Fixed a bug in which identifers were not being escaped properly when reserved characters were used

author: Rick Ellis <rick.ellis@ellislab.com> 2008-10-26 23:46:55 +0100
committer: Rick Ellis <rick.ellis@ellislab.com> 2008-10-26 23:46:55 +0100
commit: a0e86293949ff7761cca573853e54146d76f9ba7 (patch)
tree: 052316b67913584a8e2697c7977eccb3e5dde416 /system/database/drivers
parent: 1358485a01d9d0137b59dc2edc6249c42025e26b (diff)
7 files changed, 81 insertions, 4 deletions
diff --git a/system/database/drivers/mssql/mssql_driver.php b/system/database/drivers/mssql/mssql_driver.php
index 72dc263f3..6ad0880ff 100644
--- a/system/database/drivers/mssql/mssql_driver.php
+++ b/system/database/drivers/mssql/mssql_driver.php
@@ -427,7 +427,18 @@ class CI_DB_mssql_driver extends CI_DB {
 		{
 			return $item;
 		}
-	
+
+		foreach ($this->_reserved_identifiers as $id)
+		{
+			if (strpos($item, '.'.$id) !== FALSE)
+			{
+				$str = $this->_escape_char. str_replace('.', $this->_escape_char.'.', $item);  
+				
+				// remove duplicates if the user already included the escape
+				return preg_replace('/['.$this->_escape_char.']+/', $this->_escape_char, $str);
+			}		
+		}
+
 		if (strpos($item, '.') !== FALSE)
 		{
 			$str = $this->_escape_char.str_replace('.', $this->_escape_char.'.'.$this->_escape_char, $item).$this->_escape_char;			
diff --git a/system/database/drivers/mysql/mysql_driver.php b/system/database/drivers/mysql/mysql_driver.php
index e0a1cee7d..45bf77149 100644
--- a/system/database/drivers/mysql/mysql_driver.php
+++ b/system/database/drivers/mysql/mysql_driver.php
@@ -434,7 +434,18 @@ class CI_DB_mysql_driver extends CI_DB {
 		{
 			return $item;
 		}
-	
+
+		foreach ($this->_reserved_identifiers as $id)
+		{
+			if (strpos($item, '.'.$id) !== FALSE)
+			{
+				$str = $this->_escape_char. str_replace('.', $this->_escape_char.'.', $item);  
+				
+				// remove duplicates if the user already included the escape
+				return preg_replace('/['.$this->_escape_char.']+/', $this->_escape_char, $str);
+			}		
+		}
+		
 		if (strpos($item, '.') !== FALSE)
 		{
 			$str = $this->_escape_char.str_replace('.', $this->_escape_char.'.'.$this->_escape_char, $item).$this->_escape_char;			
@@ -443,7 +454,7 @@ class CI_DB_mysql_driver extends CI_DB {
 		{
 			$str = $this->_escape_char.$item.$this->_escape_char;
 		}
-		
+	
 		// remove duplicates if the user already included the escape
 		return preg_replace('/['.$this->_escape_char.']+/', $this->_escape_char, $str);
 	}
diff --git a/system/database/drivers/mysqli/mysqli_driver.php b/system/database/drivers/mysqli/mysqli_driver.php
index f72db64b6..1b3da7a6b 100644
--- a/system/database/drivers/mysqli/mysqli_driver.php
+++ b/system/database/drivers/mysqli/mysqli_driver.php
@@ -425,7 +425,18 @@ class CI_DB_mysqli_driver extends CI_DB {
 		{
 			return $item;
 		}
-	
+		
+		foreach ($this->_reserved_identifiers as $id)
+		{
+			if (strpos($item, '.'.$id) !== FALSE)
+			{
+				$str = $this->_escape_char. str_replace('.', $this->_escape_char.'.', $item);  
+				
+				// remove duplicates if the user already included the escape
+				return preg_replace('/['.$this->_escape_char.']+/', $this->_escape_char, $str);
+			}		
+		}
+		
 		if (strpos($item, '.') !== FALSE)
 		{
 			$str = $this->_escape_char.str_replace('.', $this->_escape_char.'.'.$this->_escape_char, $item).$this->_escape_char;			
diff --git a/system/database/drivers/oci8/oci8_driver.php b/system/database/drivers/oci8/oci8_driver.php
index 365c9e78b..0c1467783 100644
--- a/system/database/drivers/oci8/oci8_driver.php
+++ b/system/database/drivers/oci8/oci8_driver.php
@@ -533,6 +533,17 @@ class CI_DB_oci8_driver extends CI_DB {
 		{
 			return $item;
 		}
+
+		foreach ($this->_reserved_identifiers as $id)
+		{
+			if (strpos($item, '.'.$id) !== FALSE)
+			{
+				$str = $this->_escape_char. str_replace('.', $this->_escape_char.'.', $item);  
+				
+				// remove duplicates if the user already included the escape
+				return preg_replace('/['.$this->_escape_char.']+/', $this->_escape_char, $str);
+			}		
+		}
 	
