From e1a94d30e2f30cee36f71c246136fb2db34d25df Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 21 Jul 2015 14:04:54 +0300 Subject: Fix #3989 More instances of the bug that was fixed with 43afc71b777b00cfc2638add6fa3c47d333c5e04 --- system/database/DB_query_builder.php | 15 ++++----------- user_guide_src/source/changelog.rst | 2 +- 2 files changed, 5 insertions(+), 12 deletions(-) diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php index fc2d5901e..e53fb5478 100644 --- a/system/database/DB_query_builder.php +++ b/system/database/DB_query_builder.php @@ -1276,8 +1276,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { foreach ($key as $k => $v) { - $this->qb_set[$this->protect_identifiers($k, FALSE, $escape)] = ($escape) - ? $this->escape($v) : $v; + $this->qb_set[$this->protect_identifiers($k, FALSE, $escape)] = $this->escape($v); } return $this; @@ -1516,15 +1515,9 @@ abstract class CI_DB_query_builder extends CI_DB_driver { ksort($row); // puts $row in the same order as our keys - if ($escape !== FALSE) + foreach ($row as $k => $v) { - $clean = array(); - foreach ($row as $value) - { - $clean[] = $this->escape($value); - } - - $row = $clean; + $row[$k] = $this->escape($v); } $this->qb_set[] = '('.implode(',', $row).')'; @@ -1945,7 +1938,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { $index_set = TRUE; } - $clean[$this->protect_identifiers($k2, FALSE, $escape)] = ($escape === FALSE) ? $v2 : $this->escape($v2); + $clean[$this->protect_identifiers($k2, FALSE, $escape)] = $this->escape($v2); } if ($index_set === FALSE) diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 22243cf04..d9903d2ef 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -67,7 +67,7 @@ Bug fixes for 3.0.1 - Fixed a bug (#3704) - :doc:`Database ` method ``stored_procedure()`` in the 'oci8' driver didn't properly bind parameters. - Fixed a bug (#3778) - :doc:`Download Helper ` function :php:func:`force_download()` incorrectly sent a *Pragma* response header. - Fixed a bug (#3752) - ``$routing['directory']`` overrides were not properly handled and always resulted in a 404 "Not Found" error. -- Fixed an internal bug in :doc:`Query Builder ` escaping logic where if field name escaping is force-disabled, methods ``where()`` and ``having()`` will also treat values as fields. +- Fixed an internal bug (#3989) - :doc:`Query Builder ` escaping logic where if field name escaping is force-disabled, would also treat values as fields in methods ``where()``, ``having()``, ``set()``, ``set_insert_batch()``, ``set_update_batch()``. - Fixed a bug (#3279) - :doc:`Query Builder ` methods ``update()`` and ``get_compiled_update()`` did double escaping on the table name if it was provided via ``from()``. Version 3.0.0 -- cgit v1.2.3-24-g4f1b