
--- a/plugins/generic/entries.py
+++ b/plugins/generic/entries.py
@@ -363,7 +363,7 @@ class Entries:
 
                         self.dumpTable()
                     except SqlmapNoneDataException:
-                        infoMsg = "skipping table '%s'" % table
+                        infoMsg = "skipping table '%s'" % unsafeSQLIdentificatorNaming(table)
                         logger.info(infoMsg)
 
     def dumpFoundColumn(self, dbs, foundCols, colConsider):
@@ -378,7 +378,7 @@ class Entries:
 
         for db, tblData in dbs.items():
             if tblData:
-                message += "[%s]\n" % db
+                message += "[%s]\n" % unsafeSQLIdentificatorNaming(db)
 
         message += "[q]uit"
         test = readInput(message, default="a")
@@ -441,7 +441,7 @@ class Entries:
 
         for db, tablesList in tables.items():
             if tablesList:
-                message += "[%s]\n" % db
+                message += "[%s]\n" % unsafeSQLIdentificatorNaming(db)
 
         message += "[q]uit"
         test = readInput(message, default="a")
@@ -459,11 +459,11 @@ class Entries:
 
             conf.db = db
             dumpFromTbls = []
-            message = "which table(s) of database '%s'?\n" % db
+            message = "which table(s) of database '%s'?\n" % unsafeSQLIdentificatorNaming(db)
             message += "[a]ll (default)\n"
 
             for tbl in tablesList:
-                message += "[%s]\n" % tbl
+                message += "[%s]\n" % unsafeSQLIdentificatorNaming(tbl)
 
             message += "[s]kip\n"
             message += "[q]uit"
diff --git a/plugins/generic/search.py b/plugins/generic/search.py
index 0e89a27cf..9bf23b4b4 100644
--- a/plugins/generic/search.py
+++ b/plugins/generic/search.py
@@ -519,7 +519,7 @@ class Search:
                         logger.info(infoMsg)
 
                         query = rootQuery.blind.count2
-                        query = query % db
+                        query = query % unsafeSQLIdentificatorNaming(db)
                         query += " AND %s" % colQuery
                         query += whereTblsQuery
 

From 799bd51c2ead8d06343d0da6ab2cb5854b90dc5a Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 15 Feb 2013 16:55:30 +0100
Subject: [PATCH 2/8] Minor fix when two readInput/dataToStdout are called one
 at a time

---
 lib/core/common.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/core/common.py b/lib/core/common.py
index 7d70c9262..b1d0f449b 100644
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -774,6 +774,10 @@ def dataToStdout(data, forceOutput=False, bold=False, content_type=None, status=
             else:
                 message = data
 
+            if kb.prependFlag:
+                message = "\n%s" % message
+                kb.prependFlag = False
+
             if hasattr(conf, "api"):
                 sys.stdout.write(message, status, content_type)
             else:

From 834ae6aac046f5f44daa0bf2ae7ba936d97d3840 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 15 Feb 2013 16:58:02 +0100
Subject: [PATCH 3/8] Another minor update

---
 plugins/generic/entries.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugins/generic/entries.py b/plugins/generic/entries.py
index f675fb8c1..b381f1e97 100644
--- a/plugins/generic/entries.py
+++ b/plugins/generic/entries.py
@@ -396,7 +396,7 @@ class Entries:
 
             conf.db = db
             dumpFromTbls = []
-            message = "which table(s) of database '%s'?\n" % db
+            message = "which table(s) of database '%s'?\n" % unsafeSQLIdentificatorNaming(db)
             message += "[a]ll (default)\n"
 
             for tbl in tblData:

From 046f347f5d47e35683943dcf6c6e89c42655dbd3 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 15 Feb 2013 17:08:50 +0100
Subject: [PATCH 4/8] Minor fix

---
 plugins/generic/search.py | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/plugins/generic/search.py b/plugins/generic/search.py
index 9bf23b4b4..02b661144 100644
--- a/plugins/generic/search.py
+++ b/plugins/generic/search.py
@@ -508,7 +508,6 @@ class Search:
                     colQuery = colQuery % unsafeSQLIdentificatorNaming(column)
 
                     for db in dbData:
-                        db = safeSQLIdentificatorNaming(db)
                         conf.db = origDb
                         conf.tbl = origTbl
 
