diff options
author | Andrey Andreev <narf@bofh.bg> | 2013-03-29 14:15:41 +0100 |
---|---|---|
committer | Andrey Andreev <narf@bofh.bg> | 2013-03-29 14:15:41 +0100 |
commit | 3b0c08ac289cf14c86feadf1c836b8b87f61cdbf (patch) | |
tree | 8d697924db77d6ff660f9b80976c62f0d3a66369 | |
parent | 5269c1cf2d5ae749309b06194f0a2a737a9ff114 (diff) |
Fix #2353
-rw-r--r-- | system/database/DB_driver.php | 5 | ||||
-rw-r--r-- | user_guide_src/source/changelog.rst | 3 |
2 files changed, 6 insertions, 2 deletions
diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php index 04490c824..bbefbe566 100644 --- a/system/database/DB_driver.php +++ b/system/database/DB_driver.php @@ -1706,7 +1706,10 @@ abstract class CI_DB_driver { // If a parenthesis is found we know that we do not need to // escape the data or add a prefix. There's probably a more graceful // way to deal with this, but I'm not thinking of it -- Rick - if (strpos($item, '(') !== FALSE) + // + // Added exception for single quotes as well, we don't want to alter + // literal strings. -- Narf + if (strpos($item, '(') !== FALSE OR strpos($item, "'") !== FALSE) { return $item; } diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 6ef08c1a9..21d0bde63 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -482,7 +482,7 @@ Bug fixes for 3.0 - Fixed a bug (#113) - :doc:`Form Validation Library <libraries/form_validation>` didn't properly handle empty fields that were specified as an array. - Fixed a bug (#2061) - :doc:`Routing Class <general/routing>` didn't properly sanitize directory, controller and function triggers with **enable_query_strings** set to TRUE. - Fixed a bug - SQLSRV didn't support ``escape_like_str()`` or escaping an array of values. -- Fixed a bug - :doc:`DB result <database/results>` method ``list_fields()`` didn't reset its field pointer for the *mysql*, *mysqli* and *mssql* drivers. +- Fixed a bug - :doc:`Database Results <database/results>` method ``list_fields()`` didn't reset its field pointer for the *mysql*, *mysqli* and *mssql* drivers. - Fixed a bug (#73) - :doc:`Security Library <libraries/security>` method ``sanitize_filename()`` could be tricked by an XSS attack. - Fixed a bug (#2211) - :doc:`Migration Library <libraries/migration>` extensions couldn't execute ``CI_Migration::__construct()``. - Fixed a bug (#2255) - :doc:`Email Library <libraries/email>` didn't apply ``smtp_timeout`` to socket reads and writes. @@ -490,6 +490,7 @@ Bug fixes for 3.0 - Fixed a bug (#2234) - :doc:`Query Builder <database/query_builder>` didn't reset JOIN cache for write-type queries. - Fixed a bug (#2298) - :doc:`Database Results <database/results>` method `next_row()` kept returning the last row, allowing for infinite loops. - Fixed a bug (#2236) - :doc:`Form Helper <helpers/form_helper>` function ``set_value()`` didn't parse array notation for keys if the rule was not present in the :doc:`Form Validation Library <libraries/form_validation>`. +- Fixed a bug (#2353) - :doc:`Query Builder <database/query_builder>` erroneously prefixed literal strings with **dbprefix**. Version 2.1.3 ============= |