From a0e86293949ff7761cca573853e54146d76f9ba7 Mon Sep 17 00:00:00 2001 From: Rick Ellis Date: Sun, 26 Oct 2008 22:46:55 +0000 Subject: Fixed a bug in which identifers were not being escaped properly when reserved characters were used --- system/database/DB_driver.php | 2 +- system/database/drivers/mssql/mssql_driver.php | 13 ++++++++++++- system/database/drivers/mysql/mysql_driver.php | 15 +++++++++++++-- system/database/drivers/mysqli/mysqli_driver.php | 13 ++++++++++++- system/database/drivers/oci8/oci8_driver.php | 11 +++++++++++ system/database/drivers/odbc/odbc_driver.php | 11 +++++++++++ system/database/drivers/postgre/postgre_driver.php | 11 +++++++++++ system/database/drivers/sqlite/sqlite_driver.php | 11 +++++++++++ 8 files changed, 82 insertions(+), 5 deletions(-) diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php index 866b95612..dbd82dbc4 100644 --- a/system/database/DB_driver.php +++ b/system/database/DB_driver.php @@ -1302,7 +1302,7 @@ class CI_DB_driver { $item = $this->dbprefix.$item; } } - + if ($protect_identifiers === TRUE AND ! in_array($item, $this->_reserved_identifiers)) { $item = $this->_escape_identifiers($item); diff --git a/system/database/drivers/mssql/mssql_driver.php b/system/database/drivers/mssql/mssql_driver.php index 72dc263f3..6ad0880ff 100644 --- a/system/database/drivers/mssql/mssql_driver.php +++ b/system/database/drivers/mssql/mssql_driver.php @@ -427,7 +427,18 @@ class CI_DB_mssql_driver extends CI_DB { { return $item; } - + + foreach ($this->_reserved_identifiers as $id) + { + if (strpos($item, '.'.$id) !== FALSE) + { + $str = $this->_escape_char. str_replace('.', $this->_escape_char.'.', $item); + + // remove duplicates if the user already included the escape + return preg_replace('/['.$this->_escape_char.']+/', $this->_escape_char, $str); + } + } + if (strpos($item, '.') !== FALSE) { $str = $this->_escape_char.str_replace('.', $this->_escape_char.'.'.$this->_escape_char, $item).$this->_escape_char; diff --git a/system/database/drivers/mysql/mysql_driver.php b/system/database/drivers/mysql/mysql_driver.php index e0a1cee7d..45bf77149 100644 --- a/system/database/drivers/mysql/mysql_driver.php +++ b/system/database/drivers/mysql/mysql_driver.php @@ -434,7 +434,18 @@ class CI_DB_mysql_driver extends CI_DB { { return $item; } - + + foreach ($this->_reserved_identifiers as $id) + { + if (strpos($item, '.'.$id) !== FALSE) + { + $str = $this->_escape_char. str_replace('.', $this->_escape_char.'.', $item); + + // remove duplicates if the user already included the escape + return preg_replace('/['.$this->_escape_char.']+/', $this->_escape_char, $str); + } + } + if (strpos($item, '.') !== FALSE) { $str = $this->_escape_char.str_replace('.', $this->_escape_char.'.'.$this->_escape_char, $item).$this->_escape_char; @@ -443,7 +454,7 @@ class CI_DB_mysql_driver extends CI_DB { { $str = $this->_escape_char.$item.$this->_escape_char; } - + // remove duplicates if the user already included the escape return preg_replace('/['.$this->_escape_char.']+/', $this->_escape_char, $str); } diff --git a/system/database/drivers/mysqli/mysqli_driver.php b/system/database/drivers/mysqli/mysqli_driver.php index f72db64b6..1b3da7a6b 100644 --- a/system/database/drivers/mysqli/mysqli_driver.php +++ b/system/database/drivers/mysqli/mysqli_driver.php @@ -425,7 +425,18 @@ class CI_DB_mysqli_driver extends CI_DB { { return $item; } - + + foreach ($this->_reserved_identifiers as $id) + { + if (strpos($item, '.'