From d738b6ba89d7b719114cbfaa5a62964f943ba926 Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@devilix.net>
Date: Wed, 29 Jul 2015 16:24:57 +0300
Subject: Fix a 'counter-#3989' bug

The issue described in #3989 is actually the opposite of what has beent
the intended behavior for the  parameter in all Query Builder
methods. Unfortunately, there's been a huge misunderstanding about
that and half the methods worked properly, while the other half did
not ... fixing that here.

Also related: #4001
---
 system/database/DB_query_builder.php | 20 +++++++++++++++-----
 user_guide_src/source/changelog.rst  |  1 +
 2 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php
index 6ea7841e3..293419e23 100644
--- a/system/database/DB_query_builder.php
+++ b/system/database/DB_query_builder.php
@@ -794,10 +794,17 @@ abstract class CI_DB_query_builder extends CI_DB_driver {
 
 		$not = ($not) ? ' NOT' : '';
 
-		$where_in = array();
-		foreach ($values as $value)
+		if ($escape === TRUE)
+		{
+			$where_in = array();
+			foreach ($values as $value)
+			{
+				$where_in[] = $this->escape($value);
+			}
+		}
+		else
 		{
-			$where_in[] = $this->escape($value);
+			$where_in = array_values($values);
 		}
 
 		$prefix = (count($this->qb_where) === 0) ? $this->_group_get_type('') : $this->_group_get_type($type);
@@ -926,7 +933,10 @@ abstract class CI_DB_query_builder extends CI_DB_driver {
 			$prefix = (count($this->qb_where) === 0 && count($this->qb_cache_where) === 0)
 				? $this->_group_get_type('') : $this->_group_get_type($type);
 
-			$v = $this->escape_like_str($v);
+			if ($escape === TRUE)
+			{
+				$v = $this->escape_like_str($v);
+			}
 
 			if ($side === 'none')
 			{
@@ -946,7 +956,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver {
 			}
 
 			// some platforms require an escape sequence definition for LIKE wildcards
-			if ($this->_like_escape_str !== '')
+			if ($escape === TRUE && $this->_like_escape_str !== '')
 			{
 				$like_statement .= sprintf($this->_like_escape_str, $this->_like_escape_chr);
 			}
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index b5256b7e5..2b9289f2e 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -73,6 +73,7 @@ Bug fixes for 3.0.1
 -  Fixed a bug where the :doc:`File Uploadin Library <libraries/file_uploading>` library will not properly configure its maximum file size unless the input value is of type integer.
 -  Fixed a bug (#4000) - :doc:`Pagination Library <libraries/pagination>` didn't enable "rel" attributes by default if no attributes-related config options were used.
 -  Fixed a bug (#4004) - :doc:`URI Class <libraries/uri>` didn't properly parse the request URI if it contains a colon followed by a digit.
+-  Fixed a bug in :doc:`Query Builder <database/query_builder>` where the ``$escape`` parameter for some methods only affected field names.
 
 Version 3.0.0
 =============
-- 
cgit v1.2.3-24-g4f1b