From 4b9fec6797db2aea3af8ca4080be73e2ff421080 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 20 Jul 2015 17:26:31 +0300 Subject: Fix #3279 --- system/database/DB_query_builder.php | 8 ++++---- user_guide_src/source/changelog.rst | 1 + 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php index 8d21c5a1d..fc2d5901e 100644 --- a/system/database/DB_query_builder.php +++ b/system/database/DB_query_builder.php @@ -1733,7 +1733,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { return FALSE; } - $sql = $this->_update($this->protect_identifiers($this->qb_from[0], TRUE, NULL, FALSE), $this->qb_set); + $sql = $this->_update($this->qb_from[0], $this->qb_set); if ($reset === TRUE) { @@ -1781,7 +1781,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { $this->limit($limit); } - $sql = $this->_update($this->protect_identifiers($this->qb_from[0], TRUE, NULL, FALSE), $this->qb_set); + $sql = $this->_update($this->qb_from[0], $this->qb_set); $this->_reset_write(); return $this->query($sql); } @@ -1798,7 +1798,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { * @param string the table to update data on * @return bool */ - protected function _validate_update($table = '') + protected function _validate_update($table) { if (count($this->qb_set) === 0) { @@ -1807,7 +1807,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { if ($table !== '') { - $this->qb_from[0] = $table; + $this->qb_from = array($this->protect_identifiers($table, TRUE, NULL, FALSE)); } elseif ( ! isset($this->qb_from[0])) { diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 85bf80097..22243cf04 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -68,6 +68,7 @@ Bug fixes for 3.0.1 - Fixed a bug (#3778) - :doc:`Download Helper ` function :php:func:`force_download()` incorrectly sent a *Pragma* response header. - Fixed a bug (#3752) - ``$routing['directory']`` overrides were not properly handled and always resulted in a 404 "Not Found" error. - Fixed an internal bug in :doc:`Query Builder ` escaping logic where if field name escaping is force-disabled, methods ``where()`` and ``having()`` will also treat values as fields. +- Fixed a bug (#3279) - :doc:`Query Builder ` methods ``update()`` and ``get_compiled_update()`` did double escaping on the table name if it was provided via ``from()``. Version 3.0.0 ============= -- cgit v1.2.3-24-g4f1b