diff options
author | Andrey Andreev <narf@devilix.net> | 2017-10-13 16:04:35 +0200 |
---|---|---|
committer | Andrey Andreev <narf@devilix.net> | 2017-10-13 16:04:35 +0200 |
commit | fa2a0c58eb0f6421e3819df8a8873b5a5e4ebb58 (patch) | |
tree | 2f14da1862f0f4a30796f5c8d72b3caf1669f776 | |
parent | c54fd9116d49714390aa109cead0545c80ebb057 (diff) |
Fix #5297
-rw-r--r-- | system/database/DB_driver.php | 12 | ||||
-rw-r--r-- | user_guide_src/source/changelog.rst | 1 |
2 files changed, 9 insertions, 4 deletions
diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php index 0b13a2f82..c18701db3 100644 --- a/system/database/DB_driver.php +++ b/system/database/DB_driver.php @@ -1926,15 +1926,19 @@ abstract class CI_DB_driver { $i++; } + // dbprefix may've already been applied, with or without the identifier escaped + $ec = '(?<ec>'.preg_quote(is_array($this->_escape_char) ? $this->_escape_char[0] : $this->_escape_char).')?'; + isset($ec[0]) && $ec .= '?'; // Just in case someone has disabled escaping by forcing an empty escape character + // Verify table prefix and replace if necessary - if ($this->swap_pre !== '' && strpos($parts[$i], $this->swap_pre) === 0) + if ($this->swap_pre !== '' && preg_match('#^'.$ec.preg_quote($this->swap_pre).'#', $parts[$i])) { - $parts[$i] = preg_replace('/^'.$this->swap_pre.'(\S+?)/', $this->dbprefix.'\\1', $parts[$i]); + $parts[$i] = preg_replace('#^'.$ec.preg_quote($this->swap_pre).'(\S+?)#', '\\1'.$this->dbprefix.'\\2', $parts[$i]); } // We only add the table prefix if it does not already exist - elseif (strpos($parts[$i], $this->dbprefix) !== 0) + else { - $parts[$i] = $this->dbprefix.$parts[$i]; + preg_match('#^'.$ec.preg_quote($this->dbprefix).'#', $parts[$i]) OR $parts[$i] = $this->dbprefix.$parts[$i]; } // Put the parts back together diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index c762df744..d222e17fb 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -14,6 +14,7 @@ Bug fixes for 3.1.7 - Fixed a regression where :doc:`Database Results <database/results>` method ``field_data()`` returned incorrect type names. - Fixed a bug (#5278) - :doc:`URL Helper <helpers/url_helper>` function :php:func:`auto_link()` didn't detect trailing slashes in URLs. - Fixed a regression (#5282) - :doc:`Query Builder <database/query_builder>` method ``count_all_results()`` breaks ``ORDER BY`` clauses for subsequent queries. +- Fixed a bug (#5279) - :doc:`Query Builder <database/query_builder>` didn't account for already escaped identifiers while applying database name prefixes. Version 3.1.6 ============= |