Allow " and ' chars in orderBy

8d53d6aa · Alexander Butenko · 12c0a1db · 8d53d6aa
Commit 8d53d6aa authored Oct 02, 2015 by Alexander Butenko
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 2 deletions

MysqliDb.php MysqliDb.php +4 -2

No files found.
--- a/MysqliDb.php
+++ b/MysqliDb.php
@@ -713,7 +713,7 @@ class MysqliDb
    {
        $allowedDirection = Array ("ASC", "DESC");
        $orderbyDirection = strtoupper (trim ($orderbyDirection));
-        $orderByField = preg_replace ("/[^-a-z0-9\.\(\),_`\*]+/i",'', $orderByField);
+        $orderByField = preg_replace ("/[^-a-z0-9\.\(\),_`\*\'\"]+/i",'', $orderByField);

        // Add table prefix to orderByField if needed.
        //FIXME: We are adding prefix only if table is enclosed into `` to distinguish aliases
@@ -1239,8 +1239,10 @@ class MysqliDb
    {
        if ($this->isSubQuery)
            return;
-        if ($this->_mysqli)
+        if ($this->_mysqli) {
            $this->_mysqli->close();
+            $this->_mysqli = null;
+        }
    }

    /**