diff options
-rw-r--r-- | system/database/DB_driver.php | 49 | ||||
-rw-r--r-- | system/database/drivers/cubrid/cubrid_driver.php | 31 | ||||
-rw-r--r-- | system/database/drivers/ibase/ibase_driver.php | 32 | ||||
-rw-r--r-- | system/database/drivers/mssql/mssql_driver.php | 37 | ||||
-rw-r--r-- | system/database/drivers/mysql/mysql_driver.php | 31 | ||||
-rw-r--r-- | system/database/drivers/mysqli/mysqli_driver.php | 31 | ||||
-rw-r--r-- | system/database/drivers/oci8/oci8_driver.php | 34 | ||||
-rw-r--r-- | system/database/drivers/odbc/odbc_driver.php | 29 | ||||
-rw-r--r-- | system/database/drivers/pdo/pdo_driver.php | 34 | ||||
-rw-r--r-- | system/database/drivers/postgre/postgre_driver.php | 29 | ||||
-rw-r--r-- | system/database/drivers/sqlite/sqlite_driver.php | 29 | ||||
-rw-r--r-- | system/database/drivers/sqlite3/sqlite3_driver.php | 29 | ||||
-rw-r--r-- | system/database/drivers/sqlsrv/sqlsrv_driver.php | 15 | ||||
-rw-r--r-- | system/libraries/Trackback.php | 5 | ||||
-rw-r--r-- | user_guide_src/source/changelog.rst | 1 |
15 files changed, 90 insertions, 326 deletions
diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php index 8c98a876e..1e5e8c6f7 100644 --- a/system/database/DB_driver.php +++ b/system/database/DB_driver.php @@ -1004,12 +1004,46 @@ abstract class CI_DB_driver { // -------------------------------------------------------------------- /** + * Escape String + * + * @param string $str + * @param bool $like Whether or not the string will be used in a LIKE condition + * @return string + */ + public function escape_str($str, $like = FALSE) + { + if (is_array($str)) + { + foreach ($str as $key => $val) + { + $str[$key] = $this->escape_str($val, $like); + } + + return $str; + } + + $str = $this->_escape_str($str); + + // escape LIKE condition wildcards + if ($like === TRUE) + { + return str_replace(array($this->_like_escape_chr, '%', '_'), + array($this->_like_escape_chr.$this->_like_escape_chr, $this->_like_escape_chr.'%', $this->_like_escape_chr.'_'), + $str); + } + + return $str; + } + + // -------------------------------------------------------------------- + + /** * Escape LIKE String * * Calls the individual driver for platform * specific escaping for LIKE conditions * - * @param string + * @param string|string[] * @return mixed */ public function escape_like_str($str) @@ -1020,6 +1054,19 @@ abstract class CI_DB_driver { // -------------------------------------------------------------------- /** + * Platform-dependant string escape + * + * @param string + * @return string + */ + protected function _escape_str($str) + { + return str_replace("'", "''", remove_invisible_characters($str)); + } + + // -------------------------------------------------------------------- + + /** * Primary * * Retrieves the primary key. It assumes that the row in the first diff --git a/system/database/drivers/cubrid/cubrid_driver.php b/system/database/drivers/cubrid/cubrid_driver.php index 06ece4bd9..6663868bd 100644 --- a/system/database/drivers/cubrid/cubrid_driver.php +++ b/system/database/drivers/cubrid/cubrid_driver.php @@ -295,42 +295,21 @@ class CI_DB_cubrid_driver extends CI_DB { // -------------------------------------------------------------------- /** - * Escape String + * Platform-dependant string escape * - * @param string $str - * @param bool $like Whether or not the string will be used in a LIKE condition + * @param string * @return string */ - public function escape_str($str, $like = FALSE) + protected function _escape_str($str) { - if (is_array($str)) - { - foreach ($str as $key => $val) - { - $str[$key] = $this->escape_str($val, $like); - } - - return $str; - } - if (function_exists('cubrid_real_escape_string') && (is_resource($this->conn_id) OR (get_resource_type($this->conn_id) === 'Unknown' && preg_match('/Resource id #/', strval($this->conn_id))))) { - $str = cubrid_real_escape_string($str, $this->conn_id); - } - else - { - $str = addslashes($str); - } - - // escape LIKE condition wildcards - if ($like === TRUE) - { - return str_replace(array('%', '_'), array('\\%', '\\_'), $str); + return cubrid_real_escape_string($str, $this->conn_id); } - return $str; + return addslashes($str); } // -------------------------------------------------------------------- diff --git a/system/database/drivers/ibase/ibase_driver.php b/system/database/drivers/ibase/ibase_driver.php index 875f148a1..745011056 100644 --- a/system/database/drivers/ibase/ibase_driver.php +++ b/system/database/drivers/ibase/ibase_driver.php @@ -192,38 +192,6 @@ class CI_DB_ibase_driver extends CI_DB { // -------------------------------------------------------------------- /** - * Escape String - * - * @param string $str - * @param bool $like Whether or not the string will be used in a LIKE condition - * @return string - */ - public function escape_str($str, $like = FALSE) - { - if (is_array($str)) - { - foreach ($str as $key => $val) - { - $str[$key] = $this->escape_str($val, $like); - } - - return $str; - } - - // escape LIKE condition wildcards - if ($like === TRUE) - { - return str_replace(array($this->_like_escape_chr, '%', '_'), - array($this->_like_escape_chr.$this->_like_escape_chr, $this->_like_escape_chr.'%', $this->_like_escape_chr.'_'), - $str); - } - - return $str; - } - - // -------------------------------------------------------------------- - - /** * Affected Rows * * @return int diff --git a/system/database/drivers/mssql/mssql_driver.php b/system/database/drivers/mssql/mssql_driver.php index 286135f19..f60071ed9 100644 --- a/system/database/drivers/mssql/mssql_driver.php +++ b/system/database/drivers/mssql/mssql_driver.php @@ -229,43 +229,6 @@ class CI_DB_mssql_driver extends CI_DB { // -------------------------------------------------------------------- /** - * Escape String - * - * @param string $str - * @param bool $like Whether or not the string will be used in a LIKE condition - * @return string - */ - public function escape_str($str, $like = FALSE) - { - if (is_array($str)) - { - foreach ($str as $key => $val) - { - $str[$key] = $this->escape_str($val, $like); - } - - return $str; - } - - // Escape single quotes - $str = str_replace("'", "''", remove_invisible_characters($str)); - - // escape LIKE condition wildcards - if ($like === TRUE) - { - return str_replace( - array($this->_like_escape_chr, '%', '_'), - array($this->_like_escape_chr.$this->_like_escape_chr, $this->_like_escape_chr.'%', $this->_like_escape_chr.'_'), - $str - ); - } - - return $str; - } - - // -------------------------------------------------------------------- - - /** * Affected Rows * * @return int diff --git a/system/database/drivers/mysql/mysql_driver.php b/system/database/drivers/mysql/mysql_driver.php index c6b46f070..492b07861 100644 --- a/system/database/drivers/mysql/mysql_driver.php +++ b/system/database/drivers/mysql/mysql_driver.php @@ -312,35 +312,16 @@ class CI_DB_mysql_driver extends CI_DB { // -------------------------------------------------------------------- /** - * Escape String + * Platform-dependant string escape * - * @param string $str - * @param bool $like Whether or not the string will be used in a LIKE condition + * @param string * @return string */ - public function escape_str($str, $like = FALSE) + protected function _escape_str($str) { - if (is_array($str)) - { - foreach ($str as $key => $val) - { - $str[$key] = $this->escape_str($val, $like); - } - - return $str; - } - - $str = is_resource($this->conn_id) ? mysql_real_escape_string($str, $this->conn_id) : addslashes($str); - - // escape LIKE condition wildcards - if ($like === TRUE) - { - return str_replace(array($this->_like_escape_chr, '%', '_'), - array($this->_like_escape_chr.