Allow " and ' chars in orderBy

avbdr · avbdr · commit 8d53d6aa447e · 2015-10-02T22:18:59.000+03:00
diff --git a/MysqliDb.php b/MysqliDb.php
@@ -713,7 +713,7 @@ public function orderBy($orderByField, $orderbyDirection = "DESC", $customFields
     {
         $allowedDirection = Array ("ASC", "DESC");
         $orderbyDirection = strtoupper (trim ($orderbyDirection));
-        $orderByField = preg_replace ("/[^-a-z0-9\.\(\),_`\*]+/i",'', $orderByField);
+        $orderByField = preg_replace ("/[^-a-z0-9\.\(\),_`\*\'\"]+/i",'', $orderByField);
 
         // Add table prefix to orderByField if needed.
         //FIXME: We are adding prefix only if table is enclosed into `` to distinguish aliases
@@ -1239,8 +1239,10 @@ public function __destruct()
     {
         if ($this->isSubQuery)
             return;
-        if ($this->_mysqli)
+        if ($this->_mysqli) {
             $this->_mysqli->close();
+            $this->_mysqli = null;
+        }
     }
 
     /**

Original file line number	Diff line number	Diff line change
`@@ -713,7 +713,7 @@ public function orderBy($orderByField, $orderbyDirection = "DESC", $customFields`
`713`	`713`	`{`
`714`	`714`	`$allowedDirection = Array ("ASC", "DESC");`
`715`	`715`	`$orderbyDirection = strtoupper (trim ($orderbyDirection));`
`716`		- $orderByField = preg_replace ("/[^-a-z0-9\.\(\),_`\*]+/i",'', $orderByField);
	`716`	+ $orderByField = preg_replace ("/[^-a-z0-9\.\(\),_`\*\'\"]+/i",'', $orderByField);
`717`	`717`
`718`	`718`	`// Add table prefix to orderByField if needed.`
`719`	`719`	//FIXME: We are adding prefix only if table is enclosed into `` to distinguish aliases
`@@ -1239,8 +1239,10 @@ public function __destruct()`
`1239`	`1239`	`{`
`1240`	`1240`	`if ($this->isSubQuery)`
`1241`	`1241`	`return;`
`1242`		`- if ($this->_mysqli)`
	`1242`	`+ if ($this->_mysqli) {`
`1243`	`1243`	`$this->_mysqli->close();`
	`1244`	`+ $this->_mysqli = null;`
	`1245`	`+ }`
`1244`	`1246`	`}`
`1245`	`1247`
`1246`	`1248`	`/**`