Gitiles
Code Review Sign In
www.giggi.me / code-igniter-v3-giggi / 49aa45b45e1cc83cb61d1524ba32d6c188dac2e1^! / . / system / database
commit49aa45b45e1cc83cb61d1524ba32d6c188dac2e1[log] [tgz]
authorAndrey Andreev <narf@bofh.bg>Fri Jul 06 16:22:21 2012 +0300
committerAndrey Andreev <narf@bofh.bg>Fri Jul 06 16:22:21 2012 +0300
treed8e4c4c1460d74a27b6b4d101e8a3874f890dd80
parentd993974327dcb3b6df14488fa7d5a1a372f29bc9 [diff]
Fix a few join() bugs

diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php
index d5367b4..1060ecc 100644
--- a/system/database/DB_driver.php
+++ b/system/database/DB_driver.php

@@ -970,7 +970,7 @@
 	 */
 	public function escape_identifiers($item)
 	{
-		if ($this->_escape_char === '')
+		if ($this->_escape_char === '' OR empty($item))
 		{
 			return $item;
 		}
@@ -983,8 +983,8 @@
 
 			return $item;
 		}
-		// Avoid breaking functions inside queries
-		elseif (strpos($item, '(') !== FALSE)
+		// Avoid breaking functions and literal values inside queries
+		elseif (ctype_digit($item) OR $item[0] === "'" OR strpos($item, '(') !== FALSE)
 		{
 			return $item;
 		}

diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php
index 79e67e0..479b7f2 100644
--- a/system/database/DB_query_builder.php
+++ b/system/database/DB_query_builder.php

@@ -350,18 +350,18 @@
 		is_bool($escape) OR $escape = $this->_protect_identifiers;
 
 		// Split multiple conditions
-		if ($escape === TRUE && preg_match_all('/\sAND\s|\sOR\s/i', $cond, $m, PREG_SET_ORDER | PREG_OFFSET_CAPTURE))
+		if ($escape === TRUE && preg_match_all('/\sAND\s|\sOR\s/i', $cond, $m, PREG_OFFSET_CAPTURE))
 		{
 			$newcond = '';
 			$m[0][] = array('', strlen($cond));
 
 			for ($i = 0, $c = count($m[0]), $s = 0;
 				$i < $c;
-				$s += $m[0][$i][1] + strlen($m[0][$i][0]), $i++)
+				$s = $m[0][$i][1] + strlen($m[0][$i][0]), $i++)
 			{
-				$temp = substr($cond, $s, $m[0][$i][1]);
+				$temp = substr($cond, $s, ($m[0][$i][1] - $s));
 
-				$newcond .= preg_match('/([\[\w\.-]+)([\W\s]+)(.+)/i', $temp, $match)
+				$newcond .= preg_match("/([\[\]\w\.'-]+)(\s*[^\"\[`'\w]+\s*)(.+)/i", $temp, $match)
 						? $this->protect_identifiers($match[1]).$match[2].$this->protect_identifiers($match[3])
 						: $temp;
 
@@ -371,7 +371,7 @@
 			$cond = ' ON '.$newcond;
 		}
 		// Split apart the condition and protect the identifiers
-		elseif ($escape === TRUE && preg_match('/([\[\w\.-]+)([\W\s]+)(.+)/i', $cond, $match))
+		elseif ($escape === TRUE && preg_match("/([\[\]\w\.'-]+)(\s*[^\"\[`'\w]+\s*)(.+)/i", $cond, $match))
 		{
 			$cond = ' ON '.$this->protect_identifiers($match[1]).$match[2].$this->protect_identifiers($match[3]);
 		}