summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndrey Andreev <narf@bofh.bg>2013-03-29 14:15:41 +0100
committerAndrey Andreev <narf@bofh.bg>2013-03-29 14:15:41 +0100
commit3b0c08ac289cf14c86feadf1c836b8b87f61cdbf (patch)
tree8d697924db77d6ff660f9b80976c62f0d3a66369
parent5269c1cf2d5ae749309b06194f0a2a737a9ff114 (diff)
Fix #2353
-rw-r--r--system/database/DB_driver.php5
-rw-r--r--user_guide_src/source/changelog.rst3
2 files changed, 6 insertions, 2 deletions
diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php
index 04490c824..bbefbe566 100644
--- a/system/database/DB_driver.php
+++ b/system/database/DB_driver.php
@@ -1706,7 +1706,10 @@ abstract class CI_DB_driver {
// If a parenthesis is found we know that we do not need to
// escape the data or add a prefix. There's probably a more graceful
// way to deal with this, but I'm not thinking of it -- Rick
- if (strpos($item, '(') !== FALSE)
+ //
+ // Added exception for single quotes as well, we don't want to alter
+ // literal strings. -- Narf
+ if (strpos($item, '(') !== FALSE OR strpos($item, "'") !== FALSE)
{
return $item;
}
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index 6ef08c1a9..21d0bde63 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -482,7 +482,7 @@ Bug fixes for 3.0
- Fixed a bug (#113) - :doc:`Form Validation Library <libraries/form_validation>` didn't properly handle empty fields that were specified as an array.
- Fixed a bug (#2061) - :doc:`Routing Class <general/routing>` didn't properly sanitize directory, controller and function triggers with **enable_query_strings** set to TRUE.
- Fixed a bug - SQLSRV didn't support ``escape_like_str()`` or escaping an array of values.
-- Fixed a bug - :doc:`DB result <database/results>` method ``list_fields()`` didn't reset its field pointer for the *mysql*, *mysqli* and *mssql* drivers.
+- Fixed a bug - :doc:`Database Results <database/results>` method ``list_fields()`` didn't reset its field pointer for the *mysql*, *mysqli* and *mssql* drivers.
- Fixed a bug (#73) - :doc:`Security Library <libraries/security>` method ``sanitize_filename()`` could be tricked by an XSS attack.
- Fixed a bug (#2211) - :doc:`Migration Library <libraries/migration>` extensions couldn't execute ``CI_Migration::__construct()``.
- Fixed a bug (#2255) - :doc:`Email Library <libraries/email>` didn't apply ``smtp_timeout`` to socket reads and writes.
@@ -490,6 +490,7 @@ Bug fixes for 3.0
- Fixed a bug (#2234) - :doc:`Query Builder <database/query_builder>` didn't reset JOIN cache for write-type queries.
- Fixed a bug (#2298) - :doc:`Database Results <database/results>` method `next_row()` kept returning the last row, allowing for infinite loops.
- Fixed a bug (#2236) - :doc:`Form Helper <helpers/form_helper>` function ``set_value()`` didn't parse array notation for keys if the rule was not present in the :doc:`Form Validation Library <libraries/form_validation>`.
+- Fixed a bug (#2353) - :doc:`Query Builder <database/query_builder>` erroneously prefixed literal strings with **dbprefix**.
Version 2.1.3
=============