Commit 280dd165 by Qiang Xue

Fixes #6172: `yii\rbac\DbManager` should properly quote table and column names

parent a9caad31
...@@ -30,6 +30,7 @@ Yii Framework 2 Change Log ...@@ -30,6 +30,7 @@ Yii Framework 2 Change Log
- Bug #6049: `yii\db\Connection::getSchema()` for Oracle should return false when the table does not exist. Oracle does not support `ON UPDATE` clause. (wenbin1989) - Bug #6049: `yii\db\Connection::getSchema()` for Oracle should return false when the table does not exist. Oracle does not support `ON UPDATE` clause. (wenbin1989)
- Bug #6107: `yii message` was emptying existing translations in .po in case of multiple categories (samdark) - Bug #6107: `yii message` was emptying existing translations in .po in case of multiple categories (samdark)
- Bug #6112: `yii message` was incorrectly writing not yet translated strings in .po in case of multiple categories (samdark) - Bug #6112: `yii message` was incorrectly writing not yet translated strings in .po in case of multiple categories (samdark)
- Bug #6172: `yii\rbac\DbManager` should properly quote table and column names (qiangxue)
- Bug: Gii console command help information does not contain global options (qiangxue) - Bug: Gii console command help information does not contain global options (qiangxue)
- Bug: `yii\web\UrlRule` was unable to create URLs for rules containing unicode characters (samdark) - Bug: `yii\web\UrlRule` was unable to create URLs for rules containing unicode characters (samdark)
- Enh #4181: Added `yii\bootstrap\Modal::$headerOptions` and `yii\bootstrap\Modal::$footerOptions` (tuxoff, samdark) - Enh #4181: Added `yii\bootstrap\Modal::$headerOptions` and `yii\bootstrap\Modal::$footerOptions` (tuxoff, samdark)
......
...@@ -183,7 +183,7 @@ class DbManager extends BaseManager ...@@ -183,7 +183,7 @@ class DbManager extends BaseManager
{ {
if (!$this->supportsCascadeUpdate()) { if (!$this->supportsCascadeUpdate()) {
$this->db->createCommand() $this->db->createCommand()
->delete($this->itemChildTable, ['or', 'parent=:name', 'child=:name'], [':name' => $item->name]) ->delete($this->itemChildTable, ['or', '[[parent]]=:name', '[[child]]=:name'], [':name' => $item->name])
->execute(); ->execute();
$this->db->createCommand() $this->db->createCommand()
->delete($this->assignmentTable, ['item_name' => $item->name]) ->delete($this->assignmentTable, ['item_name' => $item->name])
...@@ -348,7 +348,7 @@ class DbManager extends BaseManager ...@@ -348,7 +348,7 @@ class DbManager extends BaseManager
$query = (new Query)->select('b.*') $query = (new Query)->select('b.*')
->from(['a' => $this->assignmentTable, 'b' => $this->itemTable]) ->from(['a' => $this->assignmentTable, 'b' => $this->itemTable])
->where('a.item_name=b.name') ->where('{{a}}.[[item_name]]={{b}}.[[name]]')
->andWhere(['a.user_id' => (string) $userId]); ->andWhere(['a.user_id' => (string) $userId]);
$roles = []; $roles = [];
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment