diff options
Diffstat (limited to 'system/database/DB_driver.php')
| -rw-r--r-- | system/database/DB_driver.php | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php index 0b13a2f82..f8956f069 100644 --- a/system/database/DB_driver.php +++ b/system/database/DB_driver.php @@ -6,7 +6,7 @@ * * This content is released under the MIT License (MIT) * - * Copyright (c) 2014 - 2017, British Columbia Institute of Technology + * Copyright (c) 2014 - 2018, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) - * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/) + * @copyright Copyright (c) 2014 - 2018, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 1.0.0 @@ -1528,7 +1528,7 @@ abstract class CI_DB_driver { return 'UPDATE '.$table.' SET '.implode(', ', $valstr) .$this->_compile_wh('qb_where') .$this->_compile_order_by() - .($this->qb_limit ? ' LIMIT '.$this->qb_limit : ''); + .($this->qb_limit !== FALSE ? ' LIMIT '.$this->qb_limit : ''); } // -------------------------------------------------------------------- @@ -1926,15 +1926,19 @@ abstract class CI_DB_driver { $i++; } + // dbprefix may've already been applied, with or without the identifier escaped + $ec = '(?<ec>'.preg_quote(is_array($this->_escape_char) ? $this->_escape_char[0] : $this->_escape_char).')?'; + isset($ec[0]) && $ec .= '?'; // Just in case someone has disabled escaping by forcing an empty escape character + // Verify table prefix and replace if necessary - if ($this->swap_pre !== '' && strpos($parts[$i], $this->swap_pre) === 0) + if ($this->swap_pre !== '' && preg_match('#^'.$ec.preg_quote($this->swap_pre).'#', $parts[$i])) { - $parts[$i] = preg_replace('/^'.$this->swap_pre.'(\S+?)/', $this->dbprefix.'\\1', $parts[$i]); + $parts[$i] = preg_replace('#^'.$ec.preg_quote($this->swap_pre).'(\S+?)#', '\\1'.$this->dbprefix.'\\2', $parts[$i]); } // We only add the table prefix if it does not already exist - elseif (strpos($parts[$i], $this->dbprefix) !== 0) + else { - $parts[$i] = $this->dbprefix.$parts[$i]; + preg_match('#^'.$ec.preg_quote($this->dbprefix).'#', $parts[$i]) OR $parts[$i] = $this->dbprefix.$parts[$i]; } // Put the parts back together |