From 5e60b5eada98cd8895544454c8e3e2dfe4d3f8bf Mon Sep 17 00:00:00 2001
From: rMalie <raphael.malie@prestashop.com>
Date: Mon, 19 Dec 2011 13:15:53 +0000
Subject: [PATCH] // Protect $table and $alias in DbQuery

git-svn-id: http://dev.prestashop.com/svn/v1/branches/1.5.x@11354 b9a71923-0436-4b27-9f14-aed3839534dd
---
 classes/db/DbQuery.php | 26 ++++++++++++++++----------
 1 file changed, 16 insertions(+), 10 deletions(-)

diff --git a/classes/db/DbQuery.php b/classes/db/DbQuery.php
index 9418f55ce..64a46e43a 100644
--- a/classes/db/DbQuery.php
+++ b/classes/db/DbQuery.php
@@ -89,44 +89,50 @@ class DbQueryCore
 
 	/**
 	 * Add LEFT JOIN clause
-	 * 	E.g. $this->leftJoin('product p ON ...')
 	 *
-	 * @param string $join Table followed by ON claused
+	 * @param string $table Table name (without prefix)
+	 * @param string $alias Table alias
+	 * @param string $on ON clause
 	 */
 	public function leftJoin($table, $alias = null, $on = null)
 	{
-		return $this->join('LEFT JOIN `'._DB_PREFIX_.$table.'`'.($alias ? ' '.$alias : '').($on ? ' ON '.$on : ''));
+		return $this->join('LEFT JOIN `'._DB_PREFIX_.bqSQL($table).'`'.($alias ? ' '.pSQL($alias) : '').($on ? ' ON '.$on : ''));
 	}
 
 	/**
 	 * Add INNER JOIN clause
 	 * 	E.g. $this->innerJoin('product p ON ...')
 	 *
-	 * @param string $join Table followed by ON claused
+	 * @param string $table Table name (without prefix)
+	 * @param string $alias Table alias
+	 * @param string $on ON clause
 	 */
 	public function innerJoin($table, $alias = null, $on = null)
 	{
-		return $this->join('INNER JOIN `'._DB_PREFIX_.$table.'`'.($alias ? ' '.$alias : '').($on ? ' ON '.$on : ''));
+		return $this->join('INNER JOIN `'._DB_PREFIX_.bqSQL($table).'`'.($alias ? ' '.pSQL($alias) : '').($on ? ' ON '.$on : ''));
 	}
 
 	/**
 	 * Add LEFT OUTER JOIN clause
 	 *
-	 * @param string $join Table followed by ON claused
+	 * @param string $table Table name (without prefix)
+	 * @param string $alias Table alias
+	 * @param string $on ON clause
 	 */
 	public function leftOuterJoin($table, $alias = null, $on = null)
 	{
-		return $this->join('LEFT OUTER JOIN `'._DB_PREFIX_.$table.'`'.($alias ? ' '.$alias : '').($on ? ' ON '.$on : ''));
+		return $this->join('LEFT OUTER JOIN `'._DB_PREFIX_.bqSQL($table).'`'.($alias ? ' '.pSQL($alias) : '').($on ? ' ON '.$on : ''));
 	}
 
 	/**
 	 * Add NATURAL JOIN clause
 	 *
-	 * @param string $join
+	 * @param string $table Table name (without prefix)
+	 * @param string $alias Table alias
 	 */
-	public function naturalJoin($table, $alias = null, $on = null)
+	public function naturalJoin($table, $alias = null)
 	{
-		return $this->join('NATURAL JOIN `'._DB_PREFIX_.$table.'`'.($alias ? ' '.$alias : '').($on ? ' ON '.$on : ''));
+		return $this->join('NATURAL JOIN `'._DB_PREFIX_.bqSQL($table).'`'.($alias ? ' '.pSQL($alias) : ''));
 	}
 
 	/**