@@ -545,7 +544,7 @@ class Search:
                             else:
                                 query += " AND %s" % (colQuery + whereTblsQuery)
 
-                            query = safeStringFormat(query, db)
+                            query = safeStringFormat(query, unsafeSQLIdentificatorNaming(db))
                             query = agent.limitQuery(index, query)
 
                             tbl = unArrayizeValue(inject.getValue(query, union=False, error=False))

From 5a793cbc7c9d6cf0e8b172a6b6eb5d32af824aa1 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 15 Feb 2013 17:09:25 +0100
Subject: [PATCH 5/8] Minor revert

---
 lib/core/common.py | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index b1d0f449b..7d70c9262 100644
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -774,10 +774,6 @@ def dataToStdout(data, forceOutput=False, bold=False, content_type=None, status=
             else:
                 message = data
 
-            if kb.prependFlag:
-                message = "\n%s" % message
-                kb.prependFlag = False
-
             if hasattr(conf, "api"):
                 sys.stdout.write(message, status, content_type)
             else:

From 1b3d74948834fe1bd9037f13b621c146e4e6c53c Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 15 Feb 2013 17:11:53 +0100
Subject: [PATCH 6/8] Proper fix related to the last commit/revert

---
 lib/core/common.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/core/common.py b/lib/core/common.py
index 7d70c9262..6091f7e98 100644
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -829,6 +829,10 @@ def readInput(message, default=None, checkBatch=True):
     elif message[-1] == ']':
         message += " "
 
+    if kb.prependFlag:
+        message = "\n%s" % message
+        kb.prependFlag = False
+
     if conf.answers:
         for item in conf.answers.split(','):
             question = item.split('=')[0].strip()

From bf82506c1b0cf788bfb0180af7e6ee1112c91fdd Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 15 Feb 2013 17:34:12 +0100
Subject: [PATCH 7/8] Oracle can't enclose table names with double quotations

---
 lib/core/common.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 6091f7e98..2379bae9f 100644
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -2818,7 +2818,9 @@ def safeSQLIdentificatorNaming(name, isTable=False):
         if retVal.upper() in kb.keywords or not re.match(r"\A[A-Za-z0-9_@%s\$]+\Z" % ("." if _ else ""), retVal):  # MsSQL is the only DBMS where we automatically prepend schema to table name (dot is normal)
             if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.ACCESS):
                 retVal = "`%s`" % retVal.strip("`")
-            elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.PGSQL, DBMS.DB2):
+            elif Backend.getIdentifiedDbms() in (DBMS.ORACLE,) and not isTable:
+                retVal = "\"%s\"" % retVal.strip("\"")
+            elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.DB2):
                 retVal = "\"%s\"" % retVal.strip("\"")
             elif Backend.getIdentifiedDbms() in (DBMS.MSSQL,):
                 retVal = "[%s]" % retVal.strip("[]")

From 9b5f33560bad301b5a07a1ceee21ed83b077e229 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 15 Feb 2013 17:36:04 +0100
Subject: [PATCH 8/8] Oracle is too specific (only column names can be
 enclosed) - removing it

---
 lib/core/common.py | 2 --
 1 file changed, 2 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 2379bae9f..8461ee0c5 100644
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -2818,8 +2818,6 @@ def safeSQLIdentificatorNaming(name, isTable=False):
         if retVal.upper() in kb.keywords or not re.match(r"\A[A-Za-z0-9_@%s\$]+\Z" % ("." if _ else ""), retVal):  # MsSQL is the only DBMS where we automatically prepend schema to table name (dot is normal)
             if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.ACCESS):
                 retVal = "`%s`" % retVal.strip("`")
-            elif Backend.getIdentifiedDbms() in (DBMS.ORACLE,) and not isTable:
-                retVal = "\"%s\"" % retVal.strip("\"")
             elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.DB2):
                 retVal = "\"%s\"" % retVal.strip("\"")
             elif Backend.getIdentifiedDbms() in (DBMS.MSSQL,):