Gitiles
Code Review Sign In
www.giggi.me / code-igniter-v3-giggi / e1a94d30e2f30cee36f71c246136fb2db34d25df^! / .
commite1a94d30e2f30cee36f71c246136fb2db34d25df[log] [tgz]
authorAndrey Andreev <narf@devilix.net>Tue Jul 21 14:04:54 2015 +0300
committerAndrey Andreev <narf@devilix.net>Tue Jul 21 14:04:54 2015 +0300
treebf2a1c668759ea5225176f9c2ce6796560873e57
parentd3ac964d356eea78c5a4d894915caf084e54ce18 [diff]
Fix #3989

More instances of the bug that was fixed with 43afc71b777b00cfc2638add6fa3c47d333c5e04

diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php
index fc2d590..e53fb54 100644
--- a/system/database/DB_query_builder.php
+++ b/system/database/DB_query_builder.php

@@ -1276,8 +1276,7 @@
 
 		foreach ($key as $k => $v)
 		{
-			$this->qb_set[$this->protect_identifiers($k, FALSE, $escape)] = ($escape)
-				? $this->escape($v) : $v;
+			$this->qb_set[$this->protect_identifiers($k, FALSE, $escape)] = $this->escape($v);
 		}
 
 		return $this;
@@ -1516,15 +1515,9 @@
 
 			ksort($row); // puts $row in the same order as our keys
 
-			if ($escape !== FALSE)
+			foreach ($row as $k => $v)
 			{
-				$clean = array();
-				foreach ($row as $value)
-				{
-					$clean[] = $this->escape($value);
-				}
-
-				$row = $clean;
+				$row[$k] = $this->escape($v);
 			}
 
 			$this->qb_set[] = '('.implode(',', $row).')';
@@ -1945,7 +1938,7 @@
 					$index_set = TRUE;
 				}
 
-				$clean[$this->protect_identifiers($k2, FALSE, $escape)] = ($escape === FALSE) ? $v2 : $this->escape($v2);
+				$clean[$this->protect_identifiers($k2, FALSE, $escape)] = $this->escape($v2);
 			}
 
 			if ($index_set === FALSE)

diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index 22243cf..d9903d2 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst

@@ -67,7 +67,7 @@
 -  Fixed a bug (#3704) - :doc:`Database <database/index>` method ``stored_procedure()`` in the 'oci8' driver didn't properly bind parameters.
 -  Fixed a bug (#3778) - :doc:`Download Helper <helpers/download_helper>` function :php:func:`force_download()` incorrectly sent a *Pragma* response header.
 -  Fixed a bug (#3752) - ``$routing['directory']`` overrides were not properly handled and always resulted in a 404 "Not Found" error.
--  Fixed an internal bug in :doc:`Query Builder <database/query_builder>` escaping logic where if field name escaping is force-disabled, methods ``where()`` and ``having()`` will also treat values as fields.
+-  Fixed an internal bug (#3989) - :doc:`Query Builder <database/query_builder>` escaping logic where if field name escaping is force-disabled, would also treat values as fields in methods ``where()``, ``having()``, ``set()``, ``set_insert_batch()``, ``set_update_batch()``.
 -  Fixed a bug (#3279) - :doc:`Query Builder <database/query_builder>` methods ``update()`` and ``get_compiled_update()`` did double escaping on the table name if it was provided via ``from()``.
 
 Version 3.0.0