$this->_like_escape_chr, $this->_like_escape_chr.'%', $this->_like_escape_chr.'_'), - $str); - } - - return $str; + return is_resource($this->conn_id) + ? mysql_real_escape_string($str, $this->conn_id) + : addslashes($str); } // -------------------------------------------------------------------- diff --git a/system/database/drivers/mysqli/mysqli_driver.php b/system/database/drivers/mysqli/mysqli_driver.php index be9176e16..b64a7a2e8 100644 --- a/system/database/drivers/mysqli/mysqli_driver.php +++ b/system/database/drivers/mysqli/mysqli_driver.php @@ -289,35 +289,16 @@ class CI_DB_mysqli_driver extends CI_DB { // -------------------------------------------------------------------- /** - * Escape String + * Platform-dependant string escape * - * @param string $str - * @param bool $like Whether or not the string will be used in a LIKE condition + * @param string * @return string */ - public function escape_str($str, $like = FALSE) + protected function _escape_str($str) { - if (is_array($str)) - { - foreach ($str as $key => $val) - { - $str[$key] = $this->escape_str($val, $like); - } - - return $str; - } - - $str = is_object($this->conn_id) ? $this->conn_id->real_escape_string($str) : addslashes($str); - - // escape LIKE condition wildcards - if ($like === TRUE) - { - return str_replace(array($this->_like_escape_chr, '%', '_'), - array($this->_like_escape_chr.$this->_like_escape_chr, $this->_like_escape_chr.'%', $this->_like_escape_chr.'_'), - $str); - } - - return $str; + return is_object($this->conn_id) + ? $this->conn_id->real_escape_string($str) + : addslashes($str); } // -------------------------------------------------------------------- diff --git a/system/database/drivers/oci8/oci8_driver.php b/system/database/drivers/oci8/oci8_driver.php index 6a850b43e..0ec8b53b8 100644 --- a/system/database/drivers/oci8/oci8_driver.php +++ b/system/database/drivers/oci8/oci8_driver.php @@ -461,40 +461,6 @@ class CI_DB_oci8_driver extends CI_DB { // -------------------------------------------------------------------- /** - * Escape String - * - * @param string $str - * @param bool $like Whether or not the string will be used in a LIKE condition - * @return string - */ - public function escape_str($str, $like = FALSE) - { - if (is_array($str)) - { - foreach ($str as $key => $val) - { - $str[$key] = $this->escape_str($val, $like); - } - - return $str; - } - - $str = str_replace("'", "''", remove_invisible_characters($str)); - - // escape LIKE condition wildcards - if ($like === TRUE) - { - return str_replace(array($this->_like_escape_chr, '%', '_'), - array($this->_like_escape_chr.$this->_like_escape_chr, $this->_like_escape_chr.'%', $this->_like_escape_chr.'_'), - $str); - } - - return $str; - } - - // -------------------------------------------------------------------- - - /** * Affected Rows * * @return int diff --git a/system/database/drivers/odbc/odbc_driver.php b/system/database/drivers/odbc/odbc_driver.php index 8f247edd5..45e91cbc5 100644 --- a/system/database/drivers/odbc/odbc_driver.php +++ b/system/database/drivers/odbc/odbc_driver.php @@ -203,35 +203,14 @@ class CI_DB_odbc_driver extends CI_DB { // -------------------------------------------------------------------- /** - * Escape String + * Platform-dependant string escape * - * @param string $str - * @param bool $like Whether or not the string will be used in a LIKE condition + * @param string * @return string */ - public function escape_str($str, $like = FALSE) + protected function _escape_str($str) { - if (is_array($str)) - { - foreach ($str as $key => $val) - { - $str[$key] = $this->escape_str($val, $like); - } - - return $str; - } - - $str = remove_invisible_characters($str); - - // escape LIKE condition wildcards - if ($like === TRUE) - { - return str_replace(array($this->_like_escape_chr, '%', '_'), - array($this->_like_escape_chr.