From 358a613243c63f3e65a28c744fdab3fd898b0dfe Mon Sep 17 00:00:00 2001
From: nate <nate@cakephp.org>
Date: Wed, 23 Apr 2008 15:24:57 +0000
Subject: [PATCH] Fixing conditions quoting in DboSource, closes #4508

git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@6714 3807eeeb-6ff5-0310-8944-8be069107fe0
---
 cake/libs/model/datasources/dbo_source.php    | 42 ++++++++-----------
 .../model/datasources/dbo_source.test.php     | 10 ++++-
 2 files changed, 27 insertions(+), 25 deletions(-)

diff --git a/cake/libs/model/datasources/dbo_source.php b/cake/libs/model/datasources/dbo_source.php
index 468040175..888139021 100644
--- a/cake/libs/model/datasources/dbo_source.php
+++ b/cake/libs/model/datasources/dbo_source.php
@@ -26,7 +26,7 @@
  * @lastmodified	$Date$
  * @license			http://www.opensource.org/licenses/mit-license.php The MIT License
  */
-uses('set');
+App::import('Core', 'Set');
 
 /**
  * DboSource
@@ -1723,17 +1723,28 @@ class DboSource extends DataSource {
 						$match['2'] = str_replace('-!', '', $match['2']);
 						$data = $this->name($key) . ' ' . $match['1'] . ' ' . $match['2'];
 					} else {
-					    $op = substr(trim($match[1]), 0, 1);
+						$op = substr(trim($match[1]), 0, 1);
+						$isOp = (
+							strpos('!=<>', trim($op)) !== false ||
+							strpos('!=<>', trim($match[1])) !== false ||
+							in_array(strtolower(trim($match[1])), $this->__sqlOps)
+						);
 
 						if (!empty($match['2']) && $quoteValues) {
-							if (!in_array($op, str_split('!=<>')) && !in_array(strtolower(trim($match[1])), $this->__sqlOps)) {
+							if (!$isOp) {
 								$match['1'] = ' = ';
 								$match['2'] = $this->value($match['0']);
-							} elseif (preg_match('/^(?:' . join('\\x20)|(?:', $this->__sqlOps) . '\\x20)/i', $match['1'])) {
+							} elseif (preg_match('/^(?:' . join('\\x20)|(?:', $this->__sqlOps) . '\s*\\x20)/i', $match['1'])) {
 								$match['2'] = str_replace(' AND ', "' AND '", $this->value($match['2']));
 							} else {
 								$match['2'] = $this->value($match['2']);
 							}
+						} elseif ($isOp) {
+							$match['1'] = trim($match['1']);
+							$match['2'] = $this->value($match['2']);
+						} else {
+							$match['2'] = $this->value($match['1']);
+							$match['1'] = ' = ';
 						}
 						$data = $this->__quoteFields($key);
 						if ($data === $key) {
@@ -1878,8 +1889,7 @@ class DboSource extends DataSource {
 			$keys = preg_replace('/ORDER\\x20BY/i', '', $keys);
 
 			if (strpos($keys, '.')) {
-				preg_match_all('/([a-zA-Z0-9_]{1,})\\.([a-zA-Z0-9_]{1,})/', $keys, $result,
-									PREG_PATTERN_ORDER);
+				preg_match_all('/([a-zA-Z0-9_]{1,})\\.([a-zA-Z0-9_]{1,})/', $keys, $result, PREG_PATTERN_ORDER);
 				$pregCount = count($result['0']);
 
 				for ($i = 0; $i < $pregCount; $i++) {
@@ -1963,30 +1973,14 @@ class DboSource extends DataSource {
 		}
 	}
 /**
- * Inserts multiple values into a join table
- *
- * @param string $table
- * @param string $fields
- * @param array $values
- * @return bool True on success, false on failure
- */
-	function insertMulti($table, $fields, $values) {
-		$table = $this->fullTableName($table);
-		if (is_array($fields)) {
-			$fields = join(', ', array_map(array(&$this, 'name'), $fields));
-		}
-		$values = implode(', ', $values);
-		return $this->execute("INSERT INTO {$table} ({$fields}) VALUES {$values}");
-	}
-/**
- * Inserts multiple values into a join table
+ * Inserts multiple values into a table
  *
  * @param string $table
  * @param string $fields
  * @param array $values
  * @access protected
  */
-	function __insertMulti($table, $fields, $values) {
+	function insertMulti($table, $fields, $values) {
 		if (is_object($table)) {
 			$table = $this->fullTableName($table);
 		}
diff --git a/cake/tests/cases/libs/model/datasources/dbo_source.test.php b/cake/tests/cases/libs/model/datasources/dbo_source.test.php
index 8ab0ba084..f0293c9e7 100644
--- a/cake/tests/cases/libs/model/datasources/dbo_source.test.php
+++ b/cake/tests/cases/libs/model/datasources/dbo_source.test.php
@@ -1683,7 +1683,7 @@ class DboSourceTest extends CakeTestCase {
 			'NOT' => array('Course.id' => null, 'Course.vet' => 'N', 'level_of_education_id' => array(912,999)),
 			'Enrollment.yearcompleted' => '> 0')
 		);
-		$this->assertPattern('/^\s*WHERE\s+NOT\s+\(\(`Course`\.`id` IS NULL\)\s+AND NOT\s+\(`Course`\.`vet`\s+=\s+\'N\'\)\s+AND NOT\s+\(`level_of_education_id` IN \(912, 999\)\s*\)\)\s+AND\s+`Enrollment`\.`yearcompleted`\s+>\s+0\s*$/', $result);
+		$this->assertPattern('/^\s*WHERE\s+NOT\s+\(\(`Course`\.`id` IS NULL\)\s+AND NOT\s+\(`Course`\.`vet`\s+=\s+\'N\'\)\s+AND NOT\s+\(`level_of_education_id` IN \(912, 999\)\s*\)\)\s+AND\s+`Enrollment`\.`yearcompleted`\s+>\s+\'0\'\s*$/', $result);
 
 		$result = $this->db->conditions(array('id' => '<> 8'));
 		$this->assertPattern('/^\s*WHERE\s+`id`\s+<>\s+8\s*$/', $result);
@@ -1728,6 +1728,14 @@ class DboSourceTest extends CakeTestCase {
 		$result = $this->db->conditions($conditions);
 		$expected = " WHERE `title`  =  'user(s,arg) data'";
 		$this->assertEqual($result, $expected);
+
+		$result = $this->db->conditions(array("Book.book_name" => 'Java(TM)'));
+		$expected = " WHERE `Book`.`book_name`  =  'Java(TM)'";
+		$this->assertEqual($result, $expected);
+
+		$result = $this->db->conditions(array("Book.book_name" => 'Java(TM) '));
+		$expected = " WHERE `Book`.`book_name`  =  'Java(TM) '";
+		$this->assertEqual($result, $expected);
 	}
 
 	function testMixedConditionsParsing() {