From b5dd4d4a63113502a8b3bb16091f6a23218b7419 Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Fri, 8 Jul 2011 10:19:01 +0000
Subject: [PATCH] Minor bug fix for Microsoft Access case expressions (like
 --common-tables) in UNION query SQL injection

---
 doc/THANKS        | 2 +-
 lib/core/agent.py | 8 ++++----
 xml/queries.xml   | 2 +-
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/doc/THANKS b/doc/THANKS
index 5ed56eb35..ae3c882d5 100644
--- a/doc/THANKS
+++ b/doc/THANKS
@@ -82,7 +82,7 @@ Pierre Chifflier <pollux@debian.org> and Mark Hymers <ftpmaster@debian.org>
     Debian project repository
 
 Chris Clements <cclements@flatearth.net>
-    for reporting a minor bug
+    for reporting a couple of bugs
 
 Andreas Constantinides <megahz@megahz.org>
     for reporting a minor bug
diff --git a/lib/core/agent.py b/lib/core/agent.py
index e9f92eb5c..2096ea990 100644
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@@ -283,7 +283,7 @@ class Agent:
         if Backend.isDbms(DBMS.SQLITE):
             return field
 
-        if field.startswith("(CASE"):
+        if field.startswith("(CASE") or field.startswith("(IIF"):
             nulledCastedField = field
         else:
             nulledCastedField = (queries[Backend.getIdentifiedDbms()].cast.query % field) if not conf.noCast else field
@@ -327,7 +327,7 @@ class Agent:
         if not Backend.getDbms():
             return fields
 
-        if fields.startswith("(CASE") or fields.startswith("SUBSTR") or fields.startswith("MID("):
+        if fields.startswith("(CASE") or fields.startswith("(IIF") or fields.startswith("SUBSTR") or fields.startswith("MID("):
             nulledCastedConcatFields = fields
         else:
             fields = fields.replace(", ", ",")
@@ -598,7 +598,7 @@ class Agent:
             inbandQuery += query[conditionIndex:]
 
         if Backend.getIdentifiedDbms() in FROM_TABLE:
-            if " FROM " not in inbandQuery or "(CASE " in inbandQuery:
+            if " FROM " not in inbandQuery or "(CASE " in inbandQuery or "(IIF" in inbandQuery:
                 inbandQuery += FROM_TABLE[Backend.getIdentifiedDbms()]
 
         if intoRegExp:
@@ -748,7 +748,7 @@ class Agent:
         if Backend.getIdentifiedDbms() is not None and hasattr(queries[Backend.getIdentifiedDbms()], "case"):
             caseExpression = queries[Backend.getIdentifiedDbms()].case.query % expression
 
-            if Backend.getIdentifiedDbms() in FROM_TABLE and not caseExpression.upper().endswith(FROM_TABLE[Backend.getIdentifiedDbms()]):
+            if "(IIF" not in caseExpression and Backend.getIdentifiedDbms() in FROM_TABLE and not caseExpression.upper().endswith(FROM_TABLE[Backend.getIdentifiedDbms()]):
                 caseExpression += FROM_TABLE[Backend.getIdentifiedDbms()]
 
         return caseExpression
diff --git a/xml/queries.xml b/xml/queries.xml
index 3af8e9dff..d9b32b6b3 100644
--- a/xml/queries.xml
+++ b/xml/queries.xml
@@ -356,7 +356,7 @@
         <comment query="%00"/>
         <timedelay/>
         <substring query="MID((%s),%d,%d)"/>
-        <case query="IIF(%s,1,0)"/>
+        <case query="SELECT (IIF(%s,1,0))"/>
         <banner/>
         <!--CURRENTUSER() is not available outside the MS Access query tool itself-->
         <current_user/>