summaryrefslogtreecommitdiffstats
path: root/system
diff options
context:
space:
mode:
authorAndrey Andreev <narf@devilix.net>2016-02-11 22:49:37 +0100
committerAndrey Andreev <narf@devilix.net>2016-02-11 22:49:37 +0100
commitc6011941511e706c3a3d44151eccda7d0b472007 (patch)
treeb3431a0af08dac844f4dc86ca0b4dc09326ca8f2 /system
parenta54a2b90bf057d7883ea7506d78a1073478ea4cf (diff)
Fix #4449
Diffstat (limited to 'system')
-rw-r--r--system/database/DB_query_builder.php60
1 files changed, 34 insertions, 26 deletions
diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php
index d6f35e0df..6bf039ead 100644
--- a/system/database/DB_query_builder.php
+++ b/system/database/DB_query_builder.php
@@ -531,38 +531,46 @@ abstract class CI_DB_query_builder extends CI_DB_driver {
is_bool($escape) OR $escape = $this->_protect_identifiers;
- // Split multiple conditions
- if ($escape === TRUE && preg_match_all('/\sAND\s|\sOR\s/i', $cond, $m, PREG_OFFSET_CAPTURE))
+ if ( ! $this->_has_operator($cond))
{
- $newcond = '';
- $m[0][] = array('', strlen($cond));
-
- for ($i = 0, $c = count($m[0]), $s = 0;
- $i < $c;
- $s = $m[0][$i][1] + strlen($m[0][$i][0]), $i++)
- {
- $temp = substr($cond, $s, ($m[0][$i][1] - $s));
- $newcond .= preg_match("/(\(*)?([\[\]\w\.'-]+)(\s*[^\"\[`'\w]+\s*)(.+)/i", $temp, $match)
- ? $match[1].$this->protect_identifiers($match[2]).$match[3].$this->protect_identifiers($match[4])
- : $temp;
-
- $newcond .= $m[0][$i][0];
- }
-
- $cond = ' ON '.$newcond;
- }
- // Split apart the condition and protect the identifiers
- elseif ($escape === TRUE && preg_match("/(\(*)?([\[\]\w\.'-]+)(\s*[^\"\[`'\w]+\s*)(.+)/i", $cond, $match))
- {
- $cond = ' ON '.$match[1].$this->protect_identifiers($match[2]).$match[3].$this->protect_identifiers($match[4]);
+ $cond = ' USING ('.($escape ? $this->escape_identifiers($cond) : $cond).')';
}
- elseif ( ! $this->_has_operator($cond))
+ elseif ($escape === FALSE)
{
- $cond = ' USING ('.($escape ? $this->escape_identifiers($cond) : $cond).')';
+ $cond = ' ON '.$cond;
}
else
{
- $cond = ' ON '.$cond;
+ // Split multiple conditions
+ if (preg_match_all('/\sAND\s|\sOR\s/i', $cond, $joints, PREG_OFFSET_CAPTURE))
+ {
+ $conditions = array();
+ $joints = $joints[0];
+ array_unshift($joints, array('', 0));
+
+ for ($i = count($joints) - 1, $pos = strlen($cond); $i >= 0; $i--)
+ {
+ $joints[$i][1] += strlen($joints[$i][0]); // offset
+ $conditions[$i] = substr($cond, $joints[$i][1], $pos - $joints[$i][1]);
+ $pos = $joints[$i][1] - strlen($joints[$i][0]);
+ $joints[$i] = $joints[$i][0];
+ }
+ }
+ else
+ {
+ $conditions = array($cond);
+ $joints = array('');
+ }
+
+ $cond = ' ON ';
+ for ($i = 0, $c = count($conditions); $i < $c; $i++)
+ {
+ $operator = $this->_get_operator($conditions[$i]);
+ $cond .= $joints[$i];
+ $cond .= preg_match("/(\(*)?([\[\]\w\.'-]+)".preg_quote($operator)."(.*)/i", $conditions[$i], $match)
+ ? $match[1].$this->protect_identifiers($match[2]).$operator.$this->protect_identifiers($match[3])
+ : $conditions[$i];
+ }
}
// Do we want to escape the table name?