diff options
-rw-r--r-- | system/database/DB_driver.php | 51 | ||||
-rw-r--r-- | system/database/drivers/sqlsrv/sqlsrv_driver.php | 2 | ||||
-rw-r--r-- | system/database/drivers/sqlsrv/sqlsrv_forge.php | 2 | ||||
-rw-r--r-- | system/database/drivers/sqlsrv/sqlsrv_result.php | 2 | ||||
-rw-r--r-- | system/database/drivers/sqlsrv/sqlsrv_utility.php | 2 | ||||
-rw-r--r-- | user_guide_src/source/changelog.rst | 2 |
6 files changed, 44 insertions, 17 deletions
diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php index f5a7e2ac0..e34021e50 100644 --- a/system/database/DB_driver.php +++ b/system/database/DB_driver.php @@ -1300,38 +1300,63 @@ abstract class CI_DB_driver { $escaped_array = array(); foreach ($item as $k => $v) { - $escaped_array[$this->protect_identifiers($k)] = $this->protect_identifiers($v); + $escaped_array[$this->protect_identifiers($k)] = $this->protect_identifiers($v, $prefix_single, $protect_identifiers, $field_exists); } return $escaped_array; } + // This is basically a bug fix for queries that use MAX, MIN, etc. + // If a parenthesis is found we know that we do not need to + // escape the data or add a prefix. There's probably a more graceful + // way to deal with this, but I'm not thinking of it -- Rick + if (strpos($item, '(') !== FALSE) + { + return $item.$alias; + } + // Convert tabs or multiple spaces into single spaces $item = preg_replace('/\s+/', ' ', $item); + static $preg_ec = array(); + + if (empty($preg_ec)) + { + if (is_array($this->_escape_char)) + { + $preg_ec = array(preg_quote($this->_escape_char[0]), preg_quote($this->_escape_char[1])); + } + else + { + $preg_ec[0] = $preg_ec[1] = preg_quote($this->_escape_char); + } + } + // If the item has an alias declaration we remove it and set it aside. // Basically we remove everything to the right of the first space - if (preg_match('/^([^\s]+) (AS )*(.+)$/i', $item, $matches)) + preg_match('/^(('.$preg_ec[0].'[^'.$preg_ec[1].']+'.$preg_ec[1].')|([^'.$preg_ec[0].'][^\s]+))( AS)*(.+)*$/i', 'Test table]', $matches); + + if (isset($matches[4])) { $item = $matches[1]; - // Escape the alias - $alias = ' '.$matches[2].$this->escape_identifiers($matches[3]); + // Escape the alias, if needed + if ($protect_identifiers === TRUE) + { + $alias = empty($matches[5]) + ? ' '.$this->escape_identifiers(ltrim($matches[4])) + : $matches[4].' '.$this->escape_identifiers(ltrim($matches[5])); + } + else + { + $alias = $matches[4].$matches[5]; + } } else { $alias = ''; } - // This is basically a bug fix for queries that use MAX, MIN, etc. - // If a parenthesis is found we know that we do not need to - // escape the data or add a prefix. There's probably a more graceful - // way to deal with this, but I'm not thinking of it -- Rick - if (strpos($item, '(') !== FALSE) - { - return $item.$alias; - } - // Break the string apart if it contains periods, then insert the table prefix // in the correct location, assuming the period doesn't indicate that we're dealing // with an alias. While we're at it, we will escape the components diff --git a/system/database/drivers/sqlsrv/sqlsrv_driver.php b/system/database/drivers/sqlsrv/sqlsrv_driver.php index 655a9e90b..eebd6bff8 100644 --- a/system/database/drivers/sqlsrv/sqlsrv_driver.php +++ b/system/database/drivers/sqlsrv/sqlsrv_driver.php @@ -21,7 +21,7 @@ * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com - * @since Version 1.0 + * @since Version 2.0.3 * @filesource */ diff --git a/system/database/drivers/sqlsrv/sqlsrv_forge.php b/system/database/drivers/sqlsrv/sqlsrv_forge.php index e6f7e1ac1..ccdb36929 100644 --- a/system/database/drivers/sqlsrv/sqlsrv_forge.php +++ b/system/database/drivers/sqlsrv/sqlsrv_forge.php @@ -21,7 +21,7 @@ * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com - * @since Version 1.0 + * @since Version 2.0.3 * @filesource */ diff --git a/system/database/drivers/sqlsrv/sqlsrv_result.php b/system/database/drivers/sqlsrv/sqlsrv_result.php index f802383d2..f9d5a0d29 100644 --- a/system/database/drivers/sqlsrv/sqlsrv_result.php +++ b/system/database/drivers/sqlsrv/sqlsrv_result.php @@ -21,7 +21,7 @@ * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com - * @since Version 1.0 + * @since Version 2.0.3 * @filesource */ diff --git a/system/database/drivers/sqlsrv/sqlsrv_utility.php b/system/database/drivers/sqlsrv/sqlsrv_utility.php index 5a71b1628..d518cc15a 100644 --- a/system/database/drivers/sqlsrv/sqlsrv_utility.php +++ b/system/database/drivers/sqlsrv/sqlsrv_utility.php @@ -21,7 +21,7 @@ * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com - * @since Version 1.0 + * @since Version 2.0.3 * @filesource */ diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 70d622b4b..5b2f59e7e 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -244,6 +244,8 @@ Bug fixes for 3.0 - Fixed a bug (#666) - :doc:`Output library <libraries/output>`'s set_content_type() method didn't set the document charset. - Fixed a bug (#784, #861) - :doc:`Database Forge <database/forge>` method ``create_table()`` used to accept constraints for MSSQL/SQLSRV integer-type columns. - Fixed a bug (#706) - SQLSRV/MSSSQL didn't escape field names. +- Fixed a bug (#1452) - protect_identifiers() didn't properly detect identifiers with spaces in their names. +- Fixed a bug where protect_identifiers() ignored it's extra arguments when the value passed to it is an array. Version 2.1.1 ============= |