 		if (strpos($item, '.') !== FALSE)
 		{
diff --git a/system/database/drivers/odbc/odbc_driver.php b/system/database/drivers/odbc/odbc_driver.php
index 1f0377145..3c6f01542 100644
--- a/system/database/drivers/odbc/odbc_driver.php
+++ b/system/database/drivers/odbc/odbc_driver.php
@@ -399,6 +399,17 @@ class CI_DB_odbc_driver extends CI_DB {
 		{
 			return $item;
 		}
+
+		foreach ($this->_reserved_identifiers as $id)
+		{
+			if (strpos($item, '.'.$id) !== FALSE)
+			{
+				$str = $this->_escape_char. str_replace('.', $this->_escape_char.'.', $item);  
+				
+				// remove duplicates if the user already included the escape
+				return preg_replace('/['.$this->_escape_char.']+/', $this->_escape_char, $str);
+			}		
+		}
 	
 		if (strpos($item, '.') !== FALSE)
 		{
diff --git a/system/database/drivers/postgre/postgre_driver.php b/system/database/drivers/postgre/postgre_driver.php
index d94cce149..68622a22b 100644
--- a/system/database/drivers/postgre/postgre_driver.php
+++ b/system/database/drivers/postgre/postgre_driver.php
@@ -438,6 +438,17 @@ class CI_DB_postgre_driver extends CI_DB {
 		{
 			return $item;
 		}
+
+		foreach ($this->_reserved_identifiers as $id)
+		{
+			if (strpos($item, '.'.$id) !== FALSE)
+			{
+				$str = $this->_escape_char. str_replace('.', $this->_escape_char.'.', $item);  
+				
+				// remove duplicates if the user already included the escape
+				return preg_replace('/['.$this->_escape_char.']+/', $this->_escape_char, $str);
+			}		
+		}
 	
 		if (strpos($item, '.') !== FALSE)
 		{
diff --git a/system/database/drivers/sqlite/sqlite_driver.php b/system/database/drivers/sqlite/sqlite_driver.php
index 0ba483f8b..992e2479e 100644
--- a/system/database/drivers/sqlite/sqlite_driver.php
+++ b/system/database/drivers/sqlite/sqlite_driver.php
@@ -410,6 +410,17 @@ class CI_DB_sqlite_driver extends CI_DB {
 		{
 			return $item;
 		}
+
+		foreach ($this->_reserved_identifiers as $id)
+		{
+			if (strpos($item, '.'.$id) !== FALSE)
+			{
+				$str = $this->_escape_char. str_replace('.', $this->_escape_char.'.', $item);  
+				
+				// remove duplicates if the user already included the escape
+				return preg_replace('/['.$this->_escape_char.']+/', $this->_escape_char, $str);
+			}		
+		}
 	
 		if (strpos($item, '.') !== FALSE)
 		{
author	Rick Ellis <rick.ellis@ellislab.com>	2008-10-26 23:46:55 +0100
committer	Rick Ellis <rick.ellis@ellislab.com>	2008-10-26 23:46:55 +0100
commit	a0e86293949ff7761cca573853e54146d76f9ba7 (patch)
tree	052316b67913584a8e2697c7977eccb3e5dde416 /system/database/drivers
parent	1358485a01d9d0137b59dc2edc6249c42025e26b (diff)