From 6a6b3f90f36293a40cba091c3ac387abb64f3c1a Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Mon, 14 May 2012 21:54:41 -0700
Subject: Verify that where() clauses are well formed.  Fixes #1865.

---
 modules/kohana23_compat/libraries/MY_Database_Builder.php | 6 ++++++
 system/libraries/Database_Builder.php                     | 8 ++++++++
 2 files changed, 14 insertions(+)

diff --git a/modules/kohana23_compat/libraries/MY_Database_Builder.php b/modules/kohana23_compat/libraries/MY_Database_Builder.php
index 0b9dbe28..54429ab1 100644
--- a/modules/kohana23_compat/libraries/MY_Database_Builder.php
+++ b/modules/kohana23_compat/libraries/MY_Database_Builder.php
@@ -25,6 +25,9 @@ class Database_Builder extends Database_Builder_Core {
   public function merge_where($tuples) {
     if ($tuples) {
       foreach ($tuples as $tuple) {
+        if (count($tuple) != 3) {
+          throw new Database_Exception("Column triplets require a column, op and value");
+        }
         $this->where($tuple[0], $tuple[1], $tuple[2]);
       }
     }
@@ -38,6 +41,9 @@ class Database_Builder extends Database_Builder_Core {
   public function merge_or_where($tuples) {
     if ($tuples) {
       foreach ($tuples as $tuple) {
+        if (count($tuple) != 3) {
+          throw new Database_Exception("Column triplets require a column, op and value");
+        }
         $this->or_where($tuple[0], $tuple[1], $tuple[2]);
       }
     }
diff --git a/system/libraries/Database_Builder.php b/system/libraries/Database_Builder.php
index e86ce379..553ffd98 100644
--- a/system/libraries/Database_Builder.php
+++ b/system/libraries/Database_Builder.php
@@ -190,6 +190,8 @@ class Database_Builder_Core {
 		{
 			foreach ($columns as $column)
 			{
+                                if (count($column) != 3)
+                                        throw new Database_Exception('Column triplets require a column, op and value');
 				$this->where[] = array('AND' => $column);
 			}
 		}
@@ -216,6 +218,8 @@ class Database_Builder_Core {
 		{
 			foreach ($columns as $column)
 			{
+                                if (count($column) != 3)
+                                        throw new Database_Exception('Column triplets require a column, op and value');
 				$this->where[] = array('OR' => $column);
 			}
 		}
@@ -422,6 +426,8 @@ class Database_Builder_Core {
 		{
 			foreach ($columns as $column)
 			{
+                                if (count($column) != 3)
+                                        throw new Database_Exception('Column triplets require a column, op and value');
 				$this->having[] = array('AND' => $column);
 			}
 		}
@@ -447,6 +453,8 @@ class Database_Builder_Core {
 		{
 			foreach ($columns as $column)
 			{
+                                if (count($column) != 3)
+                                        throw new Database_Exception('Column triplets require a column, op and value');
 				$this->having[] = array('OR' => $column);
 			}
 		}
-- 
cgit v1.2.3