From 1edde30e4443bdcb54a16bf220a5a359825ab549 Mon Sep 17 00:00:00 2001
From: Greg Aker
Date: Tue, 26 Jan 2010 00:17:01 +0000
Subject: Fixing bug in DB Driver where identifiers could be escaped in some
drivers that can't accept it in the list_fields() function.
http://codeigniter.com/bug_tracker/bug/5865/
http://codeigniter.com/bug_tracker/bug/11218/
---
system/database/DB_driver.php | 2 +-
system/database/drivers/mysql/mysql_driver.php | 2 +-
system/database/drivers/mysqli/mysqli_driver.php | 2 +-
user_guide/changelog.html | 1 +
4 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php
index 390d5570b..d7f17ccb8 100644
--- a/system/database/DB_driver.php
+++ b/system/database/DB_driver.php
@@ -822,7 +822,7 @@ class CI_DB_driver {
return FALSE;
}
- if (FALSE === ($sql = $this->_list_columns($this->_protect_identifiers($table, TRUE, NULL, FALSE))))
+ if (FALSE === ($sql = $this->_list_columns($table)))
{
if ($this->db_debug)
{
diff --git a/system/database/drivers/mysql/mysql_driver.php b/system/database/drivers/mysql/mysql_driver.php
index 85a6ef4a0..bd60d9ffe 100644
--- a/system/database/drivers/mysql/mysql_driver.php
+++ b/system/database/drivers/mysql/mysql_driver.php
@@ -408,7 +408,7 @@ class CI_DB_mysql_driver extends CI_DB {
*/
function _list_columns($table = '')
{
- return "SHOW COLUMNS FROM ".$table;
+ return "SHOW COLUMNS FROM ".$this->_protect_identifiers($table, TRUE, NULL, FALSE);
}
// --------------------------------------------------------------------
diff --git a/system/database/drivers/mysqli/mysqli_driver.php b/system/database/drivers/mysqli/mysqli_driver.php
index 5d7200fbd..d0e2defec 100644
--- a/system/database/drivers/mysqli/mysqli_driver.php
+++ b/system/database/drivers/mysqli/mysqli_driver.php
@@ -409,7 +409,7 @@ class CI_DB_mysqli_driver extends CI_DB {
*/
function _list_columns($table = '')
{
- return "SHOW COLUMNS FROM ".$table;
+ return "SHOW COLUMNS FROM ".$this->_protect_identifiers($table, TRUE, NULL, FALSE);
}
// --------------------------------------------------------------------
diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index 4214a0de5..713f012a2 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html
@@ -75,6 +75,7 @@ SVN Revision:
Database
- Semantic change to db->version() function to allow a list of exceptions for databases with functions to return version string instead of specially formed SQL queries. Currently this list only includes Oracle and SQLite.
+ - Fixed a bug where driver specific table identifier protection could lead to malformed queries in the field_data() functions.
Helpers
--
cgit v1.2.3-24-g4f1b