summaryrefslogtreecommitdiffstats
path: root/system
diff options
context:
space:
mode:
authorAndrey Andreev <narf@devilix.net>2015-07-20 11:32:02 +0200
committerAndrey Andreev <narf@devilix.net>2015-07-20 11:32:02 +0200
commit43afc71b777b00cfc2638add6fa3c47d333c5e04 (patch)
treec81e63c99b683cfc1643a3ad2f6cc6d46a3625a4 /system
parente17dbe6000a7f5ab3efe42c80bee7ca80dcc23c3 (diff)
Fix an internal bug in QB where() escaping
This is not a supported use case, but if QB escaping is force-disabled, string values passed to where() or having() aren't escaped. That's wrong because escape-disabling should only be possible for identifiers and not values. Reported via the forums: http://forum.codeigniter.com/thread-62478.html
Diffstat (limited to 'system')
-rw-r--r--system/database/DB_query_builder.php5
1 files changed, 1 insertions, 4 deletions
diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php
index a8b5b3579..8d21c5a1d 100644
--- a/system/database/DB_query_builder.php
+++ b/system/database/DB_query_builder.php
@@ -657,10 +657,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver {
if ($v !== NULL)
{
- if ($escape === TRUE)
- {
- $v = ' '.$this->escape($v);
- }
+ $v = ' '.$this->escape($v);
if ( ! $this->_has_operator($k))
{