From a9346aa754f5488f7535f580dd744477f52d5063 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Fri, 13 Sep 2013 16:03:07 +0300 Subject: Fix a PostgreSQL string escaping bug and use pg_escape_literal() when possible --- system/database/drivers/postgre/postgre_driver.php | 8 ++++++-- user_guide_src/source/changelog.rst | 2 ++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/system/database/drivers/postgre/postgre_driver.php b/system/database/drivers/postgre/postgre_driver.php index dbf7c6b95..b72fb873a 100644 --- a/system/database/drivers/postgre/postgre_driver.php +++ b/system/database/drivers/postgre/postgre_driver.php @@ -331,7 +331,7 @@ class CI_DB_postgre_driver extends CI_DB { */ protected function _escape_str($str) { - return pg_escape_string($str); + return pg_escape_string($this->conn_id, $str); } // -------------------------------------------------------------------- @@ -346,7 +346,11 @@ class CI_DB_postgre_driver extends CI_DB { */ public function escape($str) { - if (is_bool($str)) + if (is_php('5.4.4') && (is_string($str) OR (is_object($str) && method_exists($str, '__toString')))) + { + return pg_escape_literal($this->conn_id, $str); + } + elseif (is_bool($str)) { return ($str) ? 'TRUE' : 'FALSE'; } diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 98036659f..357ecc12e 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -199,6 +199,7 @@ Release Date: Not Released - Removed ``limit()`` and ``order_by()`` support for *UPDATE* and *DELETE* queries as PostgreSQL does not support those features. - Added a work-around for dead persistent connections to be re-created after a database restart. - Changed ``db_connect()`` to include the (new) **schema** value into Postgre's **search_path** session variable. + - ``pg_escape_literal()`` is now used for escaping strings, if available. - Improved support of the CUBRID driver, including: @@ -612,6 +613,7 @@ Bug fixes for 3.0 - Fixed an edge case (#2583) in the :doc:`Email Library ` where `Suhosin ` blocked messages sent via ``mail()`` due to trailing newspaces in headers. - Fixed a bug (#2590) - :php:func:`log_message()` didn't actually cache the ``CI_Log`` class instance. - Fixed a bug (#2609) - :php:func:`get_config()` optional argument was only effective on first function call. Also, it can now add items, in addition to updating existing items. +- Fixed a bug in the 'postgre' :doc:`database ` driver where the connection ID wasn't passed to ``pg_escape_string()``. Version 2.1.4 ============= -- cgit v1.2.3-24-g4f1b