summaryrefslogtreecommitdiffstats
path: root/system
diff options
context:
space:
mode:
Diffstat (limited to 'system')
-rw-r--r--system/database/DB_driver.php12
-rw-r--r--system/database/DB_query_builder.php2
-rw-r--r--system/database/drivers/mysqli/mysqli_result.php14
-rw-r--r--system/database/drivers/mysqli/mysqli_utility.php6
-rw-r--r--system/libraries/Email.php4
-rw-r--r--system/libraries/Form_validation.php2
6 files changed, 16 insertions, 24 deletions
diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php
index 54740c309..8ab5d762e 100644
--- a/system/database/DB_driver.php
+++ b/system/database/DB_driver.php
@@ -1867,15 +1867,19 @@ abstract class CI_DB_driver {
$i++;
}
+ // dbprefix may've already been applied, with or without the identifier escaped
+ $ec = '(?<ec>'.preg_quote(is_array($this->_escape_char) ? $this->_escape_char[0] : $this->_escape_char).')?';
+ isset($ec[0]) && $ec .= '?'; // Just in case someone has disabled escaping by forcing an empty escape character
+
// Verify table prefix and replace if necessary
- if ($this->swap_pre !== '' && strpos($parts[$i], $this->swap_pre) === 0)
+ if ($this->swap_pre !== '' && preg_match('#^'.$ec.preg_quote($this->swap_pre).'#', $parts[$i]))
{
- $parts[$i] = preg_replace('/^'.$this->swap_pre.'(\S+?)/', $this->dbprefix.'\\1', $parts[$i]);
+ $parts[$i] = preg_replace('#^'.$ec.preg_quote($this->swap_pre).'(\S+?)#', '\\1'.$this->dbprefix.'\\2', $parts[$i]);
}
// We only add the table prefix if it does not already exist
- elseif (strpos($parts[$i], $this->dbprefix) !== 0)
+ else
{
- $parts[$i] = $this->dbprefix.$parts[$i];
+ preg_match('#^'.$ec.preg_quote($this->dbprefix).'#', $parts[$i]) OR $parts[$i] = $this->dbprefix.$parts[$i];
}
// Put the parts back together
diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php
index e7b66ac80..baa5ba814 100644
--- a/system/database/DB_query_builder.php
+++ b/system/database/DB_query_builder.php
@@ -1477,7 +1477,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver {
// for selecting COUNT(*) ...
$qb_orderby = $this->qb_orderby;
$qb_cache_orderby = $this->qb_cache_orderby;
- $this->qb_orderby = $this->qb_cache_orderby = NULL;
+ $this->qb_orderby = $this->qb_cache_orderby = array();
$result = ($this->qb_distinct === TRUE OR ! empty($this->qb_groupby) OR ! empty($this->qb_cache_groupby) OR $this->qb_limit OR $this->qb_offset)
? $this->query($this->_count_string.$this->protect_identifiers('numrows')."\nFROM (\n".$this->_compile_select()."\n) CI_count_all_results")
diff --git a/system/database/drivers/mysqli/mysqli_result.php b/system/database/drivers/mysqli/mysqli_result.php
index 0b3d9c2b4..bd465c405 100644
--- a/system/database/drivers/mysqli/mysqli_result.php
+++ b/system/database/drivers/mysqli/mysqli_result.php
@@ -130,10 +130,10 @@ class CI_DB_mysqli_result extends CI_DB_result {
* mysqli_result::fetch_fields()
*
* @used-by CI_DB_mysqli_result::field_data()
- * @param int $flags
+ * @param int $type
* @return string
*/
- private static function _get_field_type($flags)
+ private static function _get_field_type($type)
{
static $map;
isset($map) OR $map = array(
@@ -164,15 +164,7 @@ class CI_DB_mysqli_result extends CI_DB_result {
MYSQLI_TYPE_GEOMETRY => 'geometry'
);
- foreach ($map as $flag => $name)
- {
- if ($flags & $flag)
- {
- return $name;
- }
- }
-
- return $flags;
+ return isset($map[$type]) ? $map[$type] : $type;
}
// --------------------------------------------------------------------
diff --git a/system/database/drivers/mysqli/mysqli_utility.php b/system/database/drivers/mysqli/mysqli_utility.php
index 1699b611f..82cf5cebf 100644
--- a/system/database/drivers/mysqli/mysqli_utility.php
+++ b/system/database/drivers/mysqli/mysqli_utility.php
@@ -155,11 +155,7 @@ class CI_DB_mysqli_utility extends CI_DB_utility {
while ($field = $query->result_id->fetch_field())
{
// Most versions of MySQL store timestamp as a string
- $is_int[$i] = ($field->type & MYSQLI_TYPE_TINY)
- OR ($field->type & MYSQLI_TYPE_SHORT)
- OR ($field->type & MYSQLI_TYPE_INT24)
- OR ($field->type & MYSQLI_TYPE_LONG)
- OR ($field->type & MYSQLI_TYPE_LONGLONG);
+ $is_int[$i] = in_array($field->type, array(MYSQLI_TYPE_TINY, MYSQLI_TYPE_SHORT, MYSQLI_TYPE_INT24, MYSQLI_TYPE_LONG), TRUE);
// Create a string of field names
$field_str .= $this->db->escape_identifiers($field->name).', ';
diff --git a/system/libraries/Email.php b/system/libraries/Email.php
index 1dcafeddd..5943127bc 100644
--- a/system/libraries/Email.php
+++ b/system/libraries/Email.php
@@ -1016,7 +1016,7 @@ class CI_Email {
{
if (function_exists('idn_to_ascii') && $atpos = strpos($email, '@'))
{
- $email = self::substr($email, 0, ++$atpos).idn_to_ascii(self::substr($email, $atpos));
+ $email = self::substr($email, 0, ++$atpos).idn_to_ascii(self::substr($email, $atpos), INTL_IDNA_VARIANT_UTS46);
}
return (bool) filter_var($email, FILTER_VALIDATE_EMAIL);
@@ -1823,7 +1823,7 @@ class CI_Email {
{
if (function_exists('idn_to_ascii') && $atpos = strpos($email, '@'))
{
- $email = self::substr($email, 0, ++$atpos).idn_to_ascii(self::substr($email, $atpos));
+ $email = self::substr($email, 0, ++$atpos).idn_to_ascii(self::substr($email, $atpos), INTL_IDNA_VARIANT_UTS46);
}
return (filter_var($email, FILTER_VALIDATE_EMAIL) === $email && preg_match('#\A[a-z0-9._+-]+@[a-z0-9.-]{1,253}\z#i', $email));
diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php
index 0dfb274b2..ee9ea6850 100644
--- a/system/libraries/Form_validation.php
+++ b/system/libraries/Form_validation.php
@@ -1237,7 +1237,7 @@ class CI_Form_validation {
{
if (function_exists('idn_to_ascii') && preg_match('#\A([^@]+)@(.+)\z#', $str, $matches))
{
- $str = $matches[1].'@'.idn_to_ascii($matches[2]);
+ $str = $matches[1].'@'.idn_to_ascii($matches[2], INTL_IDNA_VARIANT_UTS46);
}
return (bool) filter_var($str, FILTER_VALIDATE_EMAIL);