.$id) !== FALSE) + { + $str = $this->_escape_char. str_replace('.', $this->_escape_char.'.', $item); + + // remove duplicates if the user already included the escape + return preg_replace('/['.$this->_escape_char.']+/', $this->_escape_char, $str); + } + } + if (strpos($item, '.') !== FALSE) { $str = $this->_escape_char.str_replace('.', $this->_escape_char.'.'.$this->_escape_char, $item).$this->_escape_char; diff --git a/system/database/drivers/oci8/oci8_driver.php b/system/database/drivers/oci8/oci8_driver.php index 365c9e78b..0c1467783 100644 --- a/system/database/drivers/oci8/oci8_driver.php +++ b/system/database/drivers/oci8/oci8_driver.php @@ -533,6 +533,17 @@ class CI_DB_oci8_driver extends CI_DB { { return $item; } + + foreach ($this->_reserved_identifiers as $id) + { + if (strpos($item, '.'.$id) !== FALSE) + { + $str = $this->_escape_char. str_replace('.', $this->_escape_char.'.', $item); + + // remove duplicates if the user already included the escape + return preg_replace('/['.$this->_escape_char.']+/', $this->_escape_char, $str); + } + } if (strpos($item, '.') !== FALSE) { diff --git a/system/database/drivers/odbc/odbc_driver.php b/system/database/drivers/odbc/odbc_driver.php index 1f0377145..3c6f01542 100644 --- a/system/database/drivers/odbc/odbc_driver.php +++ b/system/database/drivers/odbc/odbc_driver.php @@ -399,6 +399,17 @@ class CI_DB_odbc_driver extends CI_DB { { return $item; } + + foreach ($this->_reserved_identifiers as $id) + { + if (strpos($item, '.'.$id) !== FALSE) + { + $str = $this->_escape_char. str_replace('.', $this->_escape_char.'.', $item); + + // remove duplicates if the user already included the escape + return preg_replace('/['.$this->_escape_char.']+/', $this->_escape_char, $str); + } + } if (strpos($item, '.') !== FALSE) { diff --git a/system/database/drivers/postgre/postgre_driver.php b/system/database/drivers/postgre/postgre_driver.php index d94cce149..68622a22b 100644 --- a/system/database/drivers/postgre/postgre_driver.php +++ b/system/database/drivers/postgre/postgre_driver.php @@ -438,6 +438,17 @@ class CI_DB_postgre_driver extends CI_DB { { return $item; } + + foreach ($this->_reserved_identifiers as $id) + { + if (strpos($item, '.'.$id) !== FALSE) + { + $str = $this->_escape_char. str_replace('.', $this->_escape_char.'.', $item); + + // remove duplicates if the user already included the escape + return preg_replace('/['.$this->_escape_char.']+/', $this->_escape_char, $str); + } + } if (strpos($item, '.') !== FALSE) { diff --git a/system/database/drivers/sqlite/sqlite_driver.php b/system/database/drivers/sqlite/sqlite_driver.php index 0ba483f8b..992e2479e 100644 --- a/system/database/drivers/sqlite/sqlite_driver.php +++ b/system/database/drivers/sqlite/sqlite_driver.php @@ -410,6 +410,17 @@ class CI_DB_sqlite_driver extends CI_DB { { return $item; } + + foreach ($this->_reserved_identifiers as $id) + { + if (strpos($item, '.'.$id) !== FALSE) + { + $str = $this->_escape_char. str_replace('.', $this->_escape_char.'.', $item); + + // remove duplicates if the user already included the escape + return preg_replace('/['.$this->_escape_char.']+/', $this->_escape_char, $str); + } + } if (strpos($item, '.') !== FALSE) { -- cgit v1.2.3-24-g4f1b