summaryrefslogtreecommitdiffstats
path: root/system/database/DB_driver.php
diff options
context:
space:
mode:
authorFlorian Pritz <bluewind@xinu.at>2018-03-20 17:30:02 +0100
committerFlorian Pritz <bluewind@xinu.at>2018-03-20 17:30:02 +0100
commit006cf0764295d37daa597f4ea9cf31abb75d1b68 (patch)
tree4f40341fef42c760330e2caa501881ab195a67b2 /system/database/DB_driver.php
parent61e2a033717a4669117696d0b6913474e3f57954 (diff)
parent02a0518e1c56ba3506f370362ac5ebdb8a138312 (diff)
Merge tag 'ci-upstream/3.1.7' into dev
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Diffstat (limited to 'system/database/DB_driver.php')
-rw-r--r--system/database/DB_driver.php19
1 files changed, 12 insertions, 7 deletions
diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php
index 3eb51f734..059849771 100644
--- a/system/database/DB_driver.php
+++ b/system/database/DB_driver.php
@@ -6,7 +6,7 @@
*
* This content is released under the MIT License (MIT)
*
- * Copyright (c) 2014 - 2017, British Columbia Institute of Technology
+ * Copyright (c) 2014 - 2018, British Columbia Institute of Technology
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
@@ -29,7 +29,7 @@
* @package CodeIgniter
* @author EllisLab Dev Team
* @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
- * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/)
+ * @copyright Copyright (c) 2014 - 2018, British Columbia Institute of Technology (http://bcit.ca/)
* @license http://opensource.org/licenses/MIT MIT License
* @link https://codeigniter.com
* @since Version 1.0.0
@@ -916,6 +916,7 @@ abstract class CI_DB_driver {
if ($this->_trans_begin())
{
+ $this->_trans_status = TRUE;
$this->_trans_depth++;
return TRUE;
}
@@ -1044,7 +1045,7 @@ abstract class CI_DB_driver {
*/
public function is_write_type($sql)
{
- return (bool) preg_match('/^\s*"?(SET|INSERT|UPDATE|DELETE|REPLACE|CREATE|DROP|TRUNCATE|LOAD|COPY|ALTER|RENAME|GRANT|REVOKE|LOCK|UNLOCK|REINDEX)\s/i', $sql);
+ return (bool) preg_match('/^\s*"?(SET|INSERT|UPDATE|DELETE|REPLACE|CREATE|DROP|TRUNCATE|LOAD|COPY|ALTER|RENAME|GRANT|REVOKE|LOCK|UNLOCK|REINDEX|MERGE)\s/i', $sql);
}
// --------------------------------------------------------------------
@@ -1925,15 +1926,19 @@ abstract class CI_DB_driver {
$i++;
}
+ // dbprefix may've already been applied, with or without the identifier escaped
+ $ec = '(?<ec>'.preg_quote(is_array($this->_escape_char) ? $this->_escape_char[0] : $this->_escape_char).')?';
+ isset($ec[0]) && $ec .= '?'; // Just in case someone has disabled escaping by forcing an empty escape character
+
// Verify table prefix and replace if necessary
- if ($this->swap_pre !== '' && strpos($parts[$i], $this->swap_pre) === 0)
+ if ($this->swap_pre !== '' && preg_match('#^'.$ec.preg_quote($this->swap_pre).'#', $parts[$i]))
{
- $parts[$i] = preg_replace('/^'.$this->swap_pre.'(\S+?)/', $this->dbprefix.'\\1', $parts[$i]);
+ $parts[$i] = preg_replace('#^'.$ec.preg_quote($this->swap_pre).'(\S+?)#', '\\1'.$this->dbprefix.'\\2', $parts[$i]);
}
// We only add the table prefix if it does not already exist
- elseif (strpos($parts[$i], $this->dbprefix) !== 0)
+ else
{
- $parts[$i] = $this->dbprefix.$parts[$i];
+ preg_match('#^'.$ec.preg_quote($this->dbprefix).'#', $parts[$i]) OR $parts[$i] = $this->dbprefix.$parts[$i];
}
// Put the parts back together