diff options
Diffstat (limited to 'system')
| -rw-r--r-- | system/database/DB_driver.php | 12 | ||||
| -rw-r--r-- | system/database/DB_query_builder.php | 2 | ||||
| -rw-r--r-- | system/database/drivers/mysqli/mysqli_result.php | 14 | ||||
| -rw-r--r-- | system/database/drivers/mysqli/mysqli_utility.php | 6 | ||||
| -rw-r--r-- | system/libraries/Email.php | 4 | ||||
| -rw-r--r-- | system/libraries/Form_validation.php | 2 |
6 files changed, 16 insertions, 24 deletions
diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php index 54740c309..8ab5d762e 100644 --- a/system/database/DB_driver.php +++ b/system/database/DB_driver.php @@ -1867,15 +1867,19 @@ abstract class CI_DB_driver { $i++; } + // dbprefix may've already been applied, with or without the identifier escaped + $ec = '(?<ec>'.preg_quote(is_array($this->_escape_char) ? $this->_escape_char[0] : $this->_escape_char).')?'; + isset($ec[0]) && $ec .= '?'; // Just in case someone has disabled escaping by forcing an empty escape character + // Verify table prefix and replace if necessary - if ($this->swap_pre !== '' && strpos($parts[$i], $this->swap_pre) === 0) + if ($this->swap_pre !== '' && preg_match('#^'.$ec.preg_quote($this->swap_pre).'#', $parts[$i])) { - $parts[$i] = preg_replace('/^'.$this->swap_pre.'(\S+?)/', $this->dbprefix.'\\1', $parts[$i]); + $parts[$i] = preg_replace('#^'.$ec.preg_quote($this->swap_pre).'(\S+?)#', '\\1'.$this->dbprefix.'\\2', $parts[$i]); } // We only add the table prefix if it does not already exist - elseif (strpos($parts[$i], $this->dbprefix) !== 0) + else { - $parts[$i] = $this->dbprefix.$parts[$i]; + preg_match('#^'.$ec.preg_quote($this->dbprefix).'#', $parts[$i]) OR $parts[$i] = $this->dbprefix.$parts[$i]; } // Put the parts back together diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php index e7b66ac80..baa5ba814 100644 --- a/system/database/DB_query_builder.php +++ b/system/database/DB_query_builder.php @@ -1477,7 +1477,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { // for selecting COUNT(*) ... $qb_orderby = $this->qb_orderby; $qb_cache_orderby = $this->qb_cache_orderby; - $this->qb_orderby = $this->qb_cache_orderby = NULL; + $this->qb_orderby = $this->qb_cache_orderby = array(); $result = ($this->qb_distinct === TRUE OR ! empty($this->qb_groupby) OR ! empty($this->qb_cache_groupby) OR $this->qb_limit OR $this->qb_offset) ? $this->query($this->_count_string.$this->protect_identifiers('numrows')."\nFROM (\n".$this->_compile_select()."\n) CI_count_all_results") diff --git a/system/database/drivers/mysqli/mysqli_result.php b/system/database/drivers/mysqli/mysqli_result.php index 0b3d9c2b4..bd465c405 100644 --- a/system/database/drivers/mysqli/mysqli_result.php +++ b/system/database/drivers/mysqli/mysqli_result.php @@ -130,10 +130,10 @@ class CI_DB_mysqli_result extends CI_DB_result { * mysqli_result::fetch_fields() * * @used-by CI_DB_mysqli_result::field_data() - * @param int $flags + * @param int $type * @return string */ - private static function _get_field_type($flags) + private static function _get_field_type($type) { static $map; isset($map) OR $map = array( @@ -164,15 +164,7 @@ class CI_DB_mysqli_result extends CI_DB_result { MYSQLI_TYPE_GEOMETRY => 'geometry' ); - foreach ($map as $flag => $name) - { - if ($flags & $flag) - { - return $name; - } - } - - return $flags; + return isset($map[$type]) ? $map[$type] : $type; } // -------------------------------------------------------------------- diff --git a/system/database/drivers/mysqli/mysqli_utility.php b/system/database/drivers/mysqli/mysqli_utility.php index 1699b611f..82cf5cebf 100644 --- a/system/database/drivers/mysqli/mysqli_utility.php +++ b/system/database/drivers/mysqli/mysqli_utility.php @@ -155,11 +155,7 @@ class CI_DB_mysqli_utility extends CI_DB_utility { while ($field = $query->result_id->fetch_field()) { // Most versions of MySQL store timestamp as a string - $is_int[$i] = ($field->type & MYSQLI_TYPE_TINY) - OR ($field->type & MYSQLI_TYPE_SHORT) - OR ($field->type & MYSQLI_TYPE_INT24) - OR ($field->type & MYSQLI_TYPE_LONG) - OR ($field->type & MYSQLI_TYPE_LONGLONG); + $is_int[$i] = in_array($field->type, array(MYSQLI_TYPE_TINY, MYSQLI_TYPE_SHORT, MYSQLI_TYPE_INT24, MYSQLI_TYPE_LONG), TRUE); // Create a string of field names $field_str .= $this->db->escape_identifiers($field->name).', '; diff --git a/system/libraries/Email.php b/system/libraries/Email.php index 1dcafeddd..5943127bc 100644 --- a/system/libraries/Email.php +++ b/system/libraries/Email.php @@ -1016,7 +1016,7 @@ class CI_Email { { if (function_exists('idn_to_ascii') && $atpos = strpos($email, '@')) { - $email = self::substr($email, 0, ++$atpos).idn_to_ascii(self::substr($email, $atpos)); + $email = self::substr($email, 0, ++$atpos).idn_to_ascii(self::substr($email, $atpos), INTL_IDNA_VARIANT_UTS46); } return (bool) filter_var($email, FILTER_VALIDATE_EMAIL); @@ -1823,7 +1823,7 @@ class CI_Email { { if (function_exists('idn_to_ascii') && $atpos = strpos($email, '@')) { - $email = self::substr($email, 0, ++$atpos).idn_to_ascii(self::substr($email, $atpos)); + $email = self::substr($email, 0, ++$atpos).idn_to_ascii(self::substr($email, $atpos), INTL_IDNA_VARIANT_UTS46); } return (filter_var($email, FILTER_VALIDATE_EMAIL) === $email && preg_match('#\A[a-z0-9._+-]+@[a-z0-9.-]{1,253}\z#i', $email)); diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php index 0dfb274b2..ee9ea6850 100644 --- a/system/libraries/Form_validation.php +++ b/system/libraries/Form_validation.php @@ -1237,7 +1237,7 @@ class CI_Form_validation { { if (function_exists('idn_to_ascii') && preg_match('#\A([^@]+)@(.+)\z#', $str, $matches)) { - $str = $matches[1].'@'.idn_to_ascii($matches[2]); + $str = $matches[1].'@'.idn_to_ascii($matches[2], INTL_IDNA_VARIANT_UTS46); } return (bool) filter_var($str, FILTER_VALIDATE_EMAIL); |