diff options
| -rw-r--r-- | system/database/DB_query_builder.php | 6 | ||||
| -rw-r--r-- | tests/codeigniter/database/query_builder/join_test.php | 20 |
2 files changed, 23 insertions, 3 deletions
diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php index b46730e22..66ef913c9 100644 --- a/system/database/DB_query_builder.php +++ b/system/database/DB_query_builder.php @@ -542,7 +542,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { $s = $m[0][$i][1] + strlen($m[0][$i][0]), $i++) { $temp = substr($cond, $s, ($m[0][$i][1] - $s)); - $newcond .= preg_match("/(.*)([\[\]\w\.'-]+)(\s*[^\"\[`'\w]+\s*)(.+)/i", $temp, $match) + $newcond .= preg_match("/(\(*)?([\[\]\w\.'-]+)(\s*[^\"\[`'\w]+\s*)(.+)/i", $temp, $match) ? $match[1].$this->protect_identifiers($match[2]).$match[3].$this->protect_identifiers($match[4]) : $temp; @@ -552,9 +552,9 @@ abstract class CI_DB_query_builder extends CI_DB_driver { $cond = ' ON '.$newcond; } // Split apart the condition and protect the identifiers - elseif ($escape === TRUE && preg_match("/([\[\]\w\.'-]+)(\s*[^\"\[`'\w]+\s*)(.+)/i", $cond, $match)) + elseif ($escape === TRUE && preg_match("/(\(*)?([\[\]\w\.'-]+)(\s*[^\"\[`'\w]+\s*)(.+)/i", $cond, $match)) { - $cond = ' ON '.$this->protect_identifiers($match[1]).$match[2].$this->protect_identifiers($match[3]); + $cond = ' ON '.$match[1].$this->protect_identifiers($match[2]).$match[3].$this->protect_identifiers($match[4]); } elseif ( ! $this->_has_operator($cond)) { diff --git a/tests/codeigniter/database/query_builder/join_test.php b/tests/codeigniter/database/query_builder/join_test.php index 25bd4accb..58cb21492 100644 --- a/tests/codeigniter/database/query_builder/join_test.php +++ b/tests/codeigniter/database/query_builder/join_test.php @@ -55,4 +55,24 @@ class Join_test extends CI_TestCase { $this->assertEquals($expected, $result); } + // ------------------------------------------------------------------------ + + public function test_join_escape_multiple_conditions_with_parentheses() + { + // We just need a valid query produced, not one that makes sense + $fields = array($this->db->protect_identifiers('table1.field1'), $this->db->protect_identifiers('table2.field2')); + + $expected = 'SELECT '.implode(', ', $fields) + ."\nFROM ".$this->db->escape_identifiers('table1') + ."\nRIGHT JOIN ".$this->db->escape_identifiers('table2').' ON '.implode(' = ', $fields) + .' AND ('.$fields[0]." = 'foo' OR ".$fields[1].' = 0)'; + + $result = $this->db->select('table1.field1, table2.field2') + ->from('table1') + ->join('table2', "table1.field1 = table2.field2 AND (table1.field1 = 'foo' OR table2.field2 = 0)", 'RIGHT') + ->get_compiled_select(); + + $this->assertEquals($expected, $result); + } + }
\ No newline at end of file |