summaryrefslogtreecommitdiffstats
path: root/system
diff options
context:
space:
mode:
authorAndrey Andreev <narf@devilix.net>2018-01-30 14:08:21 +0100
committerAndrey Andreev <narf@devilix.net>2018-01-30 14:08:21 +0100
commit7dd6f14073c109a3227d78e30780ab79117bda42 (patch)
tree34120f2e68a7bccde09072cb27c9777bc0b5f729 /system
parent7c71b8f571585655d24ce325fb0ec3deb6caa8e4 (diff)
Fix a QB bug where where(), having() treated values passed to them as arbitrary SQL
Diffstat (limited to 'system')
-rw-r--r--system/database/DB_query_builder.php51
1 files changed, 28 insertions, 23 deletions
diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php
index b9bbb5016..8f477e3a1 100644
--- a/system/database/DB_query_builder.php
+++ b/system/database/DB_query_builder.php
@@ -680,7 +680,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver {
{
if ($escape === TRUE)
{
- $v = ' '.$this->escape($v);
+ $v = $this->escape($v);
}
if ( ! $this->_has_operator($k))
@@ -698,10 +698,11 @@ abstract class CI_DB_query_builder extends CI_DB_driver {
$k = substr($k, 0, $match[0][1]).($match[1][0] === '=' ? ' IS NULL' : ' IS NOT NULL');
}
- $this->{$qb_key}[] = array('condition' => $prefix.$k.$v, 'escape' => $escape);
+ ${$qb_key} = array('condition' => $prefix.$k, 'value' => $v, 'escape' => $escape);
+ $this->{$qb_key}[] = ${$qb_key};
if ($this->qb_caching === TRUE)
{
- $this->{$qb_cache_key}[] = array('condition' => $prefix.$k.$v, 'escape' => $escape);
+ $this->{$qb_cache_key}[] = ${$qb_key};
$this->qb_cache_exists[] = substr($qb_key, 3);
}
@@ -834,6 +835,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver {
$where_in = array(
'condition' => $prefix.$key.$not.' IN('.implode(', ', $where_in).')',
+ 'value' => NULL,
'escape' => $escape
);
@@ -962,33 +964,34 @@ abstract class CI_DB_query_builder extends CI_DB_driver {
$v = $this->escape_like_str($v);
}
- if ($side === 'none')
+ switch ($side)
{
- $like_statement = "{$prefix} {$k} {$not} LIKE '{$v}'";
- }
- elseif ($side === 'before')
- {
- $like_statement = "{$prefix} {$k} {$not} LIKE '%{$v}'";
- }
- elseif ($side === 'after')
- {
- $like_statement = "{$prefix} {$k} {$not} LIKE '{$v}%'";
- }
- else
- {
- $like_statement = "{$prefix} {$k} {$not} LIKE '%{$v}%'";
+ case 'none':
+ $v = "'{$v}'";
+ break;
+ case 'before':
+ $v = "%'{$v}'";
+ break;
+ case 'after':
+ $v = "'{$v}%'";
+ break;
+ case 'both':
+ default:
+ $v = "'%{$v}%'";
+ break;
}
// some platforms require an escape sequence definition for LIKE wildcards
if ($escape === TRUE && $this->_like_escape_str !== '')
{
- $like_statement .= sprintf($this->_like_escape_str, $this->_like_escape_chr);
+ $v .= sprintf($this->_like_escape_str, $this->_like_escape_chr);
}
- $this->qb_where[] = array('condition' => $like_statement, 'escape' => $escape);
+ $qb_where = array('condition' => "{$prefix} {$k} {$not} LIKE", 'value' => $v, 'escape' => $escape);
+ $this->qb_where[] = $qb_where;
if ($this->qb_caching === TRUE)
{
- $this->qb_cache_where[] = array('condition' => $like_statement, 'escape' => $escape);
+ $this->qb_cache_where[] = $qb_where;
$this->qb_cache_exists[] = 'where';
}
}
@@ -1013,6 +1016,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver {
$prefix = (count($this->qb_where) === 0 && count($this->qb_cache_where) === 0) ? '' : $type;
$where = array(
'condition' => $prefix.$not.str_repeat(' ', ++$this->qb_where_group_count).' (',
+ 'value' => NULL,
'escape' => FALSE
);
@@ -1073,6 +1077,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver {
$this->qb_where_group_started = FALSE;
$where = array(
'condition' => str_repeat(' ', $this->qb_where_group_count--).')',
+ 'value' => NULL,
'escape' => FALSE
);
@@ -1433,7 +1438,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver {
// --------------------------------------------------------------------
/**
- * Get_Where
+ * get_where()
*
* Allows the where clause, limit and offset to be added directly
*
@@ -2395,7 +2400,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver {
}
elseif ($this->{$qb_key}[$i]['escape'] === FALSE)
{
- $this->{$qb_key}[$i] = $this->{$qb_key}[$i]['condition'];
+ $this->{$qb_key}[$i] = $this->{$qb_key}[$i]['condition'].(isset($this->{$qb_key}[$i]['value']) ? ' '.$this->{$qb_key}[$i]['value'] : '');
continue;
}
@@ -2434,7 +2439,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver {
.' '.trim($matches[3]).$matches[4].$matches[5];
}
- $this->{$qb_key}[$i] = implode('', $conditions);
+ $this->{$qb_key}[$i] = implode('', $conditions).(isset($this->{$qb_key}[$i]['value']) ? ' '.$this->{$qb_key}[$i]['value'] : '');
}
return ($qb_key === 'qb_having' ? "\nHAVING " : "\nWHERE ")