diff options
| author | Andrey Andreev <narf@devilix.net> | 2014-01-06 12:50:05 +0100 |
|---|---|---|
| committer | Andrey Andreev <narf@devilix.net> | 2014-01-06 12:50:05 +0100 |
| commit | 1720a6aee782b1193454e2ec172f3e89461f83f4 (patch) | |
| tree | 890620f2f446ab8ba6afc87aa07a521085583767 /system/database | |
| parent | fd15a707ee8ec0749c8b51b0b21683b946160096 (diff) | |
Fix #2579: Query Builder's "no escape" functionality didn't work properly with query cache
Diffstat (limited to 'system/database')
| -rw-r--r-- | system/database/DB_query_builder.php | 21 |
1 files changed, 17 insertions, 4 deletions
diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php index 1d41a19ba..c543e1584 100644 --- a/system/database/DB_query_builder.php +++ b/system/database/DB_query_builder.php @@ -2556,6 +2556,10 @@ abstract class CI_DB_query_builder extends CI_DB_driver { { return; } + elseif (in_array('select', $this->qb_cache_exists, TRUE)) + { + $qb_no_escape = $this->qb_cache_no_escape; + } foreach (array_unique($this->qb_cache_exists) as $val) // select, from, etc. { @@ -2563,12 +2567,23 @@ abstract class CI_DB_query_builder extends CI_DB_driver { $qb_cache_var = 'qb_cache_'.$val; $qb_new = $this->$qb_cache_var; - foreach ($this->$qb_variable as &$qb_var) + for ($i = 0, $c = count($this->$qb_variable); $i < $c; $i++) { - in_array($qb_var, $qb_new, TRUE) OR $qb_new[] = $qb_var; + if ( ! in_array($this->{$qb_variable}[$i], $qb_new, TRUE)) + { + $qb_new[] = $this->{$qb_variable}[$i]; + if ($val === 'select') + { + $qb_no_escape[] = $this->qb_no_escape[$i]; + } + } } $this->$qb_variable = $qb_new; + if ($val === 'select') + { + $this->qb_no_escape = $qb_no_escape; + } } // If we are "protecting identifiers" we need to examine the "from" @@ -2577,8 +2592,6 @@ abstract class CI_DB_query_builder extends CI_DB_driver { { $this->_track_aliases($this->qb_from); } - - $this->qb_no_escape = array_merge($this->qb_no_escape, array_diff($this->qb_cache_no_escape, $this->qb_no_escape)); } // -------------------------------------------------------------------- |