Merge branch 'pgsql_controllers'

* pgsql_controllers: file/cron: Protecting identifiers Fixing multipaste delete queries
author: Rafael Bodill <rafi@sortex.co.il> 2014-09-28 19:27:06 +0200
committer: Rafael Bodill <rafi@sortex.co.il> 2014-09-28 19:27:06 +0200
commit: c902a13c01583e83fda7f8188130e01f2d3bb141 (patch)
tree: fed11d4004b4494864699b1a42b725a20b597768 /application/controllers
parent: 7c100145ce197c86e1c849124daaa39ac6b240f5 (diff)
parent: 4edab80a15cad1a479d110f6b7e782e1b434763d (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/application/controllers/file.php b/application/controllers/file.php
index ddb7a38cf..329a0bdf7 100644
--- a/application/controllers/file.php
+++ b/application/controllers/file.php
@@ -1004,7 +1004,8 @@ class File extends MY_Controller {
 		$query = $this->db->select('hash, id, user')
 			->from('files')
 			->where('date <', $oldest_time)
-			->or_where("(user = 0 AND date < $oldest_session_time)")
+			->or_where('('.$this->db->_protect_identifiers('user').' = 0 AND '
+									.$this->db->_protect_identifiers('date')." < $oldest_session_time)")
 			->get()->result_array();
 
 		foreach($query as $row) {
author	Rafael Bodill <rafi@sortex.co.il>	2014-09-28 19:27:06 +0200
committer	Rafael Bodill <rafi@sortex.co.il>	2014-09-28 19:27:06 +0200
commit	c902a13c01583e83fda7f8188130e01f2d3bb141 (patch)
tree	fed11d4004b4494864699b1a42b725a20b597768 /application/controllers
parent	7c100145ce197c86e1c849124daaa39ac6b240f5 (diff)
parent	4edab80a15cad1a479d110f6b7e782e1b434763d (diff)