diff options
| -rw-r--r-- | system/database/DB_active_rec.php | 4 | ||||
| -rw-r--r-- | system/database/DB_driver.php | 22 | ||||
| -rw-r--r-- | user_guide/changelog.html | 4 |
3 files changed, 16 insertions, 14 deletions
diff --git a/system/database/DB_active_rec.php b/system/database/DB_active_rec.php index 841ede28e..10febb1fc 100644 --- a/system/database/DB_active_rec.php +++ b/system/database/DB_active_rec.php @@ -255,7 +255,7 @@ class CI_DB_active_record extends CI_DB_driver { */ public function from($from) { - foreach ((array)$from as $val) + foreach ((array) $from as $val) { if (strpos($val, ',') !== FALSE) { @@ -1647,7 +1647,7 @@ class CI_DB_active_record extends CI_DB_driver { if (strpos($table, " ") !== FALSE) { // if the alias is written with the AS keyword, remove it - $table = preg_replace('/ AS /i', ' ', $table); + $table = preg_replace('/\s+AS\s+/i', ' ', $table); // Grab the alias $table = trim(strrchr($table, " ")); diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php index 6161f149b..c25752824 100644 --- a/system/database/DB_driver.php +++ b/system/database/DB_driver.php @@ -1263,15 +1263,20 @@ class CI_DB_driver { } // Convert tabs or multiple spaces into single spaces - $item = preg_replace('/[\t ]+/', ' ', $item); + $item = preg_replace('/\s+/', ' ', $item); // If the item has an alias declaration we remove it and set it aside. // Basically we remove everything to the right of the first space - $alias = ''; - if (strpos($item, ' ') !== FALSE) + if (preg_match('/^([^\s]+) (AS )*(.+)$/i', $item, $matches)) { - $alias = strstr($item, " "); - $item = substr($item, 0, - strlen($alias)); + $item = $matches[1]; + + // Escape the alias + $alias = ' '.$matches[2].$this->escape_identifiers($matches[3]); + } + else + { + $alias = ''; } // This is basically a bug fix for queries that use MAX, MIN, etc. @@ -1387,7 +1392,7 @@ class CI_DB_driver { return $item.$alias; } - + // -------------------------------------------------------------------- /** @@ -1395,16 +1400,13 @@ class CI_DB_driver { * * This function is used extensively by every db driver. * - * @access private * @return void */ protected function _reset_select() { - } } - /* End of file DB_driver.php */ -/* Location: ./system/database/DB_driver.php */ +/* Location: ./system/database/DB_driver.php */
\ No newline at end of file diff --git a/user_guide/changelog.html b/user_guide/changelog.html index e0139775a..266ae8652 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -80,7 +80,6 @@ Change Log <h3>Bug fixes for 2.1.1</h3> <ul> - <li>Fixed a bug (#1059) - CI_Image_lib::clear() was not correctly clearing all necessary object properties, namely width and height.</li> <li>Fixed a bug (#697) - A wrong array key was used in the Upload library to check for mime-types.</li> <li>Fixed a bug - form_open() compared $action against site_url() instead of base_url()</li> <li>Fixed a bug - CI_Upload::_file_mime_type() could've failed if mime_content_type() is used for the detection and returns FALSE.</li> @@ -88,8 +87,9 @@ Change Log <li>Fixed a bug - When database caching was enabled, $this->db->query() checked the cache before binding variables which resulted in cached queries never being found.</li> <li>Fixed a bug - CSRF cookie value was allowed to be any (non-empty) string before being written to the output, making code injection a risk.</li> <li>Fixed a bug (#726) - PDO put a 'dbname' argument in it's connection string regardless of the database platform in use, which made it impossible to use SQLite.</li> - <li>Fixed a bug - CI_DB_pdo_driver::affect_row was not being initialized properly with SELECT queries, cause it was relying on PDOStatement::rowCount().</li> <li>Fixed a bug - CI_DB_pdo_result::num_rows() was not returning properly value with SELECT queries, cause it was relying on PDOStatement::rowCount().</li> + <li>Fixed a bug (#1059) - CI_Image_lib::clear() was not correctly clearing all necessary object properties, namely width and height.</li> + <li>Fixed a bug (#1387) - Active Record's <samp>from()</samp> method didn't escape table aliases.</li> </ul> |