$this->_like_escape_chr, $this->_like_escape_chr.'%', $this->_like_escape_chr.'_'), - $str); - } - - return $str; + return remove_invisible_characters($str); } // -------------------------------------------------------------------- diff --git a/system/database/drivers/pdo/pdo_driver.php b/system/database/drivers/pdo/pdo_driver.php index 37090cb5d..34adf0f86 100644 --- a/system/database/drivers/pdo/pdo_driver.php +++ b/system/database/drivers/pdo/pdo_driver.php @@ -257,42 +257,20 @@ class CI_DB_pdo_driver extends CI_DB { // -------------------------------------------------------------------- /** - * Escape String + * Platform-dependant string escape * - * @param string $str - * @param bool $like Whether or not the string will be used in a LIKE condition + * @param string * @return string */ - public function escape_str($str, $like = FALSE) + protected function _escape_str($str) { - if (is_array($str)) - { - foreach ($str as $key => $val) - { - $str[$key] = $this->escape_str($val, $like); - } - - return $str; - } - // Escape the string $str = $this->conn_id->quote($str); // If there are duplicated quotes, trim them away - if ($str[0] === "'") - { - $str = substr($str, 1, -1); - } - - // escape LIKE condition wildcards - if ($like === TRUE) - { - return str_replace(array($this->_like_escape_chr, '%', '_'), - array($this->_like_escape_chr.$this->_like_escape_chr, $this->_like_escape_chr.'%', $this->_like_escape_chr.'_'), - $str); - } - - return $str; + return ($str[0] === "'") + ? substr($str, 1, -1) + : $str; } // -------------------------------------------------------------------- diff --git a/system/database/drivers/postgre/postgre_driver.php b/system/database/drivers/postgre/postgre_driver.php index 643d6c8ef..d35e351fc 100644 --- a/system/database/drivers/postgre/postgre_driver.php +++ b/system/database/drivers/postgre/postgre_driver.php @@ -311,35 +311,14 @@ class CI_DB_postgre_driver extends CI_DB { // -------------------------------------------------------------------- /** - * Escape String + * Platform-dependant string escape * - * @param string $str - * @param bool $like Whether or not the string will be used in a LIKE condition + * @param string * @return string */ - public function escape_str($str, $like = FALSE) + protected function _escape_str($str) { - if (is_array($str)) - { - foreach ($str as $key => $val) - { - $str[$key] = $this->escape_str($val, $like); - } - - return $str; - } - - $str = pg_escape_string($str); - - // escape LIKE condition wildcards - if ($like === TRUE) - { - return str_replace(array($this->_like_escape_chr, '%', '_'), - array($this->_like_escape_chr.$this->_like_escape_chr, $this->_like_escape_chr.'%', $this->_like_escape_chr.'_'), - $str); - } - - return $str; + return pg_escape_string($str); } // -------------------------------------------------------------------- diff --git a/system/database/drivers/sqlite/sqlite_driver.php b/system/database/drivers/sqlite/sqlite_driver.php index da7d90bb2..6a3397f6f 100644 --- a/system/database/drivers/sqlite/sqlite_driver.php +++ b/system/database/drivers/sqlite/sqlite_driver.php @@ -200,35 +200,14 @@ class CI_DB_sqlite_driver extends CI_DB { // -------------------------------------------------------------------- /** - * Escape String + * Platform-dependant string escape * - * @param string $str - * @param bool $like Whether or not the string will be used in a LIKE condition + * @param string * @return string */ - public function escape_str($str, $like = FALSE) + protected function _escape_str($str) { - if (is_array($str)) - { - foreach ($str as $key => $val) - { - $str[$key] = $this->escape_str($val, $like); - } - - return $str; - } - - $str = sqlite_escape_string($str); - - // escape LIKE condition wildcards - if ($like === TRUE) - { - return str_replace(array($this->_like_escape_chr, '%', '_'), - array($this->_like_escape_chr.