From 5b55c15f24b518aa4775a0c15382c7b4bf72e1bc Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 6 Aug 2013 14:14:32 +0300 Subject: Fix #2585 --- system/database/DB_query_builder.php | 2 +- user_guide_src/source/changelog.rst | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php index 355613c6f..e6a108209 100644 --- a/system/database/DB_query_builder.php +++ b/system/database/DB_query_builder.php @@ -385,7 +385,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { $alias = $this->_create_alias_from_table(trim($select)); } - $sql = $this->protect_identifiers($type.'('.trim($select).')').' AS '.$this->escape_identifiers(trim($alias)); + $sql = $type.'('.$this->protect_identifiers(trim($select)).') AS '.$this->escape_identifiers(trim($alias)); $this->qb_select[] = $sql; $this->qb_no_escape[] = NULL; diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 81d92f755..8b5798751 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -604,6 +604,7 @@ Bug fixes for 3.0 - Fixed a bug (#180) - :php:func:`config_item()` didn't take into account run-time configuration changes. - Fixed a bug (#2551) - :doc:`Loader Library ` method ``library()`` didn't properly check if a class that is being loaded already exits. - Fixed a bug (#2560) - :doc:`Form Helper ` function :php:func:`form_open()` set the 'method="post"' attribute only if the passed attributes equaled an empty string. +- Fixed a bug (#2585) - :doc:`Query Builder ` methods ``min()``, ``max()``, ``avg()``, ``sum()`` didn't escape field names. Version 2.1.4 ============= -- cgit v1.2.3-24-g4f1b