From 805eddaefd9503b5dbbd924bd6da66e29c4768f3 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Fri, 5 Feb 2016 12:44:19 +0200 Subject: Fix #4431 --- system/database/DB_query_builder.php | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) (limited to 'system/database') diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php index 4922dd623..68df309f9 100644 --- a/system/database/DB_query_builder.php +++ b/system/database/DB_query_builder.php @@ -542,9 +542,8 @@ abstract class CI_DB_query_builder extends CI_DB_driver { $s = $m[0][$i][1] + strlen($m[0][$i][0]), $i++) { $temp = substr($cond, $s, ($m[0][$i][1] - $s)); - - $newcond .= preg_match("/([\[\]\w\.'-]+)(\s*[^\"\[`'\w]+\s*)(.+)/i", $temp, $match) - ? $this->protect_identifiers($match[1]).$match[2].$this->protect_identifiers($match[3]) + $newcond .= preg_match("/(.*)([\[\]\w\.'-]+)(\s*[^\"\[`'\w]+\s*)(.+)/i", $temp, $match) + ? $match[1].$this->protect_identifiers($match[2]).$match[3].$this->protect_identifiers($match[4]) : $temp; $newcond .= $m[0][$i][0]; @@ -553,9 +552,9 @@ abstract class CI_DB_query_builder extends CI_DB_driver { $cond = ' ON '.$newcond; } // Split apart the condition and protect the identifiers - elseif ($escape === TRUE && preg_match("/([\[\]\w\.'-]+)(\s*[^\"\[`'\w]+\s*)(.+)/i", $cond, $match)) + elseif ($escape === TRUE && preg_match("/(.*)([\[\]\w\.'-]+)(\s*[^\"\[`'\w]+\s*)(.+)/i", $cond, $match)) { - $cond = ' ON '.$this->protect_identifiers($match[1]).$match[2].$this->protect_identifiers($match[3]); + $cond = ' ON '.$match[1].$this->protect_identifiers($match[2]).$match[3].$this->protect_identifiers($match[4]); } elseif ( ! $this->_has_operator($cond)) { -- cgit v1.2.3-24-g4f1b