$this->_like_escape_chr, $this->_like_escape_chr.'%', $this->_like_escape_chr.'_'), - $str); - } - - return $str; + return sqlite_escape_string($str); } // -------------------------------------------------------------------- diff --git a/system/database/drivers/sqlite3/sqlite3_driver.php b/system/database/drivers/sqlite3/sqlite3_driver.php index 529191114..4d131c31a 100644 --- a/system/database/drivers/sqlite3/sqlite3_driver.php +++ b/system/database/drivers/sqlite3/sqlite3_driver.php @@ -189,35 +189,14 @@ class CI_DB_sqlite3_driver extends CI_DB { // -------------------------------------------------------------------- /** - * Escape String + * Platform-dependant string escape * - * @param string $str - * @param bool $like Whether or not the string will be used in a LIKE condition + * @param string * @return string */ - public function escape_str($str, $like = FALSE) + protected function _escape_str($str) { - if (is_array($str)) - { - foreach ($str as $key => $val) - { - $str[$key] = $this->escape_str($val, $like); - } - - return $str; - } - - $str = $this->conn_id->escapeString(remove_invisible_characters($str)); - - // escape LIKE condition wildcards - if ($like === TRUE) - { - return str_replace(array($this->_like_escape_chr, '%', '_'), - array($this->_like_escape_chr.$this->_like_escape_chr, $this->_like_escape_chr.'%', $this->_like_escape_chr.'_'), - $str); - } - - return $str; + return $this->conn_id->escapeString(remove_invisible_characters($str)); } // -------------------------------------------------------------------- diff --git a/system/database/drivers/sqlsrv/sqlsrv_driver.php b/system/database/drivers/sqlsrv/sqlsrv_driver.php index 0e04c5c67..09e6b8c9a 100644 --- a/system/database/drivers/sqlsrv/sqlsrv_driver.php +++ b/system/database/drivers/sqlsrv/sqlsrv_driver.php @@ -222,21 +222,6 @@ class CI_DB_sqlsrv_driver extends CI_DB { // -------------------------------------------------------------------- /** - * Escape String - * - * @param string $str - * @param bool $like Whether or not the string will be used in a LIKE condition - * @return string - */ - public function escape_str($str, $like = FALSE) - { - // Escape single quotes - return str_replace("'", "''", $str); - } - - // -------------------------------------------------------------------- - - /** * Affected Rows * * @return int diff --git a/system/libraries/Trackback.php b/system/libraries/Trackback.php index 2fb737d6b..ecc7129e3 100644 --- a/system/libraries/Trackback.php +++ b/system/libraries/Trackback.php @@ -268,9 +268,8 @@ class CI_Trackback { } // Build the path - $ppath = isset($target['path']) ? $target['path'] : $url; - - $path = empty($target['query']) ? $ppath : $ppath.'?'.$target['query']; + $path = isset($target['path']) ? $target['path'] : $url; + empty($target['query']) OR $path .= '?'.$target['query']; // Add the Trackback ID to the data string if ($id = $this->get_id($url)) diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 744150bb4..2966f659f 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -468,6 +468,7 @@ Bug fixes for 3.0 - Fixed a bug (#188) - :doc:`Unit Testing Library <libraries/unit_testing>` filled up logs with error messages for non-existing language keys. - Fixed a bug (#113) - :doc:`Form Validation Library <libraries/form_validation>` didn't properly handle empty fields that were specified as an array. - Fixed a bug (#2061) - :doc:`Routing Class <general/routing>` didn't properly sanitize directory, controller and function triggers with **enable_query_strings** set to TRUE. +- Fixed a bug - SQLSRV didn't support ``escape_like_str()`` or escaping an array of values. Version 2.1.3 ============= |